Set Digital Music Free

The latest issue of EFF's newsletter covers the HackSDMI challenge. Probably not surprisingly, they're urging the same thing as Don Marti, who Salon interviewed.Update: 09/19 3:33 PM by michael : The RIAA, EFF, and 2600.com debated SDMI on Pacifica radio today.

Don Marti steps down

[Fervent]

As I submitted earlier, Don Marti has stepped down from the boycott [zdnet.com]. Hopefully it will get posted on Slashdot soon.

Cracking with 'rules'

[PopeAlien]

Hmm.. Now how many of you think that they would pay the 10,000? I imagine any talented programmer would have the intelligence to recognize that the phrase "you may earn up to $10,000." includes the amount $0.

How difficult would it be for them to say that your crack broke one of their 'rules'?

Re:Why not pull a DeCSS

[um... Lucas]

Because maybe they could have created an effective one if people had helped, rather than just rant about how it wouldn't be effective? Why not help them, and really prove that it can't be done, rather than batten down the hatches and say "i don't want to see it be done, so i'm not gonna do anything except break it once it arrives".

Everyone gets down on companies for not doing peer review around here, so when some finally do come forward and ask for assistance, they're refused... It's almost childish.

If you really want to set out and show that it wont' be effective, or can't be effective, sit down with them now and demonstrate it to that effect. Who know's maybe they'll listen and realize that they're embarking on a fruitless quest, if that's what the case turns out to be.

Another take on the story

[broody]

I am rather partial to this editoral [theregister.co.uk] myself.

so close and yet so far

[legLess]

They're so close. They're starting to realize that hackers are valuable, but they've forgotten that hackers aren't stupid. Stand together on this, maybe we can embarrass them just like the poor FBI's been embarrassed by no Uni rubber-stamping Carnivore.

Re:Don Marti steps down

[Hoo00]

and from the link:
Leonardo Chiariglione, executive director of the Secure Digital Music Initiative, said "thousands" of people have responded to the SDMI's contest

Actually, he meant slashdotted~!

Re:Don Marti steps down

[Masem]

He's still advocating that hackers don't get involved with this, based on that article. Just not as strongly as he stated before... his stance appeared to be asking hackers for possibly free help (that "may win up to" clause), as opposed to the problems with online music.

Only if it isn't secure.

[bluGill]

The goal is to have no eyeballs look at this until it is ratified. This increases our chance that once they force this down everyone's throats someone can find a hole.

Remember, if the system is really secure there isn't much we as hackers can do. 128 bit encryption is 128 bit encryption, and baring major advances is unbreakable to hackers. Let the music industry get a strangle hold on the people with a new standard and there isn't much we can do to lossen it technologicaly.

Of course there is the other way to look at this: help make this standard as secure as possibal. Then keep reminging people that you used to be able to copy music for your own purposes, and legally you still can. When people get mad congress does listen, and they can force the industry to release the ability for everyone to take advantage of fair use. Grass roots politics is where things get done in the US, so join a political party that mostly thinks like you, and get things done. (It doesn't have to be the republicrats, but a major party gives you a better shot of getting your canidate elected in exchange for some lesser issues going against you)

The test files....

[blogan]

OK, you may be boycotting them, but according to hacksdmi's website, some of the test files are 50 MB. So even if you are boycotting, go ahead and download the files, there's nothing like a good ol' slashdotting'. Besides, it'll make them think that people are interested.

wonder why this never got posted

[madhusud]

Here is an alternative view on this whole affair.

Read this article [theregister.co.uk] on Register

Though it seems like flamebait, some of the points seem valid

One nit on EFF's letter

[Masem]

Scroll down to read their advice to unsigned artists, they suggest to release their songs as MP3 or other open formats. It seems to sugges that the EFF wants them to release the songs *for free* (as in beer). I would have amended that line to suggest to release their digital music to sites that offer direct micropayments to the artist, such as Mp3.com or others. Free sample tracks are good and all, but we all know that artists have to eat too.

Irrelevant

[corby]

Extract the watermark, don't extract it. It really doesn't matter.

Yesterday's Forrester report on the new Nomad reiterates the commonly held view that SDMI is irrelevant:

"SDMI is too late to make a difference. Net users see access to free music as a key benefit of digitally downloading music. While the Jukebox is hardware-ready to support SDMI -- the security rules developed by the music industry's Secure Digital Music Initiative -- owners will ignore secure, paid-for music downloads and opt for the free version."

I don't have any problem paying for music, but I am going to continue to rip my CD's to use the unrestricted MP3 file format, rather than use watermarked SDMI files. Flexibility and convenience is very important to me as a music consumer. And there will always be music players for unrestricted formats.

Corby

Published Method..Right?

[peterdaly]

They are of course going to publish the encryption method so we can add SMDI into our current favorite music players (XMMS, etc.)...right? :-)

-Pete

Why? (Just like a 2 year old)

[ka9dgx]

I just sent this off to info@sdmi.org earlier today:

Why do we need "secure digital music"?

CDs and MP3 files seem to do just a fine job of handling my music needs, there seems to be nothing missing.

Would this initiative secure funding for the artists, or offer new capabilities for the listeners that don't currently exist?

Would this allow me to secure my music by getting access to it if the media it came on was damaged?

How does this guarantee my right to fair use under existing copyright laws?

--Mike--

Re:Why not pull a DeCSS

[lalas]

Why not help them, and really prove that it can't be done

No matter what the results of this challenge, the industry would never admit that it can't be done. If technical means can not accomplish it, then they will employ strongarm legal tactics. Either way, personal freedoms will bow to corporate interests.

repeat after me: Hacking contests are STUPID

[Alejo]

Why can't they contract a good security firm?

Or a well known hacker group!

Their avarice shows their stupidity. This is twice as nonsense compared to brute-force hacking for testing crypto security.

And if you want to crack RIIA's crypto for fame, wait till it is widely used, then crack it and get fame ;)

NO, that will make things worse.

[Rahaeli]

What would that prove? That the evil hacker(sic) types are bad and nasty and want to make life difficult for the RIAA?

Guess what? They know that already.

DDoS isn't going to do anything except make our reputation *worse*. What we need to do is boycott the challenge, and be very, very vocal about *WHY* we are boycotting the challenge -- not that we can't do it, but that we won't do their dirty work for them until and unless they decide that it's time to play nice.

Re:Lies.

