Encrypting Digital Music With Multiple Keys 306
Orne writes: "The New York Times has an article about mathematicians at Brown who have patented a new music encryption system that is based on cycling encryption keys. '... a typical three-minute song could be scrambled into 180 different codes; anyone taking the time to break a single code would be rewarded with only one second of music.'" I'm not going to try to parse the math behind it, but advances like this are why I advocate laws to protect fair use of copyrighted materials -- sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?
Re:Tamper proof hardware? (Score:1)
Believe me. I'm ex-military.
Re:I thought we LIKED this? (Score:1)
then where will we be? (Score:1)
I've always been amazed by these encryption approaches. They are useless. To play audio on your PC, the audio is eventually sent to the audio hardware. So what prevents me from writting a driver that pretends to be a audio hardware device, which records the audio to a file instead?
In any case, at the end of the day, the audio has to get to your ears. Instead of ears, a microphone works pretty well too.
In other words, it will always be possible to make copies of music. Until we have decryption implanted in our brains.
Breace.
Re:I thought we LIKED this? (Score:1)
Re:Where we usually are. (Score:1)
Eh? DAT is all digital -- just like a QIC-80 -- it was competition to the CD and casette (except it is linear, unlike CDs). Maybe I missed your point, sorry.
>now we have a satisfactory, if not perfect, technology.
CD Deck -- $150
DVD Deck (complete with lameass encoding scheme) -- $300
SuperHeavyEncrypted Audio Player -- $??? (I guess $600)
Just look at the first thing people look at in the stores today, Price! Unless this new tech is the same price or less than a CD Player, I think It'll be dead before it gets off the ground.
DVD has taken a little less than a decade to break 10% acceptance. Why? Even now it still costs thrice as much as a cheap VCR. When it came out it cost 10x or more! DVD still has a long way to go, maybe another 10 years, before it begins to eat into VCR sales.
Heck, even CD Players took 10 years to be a hit. Again, the price was too high (even the old, "crappy" sounding decks were good enough for the average man, so sound quality wasn't the problem).
I guess if the record companies want to eat the price of the player, they MIGHT be able to break into the market. But they will have to eat the price for a long time.
I suppose they could stop selling casettes and CDs, but that will only cause bootlegging from the radio (which is protected by law) to skyrocket to unfathomable proportions.
Who knows, maybe the entire world will become rich (but wait a minute -- if we are all rich, then aren't we all poor? You need a base to compare against...
Why many short keys? (Score:1)
It would never work... (Score:1)
Re:It would never work... (Score:1)
NTRU have No Clue. (Score:1)
--
Way around (Score:1)
This means even if Big Brother Records Inc. would require me to use special device attached to computer, that decodes music according to my fingerprints, sound output would still go to my soundcard. So if I go out and buy loopback cable for as much as $5, then connect audio output to audio input on my full-duplex soundcard and run audio recorder program in parallel with whatever decrypting program they use I still would record the song, encode it into normal MP3 and save it on a Zip disk to listen to it at work. There is no way they could stop me.
Re:Use licensing is garbage (Score:1)
It's the sad truth.
If it ain't broke, fix it 'til it is!
Re:Digital speakers will solve that (Score:1)
I was just remembering that old Metallica song-
whoops! time to cut Lars another check!
If it ain't broke, fix it 'til it is!
Re:Encrypted Hardware (Score:1)
If it ain't broke, fix it 'til it is!
Re:The first step is denial... (Score:1)
If it ain't broke, fix it 'til it is!
Re:The first step is denial... (Score:1)
Now, i was never really much of a Nirvanna fan, but doesn't it seem like it all ended, folded up and went away when Kurt Cobain blew his brains out? I mean, pop music was rock n roll back then, now, it's different, it's sort of this weird r&b/rappy/dancie/gap commercial stuff. Was Kurt Cobain really that important? What the hell happened?
The fact is, the musical landscape is dominated by four corporate giants, and the indies are there, but they're such minor players in the distribution and promotion infrastructure, that anything outside the money-making "formula" is lost. It's a LOT harder now to find good stuff than it was 5-7 years ago.
I also believe that socially, there has been a mass-rejection of nonconformist music among kids who were shocked at the whole black-trenchcoat scene when Columbine went down. It's a backlash against the Primus/Marylin Manson/Ministry set. (hm - if I listen to n'synch, and don't wear black, people wont think I'm a freak and am going to kill them).
If it ain't broke, fix it 'til it is!
Re:Could this ever work in practice? (Score:1)
But the cost of distribution has little to do with media costs nowdays. A lot of a CD's $18.99 list price is pure profit.
Today, I read a Washington Post article [washingtonpost.com] on the adult movie business and was struck by the following set of statements:
"Adult movie suppliers such as the Hot Network and New Frontier Media also make their products available to satellite and cable TV companies on a generous basis. When it comes to a typical Hollywood movie, a cable or satellite company usually keeps only 45 percent of the $3 to $4 fee paid by a subscriber. In the case of adult movies, however, cable and satellite companies keep up to 80 percent of a subscriber's pay-per-view fee. Those lopsided deals are possible in part because it costs relatively little to produce an adult film--$30,000 to $40,000--compared with $75 million for the average mainstream film.
Those savings are not passed on the customer, however. Instead, AT&T and Starpower charge as much as $7.95 for each adult movie, about double the price of a Hollywood blockbuster on a pay-per-view channel."
Media companies rarely "pass the savings on to you."
Re:Where well be (Score:1)
This is not the same as a security system on the house. Once I break into your house, I can not copy the entire inside of your house and share it with everyone in the world.
