Watch out -- recording industry executives are about to start running for cover. All of the Secure Digital Music Initiative's watermarks -- its much ballyhooed music protection scheme -- have been broken. A spokesperson for SDMI has denied the reports, but according to three off-the-record sources, the results of the Hack SDMI contest are in and not one single watermark resisted attack.
The hacking contest, which invited the general Net population to break the recording industry's watermarking system and win $10,000, ended Sunday; this week, SDMI members are meeting in Los Angeles to discuss the results. Although a core group of participants (including members of the Recording Industry Association of America) who coordinated the testing process are aware of the contest results, the larger SDMI consortium has yet to be informed.
The key issue is whether the breaks are meaningful or not -- in other words, could any hacker repeat the breaks, and is the quality of the music preserved even when the watermark is scrubbed out? According to one insider, all these hacks were, in fact, technically "solid." The hacker boycott of SDMI organized by members of the programming community who were suspicious of what they saw as an attempt to coopt their labor in the service of a corrupt industry has turned out to be effectively irrelevant.
According to one witness attending the SDMI conference, recording industry members held an emergency meeting at 6 a.m. PDT Thursday to discuss the results. SDMI members and the press will likely be informed Friday, several sources said, although most speculated that the record industry would try to downplay the results. One SDMI participant predicted: "They are going to try to keep it quiet -- the official word will be that the testing company is still analyzing the results. They will try to skate out of this without releasing the information that it's all broken." Others believe the RIAA will try to keep the news "close to the vest" until it has an alternate solution it can announce to the world at large.
Is there an alternate solution, though? Many SDMI members think there isn't one -- and that this could mean that SDMI will now implode for lack of any plausible ideas for how to meet the recording industry's demands for secure music.
But SDMI officials disagree vehemently with this. According to Talal Shamoon, who heads up SDMI's "perimeter technologies" working group, the news that the watermarks have been broken is just a misguided rumor. "That's false," he says, though he adds that "I don't know the specifics because I'm not on the testing committee."
And, he adds, even if they are broken that doesn't mean that SDMI is over. "Let's consider for a moment that they were all broken, which isn't true. There are plans in place to deal with that: This is not a group of dilettantes. These are serious businessmen who called for this malicious attack testing. When you call for that, one of the things you build into your schedule is the concept that it may all get broken. There are backup plans in place to discover new paradigms."
What will the official news be? And will SDMI survive if it the watermarks were, in fact, broken? Laughs one member, "I just hope SDMI holds together until [the next meeting in] Hawaii."