[AFCArchvile]

As I always tell people, never trust the Zeed [zdnet.com]. What they report is usually unconfirmed, hearsay, or even untrue rumors.

Don't bother

[FascDot Killed My Pr]

From the click-thru: "Who Can Participate? The SDMI Public Challenge is open to everyone except that a proponent of a particular technology (and the proponent's present and former employees) or any person who has obtained confidential information under a confidentiality agreement applicable to a particular technology may not participate in the SDMI Public Challenge for such technology."

In other words, security through obscurity. End of story.
--
Linux MAPI Server!
http://www.openone.com/software/MailOne/

Re:Cracking with 'rules'

[rotor]

The way it seems to work is that they are planning on giving away $10,000 for each of the 4 technologies if they are cracked. The hitches at 1) if you crack it you split the $10,000 with everyone who cracked that technology, and 2) Only UNIQUE cracks are eligable for the money. If you simply resample the music and submit it, you can bet that others will too, and you'll get nothing.

Perhaps a secure format has a place

[namespan]

Lately I've been thinking that we're drawing the lines for battle in the wrong places. Perhaps there SHOULD be a secure format that can be used for things like limited listening. I know we all cringe about self-destroying CDs and the like, but really it could be a great method of exposure -- 2 listens, and the disc is done, and then you can buy a PERMANENT CD. That might be an agreeable setup, material waste aside. A limited download might be used to accomplish the same thing. You can play it n times, but then you have to buy. Sort of like the trial period/limited number of times kind of shareware (which has a place, even if it's non-free).

Now, I think most of us fear that if secure initiatives come out:

1) they WON'T be used wisely. We might be forced to pay per every viewing/listening/reading.

2) that it will somehow be made illegal and/or very difficult to freely view/distribute stuff you actually have the rights to.

It seems to me that #1 is possible, but that if we start fighting the battle from the other end (#2),
we might be able to make a lot more headway with conservative policy makers AND preserve the freedoms that are truly important. Remember, the GPL doesn't stop Intellectual Property from existing under the law, and make everything free. It (and other free licences) just makes Free Software possible.

We are fighting the battle for #2 in a number of places (DeCSS I think falls in this category), but we're also wasting a lot of time on #1. Given a chance, I think secure initiatives might find a fair place next to free alternatives.

Re:Only if it isn't secure.

[ka9dgx]

"128 bit encryption is 128 bit encryption, and baring major advances is unbreakable to hackers."

If there's one thing I learned from reading Secrets and Lies [slashdot.org], it's that there is ALWAYS a hole in the system somewhere.

The players for this format will always be unsecure, because we'll have physical access to them, and can take them apart and tweak as much as we want. In order to be playable on an infinite number of players, there has to be a global secret, locked up in the hardware (just like the DVD keys), that secret WILL be reveiled, and probably in a shockingly short amount of time.

It's not possible to lock things up the way the RIAA wants to, they should devote their energies to their original mission, assuming it had something to do with promoting music, and let this issue drop!

--Mike--

Re:Another take on the story

[AFCArchvile]

The article sounds best when you use the voice of The Beeb [bbc.co.uk]'s own Oliver Scott.

CueCat....

[blogan]

So if CueCat did this, they wouldn't have to give out any money because everyone and they dog figured out how to break it, right? Has anyone tried XOR SDMI?

Re:The test files....

[bfree]

This is actually a very, very good idea. One of the alleged reasons for this competition in the first place is to try and track the people who would or could crack this. I for one couldn't (unless I happened to be the perfect monkey happening on War and Peace at the keyboard) but I would want to see this cracked the second it is released. I am going to go and download everything I can find now, and everyone else who wants to see this cracked in the end should do the same. Then when they go chasing the crackers we can watch them plough through the slashdot effect to try and find a culprit.
Of course if I happen to have a monkey day and do crack it......I'll be waiting for launch time:-) About the only thing this competition should guarantee is that everything will be broken even quicker than before!

Will someone READ the SDMI challenge?

[JPS]

I'm a bit disappointed by the reaction of all the big guys in the hacker community. Did they actually read the challenge? You can get to try to break their stuff with almost total privacy (all but your IP address), and you don't have to give up any of your rights if you don't want the money.

Also, you don't give them expertise, as nothing forces you to explain how you hacked their stuff if you did.

Whether you like the idea that SDMI are trying to implement or not, a public challenge is always a good thing. And they are actually giving up a rather convenient and powerful way to test their algorithms...

Finally, the best way to prevent SDMI from existing is certainly to undertake their challenge and to break the schemes. Otherwise, they'll implement it, and maybe it will be broken afterward, but bypassing it then may involve more complicated legal issues...

Re:Another take on the story

[CarbonCopy]

This sounds like nothing more than someone just trying to trick hackers into doing SDMI's testing by calling them "chicken"... That hasn't worked since I was 10...

Nice try, but try again

Comment removed

[account_deleted]

Comment removed based on user account deletion

BREAK AND ASK MORE MONEY

[Alejo]

YES!

You could break it and ask for 100.000 or more instead of 10.000 of their change.

It is needed desperately, they would have to pay you! Crack, get a lawyer, get em' pay a fair price. ;)

This is NOT a nonprofit organization helping citizens, but a front of huge multi-billion dollar corporations.

click-through SUCKS

[jbridge21]

If you don't want to read the click-through license agreement, just use this URL:

http://hacksdmi.org/hackDownload.asp

I'm not sure if the agreement prevents me from telling others how to circumvent it, but I don't really care that much.

Have a nice day.

-----

Re:Copyright works, because people are greedy

[flimflam]

This was a brilliant troll.

I salute you.

SDMI is not uncrackable

[Mark F. Komarinski]

It took almost two years to crack CSS, and that was only because Xing didn't encrypt their keys (BTW, did Xing ever get in trouble for this?)

If the "crack SDMI" goes on for 3, 6, 9 months, even a year, without being cracked, it doesn't prove anything. There is no such thing as an uncrackable algorithm. The Germans thought Enigma was uncrackable, they were wrong. The MPAA thought CSS was uncrackable, and they were wrong. Now the RIAA is trying to build anther "uncrackable" code. And they're going to find out in a year, two years, 5 years, whatever, that they're dead wrong as well. The best that the RIAA can hope for is making the encryption such that it can't be cracked brute-force by today's computers. How long have CDs been around? 20 years or so? How far has computing technology gone in that time? Will computers sometime during the life of SDMI be enough to do a brute-force attack against SDMI? I'd wager yes.