Re:Where well be (Score:1)
Re:Where well be (Score:1)
Re:Does anyone else see the humor in this? (Score:1)
How does this prevent duplication (Score:1)
Rewarded with only one second of music? (Score:1)
Re:This is just the beginning (Score:2)
Example: Take a picture off a site with a watermark. It is in GIF format. Recompress with JPEG at full quality. There watermark is still there, but not in original condition. Any bit for bit information is lost in the watermark. Same thing applies towards audio. Take this sound with a watermark. Run it through a lossy compression routine (such as MP3) and your watermark becomes distorted.
Without the Signup (Score:2)
THE ARTICLE [nytimes.com]
Re:Encrypted Hardware (Score:2)
Which is exactly what the FCC is doing with digital TV. If current plans hold up, after 2006, you will have to throw out your old TVs/VCRs, or buy a converter box so your old TV will still work (but it won't do half of what those brand new TVs at Circuit City will do). And I have no idea what sort of crypto/access control/whatever the MPAA is going to demand on digital broadcasts...
OK, it's a bit of a stretch from TVs to CD players, but they're already talking about digital radio standards, too (and just imagine what those'll look like after the RIAA gets through with them). So never say never...
Eric
--
Er, unless I'm thinking of someone else (Score:2)
--
Re:Where well be (Score:2)
Or, even better: intercept (either in software or in hardware) the actual cleartext digital stream going to your dsp. Convert to CDDA, rinse, repeat.
Repeat after me: digital media cannot be copy protected! Write this out 5,000,000 times, or, better yet, just use copy and paste :-).
--
"How many six year olds does it take to design software?"
Re:This is just the beginning (Score:2)
As a virulent opponent of copy protection systems in any form (because they are childish), it's important to point out that watermarking does have a place in the digital universe. But it's a role very different from the one the media corporations have been feeding you.
In the future, where everything that already exists is copyable thanks to matter replicators or buckets full of programmable nanobots, there will still be a need to create new things that don't exist. There will still be a need for artists.
So, if you want something new created, how do you know which artist to approach? By their reputation. Presumably you'd examine other objects that are close to what you want, then talk to the artist who created them. But how would you know that the person you're talking to is the true creator, not an impostor? By examining the watermark embedded in the work.
Note the subtle distinction here: Media corporations want to use watermarks to uniquely identify each copy. In my proposal, the watermarks identify the designer of the original pattern for the copy. The reason this is important is because, whether you like it or not, there will be bazillions of copies out there. Any one of those copies may find their way into the hands of someone who wants to know more about where it came from. Being pointed at the original artist is considerably more useful than pointing at the guy who obtained that copy.
Schwab
the operative phrase being.... (Score:2)
I'd like to see THAT.
Re:BFD. (Score:2)
It's a *simple* concept, and i keep wondering why people have such difficulty with it: If the media can be used at all, it's content can be duplicated.
Double wrong. (Score:2)
40 bit key = 2^40 trial guesses.
Two 40 bit keys = 2 * 2^40 guesses = 2^41 guesses.
One 80 bit key = 2^80 guesses.
With an 80 bit key, you have to get the whole key right to see if you've gotten it. You may guess the first half right, but not know because you didn't guess the second half right.
Now, if you encrypt something with one 40-bit key, and then encrypt that whole thing again with another 40-bit key, THAT takes 80 bits of work. But encrypting two different chunks of data with two different keys creates only double the work (add one bit).
unproven (Score:2)
In any case, on the legal front, you may notice that this was a little submarine patent, with an original application having been dormant since 1996, incorporated into this patent.
And, as usual, the NYT article seems to imply that any use of music other than by the purchaser on the original device is "infringing", which, of course, it is not. But that point has been made again and again; Lessig's book "Code Rules" is a must read. At least, we can still copy the content using analog means, like we always could. And whether consumers will go for this kind of system remains an open question--it has a lot of unpleasant practical restrictions even for completely non-infringing use.
Wrong on one point (Score:2)
Wrong. They will buy it. Here is why...
The record companies are in control of the mainstream market. They set the prices. "So what?" you think. Well, imagine this: You go to the music store, and there's a Metallica CD for $20. And there's also an SDMI copy-protected version of the same music for $10.
After seeing that a few times, Joe Schmoe is going to want an SDMI player. So he buys one, and now all he ever buys is SDMI music, and then millions of people are doing it. A couple years later, and the unprotected audio CD is about as rare as an HTML page that can be read by Mosaic.
Copy-protected music will sell if the companies are able to keep control of the market.
---
Re:Digital speakers will solve that (Score:2)
Sure, you'll lose some quality, but faced with a choice between a format that they have no control over, or a slightly lower quality format that they control completely, I think I know which way most people will go...
Cheers,
Tim
Re:Unrippable media (Score:2)
You can encrypt the signal right up to the point where it has to become compressions and rarefactions of air; at that point, nothing can stop it from being ripped to another medium.
If I can hear something (or see it), I can copy it, one way or another. I may well lose some quality, but then mp3s are lossy, and it doesn't seem to have hurt their popularity at all.
Cheers,
Tim
Re:Watermarking (Score:2)
Of course, if the copies could be traced back to you it would make distributing them riskier, perhaps to the degree where almost no-one would take the risk. It would only be a matter of time before someone figured out how to remove the watermark from the copy though, then we'd all be back to square one.
Cheers,
Tim
Re:Where well be (Score:2)
just take audio out from your computer, use a double male line to the audio in port,
No need to. Just use the vsound hack [zip.com.au] to save it digitally.
Copy protecting data doesn't work. (OK, it might work against AOL users.) The reason: it is enough if one person can copy it and puts it onto FreeNet or Napster.
Why can at least one person copy it?
To make it accessible, the program needs to decrypt it. To decrypt it, the program needs to know the key. To know the key, it must be built into the program (as in the case of DeCSS) or transmitted over the net.
And who would buy anything knowing that the RIAA knows his/her identity and how often he/she listens to the music?
