SDMI Challenge Participants May Face DMCA Action

ssimpson writes "Everyone has probably forgotten the SDMI challenge to hackers to try to break a handful of proposed watermarking and "other" protection mechanisms? Well, it was recognised that a group of researchers at Princeton University broke all of the protection mechanisms and were due to publish a paper on at the 4th International Information Hiding Workshop (25-29 April) but have been threatened with the DMCA if they publish the results. So much for academic freedom, eh? SDMI seem particularly upset because one of the protection mechanims broken in the paper, The Verance Watermark, is currently used for DVD-Audio and SDMI Phase I products. Oops. Somehow, a copy of the threatening letter and the full paper entitled "Reading Between the Lines: Lessons from the SDMI Challenge" has appeared on John Young's excellent Cryptome site. SMDI's urge to "withdraw the paper submitted for the upcoming Information Hiding Workshop, assure that it is removed from the Workshop distribution materials and destroyed, and avoid a public discussion of confidential information." seems a little weak now...."

Re:The Verance Watermark

Absolutely. In addition, commercial music is increasingly compromised anyhow by compression and limiting wars that have labels trying to out-loud each other, to the point that artists literally cannot get even good-sounding CDs out there, and mastering engineers cannot avoid smashing everything to the maximum possible constant loudness and distortedness unless they wish to be effectively blackballed and get no more major label business. This goes for the artists and mastering engineers who hate it, too.

It's said that the Verance watermark sounds like middle-distance buzzing bees at a higher pitch (buzzing flies?). Which may, in a sick way, be compensated for by the fact that, with the hypercompression techniques in use, there _is_ no middle distance for commercial music anymore- everything is brutally up-front and flattened, and there are no quiet passages that are not compressed to full volume, and loud passages are routinely distorted to the point of flat-topped waves, so this covers up the other sonic ugliness of the buzzing flies sound.

So, the commercial sphere is going to mean extremely high resolution media containing totally smashed and flattened audio of relentless, ear-fatiguing aggressiveness, which contains in the background a noise of buzzing flies or some other uncorrelated noise at least 6 DB louder than the current worst possible CD-audio quantization noise, or to look at it another way, a noise of buzzing flies or some other such extraneous sound that is always louder than the worst distortion components produced by mp3 encoders such as Xing.

I couldn't make this up if I tried... and it's appalling, but it also offers an opportunity.

There are places out there gearing up to give indie musicians the capacity to do music distribution without going through a label. Largest is the rip-off mp3.com, which only lets you sell CDs made from 128K (inadequate) mp3s. Of course, by definition this is still less distortion than DVD-A with watermarks... however, there's others, and the one I'm most a fan of is ampcast.com, which is just finishing up their own CD program, with the option to have CDs duped from Red Book master CDRs you supply to Ampcast: burn-to-order of _real_ CDs. (Burning from special 256K and up mp3s not available for download is also an option.)

The thing is, there's an extra thing Ampcast is doing- they are taking pains to allow the artists to tap into the existing distribution networks. You can buy an official barcode for your CD through them for $20 a barcode- and get them shrinkwrapped with spine stickers, everything you'd want to have your stuff alongside commercial releases and look just the same as them.

The catch is- maybe you don't _want_ your indie stuff to fight its way into that channel. You can always sell it over the net, after all, and go for alternative distribution- and more relevantly, there was a time when the stuff with barcodes _sounded_ _better_ than what people could do in their garages. But that time is gone! These days, not only is electronic, computer-generated music more popular, but the facilities for producing commercial-quality music have never been more affordable- and at the same time, the people producing the commercial music are increasingly _wrecking_ it with compression and blatant overlimiting (so you could do just as well, sonically, with Pro Tools, or better if you chose), but they are also preparing to add uncorrelated noise many times as bad as the noise of clean old vinyl records (or the quantization noise of the very worst CD transfers), _intended_ to be worse than the worst an mp3 encoder can do!

