Will Fixation on Security Silence the Trumpets of Fame?

Gung Ho for Christmas 2001, Secure-Music Initiative Streamlines Its Mission As its chief announces his departure, leaders in the digital world meeting in L.A. agree to agree on a technology -- quickly.

©Inside.com, January 26, 2001, by Roger Parloff

Much to the chagrin of an army of skeptics and ill-wishers, the Secure Digital Music Initiative lives.

Though executive director Leonardo Chiariglione announced on Tuesday that he would step down to focus on the expanded duties of his day job at Telecom Italia, SDMI will continue pressing forward with its unpopular mission: establishing a framework for record labels to market online music that cannot be freely copied and distributed over the Internet. There is even talk that the famously deliberative body will start picking up the pace.

Interviewed after the close of an eventful three-day meeting in Los Angeles, participants said that SDMI is now imposing on itself a deadline of June for the selection of its centerpiece copy-protection technology -- a target date that would give consumer electronics and information technology manufacturers a shot at getting compliant products on the shelves by Christmas. It now appears that the technology chosen will be a streamlined version of one of the four watermarks that have been under consideration since July, augmented by one of two nonwatermark, cryptographic technologies that have also been under study.

If there is tension in the group between getting something to market and making it perfect, the pragmatists have won out. In order to meet the new deadline, the participants said, SDMI will be revising -- some would say scaling back -- its objectives.

'Everybody sort of agreed that if we continued down the path we were on,' one recording industry participant says, 'it would take so long that it would become irrelevant' by the time it was ready. 'The idea is to do what can be done within a reasonable amount of time. This is not an academic exercise. It's something intended for the benefit of the commercial marketplace.'

Founded in December 1998, SDMI is a fractious, 200-member forum that brings together companies spanning the recording, consumer electronics, information technology and wireless communications industries. It once naively hoped to have a centerpiece technology in place by June of 2000. By June 1999 the group had, in fact, managed to publish its interim, so-called Phase 1 specifications -- SDMI's most tangible achievement so far. But the defining attribute of a Phase 1 device was merely its ability to be upgraded into a Phase 2 device, and SDMI has thus far been unable to agree upon a Phase 2 technology, though it has been testing and evaluating alternatives since July.

Phase 2 was supposed to enable the record labels to issue CDs and digital downloads that were impregnated with watermarks containing copy control information that would be intelligible to, and honored by, Phase 2 SDMI-compliant devices. Such devices would still play all existing CDs and MP3s in consumers' libraries, including downloaded MP3s. But they would impose constraints on the handling of new music that any label chose to issue in secure, watermarked form. Most importantly, they would refuse to play secure music that had been sent over the Internet without permission, via, for instance, Napster.

The Phase 2 devices would 'know' that secure music had been sent over the Internet, because secure files would be embedded with a pair of watermarks -- one 'robust' and one 'fragile.' The robust watermark would survive the compression and decompression process currently required to send a file over the Internet, but the fragile watermark would not. Phase 2 players would then be programmed to accept files that have both watermarks, but to reject files with only the robust watermark. (Phase 2 devices would also play files with neither watermark, ensuring that consumers could still play all their old, so-called 'legacy' CDs and MP3s.)

However, in tests, the fragile watermark sometimes failed to break when it was supposed to -- due, one participant insists, to imprecision in SDMI's specifications, rather than flaws in the watermark technologies themselves. In addition, there was concern that as consumers gradually use fatter pipelines to gain access to the Internet, there may eventually be no need to compress music files to send them over the Internet -- rendering the whole fragile watermark scheme obsolete.

Accordingly, in the new, streamlined approach just embarked upon at the Los Angeles meeting, SDMI will table the idea of using a fragile watermark. Instead, the group hopes to be achieve most of the same goals by employing a combination of one of the four robust watermarks that are still under consideration, together with one of two cryptographic technologies that supplement those watermarks and are triggered by them.

The new approach appears to give the inside track to the San Diego-based Verance Corporation, whose watermark has already been approved for use in Phase 1, and which already has the capacity to encode such commands as 'copy freely,' 'copy once' and 'copy never.' The Verance watermark was also selected in 1999 by the so-called 4C Entity -- the manufacturing consortium composed of Intel, IBM, Toshiba and Matsushita -- for use with new audio DVDs and players. Nevertheless, one participant stresses: 'We also gave the other watermark vendors an opportunity. If they choose to submit license terms and modifications, they can do that.'

Executives at one of the competing technologies are obviously embittered by the turn of events. 'As absurd as it seems,' says Scott Moskowitz, founder and CEO of Blue Spike, 'it appears that the clock is being turned back and, with it, all of the Phase 2 performance results and functionality that was supposed to help SDMI choose a winner. Politically and technically, the new regime seems quite untenable.'

Though SDMI has never announced the identities of the technologies in the running, it is widely known that in addition to Verance and Blue Spike, the remaining watermark proponents are CRL (now a division of AppliedTheory Corporation) and Samsung/MarkAny, while the two nonwatermark technologies are made by Philips Electronics and EMI Group.

The new approach leaves unclear how SDMI plans to defend its technologies from hacking attacks -- an issue that has been a particular focus of the project's skeptics. At a three-week public challenge in the fall, at least three teams of sophisticated hackers -- including one led by Prof. Edward Felten of Princeton -- claimed to have removed all four watermarks under study without seriously degrading the music. Since none of these teams completed all the steps specified by the challenge procedures -- which would have required them to sign nondisclosure agreements -- executive director Chiariglione has maintained that he is unable to assess the accuracy of these groups' claims. Nevertheless, SDMI did acknowledge that one unspecified technology -- CRL, according to a rival proponent -- was hacked successfully and independently by two amateur contestants, who shared a $10,000 award for their work.

SDMI's leaders have previously stated, however, that its technologies have the modest goal of 'keeping honest people honest,' rather than erecting an airtight system suitable for military or intelligence use. In addition, in the case of digital downloads, SDMI contemplates that the watermark would be supplemented by an off-the-shelf digital rights technology of the record label's choosing -- technologies like those already available from InterTrust, IBM or Microsoft, for instance. Accordingly, SDMI may assume that the combination of protections will be sufficient to ward off the casual or unwitting pirate.

SDMI has released no specific information about the nature or purpose of the two nonwatermark technologies it is studying. Though Professor Felten's team did not attempt to hack those technologies, he has said that they appeared to be methods 'for preventing people from ripping tracks from a CD, unless that CD has a (cryptographic) signature on it marking the CD as original.'

As far as replacing executive director Chiariglione, the body appointed a committee to consider suggestions about a successor. But participants professed not to be concerned about the transition period causing any disruption in the body's agenda. 'Leonardo clearly said he wanted to ensure a smooth transition,' one says, 'and he wants to leave SDMI with a clear work plan. There are a lot of other leaders within the group, so it won't be so difficult to keep things going well.'