But in the UK (Score:2)
Re:Music is no longer an art! (Score:2)
I hope this trend of millionaire "artists" dies away when they alienate all their fans from their music through their constant search for "better protection for their IP" instead of doing what they set out to do in the first place - create art!
Where do you think the term "royalties" comes from?
In days gone by, great composers were in the employ of the royalty; they did indeed garner "superstar" style lives -- but the times were different then.
Mozart, Beethoven and Tchaikovsky were very well paid for their work... modern day artists don't have royalty to bestow boons on them, so the system doesn't work exactly the same way - but it's very similar.
Simon
looking at it the wrong way... (Score:2)
Re:Where well be? Still screwed... Watermarking (Score:2)
Not really... (Score:2)
I would almost be inclined to guess that these guys are intentionally putting the "Copyright protection" spin on the system for monetary reasons. Everybody knows that the content industries are willing to cover in gold anybody who can give them the instruments the they need to keep and solidify their control of our lives. Since these guys are obviously not in it for altruistic reasons (software patent and all), I would guess this has to do with selective marketing at the most desperate and stupid customer.
However, what the *AAs fail to see is that this is not a question of mathematics, but one of logic. I cannot listen to a song and not have access to the information - at least not until the install a chip in my brain. No new cipher is ever going to change that.
As to Michael's comment, laws to try to ensure that technology doesn't infringe on fair use are just as ridiculous as laws that try to make sure that it does (aka DMCA). Are we going to start forcing people to decrypt information under certain conditions? Put laws on how software media players can be designed? Mandate that people reveal their code even if they don't want to? I don't care about the intentions, that is not a mandate I want to give the government.
The fact is that the system proposed, like every other such systems, relies of closed hardware and software keeping you from having control of your own computer to work. And the vote against that is not something that we should do politically, it is something we should do capitalisticly. Listen to what Stallman has to say about why Free software is an issue of consumer freedom and democracy, and stop inviting corporate controlled judasware into your house.
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Re:This is quite likely not a big deal...(nitpick) (Score:2)
Actually, it's worse than that. Consider a piece of music with the first half encrypted with a 40 bit key, and the second half with another 40 bit key. It's not the same as one 80 bit key, because each half can be decrypted separately. It's more like a 41 bit key.
-Dave Turner.
Re:Tamper proof hardware? (Score:2)
Yeah, it might not be great with my Shure SM57 and Labtec computer speakers, but someone will get high-quality speakers and microphones, and build a sound-insulating box around the whole thing, record it and bam! that "secure music" is now zooming around in MP3 format on the web. The speaker-to-microphone degradation would be lost in the degradation you get in MP3 compression.
Anyway, its unlikely that truly "tamperproof" speaker enclosures could be make for the consumer market in a cost-effective manner, so all I have to do is break open the box and put my D/A converter probes in the speaker terminals; degradation there would be miniscule.
Copy protection doesn't work. Never has, never will.
Cryptography (Score:2)
Any security system which puts trust in a fundamentally untrusted client, is flawed.
So...How would encrypting the stupid MP3 180 times, as opposed to 1 time, help prevent against the user just copying the MP3 to their friend? ("Hey, if we make our boat hull out of two foot thick lead it will never be punctured! We'll never sink! Yay!")
Encrypted end to end could break this (Score:2)
tangent - art and creation are a higher purpose
Re:They KNOW their crypto sucks, that's not the po (Score:2)
So? If you're smart, you crack it quietly, and rather than bragging 'bout how 3733+ you are, you just walk into an Internet cafe 500 miles from your home town, wearing a disguise, and then you upload it anonym00zely to Sealand or some other data haven. Then you go home and get wildly drunk and laugh like a maniac while RIAA tries to stuff the genie back in the bottle.
> Cryptography kicks ass, but not when it's used to strip people's rights away.
s/"but not..."//g.
Cryptography kicks ass. End of sentence.
Yes, I realize what you're getting at in the context of your original post, but with the encryption system being discussed, crypto isn't being used to strip us of our rights; our rights have already been stripped by DMCA.
In such an environment (i.e., a cryptographically-weak system intended to be cracked in order to expose the cracker to DMCA charges), crypto is what you use to forcibly reclaim said rights after DMCA has stripped them.
Or as I said earlier: "Cryptography kicks ass".
Re:Where well be (Score:2)
This is bad cryptography! (Score:2)
This must be the absolute stupidest cryptographic idea I have ever, in my entire life, heard of. Seeing as how they're mathematicians at an Ivy League university and they've apparently actually presented a paper at a major cryptographic conference on this protocol, one would think that the people who came up with this would know more about crypto than I do. Just looking at how this works, though, I'm really not so sure...
For those who don't know, the basic idea behind cryptography is that there are some mathematical functions that scale linearly in complexity when run forwards (i.e. multiplying large numbers, generating elliptic curves) but scale exponentially when run backwards (respectively, factoring very large numbers and finding integral algebras from a given elliptic curve). In other words, multiplying two 20-bit numbers together to generate a 40-bit key only takes twice as long as multiplying two 10-bit numbers together to generate a 20-bit key; but factoring the 40-bit key takes 2^20=1 million times longer. (This is an oversimplification both of how real cryptographic algorithms work and of how multiplication in a computer scales with complexity, but close enough.) The point is, a cryptographic cipher is only a cipher when it takes longer to undo it than it took to do it.
If you've been following me so far, then you ought to be realizing why the idea of encrypting each second of music seperately is so blindingly dumb. If you encrypt each second of a 3 minute song with a different key, then you have a cipher which takes 180 times as long to crack and 180 times as long to decrypt properly; in other words, it takes just as long to do it as to undo it (as far as the each-second-independently thing goes; obviously there is also some real cryptography going on here, but these guys didn't invent that). By the most basic definition of cryptography--an imbalence in forwards complexity vs. backwards complexity--this is not cryptography.