They aughta go read "Applied Cryptography" and just give up. SDMI is irrelevant, CD-Audio will take years to catch on. MP3 is here, working, popular, and sufficient for most users.

PS, I just proved that SDMI can (and will) be cracked. Send me my $10k.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Another take on the story

[gorilla]

The way to win is wait until it's in hardware, THEN hack it.

If DVD's & CSS were just software, then no-one would care that it was hacked. Hundreds of games have had their protection broken, and no-one has ever been sued over that. However, in order to put a new version of protection code means replacing all the existing players, either meaning an expensive recall, or pissing off the existing customers, and no-one is prepared to make either move.

Re:Why? (Just like a 2 year old)

[JordoCrouse]

I'm not physic, but I'll bet your response (if you get one at all), will include the words

"And the horse you rode in on...."

Just ignore 'em all. Much like the financial community, the old way of doing business is quickly running out, and they're not adapting fast enough. These guys have failed to realize that we don't need them any more. I can interact, listen to and pay the artists directly without the middle man. This is all a last gasp effort to keep from losing out.

I hope that over the next 5 years, more and more artists start to recognize this trend, and we will start having more choices available to us, but there are a couple of hurdles left to overcome.

We have the music format, we have the inital rudimentary players (but it can get better, you gotta admit). Now we need an easy way to get to the music and pay for it (I know, there are solutions right now, but they are disjoint and confusing to non geeks and artists alike), and we need a easier payment system (giving credit cards to every 11 year old who wants the new Brittney Spears is not the answer).

Re:SDMI is not uncrackable

[Mark F. Komarinski]

Did I say CD-Audio...I meant DVD-Audio....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Don Marti steps down

[bfields]

Here's what you say:

As I submitted earlier, Don Marti has stepped down from the boycott. Hopefully it will get posted on Slashdot soon.

Here's what the articl e [zdnet.com] that you link to says:

Marti has softened his stance just a bit. "I'm still concerned, and I'm still researching, but I'm less concerned," Marti said.

and, later:

Still, Marti said he wouldn't encourage people to participate in the hack. "I think SDMI is becoming less and less relevant," he said, as the popularity of digital music continues to grow.

This might suggest some unfortunate waffling on Marti's part. But it's not exactly the strongest evidence for your statement. Do you have any other source?

--J. Bruce Fields

Anyone for civil disobedience?

[TBHiX]

Assuming you could get the numbers, how about a "CD double-burning rally": as a public act of disobedience, set up a number of CD burners. Make copies (in open format) for anyone who shows up with a blank CD and a copy of any CD they might own. They can then throw the original in a nice bonfire (or not). People who have already made their own burns can just show up to flash their heinously illegal copies (snigger) in the face of Big Business and/or have an original platter roast.

You've got to admit, it's the sort of protest that gets eyeballs in local media.

-TBHiX-

Let's wait ....

[taniwha]

until after it's a standard (and it's too late to change) before we break it ...... (evil grin :-)

How to break the system:

[askheaves]

Simply crack the hardware dongle that is supplied with each CD. I've seen dongles that have been broken before, and this will be no different.

Warning, I've found that you can't daisy chain more than 4 of these CD dongles without losing control of your printer... playlists out the windows!

SDMI are Cheap Bastards

[ewhac]

Okay, let's see here: SDMI want me to test the strength of their proposed security measures, measures on which the entire future of the music industry's electronic offerings will be based. An industry that earned over $16 billion in profits last year.

...And they're only offering me $10,000. And they want me to do it "on spec".

How very typical of the music industry. What cheap bastards.

Tell you what, SDMI: Crank the prize offering by at least three orders of magnitude, and we'll talk...

Schwab

Re:Irrelevant

[xercist]

Score: -1, Redundant

I am going to continue to rip my CD's to use the unrestricted MP3 file format

Please remember MP3 is not an unrestricted format, and there are better (as in quality as well as freedom) alternatives, such as Ogg Vorbis [vorbis.com].

Personally, I'm very anxiously awaiting the Vorbis encoder to finish its beta stages and start being heavily optimized for quality and speed.

Sure, MP3 over SDMI, but OGG over both :)

--

Re:Perhaps a secure format has a place

[beagle]

Perhaps there SHOULD be a secure format that can be used for things like limited listening. I know we all cringe about self-destroying CDs and the like, but really it could be a great method of exposure -- 2 listens, and the disc is done, and then you can buy a PERMANENT CD.

This was tried before, for DVDs. It was called DIVX (though I may have capitalization and/or punctuation incorrect). Consumers voted a resounding NO . Same with music. NO .

As for your other comments on what might actually happen if ... secure initiatives come out:

1) they WON'T be used wisely. We might be forced to pay per every viewing/listening/reading.

2) that it will somehow be made illegal and/or very difficult to freely view/distribute stuff you actually have the rights to.

Depends on whose definition of "wise" you mean. In capitalism, producers create things to make money. In the past, this has always meant that a product was sold to a consumer. Today, every content producer wants to move us toward a pay-per-use/pay-per-view system as you rightly suspect.

In my opinion this would be a Bad Thing. But how do we stop it? I'll leave that as an exercise for the reader. (Translation: minimize government.)

Re:One nit on EFF's letter

[JoeBuck]

As Courtney Love points out in detail [salon.com], artists aren't eating under the current system. Artists may well do better giving away MP3s and asking for tips and making money from concert tours than under the current system. As she says:

Today I want to talk about piracy and music. What is piracy? Piracy is the act of stealing an artist's work without any intention of paying for it. I'm not talking about Napster-type software.

I'm talking about major label recording contracts.

Re:click-through SUCKS

[GMontag]

The URL http://hacksdmi.org/hackDownload.asp returns this screen:
You need to agree to the Terms and Conditions before continuing.

Page source here:

<html>
<head>
<title>Download/Upload Page</title>
<LINK REL=stylesheet HREF="css.css" TYPE="text/css">
</head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<body>

<p>You need to agree to the Terms and Conditions before continuing.</p>

</body>

</html>

They either fixed it after you posted or you always had to click through the terms.

But who cares, ignore it and have fun.

Visit DC2600 [dc2600.com]

Re:

[account_deleted]

Comment removed based on user account deletion

Re:One nit on EFF's letter

[Bruce Perens]

It makes sense to release music for free until you have a following of sufficient size that they are willing to pay for music at a rate that would feed you. Then, you get to decide whether to sign to a record label or use the Street Performer Protocol. Charging for your music before you have much of an audience is self-defeating, you won't get an audience that way. The only people who do get audiences that way have convinced a record company to invest in them first.