So in a way, the logical thing would be to run screaming- to abandon even the idea of sharing the same shelves with that crap, and try to establish a sort of underground that would most likely be centered on CDs done right. CDs done right (with recent improvements in dither technology) are surprisingly good, even compared to high end analog media. And we can be absolutely sure that the record industry will never produce anything as good as CDs done right again (barring a total collapse and recalibration of their values). The one-two punch of volume wars and watermarks will keep them totally pinned, hopelessly committed to debilitating and selfish practices that ruin their reputation for professional sound quality...

Re:Degraded audio quality

Hey, another happy thought! :) check this out...

1. In order for the watermark to persist through the mp3ing process, it must be at a high enough amplitude to not be discarded as irrelevant.
2. The watermark is not musical information- it's heard as buzzing flies, or some other audible sound, and must also be smack in the middle of perceptible sounds to not be discarded by psychoacoustic algorithms (that discard plenty of perceivable sound, as well).
3. As such, it becomes part of the noise floor of the track. Correlated or uncorrelated, it is not part of the musical signal. And again, it must be strong enough to stand up to the most low-fi mp3 encoding (typically 128K, possibly 96K?)
4. Has anyone taken the time to measure watermarked audio or calculated from watermark levels to produce a figure for the real signal-to-noise ratio for such a medium? *VBG*

Let's get ready to spread the word on that one. It's just as fair as the way CDs were spun to be better than LPs by use of signal-to-noise ratio figures. Hell, records have better sound than bad mp3s- it's totally legitimate to say at this point that watermarked DVD-A will have substantially worse signal-to-noise ratio than vinyl records, and it is a plausible claim. Naturally, audio CDs will _really_ stomp watermarked DVD-A for signal-to-noise ratio...

The truth, of course, is that you can hear past a noise floor to a certain extent- this is what helps vinyl records, and why dithering is so important for digital audio. This doesn't help the watermarking side much as that's still an annoying type of sound by design, right in the most sensitive hearing band- but it's basically true. However, conventional wisdom is that the noise floor is a hard limit- and this can be turned around as a deadly attack on watermarked media's superiority. Somebody come up with what the signal-to-noise ratio is (including correlated noise) for the worst mp3 you can come up with, like Xing 128K or something. We'll get the word out that watermarked stuff by definition must have a signal-to-noise ratio that is worse even than that...

Re:Then why did they have the challenge at all???

Publicity. The SDMI was being introduced at a time when some individuals were having some doubts about efficiency of CSS style algorithms.

CSS was based on the following set of assumptions:
Data that is transmitted in an encrypted format can not be read except by authorized users-- users that have access to the appropriate key.

Of course, as with all covert communications, the key must be transmitted in a secure fashion.

Now, the CSS designers decided that if DVD players were designed with a "hidden" sector, the key could thus be distributed. Persons who merely copied the data from a DVD would have nothing except the encrypted data-- useless without a key. Access to the key depended on physical access to a tangible medium-- the actual DVD-Video disk.

Of course, the key transmission protocol was eventually compromised, and cryptoanalysts discovered that the actual encrytion- instead of being 40-bit, was closer to 25-bit-- literally, a toy code.

Cryptoanalysts and Cryptologists have long recognized that an ideal code should involve a strongly assymetric algorithm-- cheap for a user to decode with a proper key, but expensive for a eavesdropper to decrypt. More importantly, the algorithm should be subjected rigorous testing and/or peer review. The CSS algorithms were not subjected to this kind of testing prior to the release of DVD-Video.

The SDMI proponents, hearing this criticism, decided that their coding algorithms needed that extra bullet point: "peer-reviewed". But, apparently, they had neglected to consider that their algorithms might amount to nought. They only had visions of a future press release:
"SDMI invulnerable to hacking! Music Industry safe from hackers."

And, because, all of the participants in HackSDMI were bound by confidentiality clauses, no one would be the wiser.

Re:Legal Action = Mirroring

Did anyone not save a copy of this document or download the Zip provided?