Another way to look at it is this: over the course of an entire 74 minute CD's-worth of music, this approach only makes the music 4440 times harder to crack. One might think this is about as good as adding 12 bits to the key length (2^12=4096), albeit at a much higher cost to decryption time than, well, just adding 12 bits to the key length. In fact, that's not even the case, because adding 12 bits to the key length not only means the calculations to crack it take about 4440 times as long, but that they require 4440 times as much memory; obviously that is not the case when all 4440 encryptions can be cracked seperately.
But to get a real idea of how ass-backwards this scheme is, it helps to know a little about how real ciphers work. In any modern cipher, the work is split up into several smaller algorithms called rounds; this is done to keep down memory requirements, keep all the numbers involved small enough to fit in the registers of the machine doing the decryption (often commodity 8-bit chips), and keep cryptanalysis simpler so one can be reasonably sure a new attack won't surface after the cipher has gone into use. The reason the many-rounds approach is (theoretically) as secure as the discredited all-in-one-big-round approach is based on the assumption that the attacker has no way of knowing what the intermediate results of each round are.
In fact, perhaps the most powerful type of attack on a cryptographic implementation, known as "side-channel attacks", happens when the attacker is somehow able to guess at some of this intermediate information. Luckily, this is usually quite difficult to do (although with some early smart cards all it took was an oscilliscope) and doesn't yield complete information. And that's why this new multiple key idea is so outrageously bad. It's essentially like doing all the work of a very powerful, many-rounds cipher (i.e. one "round" per second), but yielding up complete side-channel information for every round! This is like a very powerful cipher which has already done 99.9999% of the cracking for you!!
In conclusion, this is just stupid, stupid, stupid, stupid, stupid.
And furthermore, it's completely unnecessary. Even a 20 year-old, 56-bit cipher like DES is good enough to take a modern computer a good long while to brute-force; it took a special purpose machine plus a supercomputer almost a day to do it in the last DES challenge, and they got lucky. Plain old obsolete vanilla DES would be more than secure enough to make it worth anyone's while to pay a dollar or two for the song instead of cracking it. Or to get it via Napster/scour/iMesh/Gnutella/FTP/CuteMX/universit
That is, I'd say the significance of this is approximately zero.
Course, I could be wrong. Comments welcome if I am...
So what? You only RSA your session key. (Score:2)
But, you never encrypt real data with RSA. It's slow and stupid. You use RSA to encrypt a session key and then encrypt the data with THAT key. If it's 100 times faster; that only means that it's 100x faster at something that already takes a fraction of a second (250ms on a P2-450). This is important for SSL or some other server which has to authenticate a large number of sessions. The average user won't need to authenticate more than a few sessions an hour.
Being 100x faster might have uses as a smartcard, but I don't immediately see a place where that would actually improve security, compared to current offerings. (If someone steals your smartcard that contains your private keys, you're just as screwed as if it was a plain old credit card.)
Also, RSA has withstood a 20 year test, unlike this new system. It has been standardized into almost every public cryptosystem alive, only the most pressing of reasons could force it out of that hegemony. Finally, RSA is about to leave patent production (3 months).
Who would want to ignore the time-proven RSA to risk an almost brand new cryptosystem. As Bruce Schiener said: There's no money in selling cyphers anymore. (And that goes double as RSA is about to leave patent protection.)
This company seems more interested in offering a product (music encryption) and selling it to management more than selling their cryptosystem. Why not just use standard techniques. Conceptually, they're just PGP'ing the music, why not do that literally?
Re:Where well be (Score:2)
I'm thinking about putting the Mona Lisa in my living room. Except instead of buying it, I'm going to make a photocopy of it and put the copy on my wall.
Yes, as long as we can listen to music there will be no way to prevent it from being copied or heard by others. But that's hardly the same place we are now. I don't think you can claim to have bypassed the encryption scheme; you are taking an existing file and creating a new file (with a quality loss of factor X). This sort of copying scares the RIAA far less than MP3 filesharing. It's analogous to copying to analog tape in that there is (significant) quality loss. MP3s sound bad enough as it is without introducing such a large loss of quality.
If the RIAA could implement the sort of encryption algorithm that is discussed, and be assured that the only copying done is by the method you described, they would do it in a second.
Re:I thought we LIKED this? (Score:2)
The idea of controlling information is just wrong. It doesn't matter how good the system is, by defenition it has to mean that you are infringing on the freedom of viewer and somehow controlling his actions. You may LIKE that, but I sure as hell don't.
Ohhhh ok, so it's alright for our software to be protected from misuse under the GPL, but it's not alright for a musician to protect his or her music using technological means? Just because CSS was and is misused to control where you can view a DVD doesn't mean the technology itself is wrong. I don't think any of us should have a problem with someone who creates something being able to profit from it. I imagine we ALL object to the RIAA profitting from someone elses work though. And of course, if they hijack the tech and try to use it to further control the distribution of music they did not create then it will be a Bad Thing(tm), but if this becomes a tool for musicians to use to protect their work from misuse and allows them to distribute it without the interference of the RIAA then that will be a Good Thing(tm). So we shouldn't be bitching about an 'Evil Technology' we should be cheering for an excellent technology and then bitching if/when it is misused.
Kintanon
Re:Use licensing is cutting up a product into piec (Score:2)
That seems to be the crux of the matter, the actualy good bands (Metallica WAS good at one point) are still around to bitch, while the crappy pop bands disappear. So I imagine 3 doors Down will still be around in 15 years to complain about their music being pirated. But their last 2 songs released on the radio (Kyrptonite and I'm a Loser) lasted about 4 months apiece in their top radio play spots. Now they are part of the regular music rotation. In another 12 months they won't be sought after songs, and 3 Doors Down will have made their money from those songs. So why not let them enter the public domain? Hopefully the band will have new songs out by then. And if people are able to get their old stuff and listen to it then people are more likely to buy the new stuff. See my point?
