FC: SDMI demands Princeton prof "destroy" paper about vulnerability

From: Declan McCullagh (declanat_private)
Date: Fri Apr 20 2001 - 23:22:00 PDT

  • Next message: Declan McCullagh: "FC: Politech may have helped Vietnamese laborers gain asylum"

    I understand the document is mirrored at:
      http://www.cluebot.com/docs/sdmi-attack.zip
    
    Background:
      http://www.wired.com/news/print/0,1294,41183,00.html
      Princeton professor Edward Felten's team at Princeton broke Verance's
      watermarking system, but they weren't allowed to publish the hack
      because it would run afoul of the DMCA's anti-circumvention statue.
    
    ***********
    
    From: John Young <jyaat_private>
    Subject: RIAA Warns SDMI Hackers
    To: cypherpunksat_private
    Date: Fri, 20 Apr 2001 22:36:45 -0400
    
    RIAA and The SDMI Foundation on April 9 warned Ed Felten
    and his researchers not to publish their paper about the 
    weaknesses of the SDMI content protection system at the 
    4th International Information Hiding Workshop to be held 
    April 25-29, 2001. Their paper is public:
    
      http://cryptome.org/sdmi-attack.htm (41K text with 11 images)
    
    Zipped text and images:
    
      http://cryptome.org/sdmi-attack.zip  (328K)
    
    ***********
    
    http://cryptome.org/sdmi-attack.htm
                                           
       April 9, 2001
       
       Professor Edward Felton
       Department of Computer Science
       Princeton University
       Princeton, NY 08544
       
       Dear Professor Felten,
       
       We understand that in conjunction with the 4th International
       Information Hiding Workshop to be held April 25-29, 2001, you and your
       colleagues who participated in last year's Secure Digital Music
       Initiative ("SDMI") Public Challenge are planning to publicly release
       information concerning the technologies that were included in that
       challenge and certain methods you and your colleagues developed as
       part of your participation in the challenge. On behalf of the SDMI
       Foundation, I urge you to reconsider your intentions and to refrain
       from any public disclosure of confidential information derived from
       the Challenge and instead engage SDMI in a constructive dialogue on
       how the academic aspects of your research can be shared without
       jeopardizing the commercial interests of the owners of the various
       technologies.
       
       As you are aware, at least one of the technologies that was the
       subject of the Public Challenge, the Verance Watermark, is already in
       commercial use and the disclosure of any information that might assist
       others to remove this watermark would seriously jeopardize the
       technology and the content it protects.1 Other technologies that were
       part of the Challenge are either likewise in commercial use or could
       be could be utilized in this capacity in the near future. Therefore,
       any disclosure of information that would allow the defeat of those
       technologies would violate both the spirit and the terms of the
       Click-Through Agreement (the "Agreement"). In addition, any disclosure
       of information gained from participating in the Public Challenge would
       be outside the scope of activities permitted by the Agreement and
       could subject you and your research team to actions under the Digital
       Millennium Copyright Act ("DCMA").
       
       ____________________
       
         1 The Verance Watermark is currently used for DVD-Audio and SDMI
         Phase I products and certain portions of that technology are trade
         secrets.
         
       We appreciate your position, as articulated in the Frequently Asked
       Questions document, that the purpose of releasing your research is not
       designed to "help anyone impose or steal anything." Further more, you
       participation in the Challenge and your contemplated disclosure
       appears to be motivated by a desire to engage in scientific research
       that will ensure that SDMI does not deploy a flawed system.
       Unfortunately, the disclosure that you are contemplating could result
       in significantly broader consequences and could directly lead to the
       illegal distribution of copyrighted material. Such disclosure is not
       authorized in the Agreement, would constitute a violation of the
       Agreement and would subject your research team to enforcement actions
       under the DMCA and possibly other federal laws.
       
       As you are aware, the Agreement covering the Public challenge narrowly
       authorizes participants to attack the limited number of music samples
       and files that were provided by SDMI. The specific purpose of
       providing these encoded files and for setting up the Challenge was to
       assist SDMI in determining which of the proposed technologies are best
       suited to protect content in Phase II products. The limited waiver of
       rights (including possible DMCA claims) that was contained in the
       Agreement specifically prohibits participants from attacking content
       protected by SDMI technologies outside the Public Challenge. If your
       research is released to the public this is exactly what could occur.
       In short, you would be facilitating and encouraging the attack of
       copyrighted content outside the limited boundaries of the Public
       Challenge and thus places you and your researchers in direct violation
       of the Agreement.
       
       In addition, because public disclosure of your research would be
       outside the limited authorization of the Agreement, you could be
       subject to enforcement actions under federal law, including the DMCA.
       The Agreement specifically reserves any rights that proponents of the
       technology being attacked may have "under any applicable law,
       including, without limitation, the U.S. Digital Millennium Copyright
       Act, for any acts not expressly authorized by their Agreement." The
       Agreement simply does not "expressly authorize" participants to
       disclose information and research developed through participating in
       the Public challenge and such disclosure could be the subject of a
       DMCA action.
       
       We recognize and appreciate your position, made clear throughout this
       process, that it is not your intention to engage in any illegal
       behavior or to otherwise jeopardize the legitimate commercial
       interests of others. We are concerned that your actions are outside
       the peer review process established by the Public Challenge and setup
       by engineers and other experts to ensure the academic integrity of
       this project. With these facts in mind, we invite you to work with the
       SDMI Foundation to find a way for you to share the academic components
       of your research while remaining true to your intention to not violate
       the law or the Agreement. In the meantime, we urge you to withdraw the
       paper submitted for the upcoming Information Hiding Workshop, assure
       that it is removed from the Workshop distribution materials and
       destroyed, and avoid a public discussion of confidential information.
       
       Sincerely,
       
       [Signature]
       
       Matthew Oppenheim, Secretary
       The SDMI Foundation
       
       cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop,
       Naval Research Laboratory
       Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research
       Laboratory
       Mr. Howard Ende, General Counsel of Princeton
       Mr. Edward Dobkin, Computer Science Department Head of Princeton
         _________________________________________________________________
    
    ***********
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if it remains intact.
    To subscribe, visit http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 23:25:43 PDT