To watermark, or not to watermark - that is the question
Electronic watermarks are electronic data embedded in software, "in a way that is difficult to remove," as Jean-Paul Linnartz says in Fingerprinting and Watermarks. He goes on, "Principal applications of electronic watermarks are in copyright enforcement, automatic metering of asset usage in multi-media applications, piracy tracing, and in providing additional information, such as image captions."
Are electronic watermarks important? "You'd better believe it!" - say the RIAA (Recording Industry Association of America), the SDMI (Secure Digital Music Initiative) Foundation and the Verance Corporation (watermark technology) loudly and jointly. And all three waited with bated breath while nine experts in the field prepared to answer an SDMI 'challenge' to test the strength of six security technologies, four of them centering on electronic watermarking.
Towards the end of this April the nine - team leader Edward Felten (Computer Science, Princeton); Scott Craver, John McGregor, Min Wu and Bede Liu (from Princeton University's Electrical Engineering Departent); Ben Swartzlander, Dan Wallach and Adam Stubblefield (Computer Science, Rice University); and Drew Dean (Computer Science Laboratory, Xerox Palo Alto Research Center) - were scheduled to deliver, "Reading Between the Lines: Lessons from the SDMI Challenge" in which they say:
"The SDMI challenge offered a small cash payment to be shared among everyone who broke at least one of the technologies and was willing to sign a confidentiality agreement giving up all rights to discuss their findings. The cash prize amounted to the price of a few days of time from a skilled computer security consultant, and it was to be split among all successful entrants, a group that we suspected might be significant in size.
"We chose to forgo the payment and retain our right to publish this paper."
Fascinating! The RIAA (an industry organ not exactly known for its public spirit) and associated entities linked directly to free research? And the guys doing the work are going to let everyone know the results?! Mind-boggling. An example of Democratic Free Speech at its finest.
And how did Prof Felten and his colleagues fare? As the researchers put it in their paper:
"We have reverse-engineered and defeated all four of their audio watermarking technologies. We have studied and analyzed both of their 'non-watermarking' technologies to the best of our abilities given the lack of information available to us and given a broken oracle in one case.
"Some debate remains on whether our attacks damaged the audio beyond standards measured by 'golden ear' human listeners. Given a sufficient body of SDMI-protected content using the watermark schemes presented here, we are confident we could refine our attacks to introduce distortion no worse than the watermarks themselves introduce to the the audio. Likewise, debate remains on whether we have truly defeated technologies D and E. Given a functioning implementation of these technologies, we are confident we can defeat them.
"Using the techniques we have presented here, we believe no public watermark-based scheme intended to thwart copying will succeed. Other techniques may or may not be strong against attacks. For example, the encryption used to protect consumer DVDs was easily defeated. Ultimately, if it is possible for a consumer to hear or see protected content, then it will be technically possible for the consumer to copy that content."
That last, almost throw-away, sentence should have sent icy shivers down the spines of recording industry executives - especially members of the RIAA. So why were they co-operating with people such as the authors of "Reading Between the Lines"?
You guessed it.
On April 26, team leader Professor Felten announced to the Fourth International Information Hiding Workshop in Pittsburgh: "On behalf of the authors of the paper 'Reading Between the Lines: Lessons from the SDMI Challenge,' I am disappointed to tell you that we will not be presenting our paper today.
"Our paper was submitted via the normal academic peer-review process. The reviewers, who were chosen for their scientific reputations and credentials, enthusiastically recommended the paper for publication, due to their judgment of the paper's scientific merit.
"Nevertheless, the Recording Industry Association of America, the SDMI Foundation, and the Verance Corporation threatened to bring a lawsuit if we proceeded with our presentation or the publication of our paper. Threats were made against the authors, against the conference organizers, and against their respective employers.
"Litigation is costly, time-consuming, and uncertain, regardless of the merits of the other side's case. Ultimately we, the authors, reached a collective decision not to expose ourselves, our employers, and the conference organizers to litigation at this time.
"We remain committed to free speech and to the value of scientific debate to our country and the world. We believe that people benefit from learning the truth about the products they are asked to buy. We will continue to fight for these values, and for the right to publish our paper.
"We look forward to the day when we can present the results of our research to you, our colleagues, through the normal scientific publication process, so that you can judge our work for yourselves."
What prompted this announcement? On April 9 the RIAA, a founding member of SDMI, wrote a letter to Professor Felten which included this paragraph:
"We appreciate your position ... that the purpose of releasing your research is not designed to 'help anyone impose or steal anything.' Further more, your participation in the Challenge and your contemplated disclosure appears to be motivated by a desire to engage in scientific research that will ensure that SDMI does not deploy a flawed system. Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material. Such disclosure is not authorized in the Agreement, would constitute a violation of the Agreement and would subject your research team to enforcement actions under the DMCA and possibly other federal laws."
DMCA is short for the US Digital Millennium Copyright Act and became Public Law No: 105-304 in 1998. It theoretically updated copyright law to take in the growing use of computers and the Net and under the DMCA, it's against the law to make, or traffic in, technology meant to bypass and/or penetrate anti-copying systems, including watermarks.
In fact, its a form of censorship.
Before it came along, you could copy, for personal use, music you'd bought on records or CDs. However, among a whole raft of other things, the DMCA decrees that if some kind of electronic watermark, or other protection, has been embedded in the recording, you can't legally do that any more. Nor can you develop technology designed to circumvent 'protection' systems.
The DMCA has been under heavy attack since it came out, amd the public outcry against the RIAA's tactics in using it to protect is perceived interests is only just beginning. But the RIAA is already starting to cave in.
A statement by Matthew Oppenheim, RIAA senior vice president of business and legal affairs, reads: "The Secure Digital Music Initiative Foundation (SDMI) does not – nor did it ever – intend to bring any legal action against Professor Felten or his co-authors. We sent the letter because we felt an obligation to the watermark licensees who had voluntarily submitted their valuable inventions to SDMI for testing.
"For the record, the Recording Industry Association of America, one of the founding members of SDMI, strongly believes in academic freedom and Freedom of Speech. This issue, however, is about the competing interests of scientists – those of the watermark technology companies that have invented new technologies and those of Professor Felton who seeks to describe how to circumvent those technologies. To that end, we have encouraged Professor Felten and the technology companies to resolve this matter. We leave it in their hands to do so.
"Further questions should be directed to Verance at 858-677-6522."
What a load of old cobblers.
On the The Secure Internet Programming Laboratory" site you'll see: "The RIAA and SDMI now say that they never intended to sue us, and that they never even threatened us in the first place. This letter sure looked like a threat to us. Verance has not rescinded their threat to sue if we publish. The letter from RIAA refers to a "click-through agreement" that we would supposedly be violating if we published. We believe that nothing in that agreement would prohibit us from publishing our paper. Read the click-through agreement and judge for yourself."
In the meanwhile, instead of scaring off developers of technologies which it and some member companies fear will further diminish profits already threatened by digital audio technology, the RIAA has merely added focus to the possibilities. The so-called hacking community - which absolutely lives for exploring forbidden regions - will see this as an open invitiation.
And if you're interested in reading an early version of the paper, try this link.
RIAA - www.riaa.com
SDMI - www.sdmi.org
Verance - www.verance.com
Related MusicDish e-Journal Articles:
» SDMI Goes to School (2001-04-26)
» Pirates of the 21st Century Unite!
- The Secure Digital Music Initiative Moves Forward. (2000-11-15)