Kintanon
Re:I thought we LIKED this? (Score:2)
You even admit it yourself, it's not the TECHNOLOGY that is wrong or evil, it's the legislation which allows it to be abused. We shouldn't be crusading against the Tech, but against the DMCA. Write your congressman, fight against the legislation so that the Tech can be used for good.
Kintanon
Re:But This is Useless... (Score:2)
Perhaps its the same reason we lock our doors - just to provide the "casual thief" a reasonable deterant. Joe Sixpack tries to copy some hot new song from his friend Ernie, it doesn't work, so he goes and buys it himself. Those of us with some technical knowledge know about the tools to get around such protection (or we create said tools if we have to, despite the possibility of arrest & harassment from the MPAA or RIAA). Some of us with a conscious refuse to use such tools, but then again such people would probably have spent the money for a legitimate copy anyway.
Thoughts?
Re:Gravis Ultrasound! Any others?? (Score:2)
Re:Wrong on one point (Score:2)
Re:Tamper proof hardware? (Score:2)
The conversion has to take place before the speaker, because the speaker itself is a purely analog item (it moves air back and forth!) At the least, we can hook our sound in to the leads of our speakers and we're all set. How can you get around that?
Re:Use licensing is cutting up a product into piec (Score:2)
Of course, if the music were available for downloading free, then said dumbass wouldn't be able to charge $10/CD for the music - because everyone would ignore him/her.
Digital speakers will solve that (Score:2)
The use restrictions a company wll then be able to put on its products will then be phenominal. Bose could sign a contract with Metallica making Bose the official speaker of Metallica. Try to play their music with any other speaker and you won't get anything. Or ABC could sign a deal with Toshiba restricting all ABC shows to Toshiba televisions only.
Won't that be a wonderful future?
Re:Where we usually are. (Score:2)
copyright has expired on Mona Lisa (Score:2)
Seth
Re:I Can Hear It Now... (Score:2)
There are about 2000 "oldies" that get airplay. If you compressed hard, you could all those on a single DVD. Now there's a product. It will probably be sold on late-night TV in a year or two.
Watermarking (Score:2)
what's to stop people from digging out their old microphones and recording the music the old-fashioned way?
Digital subliminal watermarking. Put in something the user can't hear but that MP3 encoding preserves and that watermark decoders can pick out. If all copies are watermarked, any recording that appears on Gnutella or Napster is suspect.
Unrippable media (Score:2)
Give us an example of an unrippable media.
An SDMI encrypted bitstream going to digital SDMI speakers that blow a fuse if opened.
Re:But This is Useless... (Score:2)
Coming soon: encrypted sound card protocol, and de-encryption chips with an encrypted input on one side, and analog output on the other. This can probably be patched onto existing DSP hw, and it will remain backward compatable with unencrypted raw data APIs. Then, the only way you can decrypt is to get inside the black caterpiller, or use an FPGA that emulates it or something. Still vulnerable, but no longer a casual hack. People who want to do this will have to agree on a protocol (difficult for the vendors to cooperate) and then they will have to push it in the market place and wait for it to achieve saturation level. They will start putting it on portable players first. Given consumer education and the level of coordination this will take, I give it about as much chance as DIVX, but you never know.
Re:I thought we LIKED this? (Score:2)
I don't have a problem with a musician making "fair" profit, but I am concerned at any encryption scheme that tries to limit my choices on how I want to listen and use the music I am using legally. Have you read the article?
This system is designed to tailor music downloads to a particular computer or device. I'd have to buy separate music downloads for each device I woudl want to use. No thank you
I'd rather pay for overpriced unencrypted cd's that I can physically control and with which I can convert to other media as I need it or even resell, then to ever buy a digital download that puts such limits on my fair use and my ability to sell the product again once I tire of it.
Let's also think about how badly such an scheme limits society's ability to archive this material. US, and I imagine elsewhere, copyright laws have the stated purpose of encouraging people to release ideas and works so that eventually those works will enter the public domain. A one device/one use encryption method only hampers movement of this material into the public domain. Such encryption methods create a situation where music and ideas can be totally lost in time.
If encrypted data systems become widely used then the works they encrypted should not be protected under copyright law. If the music producers can not entrust their work to be held safe under copyright law and instead hide their work away from the public behind these horribly restrictive encryption schemes, then their work does not deserve the special protection copyright law affords against piracy. If someone should be able to crack the encryption they should have no legal recourse to sue becuase they did not make the information public to begin with. Copyright laws are government granted limitied monopolies on thought and ideas to encourage people to make their work public. Encrypted data, is not public data, and therefore should not be protected by copyright.
Re:I thought we LIKED this? (Score:2)
Re:I thought we LIKED this? (Score:2)
With exceptions, most of us do like the idea of encryped music. Obviously, it won't cause MP3 format to stop working, and it might be a step toward that elusive "way that an artist can distribute his music without being raped by either the RIAA or piracy".
What we don't like is how easy this appears to be to circumvent. It seems that someone would only have to buy the song once, record the audio stream, and distribute it as a bootleg.
Crypto is a useful security tool, but when it's nothing more than a hurdle and a formality, it's not a lot better than annoyware.
Music is no longer an art! (Score:2)
I hope this trend of millionaire "artists" dies away when they alienate all their fans from their music through their constant search for "better protection for their IP" instead of doing what they set out to do in the first place - create art!
I'm gonna look real hard into the "alternative" henceforth... Heck, that's why I started using Linux (OpenBSD now too) in the first place. Perhaps the rule nowadays is that the alternative is better than the mainstream.
Re:Where well be (Score:2)
The human listerner is not that good at parsing what test tones should sound like, but I might have a chance, if the speakers are capable of producing the shapes at that frequency.
