Cracked or not? The SDMI saga continues.

Did hackers successfully break watermarks designed to protect digital music?

Published October 19, 2000 7:30PM (EDT)

On Oct. 3, Salon published a story outlining serious divisions within the Secure Digital Music Initiative (SDMI) as to whether the "watermarking" system that SDMI was testing as a way to protect digitally distributed music would actually work. Then, on Oct. 12, Salon reported that hackers who had been invited by SDMI to test the security system had successfully broken all the watermarks.

Salon based its reporting on three sources who spoke only on the condition that they not be identified. It also quoted an SDMI spokesperson denying that the watermarks had been successfully "cracked." But on Oct. 13, SDMI director Leonardo Chiariglione declared in an story that Salon's story was "completely wrong, unfounded, anonymous slander."

We returned to one of our original sources, seeking a response to Chiariglione's rebuttal. Our source replied, giving us even greater detail about what is happening behind SDMI's closed doors. We have decided to publish our insider's response, verbatim, along with additional responses from both Chiariglione and Matt Oppenheim, senior V.P. of business and legal affairs for the Recording Industry Association of America (RIAA).

Our source:

Your story (which I just re-read carefully to make sure) is 100 percent accurate. All four technologies in the public test had successful attacks submitted against them. The key is how "success" is defined. In this case, the attacked samples have been 1) run through a watermark detector to ensure that the watermark was removed, and 2) subjected to preliminary listening tests performed by "golden ears" listeners to ensure that each attacked sample still sounded better than a 64 kbps MP3 file.

Two sets of "golden ears" listeners are being used. If there's a case in which there's disagreement between the two "golden ears" listeners on whether the attacked sample meets criteria two above, a third set of golden ears will listen to the sample and break the tie.

There's one further step in the verification phase of the public testing process, which is a requirement that the attack be "reproducible," meaning that additional samples will be given to the successful testers so they can work their hacking magic all over again.

There are some developments that, in the current atmosphere of mistrust, could make some participants feel that the recording industry is trying to take complete control of the selection process. For instance, the tie-breaking "golden ears" listener, rather than being a neutral third party, will likely be an employee of Universal Music Group, a company with more than a passing interest in seeing a watermark, any watermark, be chosen. This would mean that two of the three golden ears testers would be RIAA members.

Also, in the wake of last week's published accounts, RIAA members so intimidated and berated a member of the testing committee, who they blamed for the release of information, that the member resigned from the committee. The RIAA then insisted that all testing committee members, current and past, sign a strict nondisclosure agreement. Many IT [information technology] and CE [consumer electronics] companies have very strict policies as to the type of NDA their employees can sign. It's possible that due to this fact there will not be representation from IT or CE companies on the testing committee, even though those companies have the most expertise in this area. Hopefully, though, the fact that RIAA counsel Matt Oppenheim publicly apologized to the former testing committee member [Tuesday], coupled with some rework of the NDA, might lead to a positive resolution.

Finally, the recording industry expressed interest in not holding what was expected to be the next type of testing -- known as restricted attack -- and moving instead to what was originally supposed to be the third type -- known as analytic attack. Given their druthers, I think the RIAA would not choose to return later to restricted attack testing, but I expect that other SDMI members will insist on it. More testing means more accurate data on the suitability of the technologies being evaluated.

Leonardo's comments are exactly what I expected -- holding to the party line that nothing's wrong, because indeed they have not yet made public the preliminary data (which does exist and which you accurately reported). I would expect this face-saving to continue at least through the next SDMI meeting in November, but not much further. Even if the testing process moves forward in such a way that one or two technologies survive the first round without a "confirmed" break, later rounds of more detailed testing could find that even the first-round survivors fall below the specific standards SDMI has set for its purposes.

Leonardo Chiariglione responds:

Sometimes it is hard to let facts get in the way of a good story. As executive director of SDMI, let me give you some of the facts:

1) It is simply impossible for anybody to have carried out the checks necessary to verify that watermarking had indeed been removed without damage to the music between the time the Testing Management Committee received information and the publication of the article.

2) As I am sure you have noticed, your anonymous source carefully shifted the use of tense from past tense in the first paragraph, to the present and then future tenses in the second paragraph. This shift in tense confirms exactly what SDMI has been saying: At this point in time we are still evaluating collected information. No one can confirm the results your anonymous source originally reported, because tests are still underway. Like your source, we simply do not know yet what those results will be.

3) The speculation that your anonymous source is making about what is going to happen next is mere idle gossip. Serious people in SDMI, starting with the executive director, are focusing efforts on the tasks at hand, not on idle speculation.

Leonardo Chiariglione
executive director, SDMI

Matt Oppenheim:

I'm speaking on behalf of the RIAA.

In your last article you wrote about how the record companies are running scared, emergency meetings, those kinds of things. It's so far from the truth -- it's not factually accurate, it's a perception, but it's not a fair perception. Record companies have been very strong proponents from the get-go of this public challenge. We want to know whether the technologies under consideration are viable. For us to be trying to hide the results would be counter to that desire.

The issue of success is really an interesting one. In your original article, the source told you that all the technologies have been successfully hacked. Now they say it's all based on how you define success. It's clear to me that the reason that SDMI agreed on a process that includes listening and repeatability tests is that the entire process has to be gone through before you [declare success]. SDMI has defined what success is -- and success means that something has to go through all three stages of our testing. Because if something just goes through the [the first part of the testing, which checks if the watermarks have been removed] it could just be that the hacker has erased all the music too, or slowed it down to half its normal speed. And so you go through the listening test, too.

As for the issue of two out of the three listeners being record industry people, that's not something that we're defensive about; just as we're having the IT people provide analysis of the robustness of technology because that's what they do; record companies deal with audibility, so that's what we do. We have required that the listening is blind; it's not like record companies have control of it.

A confidentiality agreement for members of the testing committee is a necessary requirement in order to maintain a process that is fair for the proponents. There was a conference call today discussing it and hopefully everybody will be fine with it. It's important that as we go through this process that you create a process that fairly considers the needs of the proponents. These companies have submitted their technology to testing, the testing has a set-out regimen and process -- to release data that is incomplete and that you've agreed that you won't release would be inappropriate and could potentially be harmful to a proponent.

There is no data that has been released to SDMI that confirms that [all six watermarks were cracked]. The process that was agreed upon, and process is very important for legal reasons, was that we would do these tests with three different steps, and until we completed those tests we would keep them confidential. Either somebody has leaked information to you which they shouldn't, or logically they are telling you something of which they have no idea. I happen to know that there are very limited numbers of people who have the complete data, and none of those people with complete data have talked to you.

Note: This story has been corrected since its original publication.

By Janelle Brown

Janelle Brown is a contributing writer for Salon.

MORE FROM Janelle Brown

Related Topics ------------------------------------------