“There is no technological solution to protect a soft head from a hard brick . . .”

Felten has been a Professor at Princeton University’s Department of Computer Science since 1993.  His research interests, as stated on his curriculum vitae, include operating systems, Internet software, computer security – especially relating to the World Wide Web – security of mechanisms for distributing executable content over the Internet, interaction of security with programming languages and operating systems, distributed computing, and parallel computing architecture and software [6].  One of his main research goals includes trying to “understand how security breaks down and to develop technology to address the underlying causes of security problems” [10].

“Call for submission to study watermarking technologies intended to prevent casual copying by users . . .”

All interested parties were invited to enter a contest (also referred to as ‘the challenge’) sponsored by the SDMI, a forum that brings together more than 180 companies and organizations essentially representing the worldwide music-related industry.  One of SDMI's main goals is to develop “open technology specifications that protect the playing, storing, and distributing of digital music such that a new market for digital music may emerge” [18].  This goal especially includes enabling copyright protection by way of technological measures such as digital watermarking.  A digital watermark is an indiscernible signal hidden in an audio clip that serves to convey certain information (digital watermarking also has many other applications, the discussion of which is beyond the scope of this paper).  An audio clip with a digital watermark is identified as copyrighted and informs an SDMI-compliant music player/recorder that it should not be played/recorded except under certain conditions.  [15]  In particular, SDMI is developing specifications for a system to prevent unauthorized copying of protected music by way of SDMI-compliant music players/recorders screening the audio clip for such informational digital watermarks in the future.  For example, “with this system, you could buy a CD at a record store that contains protected music.   You would be able to play the CD in an SDMI-compliant CD player.  However, if you take a song from the CD, compress it into an MP3, and make it available on the Internet, those who download the MP3 will have trouble playing it on an SDMI-compliant device.”   [14] 

“Watermarking [entails] very competent people trying to do an impossible job . . .”

In the first round of the contest, SDMI provided four watermark challenges and two non-watermark challenges.  For each watermark challenge, three audio streams were provided:  the original audio stream without a watermark (serving as a basis for comparison), the same stream with a watermark, and a watermarked stream with no corresponding original stream.  The aim was to remove the watermark while still maintaining satisfactory sound quality.  The researchers could then submit the audio stream with the removed watermark to the SDMI website, referred to as the “oracle”, which would respond via email with an "ACCEPT" or a "REJECT" message.  The “ACCEPT” message signified a successful removal of the watermark while retaining satisfactory sound quality.  In the second round of the contest, instead of providing an oracle, the SDMI “requested that participants send the results of their watermark removal tools along with technical details of how the watermarks were removed.  Following this, the SDMI would then offer participants the chance to sign a non-disclosure agreement in return for receiving a fraction of the prize money.”  [16] 

“[With respect to various types of watermarking technologies,] all can be defeated if you know how they work . . .”

Felten discussed many ways watermarking technologies can easily be defeated.  One way is to remove the watermark or render it undetectable.  Another way is to modify the bits in the watermark, thereby allowing users to copy an audio clip (even though it might result in a “not so bad copy”).   Yet another way is to determine how the watermark works and figure out where information is stored within the watermark (whether encrypted or not); defeating the watermark then becomes rather simple.  Finally, one can reverse-engineer the watermark detector in an SDMI-compliant music player.  Or one can build a music player that ignores the watermark (this could be as simple as cutting wire in a SDMI-compliant music player).  The bottom-line is that it is not at all clear that watermarking technologies will effectively protect music copyright.  Furthermore, unless connected to some sort of network, SDMI-compliant music players will need to know where/how to find watermarks in audio clips as a standard; if the algorithm for finding the watermark were to be discovered (a likely possibility), SDMI’s entire effort to protect music copyright would be disastrous.  Moreover, watermarking does not provide end-to-end protection; one could capture the audio content right after an SDMI-compliant music player processes the watermark in it.   In Felten’s words, “If you can listen to it, you can record it.”  There are no obvious solutions to these problems. 

“The DMCA is an attempt to legislate ignorance . . . People can build locks, people should be able to study locks . . .”

Felten and his colleagues defeated the four watermarking technologies in SDMI’s challenge.  They elected not to receive the compensatory prize money, since doing so would contractually bind Felten’s research group from freely presenting or publishing their findings.  Instead, they submitted a paper on their work to the 4th International Information Hiding Workshop, where it was accepted [20].  Two weeks before the workshop, the RIAA and SDMI threatened to sue Felten and his team via a letter, dated April 9, 2001, for breaching the anti-circumvention provisions of the DMCA.  The essence of the letter can perhaps be captured by the following:  “. . . any disclosure of information that would allow the defeat of these technologies would violate both the spirit and terms of the Click-Through Agreement (the "Agreement").   In addition, any disclosure of information gained form participating in the Public Challenge would be outside of the scope of the activities permitted by the Agreement and could subject you and you research team to actions under the Digital Millennium Copyright Act ("DMCA") [sic]” [12].  In addition, the RIAA and SDMI threatened all of the authors’ employers, all of the program committee members, and their employers as well [20]; as a consequence, Felten and his coauthors decided to withdraw their paper from the workshop. 