A better experiment might be this: IIRC, the average American adult range of hearing only goes up to about 13-18 Khz, depending on the individual, their age, etc. (it should be higher, but American life is hard on the ears). Hook up a good orchestral recording to a quality stereo system (I suggest the Moscow Sessions from Scheffield Labs for this kind of test). Have 10 American adults who listen to a lot of orchestral music hear the album two ways, a few times with a cut-out filter taking out everything above 18Khz, and a few times without the filter. Scramble up the order in which they hear it either way (i.e., On, Off, On, On, On, Off, On, Off, Off...) so they can't start guessing which they were hearing.
In most cases, you will find that most of the 10 people will correctly pick out the "filtered" sound most of the time.
This is what I mean by a double-blind test, and it has been done. Successfully. (Sorry, but I don't have time to look up URLs of such reports, I'm posting from work and I am about to leave...)
These kind of tests were the source of a lot of heated debate back when the CD industry was considering introducing a "silent spot" above the "range of human hearing" as a signal to switch off DAT tape recorders back in the early 90's.
It's not the presence of the 20 Khz signal itself that you hear the loss of, but how the sound of other notes are perceived from the alterations to their harmonics. Even the sound of a trumpet or violin playing around 1 Khz sounds a little different if you drop the high frequency waves.
Use licensing is garbage (Score:2)
We do need a new fair-use law, though. The attempted destruction of fair use by IP (the bad kind) lawyers is highly inappropriate and needs to stop, now.
sulli
I Can Hear It Now... (Score:2)
15 years from now, your 50 000 Gig HD will be capable of storing 95 years of continuous audio playing. How about a device that contains all the music ever created.
Add a 100bps satilite connection for updating, and everything and everything will be available to hear as if it was already in your head. (Interface to implant optional)
Check the 2015 Summer Sony catalog, starting at $299...
or $499 without the banner ads...
sooner or later (Score:2)
I, for one, have a celeron set aside as an mp3 server. I won't be upgrading it to 'tamper proof hardware' any time soon. No-one is going to take away my ripping/playing/downloading software. nor will I ever lose the gigs of mp3's and store-bought CD's I already have.
It will be five to ten years before they can realistically stop selling music in CD format, and I already have the equipment to deal with that.
Unless they start visiting door to door and collecting the gear that offends, and enforcing compliance like they do with your car or gun, I don't see an issue here at all. I already have most of the music I am ever going to need, classical and jazz that's even legit, backups of my CD collection, stuff collected off napster, etc.
If the record cos. start distributing this encrypted stuff, and abandon CD's and DVD's altogether, I still have a line in jack from my stereo. I can convert anything audible to mp3 the old fashioned way.
Not that this scheme won't be cracked, hacked and otherwise beaten to death the moment it hits the ether...
:)Fudboy
Because we live to pirate! (Score:2)
Re:Digital speakers will solve that (Score:2)
Well, you could always unscrew the cover on the speaker and record the outputs to the cone...
Re:Where well be (Score:2)
Re:Could this ever work in practice? (Score:2)
Time and effort (Score:2)
Now, back in 1977 the RSA 129 scheme was said to take 40 quadrillion years to factor. Well, in 1994 they factored the number 1143816257578888676692357799761466120102182 9672124236256256184293570693524573389783059 7123563958705058989075147599290026879543541 into 34905295108476509491478496199038 98133417764638493387843990820577 times 32769132993266709549961988190834 461413177642967992942539798288533. It took them 8 months and 600 volunteer computers in a distributed computing project
Now, if we wanted to break this new encryption scheme, and we were that *desperate* :) we already have programs such as Napster, which could be modified to be a Distributed Computing project and have literally millions of computers throwing in cycles, and it would be just a matter of time.
Re:Where well be (Score:2)
This is no different than getting a good security system for your house. Without one, any burgler with a crowbar can get in and steal your stuff. Even with a security system, there's really still nothing to prevent someone from breaking in; it's just harder to be successful. Yet people still buy security systems, because they count on burglars choosing to do something less difficult with their time.
Re:I thought we LIKED this? (Score:3)
I'm sure RIAA can afford to license this patented technology, and if it protects their assets, it will be. In fact, you can probably be assured that RIAA will go to great lengths to prevent others from using this technology (such as independent musicians distributing over the web) if, again, it threatens their assets.
Some technical details... (Score:3)
As for its use, most of you are forgetting that the average person is willing to pay for convenience. Sure, it's easy to intercept the signal at the soundcard, or record it off your speakers, but the average person isn't going to go to that trouble, provided that the price is reasonable ($20/mo for on-demand access to the majors' catalogs, e.g.).
Re:I thought we LIKED this? (Score:3)
Of course we don't like this. The system is nothing more then a slightly glorified CSS. It still requires that the decrypting and playing/displaying be in a controlled environment following the agenda of somebody other then the user. You think you'll ever see an open source player for this? Think they are going to be happy when somebody reverse engineers it and makes a tool that write the raw data to disk rather then hardware?
The idea of controlling information is just wrong. It doesn't matter how good the system is, by defenition it has to mean that you are infringing on the freedom of viewer and somehow controlling his actions. You may LIKE that, but I sure as hell don't.
-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
Does anyone else see the humor in this? (Score:3)
It seems that the music industry is hell-bent on preventing people from ever listening to the music (in short, preventing them from consuming the product they produce!). The problem comes from the fact we all hear the same thing - audio pressure waves - and there's absolutely nothing (short of a digital-in jack in the back of everyone's head, yeah, ok, sure) that they can do about it.
Encrypt it all you want. Put all the OS-specific protections on it you want. It doesn't change the fact that on your sound card, there's a DAC chip. Any electrical engineering student, given the specifications on the DAC being used come up with something to do a pretty good re-sampling at the chip, before filters are applied, and get a good copy out - or hell, just resample the audio out. As another poster indicated, doing this many times helps to isolate random noise that can be processed out, and mp3 is lossy, anyhow (another debate).
