[Politech logo]

Politech is the oldest Internet resource devoted to politics and technology. Launched in 1994 by Declan McCullagh, the mailing list has chronicled the growing intersection of culture, technology, politics, and law. Since 2000, so has the Politech web site.

SDMI demands Princeton prof "destroy" paper about vulnerability

I understand the document is mirrored at:
  http://www.cluebot.com/docs/sdmi-attack.zip

Background:
  http://www.wired.com/news/print/0,1294,41183,00.html
  Princeton professor Edward Felten's team at Princeton broke Verance's
  watermarking system, but they weren't allowed to publish the hack
  because it would run afoul of the DMCA's anti-circumvention statue.

***********

From: John Young <jya@pipeline.com>
Subject: RIAA Warns SDMI Hackers
To: cypherpunks@lne.com
Date: Fri, 20 Apr 2001 22:36:45 -0400

RIAA and The SDMI Foundation on April 9 warned Ed Felten
and his researchers not to publish their paper about the 
weaknesses of the SDMI content protection system at the 
4th International Information Hiding Workshop to be held 
April 25-29, 2001. Their paper is public:

  http://cryptome.org/sdmi-attack.htm (41K text with 11 images)

Zipped text and images:

  http://cryptome.org/sdmi-attack.zip  (328K)

***********

http://cryptome.org/sdmi-attack.htm
                                       
   April 9, 2001
   
   Professor Edward Felton
   Department of Computer Science
   Princeton University
   Princeton, NY 08544
   
   Dear Professor Felten,
   
   We understand that in conjunction with the 4th International
   Information Hiding Workshop to be held April 25-29, 2001, you and your
   colleagues who participated in last year's Secure Digital Music
   Initiative ("SDMI") Public Challenge are planning to publicly release
   information concerning the technologies that were included in that
   challenge and certain methods you and your colleagues developed as
   part of your participation in the challenge. On behalf of the SDMI
   Foundation, I urge you to reconsider your intentions and to refrain
   from any public disclosure of confidential information derived from
   the Challenge and instead engage SDMI in a constructive dialogue on
   how the academic aspects of your research can be shared without
   jeopardizing the commercial interests of the owners of the various
   technologies.
   
   As you are aware, at least one of the technologies that was the
   subject of the Public Challenge, the Verance Watermark, is already in
   commercial use and the disclosure of any information that might assist
   others to remove this watermark would seriously jeopardize the
   technology and the content it protects.1 Other technologies that were
   part of the Challenge are either likewise in commercial use or could
   be could be utilized in this capacity in the near future. Therefore,
   any disclosure of information that would allow the defeat of those
   technologies would violate both the spirit and the terms of the
   Click-Through Agreement (the "Agreement"). In addition, any disclosure
   of information gained from participating in the Public Challenge would
   be outside the scope of activities permitted by the Agreement and
   could subject you and your research team to actions under the Digital
   Millennium Copyright Act ("DCMA").
   
   ____________________
   
     1 The Verance Watermark is currently used for DVD-Audio and SDMI
     Phase I products and certain portions of that technology are trade
     secrets.
     
   We appreciate your position, as articulated in the Frequently Asked
   Questions document, that the purpose of releasing your research is not
   designed to "help anyone impose or steal anything." Further more, you
   participation in the Challenge and your contemplated disclosure
   appears to be motivated by a desire to engage in scientific research
   that will ensure that SDMI does not deploy a flawed system.
   Unfortunately, the disclosure that you are contemplating could result
   in significantly broader consequences and could directly lead to the
   illegal distribution of copyrighted material. Such disclosure is not
   authorized in the Agreement, would constitute a violation of the
   Agreement and would subject your research team to enforcement actions
   under the DMCA and possibly other federal laws.
   
   As you are aware, the Agreement covering the Public challenge narrowly
   authorizes participants to attack the limited number of music samples
   and files that were provided by SDMI. The specific purpose of
   providing these encoded files and for setting up the Challenge was to
   assist SDMI in determining which of the proposed technologies are best
   suited to protect content in Phase II products. The limited waiver of
   rights (including possible DMCA claims) that was contained in the
   Agreement specifically prohibits participants from attacking content
   protected by SDMI technologies outside the Public Challenge. If your
   research is released to the public this is exactly what could occur.
   In short, you would be facilitating and encouraging the attack of
   copyrighted content outside the limited boundaries of the Public
   Challenge and thus places you and your researchers in direct violation
   of the Agreement.
   
   In addition, because public disclosure of your research would be
   outside the limited authorization of the Agreement, you could be
   subject to enforcement actions under federal law, including the DMCA.
   The Agreement specifically reserves any rights that proponents of the
   technology being attacked may have "under any applicable law,
   including, without limitation, the U.S. Digital Millennium Copyright
   Act, for any acts not expressly authorized by their Agreement." The
   Agreement simply does not "expressly authorize" participants to
   disclose information and research developed through participating in
   the Public challenge and such disclosure could be the subject of a
   DMCA action.
   
   We recognize and appreciate your position, made clear throughout this
   process, that it is not your intention to engage in any illegal
   behavior or to otherwise jeopardize the legitimate commercial
   interests of others. We are concerned that your actions are outside
   the peer review process established by the Public Challenge and setup
   by engineers and other experts to ensure the academic integrity of
   this project. With these facts in mind, we invite you to work with the
   SDMI Foundation to find a way for you to share the academic components
   of your research while remaining true to your intention to not violate
   the law or the Agreement. In the meantime, we urge you to withdraw the
   paper submitted for the upcoming Information Hiding Workshop, assure
   that it is removed from the Workshop distribution materials and
   destroyed, and avoid a public discussion of confidential information.
   
   Sincerely,
   
   [Signature]
   
   Matthew Oppenheim, Secretary
   The SDMI Foundation
   
   cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop,
   Naval Research Laboratory
   Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research
   Laboratory
   Mr. Howard Ende, General Counsel of Princeton
   Mr. Edward Dobkin, Computer Science Department Head of Princeton
     _________________________________________________________________

***********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

Enter your email address to join Politech, Declan McCullagh's moderated technology and politics announcement list:

Return to politechbot.com