Felten & Co. Present SDMI Findings, Finally 87
chill writes: "Princeton scientist Dr. Edward Felten and his colleagues presented their paper entitled 'Reading Between the Lines: Lessons From an SDMI Challenge' at the Usenix Security Symposium. CNN has an article.
This is the paper that the RIAA threatened legal action (DMCA) over in the past, if he made his findings public. They have since backed off their threats."
Newsforge is carrying a piece on the same thing that goes into a bit more depth, and links to coverage of yesterday's press conference, and the Standard has a decent piece on it as well.
For those who don't want to watch the whole video (Score:2)
The best part started about 40 minutes into the presentation. One of the panel members (I can't remember his name) gave an analysis of section 12.01 of the U.S.Code, broken down paragraph by paragraph. There was a good summary of the DMCA, which exposed it clearly enough for laymen to understand it is not a copyright law, but a "para-copyright law". The distinction is that it doesn't directly change existing laws, but modifies the contract between copyright holders and consumers. Very clear and well spoken, this speaker is someone who has clearly given the speech repeatedly and knows exactly how to present the information for maximum impact.
If you download the presentation, at least take the time to watch that 10 minute section. It will give you the verbal ammo needed to start convincing people you know the basis of why the DMCA is bad.
the AC
[The next section is the EFF lawyer saying "ummm" about 50 times per minute, and completely losing the audience]
DMCA: no test case (Score:1)
Interesting Parallel to the Security Discolsure (Score:5, Insightful)
The stance being taken by the industry to "protect" copyright is amazingly similar to the idea discussed earlier that publishing security flaws helps the Black Hats [slashdot.org]. If nobody is allowed to talk about it, nothing bad can happen. Of course, in this case, we (the end users) probably want something bad to happen to the corporations. But not talking isn't a solution to either problem.
citizens (Score:2, Interesting)
I'm astounded that even the EFF reduces all human activity to, "consumption" I did not donate money to the EFF to be called a consumer and if anything would help the debate about our rights in the electronic age (EFF's alleged mission) it would be to recognize the rights we are looking for are citizen's rights, not consumers.
I just finished writing my email to Cindy Cohn a the EFF (cindy@eff.org), and I encourage others to follow-suit.
Feel free to use:
Thanks for all your work for the EFF - I recently became a member and I'm pleased with the EFF's support of the Dimitry & Felten cases.
I'm a little non-plussed though, to see the EFF using language that, IMO, do nothing to help the world recognize the need for ciziten's rights in cyberspace. To wit:
> "This is where the EFF lives and where many of you live -- we live on > the cutting edge," she said. "We're looking at problems that actually > haven't hit home to the consumer yet. That's where we always try to be > ... until everyone else catches up."
I'm a great many things in my life, but "consumer" is right near the bottom of it. I consume what I need to consume in order to do the things that are higher on the list, like be a good citizen and contribute to my community. If we allow ourselves to be called consumers, we will only be able to fight for "consumers rights". I don't want consumers rights, I want citizen's rights. I want to be recognized as a living, thinking, articulate member of society, not a consumer.
I know it may seem like a minor point, and I know that "consumer" has become popular media slang for the common man, but I don't think it's a positive trend and I feel that it's a trend that will only hurt the causes that EFF stands for.
I humbly suggest the EFF do justice to the people it claims to fight for and call them citizens in all public comment or releases.
Thanks for you time.
hear, hear! Please stop "consumerizing" us :) (Score:1)
I like to tell people who call me a "consumer" "No, I'm a customer. A catfish is a consumer."
Custom, customer, and customization
Glad I'm not the only one annoyed by that word.
timothy
Re:a great many things in life, #1: troll (Score:1)
humbly tell it to Ceaser Chavez.
we are all consumers and producers, some of us are citizens. a rare few are the common man. or perhaps you are a believer in corporate homogenity, that we are, the world over, subjects of a united megacorp. in that case please amend your list with victim at the top.
the EFF does great work. if you don't like it, don't send them money. meanwhile, don't waste my donation with your semantic hairsplitting tripe.