Sure! Here is my copy [emdx.org]!

--

Re:I was supposed to present results at IHW ... :(

Moral? Did you read the letter?

..instead engage SDMI in a constructive dialogue on how the academic aspects of your research can be shared without jeopardizing the commercial interests of the owners of the various technologies.

..at least one of the technologies that was the subject of the Public Challenge, the Verance Watermark, is already in commercial use and the disclosure of any information that might assist others to remove this watermark would seriously jeopardize the technology and the content it protects.

The specific purpose of providing these encoded files and for setting up the Challenge was to assist SDMI in determining which of the proposed technologies are best suited to protect content in Phase II products.

Failure wasn't an option. It was commercial research. However, since they didn't take the money, they didn't agree. Reading the part about the "clik-thru" agreement (spelling for emphasis) made me laff.

Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up.

'twould be nice, wouldn't it. [washingtonpost.com]

--

I was supposed to present results at IHW ... :(

...on our own paper [julienstern.org] regarding the SDMI challenge. Now, I'm not sure I will...

What I think is really very funny is that the SDMI didn't contact us to have to paper removed or something. This probably means that either 1) they know we are French and know the DMCA doesn't apply or 2) (most likely) they don't really care about our results because we are attacking an algorithm that they haven't picked.

So the funny point is that they had apparently already chosen and deployed an algorithm before the contest. Now they are whinning because the Princeton team (brillantly) broke this very algorithm. And they are invoking some almost "moral" reasons for that, while they probably would have shut up if only the three other algorithms had been broken.

Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up, and that eventually the US one will be removed.

Weak

Whilst I'm happy to see the results published, it's dissapointing to see them leaked anonymously. I would have far prefered the faculty at Princeton to stand up, give the RIAA the finger and say "We're scientists. We do research and publish. If you don't like the fact that some of our guys cracked your methods, don't make them so weak".

Now the appearance is that university researchers *are* in fear of RIAA and the bizarre legal state of affairs that exists. After all, if Princeton can't/won't stand up to them, who will?

It's nice that the paper is out, and that, (presumably), they can now present it at the IHW conference without repercussions, but it still leaves a bad taste in my mouth.

proof the RIAA is stupid.

They addressed the letter wrong:


April 9, 2001

Professor Edward Felton
Department of Computer Science
Princeton University
Princeton, NY 08544

Dear Professor Felten,

(etc.)


Well, it's a good thing that they got the Zip code right. Last time I checked, Princeton University wasn't in NY. The RIAA can't even send threatening letters correctly.

I'm going to disagree for this instance

Colleges and Universities also have a time honored tradition of bending over for anyone who is or might be a contributor. If Princeton's development office has them on file as a donor, you'll be disappointed how quickly they'll act to shut up their own students and faculty.

Well...I don't know how true that is in general. But specifically regarding this case, from the FAQ (http://www.cs.princeton.edu/sip/sdmi/faq.html [princeton.edu]) on their webpage, they state that:

Fortunately, the DMCA did not apply to this challenge, since SDMI granted explicit permission to study their technologies. We are not sure whether it would have been legal to study these technologies outside the context of this challenge. We think the DMCA, by criminalizing some kinds of study of important technologies, represents an "ignorance is bliss" approach to technological copyright enforcement, which will not work in the long run. We lobbied against certain aspects of the DMCA while it was before Congress, and we still consider it to be a seriously flawed law. (my emphasis)


Above, we mentioned the important role of analysis in the design of security systems. The main problem with the DMCA is that it hinders this analysis, restricting it in order to provide an extra layer of legal protection for existing copyright systems. But this causes the scientific process to stagnate. Imagine a federal law making it illegal for anyone (including Consumer Reports) to purposefully cause an automobile collision. While this may be a well-intentioned attempt to stop road-rage, it also bans automobile crash-testing, ultimately leading to unsafe vehicles and the inability to learn how to make vehicles safe in general. The situation with the DMCA is analogous.