Bruce

Re:Perhaps a secure format has a place

[Chalst]

It isn't absurd, but it is based on a broken model of information. The
point is that if you give me a copy of your song in whatever format,
either it is in principle possible for me to play it, in which case I
can copy it, or it is not. Self-destructive media is not the same as
self-destructive information.

The media companies don't want to change the way they work to fit
this fact, so they are trying all kinds of strageties to get around
it. All of them have problems:

• Stitching up the market: authorised players, etc. Relies on the
  fact (vain hope) that no-one breaks ranks.
  
• Legal tactics: it's illegal to contravert an encryption method.
  This screws up fair use.
  
• Tracking use of media: signing copies etc.. This is an invaison
  of privacy.
  

If the companies can either adjust their economic model, or come up
with a model of restrictions which doesn't have obnoxious
side-effects, then good for them. But until then, they deserve their
bad press.

Re:click-through SUCKS

[jbridge21]

A flaw has been pointed out be a fellow poster; thank you.

I don't see any cookie required to view the page... so maybe I'll link directly to the downloads:
download a [hacksdmi.org]
download b [hacksdmi.org]
download c [hacksdmi.org]
download d [hacksdmi.org]
download e [hacksdmi.org]
download f [hacksdmi.org]

And, in case those don't work, I will have mirror up soon enough at diddl.firehead.org/censor/hacksdmi.o rg [firehead.org] with no license agreements necessary for download.

Have a nice day.


-----

Re:SDMI is not uncrackable

[bigdavex]

It took almost two years to crack CSS, and that was only because Xing didn't encrypt their keys (BTW, did Xing ever get in trouble for this?)

Yes, they lost their CSS liscense at least. There were other, less elegant cracks before DeCSS.

Why a boycott is good

[crushinator]

It seems to me that people (like me) who don't like anything about the SDMI should be boycotting the hack challenge. Here's why:

1. Someone winning the challenge does NOT hurt the SDMI.
   Quite the contrary. By poking holes in the SDMI in its early stages, we help make it more ironclad for when it is actually rolled out. By hacking it now, you're not getting egg on their face. You're not making them look dumb. Even if it's really easy and the hacker who breaks it says "Ha ha, silly people, can't make a strong algorithm to save their lives" and all his/her hacker buddies laugh at the SDMI, they have fundamentally made the algorithm stronger, because the consortium will immediately plug the hole that was used to crack it. And one gloating hacker gets some money, and the rest of us get stuck with a stronger algorithm in the hands of oppressive corporations.
2. The SDMI is run by corporations who should be paying for this work.
   Corporations don't need our help. Statistically, the odds of any one hacker being the first to break it are very low. So basically, everyone but that one person who is lucky enough to win is donating his or her time to a bunch of bloated media giants to help them make CDs more expensive and harder to listen to in the future. Some deal.
3. We do not want a strong SDMI to prove that it's a bad idea
   I'd prefer to see the SDMI consortium triumphantly deploy their new "unbreakable" system, and then have it hacked and go belly up and get recalled a week later. That, and not public outcry, will convince corporate policymakers and possibly some lawmakers that the whole thing is a bunch of bunk. Angry shouting people on slashdot go away... big losses in non-recoverable engineering costs don't.
4. By participating, you legitimize the entire notion of the SDMI
   Please, let's not think that all people suggesting boycots are whiners saying that "it would be too easy" or "$10,000 isn't enough". Anyone who tries to hack the SDMI before it is rolled out is implicitly endorsing it and making a real contribution to its cause. Don't!

Even better!

[Benley]

Even better: crack SDMI, and DON'T tell them! Don't even tell the people you were able to do it. Let them think it's perfect and unbreakable. Wait for it to catch on, due to its backing by every big evil corporate giant.

Wait a month or so...

*poof* Hey look eveybody, here's a crack for SDMI, music is free again! By this time, SDMI has become so pervasively embedded in everything that the music industry is kinda stuck with it, and by golly, it's cracked too!

Re:Analysis of SDMI Technology A

[phil reed]

Did you run the sound through a Fourier analysis? Were there any missing frequencies or added sub-audible marker tones? Those kinds of markers would survive a re-digitizing attempt, which is basically what you did.


...phil

Re:Will someone READ the SDMI challenge?

[jCaT]

You can get to try to break their stuff with almost total privacy (all but your IP address), and you don't have to give up any of your rights if you don't want the money.

I believe you're missing the point. The point is not anonymity, it's not doing their dirty work for them. SDMI is in place to prevent people like you and me from doing what we do. Am I gonna step up and help their efforts?

Also, you don't give them expertise, as nothing forces you to explain how you hacked their stuff if you did.

That doesn't matter. You have to demonstrate that you circumvented their security measures, and that means explaining WHAT you exploited to get past it. That's enough for them to unleash their people on that one portion of the software. Take SSH1 for example. Let's say there was a similar challenge, and you found that kerberos bug that made it vulnerable. Stating that you used a bug in SSH1's kerberos stuff narrows the field down quite a bit. They end up having A LOT less code to check.

Whether you like the idea that SDMI are trying to implement or not, a public challenge is always a good thing. And they are actually giving up a rather convenient and powerful way to test their algorithms...

Not when the public challenge will be supporting something that is inherently evil! Would we have helped the germans debug their enigma machines? Ok, so maybe the SDMI folks aren't nazis, but you get the idea. :)

Finally, the best way to prevent SDMI from existing is certainly to undertake their challenge and to break the schemes. Otherwise, they'll implement it, and maybe it will be broken afterward, but bypassing it then may involve more complicated legal issues...

I don't think it is possible to make SDMI airtight, but let's assume for a moment that it is. If that's the case and we find every bug in it now and make it flawless, then they will release a theoretically perfect version. It's not like they are gonna throw their hands up and say "oh well, we had some bugs, lets scrap the project." HOWEVER, if we were to wait until SDMI is out there, in LOTS of software and maybe even hardware for that matter and THEN find the bugs in it, the results are much more devastating. It becomes evident that they released a technology with some serious problems. Do you consider CSS and SDMI to be similar? Sure, later on we could be mired in the same sort of legal battles, but in the end DeCSS got out there and it's gonna stay out there.

This is just security by obscurity...

[WNight]

Here's a quote from their click-through license agreement.