Seems to me doing this might have been a mistake (Score:2, Interesting)
But now that Felten has presented his findings, it seems to me there's a reasonable chance that the judge will ask "so how exactly has the DMCA proven to be chilling, given that you've presented your work?".
Felten may still win his case, but it seems to me that by presenting his findings he's reduced the odds of winning significantly...
Re:Seems to me doing this might have been a mistak (Score:1)
The fact that the RIAA has backed off from a lawsuit is immaterial. Read Felten's declaration to the court [eff.org] and you will see that the mere threat of litigation has already had a "chilling effect" on his rights to freely communicate his findings. The case he builds in this declaration is really very compelling.
Re:Seems to me doing this might have been a mistak (Score:1)
Some would argue that a "chilling effect" isn't even there unless it causes some people to not speak out when they otherwise would have. Since that condition doesn't apply to Felten anymore, the judge may simply dismiss his suit as being a case where someone is "crying wolf".
Felten might still win. But as I said, I think he's managed to reduce his chances by doing this.
this does make sense (Score:5, Insightful)
Re:this does make sense (Score:3, Insightful)
Corporations as individuals, and accountability (Score:3, Insightful)
As a result, corporations bend over backwards to cover their own asses in these cases with all kinds of legalese. The DMCA, the Felten case, Sklyarov, and all of this nonsense are a result of this; since individuals have gotten judgments they didn't deserve, corporations have been able to get more protection than they really needed.
It's not just "Oooh, evil corporations are taking over everything!" Individual citizens failed to be accountable for their own actions, and convinced uneducated juries that the world owed them a living. As a result, companies have gone ape-shit to try to protect themselves, and now this practice has gotten out of hand.
There's a historical cause behind what we're seeing today. It isn't "us" against "them."
It's also not a zero-sum game, where one group gains freedoms at the expense of others.
Re:Corporations as individuals, and accountability (Score:1)
Yes, I agree with the point about individual accountability, but what about CORPORATE accountability?
Think: If you own a business and you do something illegal, what happens?
You go to jail. Do not pass go. Do not collect $200. You lose your business. Think of it as a death penalty. You have everything to lose if you decide to join the dark side.
Now, consider a massive, multi-national corporation, who's only goal is to, well, make money. If you can make $500 million in profits using illegal methods, knowing that the penalty will probably be around $10 million in fines, what do you think is going to happen? There is no corporate death penalty anymore. Yeah, they fire the CEO (and give him a multimillion dollar severance package and send him on his way), and maybe some other key executives (ditto), but before long, you have the same mentality producing the same problems. It's a numbers game.
For more on this and more, check out this book [amazon.com].
Re:Corporations as individuals, and accountability (Score:2)
I think you are wrong. Corporations would still be making power grabs even if people didn't file ridiculous suits, just like they'd sneak their toxic waste into the water to save a buck.
We didn't bring it on ourselves; I think it's the natural evolution of business. Not that we shouldn't fight it.
Re:Corporations as individuals, and accountability (Score:3, Informative)
This is a common misconception, and I think that the "Insightful" moderation needs a little reality check. Ms. Liebeck (the McDonald's coffee plaintiff) was hospitalized for eight days because of the coffee's temperature. She did not seek a multimillion dollar sentiment from the outset -- she merely wanted compensation for her medical bills. From http://www.citizen.org/congress/civjus/legalmyths/ coffee.html [citizen.org]:
Finally, the jury's punitive award of 2.7 million dollars was chosen to reflect two days' worth of coffee sales for Mcdonald's.The "McDonald's Coffee" suit is a particularly poor example for anyone wishing to blame "individuals" for corporate ass-covering and buyouts of government.