So this group of researchers lobbied against the DMCA. This would be the perfect opportunity for them to fight it. Seeing as how they've said that they disagree with the DMCA, it seems that it would be more likely for them NOT to fold under the RIAA's pressure.

Moller

The Verance Watermark

The thing that really sucks about the Verance watermark is that it is designed to survive lossy compression and analog copying. Of course, in order to do that, it has to be so obtrusive that you can hear it, despite the company's claims to the contrary.

According to this article [audiorevolution.com], recording engineer Tony Faulkner was able to spot the watermark 75% of the time on his first chance at hearing it. What does that tell you? That this stupid watermark is going to be something you will hear on every DVD-A disc you buy! Doesn't that suck?! Well, the recording companies don't care ... they just want to stop those Napster punks from stealing their content -- quality be damned!

Legal Action = Mirroring

Did anyone not save a copy of this document or download the Zip provided? Most wouldn't probably have cared much otherwise. I would have read it and moved on myself. Now how many copies of it are out there? When will these groups realize that as soon as they threaten legal action, it's both an incentive to make as many copies of the "infringing" documents as possible, and find out exactly what it is and how it works? If it's to be censored, it must a) work and b) be interesting. Probably never...they didn't learn it with DeCSS, nor with CP4Hack (The CyberPatrol URL list cracker,) nor now with this article.

Re:will this trigger them, as well?

That's funny. At my web design job I've been naming all my external stylesheets "de.css" also. Nobody at work knows what it means (I've tried to explain, but...), but they just go along with it anyways, even on projects I have nothing to do with. :-)

Re:Its their own fault...

As stated in my story, a copy of the paper is at: http://cryptome.org/sdmi-attack.htm

Happy mirroring :)

will this trigger them, as well?

I just downloaded the latest Mandrake install .iso

I mounted the iso image in loopback mode (mount -o loop ...) and did a find on the filesystem to see what the latest Mandrake has.

imagine my surprise when I found they had a copy of DE-CSS in there:

% find /mnt -print
/mnt
/mnt/autorun.inf
/mnt/COPYING
.
.
.
/mnt/tutorial/style/de.css
/mnt/VERSION

its the 2nd to last file in the distro.

sorry for blowing the whistle on you, Mandrake, but I'm just doing what my country wants; turning in my fellow man for the Greater Good.

--

Felten is amazing.

Edward Felten is amazing.

• This is the same guy that provided Boies with his technical ammunition in the Microsoft trial. It was while trying to prove that Felten's IE-remover program didn't work that Microsoft was devastatingly caught showing a faked video.
• Would you prefer this incident has been used as a First Amendment challenge on DMCA? Say by the ACLU? Back in January, baby!!! [aclu.org] (See page 15, or 8 by the document's own numbering.)
• And now, just to pour salt on the wounds, his group leaks the SDMI cracks anyway. I love it!

This guy is my hero! [princeton.edu] Looks so *innocent*, doesn't he? :-)

DMCA will protect the scholars, not SDMI

From the law his own self:

USS Code, Section 1201(g)(2):

Permissible acts of encryption research. - Notwithstanding the provisions of subsection (a)(1)(A), it is not a violation of that subsection for a person to circumvent a technological measure as applied to a copy, phonorecord, performance, or display of a published work in the course of an act of good faith encryption research if -

(A) the person lawfully obtained the encrypted copy, phonorecord, performance, or display of the published work;
(B) such act is necessary to conduct such encryption research;
(C) the person made a good faith effort to obtain authorization before the circumvention; and
(D) such act does not constitute infringement under this title or a violation of applicable law other than this section, including section 1030 of title 18 and those provisions of title 18 amended by the Computer Fraud and Abuse Act of 1986.

Let's see: the scholars recd the copy lawfully (they didn't infringe copyright to get it); their act was not just necessary for research, but was research itself; I am sure they are making a good faith effort, as is evidenced in the harrassing letter; I'll eat my hat if releasing their paper breaks any other laws.

