IP: SDMI demands Princeton prof "destroy" paper about vulnerability

[David Farber <dave () farber net>]

> Date: Sat, 21 Apr 2001 02:22:00 -0400
> From: Declan McCullagh <declan () well com>
> To: politech () politechbot com
> Cc: felten () cs princeton edu, AWeiss () riaa com
>
> I understand the document is mirrored at:
>   http://www.cluebot.com/docs/sdmi-attack.zip
>
> Background:
>   http://www.wired.com/news/print/0,1294,41183,00.html
>   Princeton professor Edward Felten's team at Princeton broke Verance's
>   watermarking system, but they weren't allowed to publish the hack
>   because it would run afoul of the DMCA's anti-circumvention statue.
>
> ***********
>
> From: John Young <jya () pipeline com>
> Subject: RIAA Warns SDMI Hackers
> To: cypherpunks () lne com
> Date: Fri, 20 Apr 2001 22:36:45 -0400
>
> RIAA and The SDMI Foundation on April 9 warned Ed Felten
> and his researchers not to publish their paper about the
> weaknesses of the SDMI content protection system at the
> 4th International Information Hiding Workshop to be held
> April 25-29, 2001. Their paper is public:
>
>   http://cryptome.org/sdmi-attack.htm (41K text with 11 images)
>
> Zipped text and images:
>
>   http://cryptome.org/sdmi-attack.zip  (328K)
>
> ***********
>
> http://cryptome.org/sdmi-attack.htm
>
>    April 9, 2001
>
>    Professor Edward Felton
>    Department of Computer Science
>    Princeton University
>    Princeton, NY 08544
>
>    Dear Professor Felten,
>
>    We understand that in conjunction with the 4th International
>    Information Hiding Workshop to be held April 25-29, 2001, you and your
>    colleagues who participated in last year's Secure Digital Music
>    Initiative ("SDMI") Public Challenge are planning to publicly release
>    information concerning the technologies that were included in that
>    challenge and certain methods you and your colleagues developed as
>    part of your participation in the challenge. On behalf of the SDMI
>    Foundation, I urge you to reconsider your intentions and to refrain
>    from any public disclosure of confidential information derived from
>    the Challenge and instead engage SDMI in a constructive dialogue on
>    how the academic aspects of your research can be shared without
>    jeopardizing the commercial interests of the owners of the various
>    technologies.
>
>    As you are aware, at least one of the technologies that was the
>    subject of the Public Challenge, the Verance Watermark, is already in
>    commercial use and the disclosure of any information that might assist
>    others to remove this watermark would seriously jeopardize the
>    technology and the content it protects.1 Other technologies that were
>    part of the Challenge are either likewise in commercial use or could
>    be could be utilized in this capacity in the near future. Therefore,
>    any disclosure of information that would allow the defeat of those
>    technologies would violate both the spirit and the terms of the
>    Click-Through Agreement (the "Agreement"). In addition, any disclosure
>    of information gained from participating in the Public Challenge would
>    be outside the scope of activities permitted by the Agreement and
>    could subject you and your research team to actions under the Digital
>    Millennium Copyright Act ("DCMA").
>
>    ____________________
>
>      1 The Verance Watermark is currently used for DVD-Audio and SDMI
>      Phase I products and certain portions of that technology are trade
>      secrets.
>
>    We appreciate your position, as articulated in the Frequently Asked
>    Questions document, that the purpose of releasing your research is not
>    designed to "help anyone impose or steal anything." Further more, you
>    participation in the Challenge and your contemplated disclosure
>    appears to be motivated by a desire to engage in scientific research
>    that will ensure that SDMI does not deploy a flawed system.
>    Unfortunately, the disclosure that you are contemplating could result
>    in significantly broader consequences and could directly lead to the
>    illegal distribution of copyrighted material. Such disclosure is not
>    authorized in the Agreement, would constitute a violation of the
>    Agreement and would subject your research team to enforcement actions
>    under the DMCA and possibly other federal laws.
>
>    As you are aware, the Agreement covering the Public challenge narrowly
>    authorizes participants to attack the limited number of music samples
>    and files that were provided by SDMI. The specific purpose of
>    providing these encoded files and for setting up the Challenge was to
>    assist SDMI in determining which of the proposed technologies are best
>    suited to protect content in Phase II products. The limited waiver of
>    rights (including possible DMCA claims) that was contained in the
>    Agreement specifically prohibits participants from attacking content
>    protected by SDMI technologies outside the Public Challenge. If your
>    research is released to the public this is exactly what could occur.
>    In short, you would be facilitating and encouraging the attack of
>    copyrighted content outside the limited boundaries of the Public
>    Challenge and thus places you and your researchers in direct violation
>    of the Agreement.
>
>    In addition, because public disclosure of your research would be
>    outside the limited authorization of the Agreement, you could be
>    subject to enforcement actions under federal law, including the DMCA.
>    The Agreement specifically reserves any rights that proponents of the
>    technology being attacked may have "under any applicable law,
>    including, without limitation, the U.S. Digital Millennium Copyright
>    Act, for any acts not expressly authorized by their Agreement." The
>    Agreement simply does not "expressly authorize" participants to
>    disclose information and research developed through participating in
>    the Public challenge and such disclosure could be the subject of a
>    DMCA action.
>
>    We recognize and appreciate your position, made clear throughout this
>    process, that it is not your intention to engage in any illegal
>    behavior or to otherwise jeopardize the legitimate commercial
>    interests of others. We are concerned that your actions are outside
>    the peer review process established by the Public Challenge and setup
>    by engineers and other experts to ensure the academic integrity of
>    this project. With these facts in mind, we invite you to work with the
>    SDMI Foundation to find a way for you to share the academic components
>    of your research while remaining true to your intention to not violate
>    the law or the Agreement. In the meantime, we urge you to withdraw the
>    paper submitted for the upcoming Information Hiding Workshop, assure
>    that it is removed from the Workshop distribution materials and
>    destroyed, and avoid a public discussion of confidential information.
>
>    Sincerely,
>
>    [Signature]
>
>    Matthew Oppenheim, Secretary
>    The SDMI Foundation
>
>    cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop,
>    Naval Research Laboratory
>    Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research
>    Laboratory
>    Mr. Howard Ende, General Counsel of Princeton
>    Mr. Edward Dobkin, Computer Science Department Head of Princeton
>      _________________________________________________________________



For archives see: http://www.interesting-people.org/