How about the following examples? (Score:1, Troll)
1. January 2000: Kathleen Robertson of Austin Texas was
awarded $780,000.00 by a jury of her peers after
breaking her ankle tripping over a toddler who was
running amok inside a furniture store.
The owners of the store were understandably
surprised at the verdict, considering the misbehaving
tyke was Ms. Robertson's son.
2. June 1998: A 19 year old Carl Truman of Los Angeles
won $74,000.00 and medical expenses when his neighbor
ran over his hand over with a Honda Accord.
Mr. Truman apparently didn't notice someone was at
the wheel of the car whose hubcap he was trying to steal.
3. October 1998: A Terrence Dickson of Bristol
Pennsylvania was exiting a house he finished robbing
by way of the garage. He was not able to get the
garage door to go up, the automatic door opener was
malfunctioning. He couldn't reenter the house because
the door connecting the house and garage locked when
he pulled it shut. The family was on vacation, so
Mr. Dickson found himself locked in the garage for
eight days. He subsisted on a case of Pepsi he found,
and a large bag of dry dog food.
This upset Mr. Dickson, so he sued the homeowner's
insurance company claiming the situation caused him
undue mental anguish. The jury agreed to the tune of
half a million dollars and change.
4. October 1999: Jerry Williams of Little Rock Arkansas
was awarded $14,500.00 and medical expenses after
being bitten on the buttocks by his next door
neighbor's beagle. The beagle was on a chain in it's
owner's fenced in yard, as was Mr. Williams. The
award was less than sought after because the jury
felt the dog may have been provoked by Mr. Williams
who, at the time, was shooting it repeatedly with a pellet gun.
5. May 2000: A Philadelphia restaurant was ordered to
pay Amber Carson of Lancaster Pennsylvania
$113,500.00 after she slipped on a spilled soft drink
and broke her coccyx. The beverage was on the floor
because Ms. Carson threw it at her boyfriend 30
seconds earlier during an argument.
6. December 1997: Kara Walton of Claymont, Delaware
successfully sued the owner of a night club in a
neighboring city when she fell from the bathroom
window to the floor and knocked out her two front
teeth. This occurred while Ms. Walton was trying to
sneak through the window in the lady's room to avoid
paying the $3.50 cover charge. She was awarded
$12,000.00 and dental expenses.
Re:How about the following examples? (Score:1)
Re:How about the following examples? (Score:3, Insightful)
Troll (Score:1)
You're just trolling. At least you could have had the decency to add a reference to Natalie Portman and hot grits.
Re:Troll (Score:1)
Re:How about the following examples? (Score:1)
The DMCA has ALL to do with big business bribing government into writting any legislation they want. The fact that most people are sheep, and are totally disinterested in ANYTHING going on outside their own pathetic little lives has Everything to do with the fact that these corrupt congressmen are in office.
Re:Corporations as individuals, and accountability (Score:1)
This is a common misconception, and I think that the "Insightful" moderation needs a little reality check. Ms. Liebeck (the McDonald's coffee plaintiff) was hospitalized for eight days because of the coffee's temperature.
Uhh, not quite, it all depends on your perspective. Personally, I prefer my coffee HOT, hot enough to burn flesh. In my opinion, she was hospitalized not "because of the coffee's temperature", but because she didn't take enough care to properly handle a beverage that is supposed to be freaking hot and then asked Micky-Ds to cover expenses which were due only to her own lack of common sense. In that particular case, I have to agree with with the corporation. If Ms. Liebeck's a victim of coffee that is too hot, then I'll sue Henckels the next time I cut myself using one of their knives (they shouldn't be that sharp!). Failing to take responsibility for your own idiotic (or accidental) behavior is a disease in this country. The "Insightful" moderation is perfectly reasonable here.
Re:Corporations as individuals, and accountability (Score:2)
The potential failure of that one example, however, does NOT invalidate the general principle. Finding a four-leaf clover doesn't mean that there aren't a whole lot of three-leaf clovers out there.