That's 4 for 4.

But wait there's more:

1201(g)(3):

Factors in determining exemption. - In determining whether a person qualifies for the exemption under paragraph (2), the factors to be considered shall include -

(A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;
(B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; and
(C) whether the person provides the copyright owner of the work to which the technological measure is applied with notice of the findings and documentation of the research, and the time
when such notice is provided.

The scholars *are* disseminating the information to further encryption study; if they are not employed in the proper field, then no one is; clearly they have notice of the findings to the copyright holder, to wit the harrassing letter.

Conclusion: Those bastards don't have a leg to stand on.

I don't really understand...

How can watermarking be covered as a "device that effectively controls access to a work"? According to the text of the DMCA [loc.gov],

''(B) a technological measure 'effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

If a watermark qualifies as an effective access control measure, then I would think that by that logic, any player that doesn't check for watermarks would be considered an access circumvention device and therefore illegal. Or would they be legal because they have a commercially significant purpose? This is confusing.

Re:Legal Action = Mirroring

And the recording industry is particularly good at this. If it wasn't for the writeup a few years back (before Napster was a twinkle in Fanning's eye) in Wired where the RIAA had pulled a stormtrooper act on the few college kids who were trading MP3's, I and darn near the rest of the world probably never would have heard of them.

<humor>
I suspect that the recording industry and manufacturers of hard disks and removable media are laughing all the way to the bank, having negotiated in smoke filled rooms to share the profits while they play us all for fools buying 80GB disks and CDR drives with 100 spindles to store MP3's and legally challenged material like DeCSS, VirtualDub 1.3, TotalRecorder, ASFRecorder, the eFront ICQ logs (which I and about 1E6 others posted to Freenet). And now this.
</humor>

Excellent.

This is just the challenge the DMCA needs to be taken to the Supreme Court and repealed. With Princeton (=State of New Jersey? Is Princeton public?) footing the legal bill, they can afford to go all the way, and the with something so fucked up as this SDMI is bound to lose.

But then, I wouldn't be surprised if the SDMI people back down to make sure they don't lose their most valuable weapon in the fight against free speech.
---

Re:It would be nice

"It would be a shame if Princeton's legal dept tells the researchers to back down because they don't have a legal leg to stand on here."

The fact is, they DO have a legal leg to stand on here... The rights of "fair use" and "reverse engineering" were established by the courts over the years in many many, precedent setting cases (such as the Betamax case) as being from the Constitution. NO statutory law can "outrank" the Constitution, it's the higest law of the land, from which there is no option but to change it.

The DMCA has many MANY problems with the Constitution, and this threat towards these Princeton professors proves, it could have this little side effect of DESTROYING academia.

The unanimous voice vote "coup de etat" nature of the DMCA's passage is even more insidious. Congress, and Bill Clinton, in effect, conducted an illegal Constitutional Convention, in their roles in passing that law. The DMCA cannot be legal without a Constitutional Amendment.

Remember, there has yet been NO TEST of the Constitutionality of the DMCA. This didn't happen in the 2600 case, because it was presided over a conflicted judge (the so-called "judge" Kaplan) who did not hide for one second his contempt for both the defendants and their counsel.

And, he also had worked for a lawfirm that had DIRECTLY represented a plantiff before becoming a judge (Martin Garbus, lead attorney for 2600 and the EFF was EXCORIATED by Kaplan for previously working for a firm that had represented a company that was eventually BOUGHT by Time Warner.)

Kaplan refused to recuse himself, and ran a "show trial" with an illogical and indefensible verdict. But then, one only need have paid attention to the judge's behavior in the pre-trial to know that the verdict was a foregone conclusion. Kaplan ruled on the most narrow POSSIBLE interpretation of the DMCA, even ignoring the language in the DMCA itself which would seem to make reverse-engineering CSS for the purpose of creating a Linux DVD player perfectly legal.

