Hacker research team disputes ‘hack SDMI’ results

Not going quietly back into box

The SDMI (Secure Digital Music Initiative) group has announced, despite earlier claims to the contrary, that practically all of the 447 entries to the 'Hack SDMI' challenge bounced off. This would mean all in the garden was lovely, if it weren't for the pesky Princeton University researchers led by Edward Felten, who stoutly maintains that SDMI is toast, and says the Princeton team will be publishing its results by the end of the week.

The Princeton team entered the first stage of the challenge, but declined to move onto phase two. The aim of the challenge had been to test candidate watermarking and non-watermarking protection technologies to be used in the distribution of digital music, so a complete whitewash - as claimed by Salon, a couple of Register sources and the Princeton team, would have been highly embarrassing, and would have visibly set back the music industry's protection plans some considerable distance.

Stage two of the challenge, as Princeton points out, was secretive. Anybody who submitted a likely looking crack at stage one could move on to two (and had to do so in order to stand a chance of winning the money), but by doing so would be NDAed into total obscurity, unable to say a thing about the hack or the processes. By not playing, Princeton left itself free to publish results and blow whistles as necessary.

The final SDMI hack testing seems to have placed considerable emphasis on "golden ears" - real humans judging whether or not the hack degraded audio quality. This is obviously very much a subjective judgement, and potentially allows the goalposts to be moved around to wherever best suits SDMI. Not that we're suggesting anything of the kind, of course.

SDMI's line is that two of its five technologies were successfully attacked, but that only one attack was repeatable. Princeton says its attacks weren't counted because it didn't enter phase two.

The Princeton team also seems to feel it's been on the receiving end of some kind of smear campaign though. It insists that "contrary to the statements of the SDMI, their oracles [the automated systems that checked stage one] did check the audio quality of the submitted music," and accuses the RIAA of falsely claiming it admitted some of its entries had poor audio quality. "We obtained a number successful results on all watermark technologies, using various techniques," says the team.

SDMI will no doubt be awaiting the team's technical report with some interest. ®

Related Stories

Uni team claims SDMI cracked, and 'inherently vulnerable'
How the hack SDMI challenge was run

Related Links

Princeton team's preliminary report

Sponsored: Today’s most dangerous security threats