SDMI Applies Legal Pressure to Suppress Hacks

Back in September, the Secure Digital Music Initiative issued a public challenge that offered cash rewards for successfully uncovering and removing watermarks from recorded music. The challenge was met by a number of hackers, most notable among them Professor Edward Felten of Princeton University's Computer Science Department.

Felten and a group of colleagues—graduate students at his own institution as well as researchers at Rice University in Houston and at the Xerox Palo Alto Research Center in Silicon Valley—made quick work of several SDMI watermarking technologies, including one by Verance Corporation that had already been licensed for commercial use by music publishers. The SDMI "Hack Challenge" was a public affair, but when Felten and his group decided to go public with their research, SDMI officials put up stiff resistance—so stiff, in fact, that Felten's team withdrew their paper from presentation at the Fourth International Information Hiding Workshop, held in Pittsburgh, PA the last week of April.

The group was threatened with lawsuits for violating the "click-through agreement" they had signed when they accepted the challenge, according to SDMI Foundation secretary and counsel Matthew J. Oppenheim. In an April 9 letter addressed to Felten and his group, Oppenheim told the researchers that "any disclosure of information gained from participating in the Public Challenge would be outside the scope of activities permitted by the Agreement and could subject you and your research team to actions under the Digital Millennium Copyright Act (DCMA)."

Oppenheim's letter, misaddressed to "Princeton, NY"—Princeton is actually in New Jersey—was leaked by an unknown party and has been reproduced on several websites, including one which offers a full reprint of Reading Between the Lines: Lessons from the SDMI Challenge, the paper Felten and his associates had intended to present in Pittsburgh. The DCMA was enacted toward the end of the Clinton administration to placate the recording industry. Oppenheim is also senior counsel for the Recording Industry Association of America.

No technical information was provided to participants in the Hack Challenge. They were given two samples of music, one watermarked and one clean, and a third sample of another piece of watermarked music without a clean copy for comparison. From the three, Felten's group—and others working independently—were able to "reverse engineer" the technologies used and extract the watermarks, which were verified by SDMI "oracles." They defeated four of the six watermarking technologies that were presented, but could not verify whether or not they had succeeded with the remaining two because of problems with the oracles. Felten has stated that he believes that any information protection scheme can be overcome using techniques like those he and his group used. "There is no code that can't be cracked," he has often said.

Legal threats, however, can discourage even the most diligent researcher. Even though they had not accepted the payment offered by the SDMI to successful crackers, Felten's group withdrew their presentation, which had been scheduled for 10AM on Thursday, April 26. In their paper, the authors mention that the SDMI challenge "was constructed in a way that made it impossible to even start analyzing the technology." The fact that they succeeded doesn't bode well for the future of watermarking.