"Hell, even if they didn't have a legal leg to stand on it would still be fun to watch SDMI go after several professors at Princeton. High visibility and bad publicity for SDMI. I'd pay to watch those court proceedings."

I would think that the MPAA/RIAA/SDMI cartels et all, would be very hesitant to go forward with such a case. 2600 was an easy target because it was VERY easy to spin them off as "anarchistic hackers". Princeton professors will be a lot harder to mount a slander campaign against. It's a sad indictment of the US legal system that not all defendants are equal before the eyes of the law.

What the IP cartel is doing right now is trying to win by intimidation, threat, and extortion what it probably can't win in a courtroom (as it's certain that all or at least MOST of the DMCA would be struck down or at the very least, limited by the courts). They are hoping that either the authors of the paper will back down, or else Princeton will back them down.

If I were the author of the paper, I'd be considering pulling an "Infineon" on the IP cartel: What they are doing right now (using threat, intimidation, and extortion) kinda smacks as illegal under the RICO laws doesn't it?

Re:I don't really understand...

"If a watermark qualifies as an effective access control measure, then I would think that by that logic, any player that doesn't check for watermarks would be considered an access circumvention device and therefore illegal. Or would they be legal because they have a commercially significant purpose? This is confusing."

You may be right in saying that you COULD by narrow interpretation, claim that a player that ignores watermark would be a "circumvention" device.

Certainly, that's what the MPAA/RIAA et all would say. Probably the only thing that may keep that from flying is the sheer number of non-wartermark players there are out there. Ruling them all illegal would create a VERY public upheaval that even our sheep-like media would not be able to ignore.

My opinion on this is: The RIAA/MPAA will push and push SDMI to try to replace MP3 (a futile crusade, but they don't seem to get it). Once they get a lot of watermark sensitive players out there, to the point they are more common than the non-watermark players, THEN they might be able to pull off litigation on that point.

The kicker though, is that I just don't see SDMI or any other restrictive format replacing MP3 as the "defacto standard" audio format. Are some of them better than MP3? Sure, but not ONE of them is completely non-controlled like MP3 is. The next MP3 will be just as uncontrolled as MP3 or else it will fail.

Also, the RIAA labels have no interest in even seeing SDMI succeed. They don't want to sell music as digital audio files instead of physical media. They have the MOST vested interest in seeing to it that ANY such initiative fails. If recordings start becoming distributed by audio files via the Internet, instead of physical media, even IF it's SDMI, they lose control over the artists.

Re:Degraded audio quality

"Keep in mind that the highest note on a piano is somewhere near 4 kHz; so even though the "robust" component of the watermark may be audible, it will most likely only slightly alter the timbre of sounds in the average song (and so will probably only be heard by musicians and extreme audiophiles)"

Which is why watermarking is a doomed technology. The FIRST adopters of any new audio technology are the musicians and audiophiles. Why? For one thing, brand new technology is almost ALWAYS very expensive at first, and the true devotees are the only ones that will run right out and get it, because it's the best, right?

Well, as you and others have demonstrated, SDMI "watermarking" makes for audio quality that is INFERIOR to current media. The audiophiles will NOT run out and buy it, which will drasticaly slow if not STOP it's acceptance as a replacement for CD. It's the early adopters who subsidize the mass production that ends up lowering the costs for the "rest of us" when we start buying into it.

The only way SDMI will ever make it is if the RIAA, et all, subsidize it, ie, make the players CHEAPER than what is out there now. I don't see that happening, as it would cost them BILLIONS to do this.

Re:SDMI are loosers

I think you make some very excellent points! Well done.

"Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key."

Which is why any such scheme that has to rely on "security by obscurity" will fail. Any consumer-level product will end up being broken, simply because it CANNOT change to make it incompatible with any breaks.

Simply put, any replacement of the audio CD will fail if the consumer is forced to replace ALL of his players and/or media every few months to a year because of SDMI "improvements" in response to breaks. Audio and video media MUST be ubiquitous to succeed.

