The watermark war gets ugly

Suppose you became aware of a problem that was costing people millions of dollars without their knowledge. But just before you were about to present your findings at an international conference, you were threatened with a lawsuit by a consortium of large, self-interested companies.

Suppose you became aware of a problem that was costing people millions of dollars without their knowledge. But just before you were about to present your findings at an international conference that had accepted your paper, you were threatened with a lawsuit by a consortium of large, self-interested companies and compelled to withhold your report.

You may think, “That couldn’t happen! Americans demand intellectual freedom!” But something like that has just happened, and it strikes at the heart of the computer industry.

I’m referring, of course, to a squelched scientific presentation at the Fourth International Information Hiding Workshop, a respected security conference that was held on April 26.

Researchers from Princeton and Rice Universities and the Xerox Palo Alto Research Center (PARC) pre-announced they had broken all four copy protection methods called the “SDMI Public Challenge”. But on the morning of the conference the authors withdrew their paper. The Recording Industry Association of America (RIAA) — the giant record labels that fund the Secure Digital Music Initiative — had sent letters threatening lawsuits against the authors, their employers and the conference sponsors (a good overview of the situation is available here).

I was surprised the pre-announcement was fairly big news but the quashing of the report was barely covered, even though this action directly threatens the growth and innovation of the high-tech industry. Many people in the computer and consumer-electronics fields deeply desire a secure way to distribute digital information.

At the core of several nations’ copyright laws is a balance between the right of the owner and the right of “fair use”, especially the right of not-for-profit and educational institutions to make limited copies.

When someone visits a library and makes a Xerox copy of a chapter in Windows Me Secrets, am I outraged? Of course not. The library paid for the book and the visitor wouldn’t have bought the entire book just to get one chapter. The market was expanded for all concerned.

This is exactly the kind of “fair use” that the RIAA is now bludgeoning scientists to prevent.

This has nothing to do with Napster, which is accused of wholesale copying. Instead, it has everything to do with the public challenge that new technologies should be subjected to before investors mobilise their millions and consumers cough up their cash.

The academics who broke SDMI’s inaudible digital signature, or “watermarking”, technology in no way developed a program that would allow teenagers to steal CDs. Instead, they reportedly determined that, “No public watermarking scheme intended to thwart copying will succeed”. I believe it is this unmasking of the futility of SDMI — rather than the revelation of some secret decoder ring — that panicked the RIAA.

A basic understanding of SDMI will help us understand why this is so. Audio files are playable in a variety of devices: computers, car stereos, portable players, and so on. Future SDMI-compliant devices will supposedly be designed to play exact copies of SDMI-encoded audio files, but not compressed copies (for example, MP3 files).

Let’s look at the “Three Rules of an SDMI Device”.

  • An SDMI device must play any non-SDMI CD, because older CDs have no watermark
  • An SDMI device must play any newer audio track that contains an SDMI watermark
  • If an SDMI-encoded audio track is compressed, an SDMI device must detect the distorted watermark and refuse to play.
Because old CDs must play in an SDMI device (or no one would buy one), a hacker need not decode a digital signature, which would be extremely difficult. Instead, a hacker need only alter a song’s watermark so an SDMI device can’t detect that one is there.

Creating software to do this is trivial. SDMI could simply concede that its encoder has no clothes. Instead, the five conglomerates that largely fund the RIAA (which controls 90% of the music sold in the US) decided to declare war on the computer industry and its need for free, scientific inquiry into proposed digital-security standards.

I support freedom of speech and thought and I support RIAA’s right to write letters. But make no mistake: when multibillion-dollar goliaths threaten to sue professors and colleges, it’s an act of unmitigated evil that civilised people everywhere should scorn. The RIAA’s repressive strategy would best be abandoned in favour of win-win music-sharing technologies, such as MusicMatch.com’s new, $US4.95-per-month Radio MX. And computer pros, who stand to lose the most, should join public-minded groups such as the Electronic Frontier Foundation. With a little effort, we can beat the intellectual poverty of the RIAA.

Brian Livingston’s latest book is Windows Me Secrets (IDG Books). Send tips to brian_livingston@infoworld.com.

Join the newsletter!

Error: Please check your email address.

More about Electronic Frontier FoundationIDGIDG BooksLivingstonNapsterRecording Industry Association of AmericaSecure Digital Music InitiativeXerox

Show Comments

Market Place

[]