(1) you will not be permitted to disclose any information about the details of the attack to any other party,

They're just going to buy the silence of everyone who does, then they'll be able to say that the hole they discovered is closed (because everyone who could exploit it has and has been payed off). Worse than that though, it'll enable them to sue these people for breach of contract for ever talking about anything related to digital music, encryption, watermarking, or anything else they they take offense to. Kiss your right to participate in Slashdot discussions goodbye, unless of course you're prepared to toe the SDMI-party line.

The RIAA and MPAA are all cheats, thieves and liars. Bah, why do they bother, their usual method of bribing all the politicians and judges has carried them this far.

SDMI is not DeCSS

[scalveg]

Just a few notes.

CSS is encryption. You can speak of 'cracking' it in order to access the encrypted data.

SDMI is not encryption. It is a watermark. (SDMI does claim that some of the "Phase 2" technologies are not watermarks, but whatever they are calling it, the functionality would seem to be necessarily similar in concept.)

The SDMI challenge is not to decrypt music, the SDMI challenge is to remove the watermark.

However, having said that, 'crack' is such a good word, I will use it hereafter to mean 'removing the screening technology from the music file.'

SDMI has previously announced that the watermark is inaudible, and can survive transfer from PCM to frequency-band-based compression like MP3 and even to analog.

However, the samples for download are not watermarked with the current Verance "Phase 1" technology, but with contenders for the "Phase 2" technology.

There are samples both with and without the watermark, so comparing the two samples and statistically analyzing the differences would seem like the clear place to start.

It seems to me like there are several things that the hacker community could do to really poke SDMI in the eye with a sharp stick:

1) Crack their Phase 2 screener, tell them $10K isn't nearly enough, and have them fly you in to discuss your terms.

2) Crack their Phase 2 screener, and don't tell them about it until the Phase 2 "trigger" comes out in CDs. Then tell the world how to crack it.

3) Those are both hard. Note that SDMI doesn't provide any tools so that we can determine for ourselves whether we have cracked the screener. Instead, they ask us to upload the files with the screener removed to their site. You have gigs and gigs of audio samples. What are you waiting for? Start uploading!

Chris Owens
San Carlos, CA

No. It'll be a trade secret.

[yerricde]

The encryption algorithm will be a trade secret; otherwise, anyone could write an open-source program that leaks the cleartext. Not acceptable.
<O
( \
XGNOME vs. KDE: the game! [8m.com]

Re:Don Marti steps down

[WNight]

They are just doing this for a ploy. Here's the proof. (A quote from their click-through agreement.)

(1) you will not be permitted to disclose any information about the details of the attack to any other party,

All they plan on doing is buying the silence of people who manage to hack it, such that they can sue them if they ever speak out about it. This way they don't have to fix anything, just claim that the bug could never be exploited again. And because the person who found it has signed a contract with them, they can't tell everyone that SDMI is the same lame format as before but XORed with 68 instead of 67, or something stupid. (To use a CueCat example.)

And SDMI is inherently evil. This isn't one company selling music in a restricted way and hoping that the lower prices this allows will encourage people to use the restricted media, this is a conglomerate wanting to restrict people's ability to ever use any other format, and using their power to ensure that only they (or licensed companies) ever sell music or music devices, and not for reduced prices, we've never seen a monopoly with rock-bottom prices... no doubt music will get more expensive to cover the processor time to encrypt it, or something stupid.

These are the same people who bribed politicians to pass laws like the DMCA that make it illegal to get around their (previously illegal) price fixing technology. (The region locking.) Not to mention the fact that playback (not even piracy, which I could understand) on unlicensed players is, in their view, completely illegal. Which is no big deal except that they've proven they can buy judges.

Re:Don Marti steps down

[skoda]

People are willing to humiliate themselves on national TV [aol.com] for $500k, and backstab, lie, and suffer insect-infested open sores [cbs.com] for a shot at $1G.

So I have not doubt that many will get into a hacking contest, trying to win $10k [usa-talk.com], where the downside is just vague concerns of abstract concepts [emory.edu] being threatened [trib.com] in the future [fox.com].
-----
D. Fischer

Re:Another take on the story

[WNight]

Quite right... Supposedly the XiNG's CSS key has been revoked, it's no longer on the new DVDs. But with that key we cracked the rest of the keys, so we should simply release a page full of DVD keys, forcing them to either admit that CSS can't stop piracy or to recall all existing DVD keys. That'd make all players useless. (I have three myself, two drives, one standalone.) This would be good because they'd *never* convince people to buy a new type of drive every year or two just to help them keep us region locked. They'd have to stop releasing movies, admit defeat and use a compromised CSS key, or use an unprotected format.)

Want the files, but not the agreement?

[stienman]

Go to the download [hacksdmi.com] page of the HackSDMI website [hacksdmi.com] directly without going throught the click through link agreement page. This way you don't have to agree to anything to download the files (there isn't any warning or EULA on the download page).

Please note, I myself did NOT use the clickthrough to get to this page, or to find its address.

-Adam

Sometimes its good to stop and think, unless you're thinking, "Why am I crossing a freeway?"

Re:Don Marti steps down

[bfields]

We fight for security in our Linux/FreeBSD boxes - why can't we fight for security of copyright in digital music? Because it doesn't help us economically (we can't steal songs at will)?

No, we oppose their technology because it gives an enormous amount of power to Hollywood, power that they didn't have before. It gives them unprecendented ability to control access to (not just copying of) their "content."

For the record, I have never illegally copied an mp3, and I haven't even used Napster. But I'm very worried by the idea of shutting down interesting technology (e.g., distributed file-sharing), and building alternative protocols with copying controls built in, when there's no evidence that this really solves a problem (who has actually lost money because of Napster?), and when there is evidence that the new protocols give an enormous amount of new power to the "content providers".

From the article, it seems that some points Don made were uninformed (the music standard would knock out local bands, for example).

Imagine for a moment a world where content providers control a lot of important protocols (SDMI could be one), and where they control the major bandwidth coming into our homes (Time-Warner?). Can't you imagine some potential for abuse? A local band attempting to do its own distribution would be a competitor to the people who controlled the distribution system.

---J. Bruce Fields

Re:Will someone READ the SDMI challenge?

[WNight]

People who might be able to hack this should give it a try, to a certain point... Download the watermarked music and an unmarked but otherwise identical sample... This way you can do a bit-for-bit comparrison without having to worry about sampling noise.