“We were invited [emphasis] to do the research . . . the information presented in the paper is truthful, it was obtained legally, it is of public interest . . . we should be able to say it . . .”

I am not a lawyer, but it seems that Felten’s group was not in violation of breaching their contract with the SDMI or of the DMCA.  Having taken a couple of courses on the basics of contracts, I understand that an offer and an acceptance of that offer compose a legally binding contract.  With this knowledge, I examined the Agreement after Felten’s talk to see if there was some subtle statement that would preclude the challenge’s participants from publishing their findings.  Key excerpts from the Agreement include [2]:

1. To receive compensation for the successful challenge, you must submit your name, date of birth, contact information, step-by-step details on how you conducted the successful challenge, and any source code and/or executables that you developed to carry out the attack. 
2. In exchange for such compensation, all information you submit, and any intellectual property in such information (including source code and other executables) will become the property of the SDMI Foundation and/or the proponent of that technology.  In order to receive compensation, you will be required to enter into a separate agreement, by which you will assign your rights in such intellectual property.  The agreement will provide that (1) you will not be permitted to disclose any information about the details of the attack to any other party, (2) you represent and warrant that the idea for the attack is yours alone and that the attack was not devised by someone else, and (3) you authorize us to disclose that you submitted a successful challenge.
3. You may, of course, elect not to receive compensation, in which event you will not be required to sign a separate document or assign any of your intellectual property rights, although you are still encouraged to submit details of your attack.

In fact, Felten’s research group elected not to receive the compensation, thereby not contractually binding themselves from freely publishing their findings as specified in excerpt 2) had they elected to receive the compensation.  Furthermore, it is not at all clear how Felten’s research group can be charged for breaching the anti-circumvention provisions of the DMCA considering:  (1) they were invited to participate in the challenge and were accordingly given explicit permission by the SDMI to study, including reverse engineer, their technologies in adherence to the anti-circumvention provision of the DMCA and (2) other participants of the SDMI challenge were not charged for breaching the anti-circumvention provisions of the DMCA.  Again, I am not a lawyer, but given these facts, it seems that Felten’s group was not even remotely in violation of breaching their contract with the SDMI or of the DMCA.

“Computer security research operates on synthesis (build things) and analysis (find weaknesses in things to make them better) . . . 1201 outlaws analysis and is a disaster for computer security research . . .”

It is important to note that encryption research is listed as an exception to the anti-circumvention provisions of the DMCA [17].  However, the encryption research exemption applies only to acts and not to tools.  Given this distinction, it is not clear how this exemption is at all meaningful, since any encryption research paper, including that of Felten et al., may be construed as a tool.  Webster’s Dictionary defines a tool as a means “that aids in accomplishing a task”.   With this in mind, I asked Felten if his original paper (that is, the one he had intended to publish) could be characterized as instructional.  In other words, can someone with a basic computer science background read the paper and know how to break the various watermarking technologies, in which case Felten’s paper might be construed as a tool, a means that aids in breaking watermarking technologies.  Felten’s response was that someone with a signaling background could break the various watermarking technologies without reading his paper.  I suppose Felten is already on his way to becoming a lawyer by virtue of his experience with the DMCA.   I remain confused about what purpose the encryption research exemption serves.

“Our goal is to retain editorial control over contents of our own papers . . . We are determined to fight for our right to publish our paper . . .”

Incredibly enough, on May 3, 2001, the RIAA and SDMI stated that they never intended nor threatened to sue Felten et al.  Felten remarked, “The letter sure looked like a threat to us.”[i]  On June 6, 2001 Felten and his colleagues filed a lawsuit asking a federal court to rule that the publication of their paper would be legal.  On August 15, 2001, Felten and his coauthors published their paper at the Usenix Security Conference with the permission of the RIAA and SDMI.  However, their lawsuit continues.  By having filed a Declaratory Judgment suit, Felten and his colleagues are petitioning the court to resolve that the presentation and publication of their paper is not a violation of the DMCA.   To ensure that future papers will not be threatened under the DMCA, Felten et al. are also petitioning the court to establish a formal interpretation of the DMCA.  Minimally, they are petitioning the court to render the portions of the DMCA relevant to scientific publication unconstitutional.  Finally, Felten and his colleagues have sought an injunction to prevent future lawsuits against them for publishing the paper.  [20]