You and I both know that even today there are plenty of lawsuits filed against corporations simply because people can do so, and have good enough odds of walking away with a huge amount of someone else's money with very little risk. People don't like admitting their own fault, and corporations look like they're made of money, so it's easy to file a lawsuit.
It's just that in this case, the opposite extreme has occurred -- the DMCA has made a low-risk opportunity for corporations to muscle around scientists and engineers.
Fortunately, the EFF is not letting this attempt stand.
Re:Corporations as individuals, and accountability (Score:2)
Now, as an OT side-note (since you mentioned it): Yes, the people who sued the tobacco companies should have known (and probably did know) that they would get cancer from the practice. But that wasn't the tobacco companies' defense. Their defense was that tobacco is completely safe, has no known ill-effects, and the plaintiffs must have come down with lung cancer in some other way. This was despite the mountains of evidence (some of it provided by their own documents) to the contrary. They have never argued that people should know better and should take responsiblity for their own actions. What do you expect a jury to do when they are presented with such an idiotic defense? They can only consider the defense presented, they can't provide a defense for the tobacco companies, so they had to find for the plaintiffs. The most disturbing thing about the whole tobacco fiasco is that the executives blatantly commited perjury in front of Congress and got away with it. If anyone else pulled that kind of stunt they would end up in prison.
Webcast (Score:3, Informative)
MadDog ??? (Score:1)
Seems like somebody screwed up the video files.
Re:MadDog ??? (Score:1)
Well, the threat served it purpose (Score:2)
Prof. Felten's Version... (Score:5, Informative)
He's got the RIAA letter, the statement contradicting the RIAA letter, the agreement to the competition, and other such nifty info.
Prime Number Theory (Score:3, Interesting)
Your wait is over (Score:1)
RSA and Eliptic Curve Cryptography is used for "copy protection" in a number of products. HIEW [serje.net] uses RSA for it's keyfile IIRC, and ECC is used by CloneCD [www.elby.de], just to name two examples.
Or were you thinking of something else?
Re:Prime Number Theory (Score:5, Funny)
Illegal prime numbers do exist [theregister.co.uk] already.
What's really scary... (Score:3, Interesting)
I would've expected news like that out of the communist bloc just a few years ago, but not here and not now.
RIAA was forced into submission here (Score:2, Insightful)
I take it as a given that the good Dr. Felten withdrew the initial paper because he could then show clear evidence of a chilling effect. Now, of course, the lawsuit proceeds apace, but Felten can of course present his paper without interference from the RIAA because it would further Felten's claims and provide even more clear evidence that the DMCA was, in fact, unconstitutional (not that any thinking person who doesn't accept big media's spin on things needs more clarification on the matter).
To continue to go after Felten would strengthen the case against the DMCA and, speed the day, the eventual dismantlement of this egregiously rotten piece of legislation.
Yay Felten et al. Thank goodness he's on our side.
gotta love the twisted logic... (Score:4, Insightful)
"Shortly before the group was due to present its paper at an April conference in Pittsburgh, a lawyer for SDMI and the RIAA sent Felten a letter telling him he could face legal action under the Digital Millennium Copyright Act, a 1998 law that bars efforts to defeat copyright-protection technologies.
The lawyer, Matthew Oppenheim, has since backed away from the letter, saying the SDMI had an obligation to protect the trade secrets of the companies that developed the anti-piracy technology but never intended to sue."
So if they "never intended to sue", what the hell did they mean by "could face legal action under the [DMCA]?" Oh wait - maybe they thought they'd just drop a dime on him - give the FBI a call and have him arrested at the conference!
SDMI as Antitrust Violation? (Score:2)
But that's not all... (Score:5, Funny)
The question of the day is... (Score:2, Interesting)
what was the RIAA's real intent? Did they simply retract their threat to sue for the sake of PR, or what it something deeper?