Then when they decide on a protection and start releasing music in SDMI, you'll have a jump of writing DeSDMI... Wait just long enough for all the hardware companies to tool up and make SDMI everything, then prove that the format is worthless.

Re:Another take on the story

[skoda]

I prefer to download music "illegally" then send money forectly to the musicians. It takes more time but it's better for all involved.

Unfortunately, it's not better in all respects. Music sales are counted for most (all?) retail music stores. These counts are a major indicator of a band's popularity, which then impacts how much radio play they get, what marketing and sales promos, and media coverage they get. It's a big feedback system. If more sales are counted, they get more airtime and visibility, so sales go up, et. cyk. until the public burns out (e.g. Spice Girls).

In the short term, your method gives an artist more cash, but in the long run could hurt them.
-----
D. Fischer

Re:Instead of hacking SDMI...

[prizog]

That's not what it says! It says "Hack SDMI.org" Not "Hack hacksdmi.org". They want you to hack their main site - that's why they put up this one... wait... :)


-Dave Turner.

Worth Considering

[Tappah]

I wonder that we aren't seeing more discussion/speculation as to the outright legality of the SDMI.

Whether or not it is technically feasible is beside the point. Is it legal? A couple of points to consider:

1. Copyrights, by law, last for 17 years at which time "ownership" is "transferred" to the "Public Domain". Therefore, is it legal to wrap the copyrighted work in a format which, by virtue of encryption, renders impossible that transfer of ownership interest?

2. The concept of manufacturers and a few copyright holders working together to develop a format + playback + record mechanism, in which the copyright holders serve as "gatekeepers", granting or denying access to the technology in their own self-interest, could only be considered a pernicious form of anti-competitive restraint of trade. New artists, equipment manufacturers, etc. will be forced to pay financial tribute to the keepers of the encryption keys, and can easily be excluded from the market, simply by denying access to the recording or playback equipment. I can readily envision such collusion as standing in violation of any number of anti-trust statutes, from Sherman on down.

Lastly, I wouldn't overlook the marketability of such a system. Will consumers really "pay-per-play"? Will they spend their bucks buying systems that a five year old could see was meant from the outset to soak the maximum amount of money from their pockets? What's in it for them? Why would Joe Bob go out and plunk down $200 on a new player in the first place (especially one which renders his existing music collection worthless from the outset)?

I expect the public to respond to the "new" format and equipment with a hearty "no thanks".

here's a (bad) plan ...

[j1mmy]

Are the SDMI watermarking algorithms actually copyrighted yet?

If not, somebody crack them, copyright them before the SDMI organization, and sue SDMI for trying to embed the technology in consumer electronics and software without licensing it from you.

Please explain lititure under stalin

[bluGill]

In the USSR while Stalin ruled lititure of any sort was illegal unless it was in praise of communism, Stalin, or other approved subjects. Yet after stalin died several authors were discoverd to have written quality works for "For the desk drawer". That is they wrote books that they never expected to see the light of day because the urge to create was so strong.

Chiariglione is cheap

[jetson123]

Even without all the other issues, the challenge is an insult. The $10k are to be shared among all the "winning" entries, and submitters have to assign all related intellectual property to SDMI. There is no legal recourse even to recover that money: by contract all decisions are made by SDMI. $10k would get them about 30 hours of consulting, if the consultants where cheap, and they'd have to agree to an equitable contract and no guarantee of success.

SDMI and those big music companies are about to deploy billions of dollars in software, hardware, and content, and $10k is all they can cough up? If they add another three zeros to that, together with binding arbitration, we could start talking.

I think this shows us what we probably knew all along: Chiariglione is cheap. Chiariglione doesn't respect other people's work or intellectual property, he only cares about his own.

And to anybody thinking about participating in this challenge: don't sell yourself cheap.

Re:I remember something like this at McRatburger

[Barbarian]

having also worked at McRatBurger(TM) during the time of this sandwich: the meat was pre cooked and then frozen -- you'd just basically be heating it up and making it look like what people expected.

--

Of course it's breakable.

[jetson123]

Watermarking technologies are inherently breakable. The only question is how much effort it takes, what information is available to break it, and how much loss of quality the users are willing to live with.

The HackSDMI challenge is meaningless because it doesn't provide people even with the minimal set of tools they would have once the system is deployed: thousands of recordings and software to actually test for the presence of the watermark. If SDMI were to be really secure, they would also have to disclose the watermarking method as part of the challenge.

At best, the current "challenge" can be considered a sanity test: does some MP3 encoder or MP3 setting, or Ogg Vorbis, or some other simple method break their scheme?

In any case, if they want anybody who knows about this stuff to work for them, they should pay the going rate for consultants. A serious attack on SDMI by consultants would probably cost them in the millions, and they would have to pay whether the attack succeeds or not.

Re:the author of this editorial...

[Erbo]

Not only that, even if no one breaks SDMI as a result of this contest, the RIAA still wins; they get to issue press releases saying "we offered real hackers (oo!) a chance to break our secure music system, and they couldn't do it, so that means our system must be really secure, therefore give us money."

You and I know that's a fallacy. The general public doesn't. And, if anyone comes along and tries to break it later, RIAA can just call them "evil pirates" and rattle the DMCA saber at 'em to shut 'em up...

Sorry, RIAA, I won't be your stooge, no matter how much money you wave under my nose, and no matter who wants to call me "chicken" as a result. See Figure 1. [xerox.com]

Eric
--

Is Anyone Else Disturbed?

[wholen1]

I hate the fact that the new windows media player, by default, has a little box checked that says, "Allow WinMedia to send information to sites you download movies from.."
I would be about as excited to know that everytime I play a CD in my computer, or an MP3 file, that information is being sent to the RIAA (or anyone for that matter.) What exactly would be the point in surrounding an audio format in with a barrier to prevent copying? Besides what was mentioned before.. nothing is perfect. PGP isn't perfect (although it has not been cracked in some time, it WILL eventually get cracked..) And the same goes for this new audio format.. CSS got cracked, so will SDMI.
If I own a company and I invest millions of dollars in an encryption scheme, which I know will not last more than a year, maybe two, but will require a change from hardware manfacturer's to make a new encryption - I'm going to go out of business. Something tells me that 12 months is a pretty generous estimate considering the amount of hype this story has recieved.
Realistically, the RIAA should look at some different models to make money off of music. Naptser is insanely popular, even among novice users (my Dad is on Napster and he has trouble starting IE and searching Yahoo.) I would pay $5/month to use Naptser and Napter's 4 million + users would make that equivalent to approximately 500,000+ CD's.. ($15 apeice for the CD's). Napster pays the artists or the record labels a royalty and everyone is happy.
Or base it on downloads.. every song costs .20 or .10 for that matter.. either way you slice it MP3's are free once they are made.. no CD art, no reproduction cost, no CD case, no shipping or handling..
However, if their intentions are to keep ALL of the pirated music off the net, well that will never happen. There will always be the squadrons for rouges for whatever reason will blatantly infringe on copyrights, just because they can. As there will always be people that download that material because it's free.
To think that someone gets paid to set there and say, "Hey let's make a new encryption scheme" is ludicris to me. I could be making a ton of money thinking up actual good ideas.. I wonder how that guy got that job... hmmm