The ultimate piracy prevention is to charge reasonable prices for the product, which is something the RIAA and MPAA are completely unwilling to do. Which is why they are wasting MILLIONS of dollars on doomed protection schemes, for the sole purpose of the ability to FORCE the market to bear whatever price they choose to set, by preventing piracy.

The RIAA and MPAA are charging many MANY times the cost of their product for the product.

I do NOT endorse piracy, but I do recognize that it does serve a legitimate purpose in giving the IP companies incentive to keep the prices reasobable.

Are we really surprised?

Nobody issues a challenge like that if they expect their precious standard to be broken. Oops. Now they're pissed. I didn't realize two year olds were allowed to run corporations.

SDMI are loosers

The SDMI effort has been pretty disorganized and chaotic from start to finish. I was at an SDMI conference in 1999 where the premise was that the scheme had to ship for Xmas 1999. Needless to say they missed.

The whole premise of SDMI is pretty funky, the idea is that the device manufacturers will spike their devices to protect the interests of the labels. This is a pretty forlorn hope since the consumer electronics companies bought up content companies to help them sell hardware. Sony and Philips have content divisions but they play thrid or fourth fiddle to the consumer electronics divisions.

For SDMI to succeed there must be no way to get a non SDMI player. That ain't going to happen. The other premise is that there must either be no way to rip a CD - a futile effort in itself or no more material will be released on CD.

The alleged rip protection for CDs on the street at the moment make use of widespread bugs in CDROM device drivers. An audio CD player that encounters an error makes a best effort attempt to continue. A CDROM driver will in many cases report an error and stop. This can be fixed by simply patching the driver to emulate CD Audio players - a process that was already in progress since users were complaining about lack of robustness when playing CDs.

Meanwhile the sales of CDs have actually started to decline for the first time ever. I suspect that this is not just the result of Napster. I suspect that the ultra aggressive tactics of the labels have discouraged many purchases.

I have no sympathy for the crooks running Napster, the idea you can build a billion dollar business helping people rip off everyone else in the music business is one extreeme of the debate. The other is the equally greed RIAA and DVD crew who want to use digital technology that is not up to the task to massively increase their profits. I have sat through presentations from DRM companies who claim that they will not only protect content, they will make higher profits possible through product placement, advertising, co-marketting and extortionate pay per view charges.

Between these poles I think that there is a rational middle ground. The type of rights enforcement technology the RIAA is insisting upon cannot work, as with DeCSS every player has to have the secret key.

I think that a digital download format with a watermark could work. But the detection software would have to be closely held and used only to identify individuals who were ripping lots of tracks and putting them onto the Internet. Their access to the download service would be cut off. Such a scheme would probably be as good a limit on piracy as can be obtained. There would be minimal incentive to break the watermark scheme since it would not prevent a person from listening to the pirate tracks, merely discouraging the piracy. The attackers could not know in any case whether their de-watermarking technology had succeeded. The distributors could deploy new schemes without prior notice.

DMCA

I was under the impression that "encryption research" was specifically excepted under the DMCA anti-circumvention clause. Does this letter take that into account? I would love to see this go to court, even though today's (apparently bought and paid for [salon.com]) federal courts give me little reason for optimism.

Why stick your finger in it?

Why bother dealing with these people? They have trouble understanding that the price of content goes down as distribution costs go down. They are fighting a losing battle against companies that do understand economics. The content that gets distributed with fewer restrictions at lower production costs will win out over high-priced content from a bunch of media czars and over-the-hill writers, composers, and pop stars.

They also seem to have trouble understanding that watermarking is not technically feasible. It won't take some really smart guys from Princeton to break this or future systems. Given Chiariglione's inelegant and messy technical track record [mpeg.org], I doubt they are going to get a technical clue any time soon either.

Let them add poor watermarks to poor content and create players with all sorts of limitations. In the long run, it's only going to hurt their business. Dealing with these people is a waste of time in my opinion.