The bluff smells of censorship, IMO. It is a warning to every other research group who will walk the fine line that is the DMCA that they are being watched. The scrutiny serves the role of censorship, and the threat of legal action will remain until the researchers ask if they can publish.
I seriously don't know what is worse. Not being able to publish at all, or having to pander to the legally privileged (thanks to the DMCA) and beg "Please, please, can I publish my paper?". In either case, Big Brother wins.
If you circumvent the DMCA to read a document about how to reverse engineer something (circumventing the DMCA yet again), do you get thrown in jail twice?
Re:The question of the day is... (Score:1)
The RIAA has NO real power, other than the (considerable) power to coerce through the use of "Legal Intimidation", i.e.(NOT IE!) "We can afford to spend millions of dollars sueing you and we will continue to sue you until you have; no job, no house, no car, no food, no porn..."
In Felten's case, as with Adobe and KIllustrator and Dr. Kai-Uwe, the Public Relations and Legal downside of the attack was starting to overwhelm any potential upside.
The RIAA, just like Adobe, cannot afford to piss off mainstream academics, who hold tremendous clout, as expert witnesses in both legislatures and courts, in quasi-democratic systems like the US and Germany.
Post-MS Trial, Felten is a "celebrity" academic and Adobe has just made Dr. Kai-Uwe one, while Dmitri Sklyarov is rapidly becoming the "New Mitnick"...
IFF the RIAA took Felten to court and lost, and with most of the academic compsci crowd supporting Dr. Felten, the RIAA could easily lose, the damage to the DMCA's ability to restrict research could be FATAL
much easier to pick on H4X0R-types like Fanning/Napster than peeps like Felten with "juice" (gotta have it).
COMPLETE THE SENTENCE: it ain't what you know, it who you....
Re:The question of the day is... (Score:2)
Like the joke (Score:1)
Another thing; don't think this is a finished issue. Students who attended the conference may be in violation of the law if they describe its proceedings to their advisors, and people who write software which implements Professor Felton's methods would almost certainly be in violation of the law.
On a lighter note; isn't it funny how little understanding some people have of security? Verance relied on the secrecy of their algorithm to protect the data, but the algorithm was patented. Which means you could look it up, which means they willingly betrayed their own security methods.
I wonder what RIAA's motivation was. (Score:3, Interesting)
No news is good news (Score:2, Interesting)
Finally, someone sees cracking encryption as something other than a hacker threat. There are more uses for such activity, such as education, to see how the encryption works.
Let's hope that this is a precedent, since that government is unlikely to repeal this law.
The Standard is really stooping low... (Score:2, Funny)
Silly guys. Don't they realize that on the internet, the headline is only as tantalizing as what the referring link says, so this kind of thing doesn't increase readership?
Re:The Standard is really stooping low... (Score:2)
Come to think of it, it would certainly spice up a lot of scientific/tech presentations.
Then again, since most of the presenters are male and not necessarily prime physical specimens, perhaps it's not so good an idea after all...
Re:Let them sue! (Score:2, Insightful)
Company copyrights a technological form of encryptiong.
Somebody breaks it. Company has the legal right to sue.
so.... if I create an encryptiong alg. copyright it. and then use it to send illegal info. Does the FBI have the right to try and break it. or can I sue good ol Uncle Sam???
Just curious.
Re:Let them sue! (Score:1)
They didn't back off... (Score:2)
Does anyone have a copy of the original letter that the RIAA (or whoever) sent to Prof. Felton?
Re:They didn't back off... (Score:3, Insightful)
Re:They didn't back off... (Score:1)
...but a person could get hurt.
Re:They didn't back off... (Score:3, Informative)
Re:They didn't back off... (Score:4, Funny)
Re:They didn't back off... (Score:1)
-dair
You call this victory?! (Score:1)
This means that his attempt to sink DMCA is ruined.