"The same thing we do everynight Pinky, try and take over the world." - Brain

This can be bypassed easily with a cable from RS

[Mancide]

Music always has to go to analoug at some point. Any watermark/copy protection they implement can simply be bypassed by a $2.00 patch cable from Radio Shack, a simple loop back into your soundcards line in, and possibly a noise gate in the loop to filter out some of that dreaded hiss...

The fact of the matter is music copyprotection methods are mute, the music has to be converted to an analoug signal at some point in the chain, at which point it can be captured and repackaged into .MP3 or whatever...

I think the RIAA/SDMI should be trying to promote the very artists they are claiming to "protect" instead of trying to find ways to ensure the cash keeps flowing in.

With promotion they will get revenue return through CD sales, tour sales, merchendise, whatever... but alienating the people from the music, or what they choose to do with the music is going to cause the cash flow to dry up quicker than anything.

People are fed up with the amount of control corporations have now, and I'm sure it won't stand much longer without a revolt or revolution...

Re:Copyright works, because people are greedy

[TheReverand]

Could you please point me to some music/movies/literature/TVshows that YOU have created? None? That's what I thought. Try creating some time. Learn the difference between what is "good and bad" and what you "like and dislike".

Re:Black & white films?

[GemFire]

In 1976 Congress increased the length of time of a copyright to the author/artist's life plus 67 years. In 1995 Congress increased the time of a corporate copyright to well beyond a century (120 years, I think.) So any movie made before 1880 would be in the public domain. Know of any? Of course not. Congress has been systematically stealing from the public domain since 1909 when it was increased from a maximum of 28 years to an automatic 56 years. Write your congressmen, tell them you want Tolkien, Charlie Chaplin, and Mickey Mouse in the public domain where they belong. I have already done so.

Re:SDMI is not uncrackable

[Hard_Code]

Well, SDMI aside, the laws of physics (and logic) virtually preclude distribution of music and media that have to be played on physical apparatus the consumer owns, from being secured. Even the most "uncrackable" security mechanism is at best a big and annoying plastic seal that consumers have to rip open to get to their product. It's like trying to place a lock on a basketball. Just stupid.

New instructions:

[stienman]

New instructions:

Go to the ClickThrough Agreement, then use the link above. Looks like they might be using cookies, or some other method which forces you to view the license page before viewing the download page.

You still don't have to click on the 'I Agree' button.

-Adam

This space for rent.

Re:SDMI is not uncrackable

[Mark F. Komarinski]

Now, how do you know it took 2 years to crack CSS?

DVDs came out in 1997. It wasn't fully cracked until 1999. 1999-1997=2 years. I don't know anything about the Russian DVDs you're talking about, so I'm not even going to get into that debate. My point is that giving 30 days to prove that something can't be broken is one of the dumbest ideas I've heard of.

The "contest" is poorly set up anyway.

[BeBoxer]

If you actually go and download the files for the contest, you won't find much. Rather than any sort of description of the watermark technology, or any software that checks for the watermark, you get three .wav files. File 1 has no watermark. File 2 is the same audio as file 1 with a watermark applied. File 3 is a different song with a watermark applied. Your "challenge" is to remove the watermark from file 3. To check the file, you have to upload it to their server, and they will send you email with the results of the check.

So, from a cryptographic point of view, this is pretty worthless. It's along the lines of the newbies who post to sci.crypt saying "I've developed a new algorythm. Here is some ciphertext, crack it!". Of course, to do any valid analysis you need to know how the algorithm works.

My guess is that either the people setting up the "contest" are pretty clueless, or they have no faith in their algorithm, or both. Or this is just a publicity stunt to reassure the record labels. My money is on the latter.

Any hacker who attacks SDMI after it's released will certainly have access to a software implementation, or the algorithm, or both. So, to leave both of those out of the "contest" just makes it a sham.

Just In Time Hack (JITH)

[redhog]

So, crack it, and release the crack one day or soe after the contest is officially over. And release it to some sience magazine or so. A math/CS one would perheaps be interrested in such a thing. Then you call NY Times or something and tell them about the article and that SDMI sux. If they put DMCA against you, say that you only used the contest time (during which you where urged by the creators of the thingie to crack it), and just waited with the release... Should be fairly water-tight. And if they sue you, even the most stupid non-hacker will laught at them...

Re:Worth Considering

[b0rken]

Patents last 17 years. Copyrights last much longer.

God, can't we at least keep our facts straight?

Re:

[account_deleted]

Comment removed based on user account deletion

Hackers Hack HackSDMI.Org!

[sulli]

Pretty amusing, if you think about it, that they didn't bother to use any protection behind their click-thru agreement. Oh well, they didn't really expect SDMI to be any better, did they?

Note (at the risk of sounding like a broken, um, MP3): SDMI is toast. MP3 has already won. Unless they stop shipping CDs, and completely destroy the revenue they're trying to protect, the SDMI people are wasting their time.

sulli

Microsoft Digital Rights Management: silence.

[yerricde]

And there's always the trick of having a soundcard driver that saves the audio stream to the harddrive.

No. SDMI requires that there be no way to get a digital cleartext out of an encrypted file. For example, all Microsoft Digital Rights Management sound card drivers disable all digital outputs (card outputs, write to file, or a fake waveIn) when an SDMI clip is being played. If a sound card driver driver is not digitally signed by Microsoft and rated MS-DRM compliant, it has no access to the Secure Audio Path [microsoft.com] and will play silence instead of music.

<O
( \
XGNOME vs. KDE: the game! [8m.com]

Stopping all the closed-source players... won't.

