- By Grant Gross -
In the end, the long-awaited presentation of the Princeton and Rice University researchers, who hacked the recording industry's experimental digital music anti-copying technology, was anti-climactic, in more ways than one.
The presentation, first scheduled at a conference in April but postponed because of legal threats from the recording industry, went on without a hitch Wednesday evening when Princeton grad student Scott Craver talked about the team's successful compromise of the Secure Digital Music Initiative before a crowd of hundreds at the 10th
USENIX Security Symposium in Washington, D.C., with many more watching on a live webcast.
Before the presentation began, there were fatalistic jokes from the audience that the FBI was arriving at any moment to arrest conference organizers -- as the FBI did with Russian programmer Dmitry Sklyarov in July -- and confiscate copies of the presentation for alleged violations of the U.S. Digital Millennium Copyright Act, the law the recording industry had used to threaten Professor Edward Felten and his team with a lawsuit.
But the jokes turned out to be nothing more than speculation. "We are very proud that this was a very anti-climactic USENIX conference and Scott got to present this paper as though there was nothing behind it," said Cindy Cohn, legal director of the Electronic Frontier Foundation, part of the team that's guided Felten's group.
Even Craver downplayed any drama during his half-hour presentation of how the Felten team defeated all four "watermarking" technologies during a three-week SDMI contest in the fall of 2000, in which the public was invited to take a shot at the recording industry's secretive anti-copying efforts.
"We believe that if this technology is deployed, it will be broken quickly," Craver noted. "The first thing we learned is there are no secret computer science or engineering skills needed. The only dirty secret in our paper is that there really aren't any dirty secrets. Someone with a reasonable amount of expertise in signal processing could do what we did."
Felten had Craver present the paper, Reading Between the Lines: Lessons from the SDMI Challenge, because the lead grad student researcher is typically the presenter at a conference. Craver described in some detail how the team detected echoes or time warps in music samples provided in the SDMI challenge, as a way to watermark digital music to keep it from being copied. Craver said the team apparently also defeated two other "signature track" circumventions, but the SDMI online oracle appeared to malfunction when the team submitted its results.
"Maybe they can try to have better watermarks and have a four-week challenge," Craver joked. "Without those limitations imposed on the challenge, I think that any watermarking scheme probably would be broken."
Craver also noted that one of the watermarking schemes appeared to be a method patented by Verance Corp., a member of the SDMI Foundation. "Security through obscurity (still) does not work," his Power Point slide said, prompting laughter from the audience. He added: "Here we have not only proprietary secret algorithms, but they apparently used one that was patented, and therefore, publicly available."
Although no cops or record-company lawyers descended on the USENIX conference, there were several questions about the lingering effect of the DMCA on technology research during a panel discussion after Craver's presentation. Felten's team and its lawyers are suing the recording industry, SDMI and the U.S. government in federal court, asking that the anti-circumvention provisions of the DMCA be declared unconstitutional so that other scientists and programmers don't have to worry about getting sued or arrested for their work.
At a Wednesday morning press conference, Felten and Cohn said the team had the recording industry's blessing to present the paper, but they had no assurances that the Felten team or other scientists would be safe from other lawsuits for presenting the same information or other work based on the Felten research at a later date.
One college student asked the panelists whether he could be sued under the DMCA for summarizing the evening's events to his professor. Cohn and Peter Jaszi, an intellectual property professor at the American University law school, said that was unlikely, but if the student included a critique of the Felten team's methods, the student should "theoretically" be concerned because that might run afoul of the DMCA's prohibition on trafficking in anti-circumvention technologies, Jaszi said.
After the student asked if he could write software based on the Felten team presentation, the crowd of security experts collectively mumbled a warning. "Do you have my email?" electronic rights defender Cohn asked the student. "Then I think there is general consensus ... that you'd be in trouble."
Felten added: "I'd like to point out, 'Can I tell my advisor what I saw here?' doesn't have a simple answer."
Another audience member asked the panel how far the anti-circumvention provisions of the DMCA can go, noting, apparently half-seriously, that that Jaszi's discussion of the weaknesses in the law may actually violate the law. Cohn said she can't predict how the DMCA will be next enforced, but she urged the techie audience to each warn five non-geeks about the problems with the DMCA.
"The Digital Millennium Copyright Act's anti-circumvention provisions set up a system where, essentially, the government outsourced censorship of science," Cohn said. "The government allowed industries that create digital rights management schemes and people whose works are protected by those schemes to serve as censors of scientists ... Our argument is, government censorship directly by the government is not OK, and government outsourcing of censorship to private entities is not OK, either."
Asked why the public doesn't seem to care about problems with the DMCA, Cohn answered that it hasn't affected most people, at least not yet.
"This is where the EFF lives and where many of you live -- we live on the cutting edge," she said. "We're looking at problems that actually haven't hit home to the consumer yet. That's where we always try to be ... until everyone else catches up."