Re:You call this victory?! (Score:3, Insightful)
We have no idea what he might write (Score:3, Interesting)
That sentence says everything that is wrong with the attitudes of those wielding the DMCA as a weapon. It should not matter what Professor Felton or any other person (academic or not) should write - so long as it is not covered under the dangerous restrictions (i.e. national secrets, "Fire" in a crowded theater, etc.) Freedom of Speech is at issue here and someone's ENTERTAINMENT copyright does not deserve as much protection as an intellectual discourse. It appalls me that apparently, entertainment profits are more important than scientific knowledge.
Freedom vs. Leeches (Score:1)
Laws should be there to protect us from groups taking our freedoms, not for groups to take our freedoms away. Don't sell your soul to the DMCA.
Next /. story (Score:1)
Re:Next /. story (Score:2)
It doesn't matter: as the DOJ said when Adobe "dropped out" of the Sklyrov case: it's a criminal offence.
Why isn't the FBI arresting this guy?
I'd much rather see an american professor in jail for breaking US laws than a russian student.
Do US laws only pertain to foreigners?
Re:Next /. story (Score:1)
Jailing a prof would cause an outcry that would actually cause the law to be tossed out. We can't have that...
Re:Next /. story (Score:1)
SummerCon SDMI lecture (Score:1, Interesting)
Watermarking Too Simplistic? (Score:1)
I would encourage everyone to read Dr. Felten's original paper, not just because you can now, but because it provides a lot of insight into the techniques that were used to watermark the SDMI audio files.
One thing that really struck me was how simplistic the watermarking was. Not to take anything away from the team's accomplishment, but I have no doubt these technologies would have been defeated by someone within days of release.
If this was the current state of the art in watermarking technologies (and you have to assume it was), it makes me wonder if digital watermarking is really a viable technology.
-Sommelier
"Digital" Piracy? (Score:1, Interesting)
Sounds like someone is trying to get most of the population on side ('normal' piracy isn't so bad), while leaving the way open to single out an individual. "Ohh. He's (he = computer programmer who just wrote a CSS clone) a digital pirate. He must be really bad. Let's put him in gaol."
Meanwhile the bulk of the population feels secure and does nothing, as they are 'normal pirates'.
Probably the journalist isn't even conscious of using this term, as they read it in an RIAA press release.
Record company lawyers (Score:2, Insightful)
The SDMI nastygram that started this was a pretty vanila knee-jerk threat. It is the type of threat that in most cases can be made without fear of the consequences since the chances are that the target will simply roll over at the first hint of a threat.
What the SDMI lawyers certainly did not expect was that making threats would land them as defendants in a lawsuit that would be diffciult for them to either defend or disengage from. Essentially the only way to avoid a costly fight is to tell the court to vacate the anti-trafficing provisions in the DMCA that the RIAA paid so much to Senatorial campaign coffers to buy.
What the SDMI and RIAA failed to grasp is that Felten and co are much less interested in the ability to publish one paper than the larger principle. There is no real incentive for Felten and co to accept an out of court settlement.
In the process the suit is likely to issue the coup de gras to SDMI. The group has been spectacularly unsuccessful in meeting a goal to agree on a standard by Christmas 1999. Only one of the vendors has released an SDMI compliant player and they modified it to play unrestricted MP3s pretty quickly when nobody would buy it.
The only reason SDMI is continuing is sheer inertia and the fact that the manufacturers who could not give a monkey's for the interests of the labels would rather participate in an obvious failure of a group than withdraw and risk it being replaced.
I attended only one SDMI meeting and told my company to steer well clear of the loosers. The work was chaotic with deadlines set to fit unrealistic schedules that would inevitably fall apart leading to delay. Worse however was the fact that while 150 engineers were working on one set of specs in open meetings a closed group of 8 people were hacking out a private deal in a back room that entirely negated the rest of the groups work.
lemme git this straight... (Score:1)
riaa holds a contest to see if anyone can break their standard
(part boast, part free-beta-testing)
someone does
they get mad at the winner?
who put these clowns in charge?