[yerricde]

SDMI-enabled players are distributed out to surpass their existing versions. The MP3 decoders are time-stamped to expire (aka shutdown) on a set date, after which only SDMI will be supported. Nice, eh?

If that's true (probably not), you'll just see Winamp replaced with "WinMMS" (a port of XMMS [xmms.org]) with hardly a hiccup.

Oh, BTW, if you can dig up a link to the article, mail it to me. You know how to fix up my address; bots don't.
<O
( \
XGNOME vs. KDE: the game! [8m.com]

It'll record silence.

[yerricde]

all it did was recive sound from windows applications like it was a sound card and write 44.1 kHz pcm sound

It won't work for long. Microsoft Digital Rights Management [microsoft.com] will silence all SDMI audio going to unsigned drivers. MS will only sign a driver if it shuts off all digital waveOut capability (this includes without limitation disk writers, digital out ports on the card, and waveOut to waveIn aka SB Live What-U-Hear) when playing secure audio; only signed drivers get access to the Secure Audio Path [microsoft.com].

<O
( \
XGNOME vs. KDE: the game! [8m.com]

Predictably, everyone seems to have misunderstood

[namespan]

Predictably, everyone seems to have misunderstood my comment. That's probably partly due to weakness in the way it was presented, but probably partially due to Slashdot blind spots.

_I_ understand that SDMI (and any other such format) is likely to be abused by the corps. I understand that individual rights are being erased by profit hungry/control freak execs. I can see there's danger here.

But only part of the point of my post was that the technology could be used legitimately. The other part of the point was this: the battle we need to fight ISN'T that of making sure that SDMI never happens. The battle we need to fight is making sure that alternatives are available, legally and technologically. We spend WAY too much time defending Napster and other such things that are legally and ethically questionable, on the grounds that our opponents are ethically (and often legally) questionable. I think in the case of SDMI, all we have to do is make sure that alternative ways of getting music (which respect the artists) exists, and it'll win out.

In short: I'm not afraid of a future in which SDMI exists. I AM afraid of a future in which it's the only choice. We might lose that battle, however, because we're perceived as freeloaders that don't respect those who create music. We need to work more actively on implementing systems that can compete with what SDMI claims it can accomplish, but without the greed and draconian restrictions.

Re:Why? (Just like a 2 year old)

[dattaway]

Bullshit. Local bands play for local communities and sell cool merchandise. Support them and enjoy a real party. Otherwise, you are just paying for the gorilla music industry that wants to ban versitile music recorders.

SDMI Trojan Driver Plans

[Ryosen]

Tools of the industry, wake up and realize that the RIAA is simply trying to solicit free labor to help bulletproof their encryption scheme.

More importantly, consider this. You know that cool new Nomad Jukebox from Creative Labs? The one that has a 6GB drive in it? It supports the SDMI-format. Great, right?

No.

Last summer I found a media composite from Sony Records. For those of you who don't know, a composite basically gathers articles from several sources into a single volume, the results of which are delivered to executives. There was an interesting article from Billboard, I think it was.

It seems that the SDMI group met last year and decided on certain resolutions regarding the implementation of the SDMI scheme. Of interest is a plan on how to enfore SDMI acceptance on to those of us who decide to stick with our existing players (e.g. WinAmp, MS-MP, XMSS, etc). The plan is this: SDMI-enabled players are distributed out to surpass their existing versions. The MP3 decoders are time-stamped to expire (aka shutdown) on a set date, after which only SDMI will be supported. Nice, eh? They actually agreed to this.

I am salivating all over myself for the Nomad Jukebox, but I am not about to drop $400-500 without knowing if, in fact, the player does not support this type of initiative *and* that Creative will not subsequently release a bios patch that would render mp3 unplayable.

I will dig up the article (if I can find it - my office is like a 10'x10' version of Beirut in Springtime) and post it here.

- Ryosen

This was originally posted by me as anonymous. I didn't have my password yet.

Re:Microsoft Digital Rights Management: silence.

[jonathanclark]

What if the whole system is running under VMWare or some other hardware emulator? Then the signed driver doesn't know the difference. Does that mean all sound cards with signed drivers are required to be "closed." This would mean they can't release technical specs on the card and the OS community couldn't make linux drivers.

It seems like a mute point for a while since I don't see record companies forgetting about Redbook audio as long as people are still buying CDs.

Re:It'll record silence.

[jonathanclark]

This will not work unless the card itself is "closed" and cannot be emulated. Think VMWare. It emulates at the hardware level, and it's not too difficult to get linux to save the audio output while VMWare runs. This is all digital and no driver or OS can ever stop this unless the hardware functionality is kept secret and cannot be emulated.

Re:Beating the system.

[phil reed]

Maybe not. What if the watermark is somehow audible? Your little side trip through the audible domain wouldn't wipe it out.


...phil

local bands

[The Queen]

Not to disagree, but even most local bands admit they have hopes of signing with a major label. The whole system needs to change.

The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk

Re:here's a (bad) plan ...

[phil reed]

Are the SDMI watermarking algorithms actually copyrighted yet?

Copyright exists from the moment something is written in tangible form, including computer files. So, the answer to your question is 'yes'.

That said, I don't think that copyright covers the technology. It would be better protected by trade secrets or patents. Patents would have to be published, however, disclosing the technology. Has anybody sniffed around the patent databases [ibm.com] yet looking for these watermarking systems? As for trade secrets, well, Digital Convergence [digitalconvergence.com] can probably tell you how well that's working.


...phil

Enforcing DMCA

[yerricde]

Besides, I'd like to see them *enforce* it.

Two words: Jon Johansen [google.com].

<O
( \
XGNOME vs. KDE: the game! [8m.com]

Re:The "contest" is poorly set up anyway.

[guran]

File 1 has no watermark. File 2 is the same audio as file 1 with a watermark applied. File 3 is a different song with a watermark applied. Your "challenge" is to remove the watermark from file 3.

Now, I'm not much into cracking and cryptos, but wouldn't the first thing to do for a real cracker to get the *same* song with two *different* watermarks?

XOR:ing those two should give some intresting info

I mean the warm fuzzy things SDMI claims

[namespan]

SDMI essentially claims that it can make sure that people can only listen if they've paid. So, subtract greed and you get:

A system in which artists are compensated by fans appreciative of their work at reasonable prices.

Subtract draconian restrictions and:

You have a system in which there is fair use, perhaps a little fair abuse, but that copyright respect is encouraged.

You don't want these things?