[linux-elitists] more for Marti's hagiography

Eugene.Leitl@lrz.uni-muenchen.de Eugene.Leitl@lrz.uni-muenchen.de
Fri Dec 1 04:57:32 PST 2000


Digital Music Safeguard May Need

Charles Seife

A hacker-professor says he and his graduate students have cracked the
four leading methods proposed for thwarting audio pirates. Ed Felten,
a computer scientist at Princeton University, says his achievement
shows that so-called digital watermarks--identifying signals hidden
inside streams of digital data--cannot protect music from illegal
copying. But the music industry begs to disagree.

The charges and countercharges center on a competition sponsored by
the Secure Digital Music Initiative (SDMI), a forum of music,
technology, and electronics companies that is designing a method to
thwart illegal copying of audio files. SDMI champions a protection
scheme analogous to the ghostly image of Andrew Jackson that appears
next to the Treasury department seal when you hold a new $20 bill up
to the light. "A device can scan for a watermark, detect the
watermark, and make a decision based upon whether the watermark is
there," says Scott Craver, a graduate student and computer scientist
at Princeton. For instance, the watermark might indicate that an audio
file may be copied only once, or not at all--orders that audio players
and recorders would be constructed to obey. But such instructions
would be moot if hackers could wash off the watermark at will.

SDMI's quest for a secure digital watermark went public in September,
when the consortium posted four proposed watermarking schemes and two
supplementary technologies on one of its Web sites
(www.hacksdmi.org). An accompanying letter offered $10,000 to anyone
who could hack any of the security schemes within 3 weeks. "Attack the
proposed technologies," read the letter. "Crack them."

Many computer-security experts flatly refused. Don Marti, the
technology editor of Linux Journal, arguing that SDMI's scheme is a
unilateral attempt by the music industry to recast intellectual
property rights in its favor, called for a boycott of the HackSDMI
effort. "I wanted to call people's attention to the legal rights SDMI
is planning to take away," Marti says. Others dismissed the
competition as a waste of time. "Challenges and contests are stupid
ways of assessing security," says Bruce Schneier, chief technology
officer of Counterpane Internet Security in San Jose, California. "If
I challenge people to break into my house and it's not robbed in a
week, can I conclude that my house is secure? It's bizarre." Craver
agrees: "A 3-week challenge could not be taken seriously in the
cryptographic community." Nevertheless, Felten, Craver, and others
ignored the boycott and attacked the watermarks.

Last week, Felten and Craver's team declared that it had defeated all
four watermarking schemes. "Basically, for each of the technologies,
we figured out where in the signal each watermark was put and then
washed it out," Felten says. "For instance, if it's all stored in a
narrow frequency band, you can add a bit of noise in that frequency
band." Felten claims that removing the watermarks didn't damage the
quality of the music. The SDMI consortium agreed that Felten's sample
had no watermark and sounded just fine, at least in a preliminary

The result proves that "watermarking technology is not mature enough
to do what SDMI wants it to do," Felten says. But SDMI isn't
convinced. "The word we received was that all 153 attacks have failed
to meet the criteria," says David Leibowitz, chair of San Diego-based
Verance, which provided one of the four watermarking schemes. SDMI
officials say the Princeton team did not submit technical information
showing that it had devised a general strategy for defeating
watermarks. As Leonardo Chiariglione, SDMI's executive director,
explains, "If every bit of new music is a new challenge, if
repeatability is not guaranteed, it is not considered a successful

Some experts, though, see Felten's attack as a confirmation that
copy-protection schemes will never deter any but the most inept
would-be pirate. "Digital bits can be copied; it's the natural way,
and any procedure that tries to go against the tide will fail,"
Schneier says. "Watermarks can't possibly work. Copy protection can't
possibly work. Get over it. Accept the inevitable, and figure out how
to make money anyway."

More information about the linux-elitists mailing list