What the music industry is deglecting is that they thing that the millions of consumers out there are willing to throw away a multi-hundred dollar investment in a CD player - which does a damn good job of playing back music as is, even crappy ones. This is what kills the music industry - in their greed, they've made the de facto standard for music a perfect unencrypted copy. Any attempt to change this will result in legislation out the wha-hoo, because for all the RIAA's lobbying dollars, they're SOL.
Encryption is useless for an application like this because at some level, we all need to hear the same pressure waves.
kudos
Enmcrypted Hardware (Score:3)
Re:Use licensing is cutting up a product into piec (Score:3)
The real motivation for most artists in wanting to protect their work is not to prevent their fans from listening to it, but to prevent some dumbass from burning 2000 CDs of their music and selling them for 10$ apiece. That person is profitting from someone elses work. As a poet I wouldn't like it if someone took my work and sold it for a profit without even asking me. But I also don't think my work should be perpetually protected. I think 2 years is more than sufficient before any form of artwork becomes public domain.... Some would disagree with me I'm sure. But I think that is plenty of time for an artist to profit from their work. Heck, it's about 5 times what the average popular lifetime of a piece of music is nowadays. It's not as if N-Sync is going to be around this time next year to bitch about their album being pirated.
Kintanon
Moderatly interesting (Score:3)
Anything short of tamperproof hardware, with built in DAC and speaker outputs just can not stop the copying....and even then...with the right equipment...a pretty good copy could be made (do a few analog copies and combine them together to reduce random noise).
If a program, in the Users system, EVER has a decryption key that the whole system rests on...then it is flawed...the user has the key (even if it means probing memory in real time to find it). Even barring that....if it ever goes digitally through something the user controls (like the sound card driver)...then the user can copy with no key.
It would be nearly trivial to make a linux driver that looked just like
What about for windows? I wouldn't imagine it would be too hard.
I supose these guys are mathematicians. They have a hammer (math; encryption technology) and to them every problem looks like a nail. The problem is that encryption is an end to end thing. It can't protect you from the person that you are sending the data rightfully to.
I mean if adam encrypts a letter to bob telling bob that he suspects his wife is having an affair but he wants to find out who it is with before he accuses her...all the encryption in the world wont help him if bob is the one who is sleeping with her.
This problem is a technical impossibility to solve, if you want to allow people to use the data you give them on anything but custom hardware that you have control over. Its a completely backwards aproach.
Take java...java is a trusted environemnt (avirtual machine) which knows how to check and "watch" untrusted code and stop it from doing bad things. This is the opposite...they have trusted data...and run it in an untrusted environment...yet make sure the environment (which is what is interpreting it in the first place) is not doing "bad things".
Could this ever work in practice? (Score:3)
I don't think that the music industry wants to stop selling cds, either, especially considering that they still have a slight advantage over mp3 in quality and portability through ubiquity. And even if you could only get music in this encrypted format, eventually they gotta release a player of some sort that will have a digital out for high class speaker systems, so people could take that signal and convert it into a wav and then make it into an mp3.
They KNOW their crypto sucks, that's not the point (Score:4)
Some asshole once stated that "You're going to force us to make songs that can only be played on one walkman". How would they do this?
You would go to their web site, you would plug in your walkman. Your walkman would send the web site it's public key. The web site will charge you $5.95 and encrypt the song with your walkman's public key and then let you download it. That song can now only be sent to your walkman, which decrypts it with it's private key moments before sending it to audial output systems.
Now, most keen people will say "Uh, big deal, I'll just record the output". Uber-leet hackers will go "Cool, a challenge" and take apart the walkman and yank out the private key, or simply figure out the algorithm and determine how to best crack it. If possible.
Now, here's the point. They know you'll crack their encryption. The entire point of encrypting it is so that they can point to the DMCA and say "Cracking cryptographic systems is illegal, and he did clearly this, using these steps." and the fun-loving hacker is carted off to prison and given a sentence that would make the sentence for rape seem like a slap on the wrist.
Mr. Asshole of the MPAA simply argued that DeCSS breaks CSS. The DMCA says breaking cryptography is illegal, whether you distribute the protected work or not. In fact, you would think that it was deliberately easy to crack so that you DID crack it simply to get you into a larger legal mess.
Cryptography kicks ass, but not when it's used to strip people's rights away.
This is just the beginning (Score:4)
What worries me, though, is technology that companies like IBM is developing where a digital watermark actually becomes part of the playback audio, reproduced by every component, including your soundcard and speakers, but which cannot be heard by human ears. IBM has developed such a system which is part of the EMMS system [ibm.com] (also known as madison), which they claim has passed what they call "golden ears" tests. These tests have people with exceptionally good hearing try to differentiate between recordings with the watermark and without. (I've been to IBM research and heard the files. I couldn't tell the difference, either, FWIW).
The next step, of course, is to have the watermarks generated on the fly for each electronic transaction that purchases the music (how far away do you think we are from hardware that can do that in a second or two?), encoding your personal information or a transaction ID into the stream. Then, if you upload the music, they will be able to track down the source of the new digital copy of the music to you.
That's pretty scary to me, at least, because we're back to that total control picture. I personally don't believe that artists should have total control of their works, let alone abitrary "copyright holders" like labels and publishing companies, because fair use is an important part of the knowledge chain.
Imagine tuition bills for higher education once professors can't photocopy small excerpts to pass out in class, or you can't actually pick up a book from the Library, copy a few pages, and go home to write you papers. Or that to actually read the book *in the library*, someone has to pay.
What happens to free libraries with perfect copyright control?
I could go on, but I think I've made my point. Different pieces of the technology puzzle to enable full copyright control exists already. I think that all the pieces will be there soon. And that scares me.
