By Robert Menta- 4/24/01
Remember the Princeton University Computer Science Professor who was one of many who entered the HackSDMI Public Challenge and successfully cracked the organization's security measures for MP3 files? Well, like any academic he plans on presenting the information detailing the step-by-step process he and his team used to defeat the system. The UK technology site The Register has mirrored the results on their site.
The Secure Digital Music Initiative (SDMI) is not happy about this and in response has made threats of criminal prosecution against the team.
In a letter to Professor Edward Felten, SDMI representative Matthew Oppenheim stated "Any disclosure of information gained from participating in the Public Challenge...could subject you and your research team to actions under the Digital Millennium Copyright Act".
The irony here is that the SDMI is threatening to use the law to stop what they created by open invitation, to freely test the security of their watermark technology. The fact that other contestants cracked the watermark technology and not just Professor Felten and his staff only proves that the SDMI needs to look at other encryption schemes.
The SDMI was embarrassed by how quickly their measures collapsed under testing, and the fact that Professor Felten withdrew from the official contest to continue the work independently only further embarrassed the organization. Felten's reasons for not staying with the contest were because as an academic he wanted to publish his results for educational purposes. Contest rules prevented such publication.
Felten has prepared a paper for a conference in Pittsburgh this week. The Register was the first to report this story and have as an added treat for readers, Dr. Felten's paper titled "Reading Between the Lines: Lessons from the SDMI Challenge".
The paper is posted on The Register's site at http://www.theregister.co.uk/extra/sdmi-attack.htm and should prove an interesting read.
As for the SDMI, one could argue they should thank Dr. Felten as well as the other contestants who broke the security measures. Had they actually released this technology hackers would do quick work of it, that was the finding of Dr. Felten. Failure of these measures in release could only further damage the organizations weakening solidarity. That was the main purpose of the contest, to provide them FREE testing that would prevent such a debacle. Of course, they were confident the technology wouild hold up to the testing. It didn't.
The SDMI is fighting for credibility and survival. Several members have already pulled out and some analysts, including this one, feel many of the hardware manufacturers originally joined as a passive/aggressive way to stave off legal attacks like the ones the music industry made (and lost) against the Diamond Rio.
These manufacturers knew it would take a couple of years to create the security technology, thus giving them a couple of years free of legal threats. Once the technology is finished, they too can exercise the option to pull out. In the meantime they can freely produce several generations of MP3 players with no security measures and still be called SDMI compliant.
Will the SDMI go the way of Divx? Even if the group gets it right it doesn't mean the consumer will automatically accept it and if the consumer rejects it, the manufacturers will reject it. Non-SDMI compliant posted in big letters on a box will probably sell more players in the end. As more manufacturers get in line to produce MP3 players, competition will dictate what is best for sales.
The SDMI's legal threats against Dr. Felten are moot now that the results have been posted on the Net. They may succeed in stopping the doctor from presenting his results in Pittsburg this week, but the hackers already have the blueprint.
MP3 the Movie
Judge to Napster: "If you can't comply, maybe the system needs to be shut down"!
We Test Drive the Lyra 2 MP3 Portable
A VCR for Internet Radio
We Test Drive the Nike PSA[Play 120 MP3 Portable
Canadian to Set Up Napster Clone Offshore
Thomson Upgrades the MP3 Format
Court Rules Musicians DO NOT Own the Digital Rights to Their Songs