We always had qualms about the HackSDMI challenge. Now it appears that our fears were well founded as legal threats have once again stood in the way of legitimate scientific research. And the way the music industry has attempted to buy this knowledge and keep it from the public is something we find truly disgusting.
The Secure Digital Music Initiative is a coalition of technology companies and major record companies formed to develop a watermarking standard for music, so that it may be tracked and its use controlled. SDMI will do to music what the Content Scrambling System does to DVDs. Since the Digital Millennium Copyright Act makes it a crime to circumvent such measures, content providers can essentially use technology to dictate what is legally permissible, not just what is technically possible.
Last September, SDMI announced "HackSDMI," a public challenge to attack proposed watermarking schemes with a $10,000 prize. In general, public hacking contests are ill-conceived, unscientific, and don't really prove anything. Several groups, including the Electronic Frontier Foundation, called for a boycott of HackSDMI – urging the public not to undermine their own rights by participating.
By November, researchers from Princeton and Rice Universities announced that they had successfully broken four of the content-control schemes. However, they declined to claim any prize money, as doing so would have required signing a non-disclosure statement. Having completed their academic research, the group didn't participate in the final rounds of the contest, as it offered no new information. Princeton professor Edward Felten intended to present their paper, entitled "Reading Between the Lines: Lessons from the SDMI Challenge," at the Fourth International Information Hiding Workshop yesterday. Instead he read a statement explaining why he could not.
Apparently, the scheme from Verance Corporation is already being used, and they fear that if the attack is published, people will be able to circumvent it. Good thing they have the faithful DMCA on hand. It seems that they don't think that DMCA's extremely narrow and burdensome encryption research exception protects Dr. Felten. The RIAA, SDMI, and Verance have threatened to sue under the DMCA if the paper is presented. It isn't source code, it isn't a program, it's just a paper that explains scientific research – and it is being censored. While we are still busy fighting the last bullet we took from the DMCA, our friends at the cryptome have published the threatening letters and the paper. If the precedents set by Judge Kaplan in the DeCSS case stand, some day we may not even be able to link to such things.