Researchers face legal threats over SDMI hack

A music industry group is seeking to block publication of research that describes anti-piracy technology, saying the report violates digital copyright law.

3 min read
A music industry group is seeking to block publication of research that describes anti-piracy technology known as watermarking, saying a report stemming from an industry-backed hacking challenge violates digital copyright law.

The academic team, led by Princeton University Professor Edward Felten, is preparing to explain to an industry group this week how it cracked the code to four watermark schemes being considered as a secure digital music standard.

But attorneys for the Secure Digital Music Initiative (SDMI), a music industry-sponsored group formed to protect digital songs from piracy, have sent letters to the team, hoping to deter it from publishing the results of its research.

"Your contemplated disclosure appears to be motivated by a desire to engage in scientific research that will ensure that SDMI does not deploy a flawed system," the letter says. "Unfortunately, the disclosure that you are contemplating could result in significantly broader consequences and could directly lead to the illegal distribution of copyrighted material."

Confidentiality of security techniques has emerged as a top priority for copyright holders, sparking a potential showdown with free-speech advocates who say restrictions on academic discussions of encryption violate the First Amendment.

Matthew Oppenheim, a lawyer representing SDMI, said the group doesn't want to limit academic freedom or research, "but if somebody releases a paper that provides very specific information about how to attack that type of technology, it's problematic."

He said the two sides had been in negotiations to remove some of the specific technological how-tos from the paper when one of the team's members decided to publish it on the Internet--a move Oppenheim called unfortunate.

"There is a fringe element that believes that content has no right to be protected, but that's a fringe element," Oppenheim said.

Felten could not be immediately reached for comment.

Since unbreakable anti-copying tools are widely considered out of reach, the music industry is increasingly relying on legal remedies that hamper open discussion of hacking techniques. Embodied in the controversial Digital Millennium Copyright Act (DMCA), these prohibitions have been used to crack down on people who link to computer code, post certain programs, or even record code in song and post it as an MP3 file.

The dispute also highlights the music industry's ongoing struggle to create effective security that can combat online piracy spawned by MP3s and file-sharing networks such as Napster--a goal that has eluded record labels despite years of effort.

In this case, SDMI lawyers say that Felten's team has created a blueprint for subverting four leading technologies used to track illegal copies of songs. So-called digital watermarks place tags on files that are theoretically difficult to remove without damaging the quality of the music.

Although not technically an encryption tool, watermarks have emerged as the leading security candidate in SDMI, with technology from Verance already in commercial deployment.

To test the effectiveness of watermarks by Verance and other candidates, SDMI last year sponsored a hacking challenge, offering a $10,000 bounty to anyone who could successfully remove the tags while meeting certain audio-quality standards.

Members of Felten's team said they stopped short of finishing the hacking contest because they would have had to agree not to make their results public. Instead, they independently researched the SDMI code and have signed up to present their findings at the Fourth International Information Hiding Workshop in Pittsburgh.

The DMCA, which was passed in 1998 and designed to protect copyright in the digital age, prohibits people from posting code that circumvents copyright-protection measures.

As the Internet and other advanced technologies get better at cutting out middlemen, the entertainment industry has brandished the DMCA on several occasions in attempts to maintain control over the distribution of its copyrighted content.

So far, it's winning its most high-profile case, which involved DeCSS, code that was originally designed to help people play DVDs on Linux machines but could theoretically be used to copy DVDs. A federal judge has ruled that the hacker magazine 2600 violated copyright law merely by posting and linking to DeCSS.

However, the case is being appealed to a higher court; oral arguments are scheduled next week. A group of journalists, librarians and computer scientists, including some involved in the SDMI dispute, have signed onto the case, arguing that the decision should be overturned because it threatens free speech.