Mostly Useless (Score:4)
Near the bottom of the article was mentioned a token that could be moved from device to device, but that would be customized for each user's devices, so it couldn't be loaned out. It also couldn't be used on any new hardware you buy without reprogramming, making it even less convenient than Circuit City's DivX. This is one idea for a consumer app that's going to sink without a trace.
The cryptosystem may have a useful application, but preventing music trading isn't it. Maybe it would be good for high-bandwidth military applications.
Re:It would never work... (Score:4)
You mention signal degradation. Well, with audio cassettes, you get more loss with each generation copied. But if you (worst case) record an analog signal, your only loss is at the first recording. All subsequent copies are just as good.
I'm not an audio nut, but this is fine with me. My imperfect human ears cannot distinguish the difference between an MP3 that was sourced from a digital CD, versus an MP3 that was sourced from an FM station or a digital sampling of the analog output of a stereo.
Re:Enmcrypted Hardware (Score:4)
The only way to stop people from using current technology in favor of a new one is to force them to throw out the old stuff. Yes, force. It's been what, 50 years, and there are still people using vacuum tubes, fer chrissake!
And although our benighted Republic has spent much time of late wiping its arse with its Constitution, even I, in my most paranoid delusional fantasies, don't forsee RIAA and MPAA linking arms with DOJ and conducting house-to-house sweeps to smash and burn all "insecure" audio gear. Hell, DOJ can't do it for (some :) drugs and guns, what hope do they have in taking our stereos!
And where's the justification? DiVX (the pay-per-view DVD, not the video compression codec!) died because the consumer realized it was a value-subtracted technology. Somehow "home tapers of music" don't quite rank up there with Eeeevul druggiez and militia whackos on the Scapegoat-Of-The-Day scale. RIAA and MPAA may think they're just as dangerous, but even the general public (who are dumb enough to swallow the War On Some Drugs and War On Some Guns) isn't that dumb. Nobody will buy copy-protected audio gear because it's demonstrably worse than what they already own!
As of now, you can still buy 15-year-old PCs for $10 in surplus stores for peanuts. If every manufacturer stopped building unprotected AV gear today, there would not be a serious shortage of non-secured gear for at least 20-30 years.
And even if there was, so what? Do you believe that there'll be no hardware platforms in 20 years on which open-source operating systems can run? Do you propose that there'll be no MP3, CDDA, or similar unprotected decoder software on the face of this earth, even though the hardware platforms of 20 years from now will be able to emulate today's P166-level boxen in their idle cycles?
RIAA and MPAA can lead the consumer to their poisoned wells all day long, but the demise of DiVX proved they still can't make us drink.
Use licensing is cutting up a product into pieces (Score:4)
Maybe out on vynil next. And then for backup purposes on CD.
If I have stereos all through my house and back yard, I'd like to access my music from anywhere using a wireless palmtop running a Unix.
All this protecting is going to annoy anyone who actually does something with music and that includes a lot of music buyers not just signed bands. This whole listen and shut up attitude bugs me.
I especially hate the bullshit about USE licensing. That's breaking up a product into multiple pieces. Frankly I expect to pay less if I'm not allowed full use.
This is quite likely not a big deal... (Score:5)
Reasons why this is not a big deal:
But This is Useless... (Score:5)
So the sum of this is that it's ultimately a futile endeavor, regardless of how they rotate keys or whatnot. The folks at Emusic are selling hundreds of times more music than anyone else and none of their stuff is encrypted -- did you know that half their board came from PGP: Pretty Good Privacy, the crypto folks? And that Gene, their CEO, is a longtime cypherpunk? So why is it, you should ask yourself, that some of the most knowledgeable crypto people in the world would start the only online music sales outfit to sell *unencrypted* dowloads?
Maybe because they understand what crypto is really for.
Crypto is for keeping secrets between parties that desire to keep that information a secret. If A wants to tell B something, he can use crypto to prevent some C from listening in that both A and B don't want hearing the information. But if B desires to share this information with other parties, there is fundamentally, long-term nothing that can be done to protect B from sharing it. Crypto is only useful at protecting information if all parties who know the secret want to keep it a secret.
So ultimately, any attempt to protect publicly-published data (books, movies, music) with crypto is going to fail; it's fundamentally untenable.
David E. Weekly [weekly.org]
BFD. (Score:5)
While this cryptosystem sounds really cool technologically (possibly very powerful encryption) a) the cryptographic element of security is never the one broken--if you have five trillion brass-plated locks on your steel, reinforced door, people break through the window, for look for the key in one of those stupid rocks by the side of the door. b) cryptography is great for security and privacy and integrity, but is helpless against willful copyright violation by a cryptographically-authenticated party (like, say, the consumer).
And in any case, there is nothing to get consumers to move 100% to this system, as opposed to trading MP3s. even if bill gates includes DRM into windows, people will use Linux, or FreeBSD, or not throw their 'old' computers away and keep them for functionality sake to play mp3s and whatnot.
in short, cool idea, useless for the purpose.
I thought we LIKED this? (Score:5)
If, as we've stated many many times, the RIAA is obsolete then they will have no use for this technology because they won't have any music to encrypt. The musicians will all be using this to encrypt the songs they are selling off of their websites. Does anyone have a problem with the musicians profiting from their work and using this to enforce how something they created is used? Not I.
Kintanon
The first step is denial... (Score:5)
This can be extended as an analogy to the recording industry. First, they think "nobody will ever like this mp3 stuff". Then they pretend to ignore its spread. Once they realize that things are going to hell in the proverbial handbasket, they introduce their weak attempt at mimicking this.
It's very simple. Any music released in this format will never be used. Period. As long as they still sell the CD, people will still get it in mp3 format. And if they only release it in a digital encrypted format, then nobody will buy it. No matter what, the recording industry is doomed.
Where well be (Score:5)
We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed. if you can _LISTEN_ to music, you can get around any and all encryption of it.