[IETF-IDRM] Fwd: [IDRM] Fwd: SDMI demands Princeton prof "destroy" paper about vulnerability

Thomas Hardjono thardjono@mediaone.net
Sat, 19 May 2001 23:55:27 -0400 

>Date: Sat, 21 Apr 2001 09:44:29 -0700
>From: Thomas Hardjono <thardjono@mediaone.net>
>Subject: [IDRM] Fwd: SDMI demands Princeton prof "destroy" paper about
>  vulnerability
>X-Sender: thardjono@pop.ne.mediaone.net
>To: ietf-idrm@lists.elistx.com
>X-Mailer: QUALCOMM Windows Eudora Version 5.0
>List-Owner: <mailto:ietf-idrm-help@lists.elistx.com>
>List-Post: <mailto:ietf-idrm@lists.elistx.com>
>List-Subscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=subscribe>
>List-Unsubscribe: <mailto:ietf-idrm-request@lists.elistx.com?body=unsubscribe>
>List-Archive: <http://lists.elistx.com/archives/ietf-idrm>
>List-Help: <http://lists.elistx.com/elists/admin_email.shtml>,
>  <mailto:ietf-idrm-request@lists.elistx.com?body=help>
>
> >From: John Young <jya@pipeline.com>
>Subject: RIAA Warns SDMI Hackers
>To: cypherpunks@lne.com
>Date: Fri, 20 Apr 2001 22:36:45 -0400
>
>RIAA and The SDMI Foundation on April 9 warned Ed Felten
>and his researchers not to publish their paper about the
>weaknesses of the SDMI content protection system at the
>4th International Information Hiding Workshop to be held
>April 25-29, 2001. Their paper is public:
>
>   http://cryptome.org/sdmi-attack.htm (41K text with 11 images)
>
>Zipped text and images:
>
>   http://cryptome.org/sdmi-attack.zip  (328K)
>
>***********
>
>http://cryptome.org/sdmi-attack.htm
>
>    April 9, 2001
>
>    Professor Edward Felton
>    Department of Computer Science
>    Princeton University
>    Princeton, NY 08544
>
>    Dear Professor Felten,
>
>    We understand that in conjunction with the 4th International
>    Information Hiding Workshop to be held April 25-29, 2001, you and your
>    colleagues who participated in last year's Secure Digital Music
>    Initiative ("SDMI") Public Challenge are planning to publicly release
>    information concerning the technologies that were included in that
>    challenge and certain methods you and your colleagues developed as
>    part of your participation in the challenge. On behalf of the SDMI
>    Foundation, I urge you to reconsider your intentions and to refrain
>    from any public disclosure of confidential information derived from
>    the Challenge and instead engage SDMI in a constructive dialogue on
>    how the academic aspects of your research can be shared without
>    jeopardizing the commercial interests of the owners of the various
>    technologies.
>
>    As you are aware, at least one of the technologies that was the
>    subject of the Public Challenge, the Verance Watermark, is already in
>    commercial use and the disclosure of any information that might assist
>    others to remove this watermark would seriously jeopardize the
>    technology and the content it protects.1 Other technologies that were
>    part of the Challenge are either likewise in commercial use or could
>    be could be utilized in this capacity in the near future. Therefore,
>    any disclosure of information that would allow the defeat of those
>    technologies would violate both the spirit and the terms of the
>    Click-Through Agreement (the "Agreement"). In addition, any disclosure
>    of information gained from participating in the Public Challenge would
>    be outside the scope of activities permitted by the Agreement and
>    could subject you and your research team to actions under the Digital
>    Millennium Copyright Act ("DCMA").
>
>    ____________________
>
>      1 The Verance Watermark is currently used for DVD-Audio and SDMI
>      Phase I products and certain portions of that technology are trade
>      secrets.
>
>    We appreciate your position, as articulated in the Frequently Asked
>    Questions document, that the purpose of releasing your research is not
>    designed to "help anyone impose or steal anything." Further more, you
>    participation in the Challenge and your contemplated disclosure
>    appears to be motivated by a desire to engage in scientific research
>    that will ensure that SDMI does not deploy a flawed system.
>    Unfortunately, the disclosure that you are contemplating could result
>    in significantly broader consequences and could directly lead to the
>    illegal distribution of copyrighted material. Such disclosure is not
>    authorized in the Agreement, would constitute a violation of the
>    Agreement and would subject your research team to enforcement actions
>    under the DMCA and possibly other federal laws.
>
>    As you are aware, the Agreement covering the Public challenge narrowly
>    authorizes participants to attack the limited number of music samples
>    and files that were provided by SDMI. The specific purpose of
>    providing these encoded files and for setting up the Challenge was to
>    assist SDMI in determining which of the proposed technologies are best
>    suited to protect content in Phase II products. The limited waiver of
>    rights (including possible DMCA claims) that was contained in the
>    Agreement specifically prohibits participants from attacking content
>    protected by SDMI technologies outside the Public Challenge. If your
>    research is released to the public this is exactly what could occur.
>    In short, you would be facilitating and encouraging the attack of
>    copyrighted content outside the limited boundaries of the Public
>    Challenge and thus places you and your researchers in direct violation
>    of the Agreement.
>
>    In addition, because public disclosure of your research would be
>    outside the limited authorization of the Agreement, you could be
>    subject to enforcement actions under federal law, including the DMCA.
>    The Agreement specifically reserves any rights that proponents of the
>    technology being attacked may have "under any applicable law,
>    including, without limitation, the U.S. Digital Millennium Copyright
>    Act, for any acts not expressly authorized by their Agreement." The
>    Agreement simply does not "expressly authorize" participants to
>    disclose information and research developed through participating in
>    the Public challenge and such disclosure could be the subject of a
>    DMCA action.
>
>    We recognize and appreciate your position, made clear throughout this
>    process, that it is not your intention to engage in any illegal
>    behavior or to otherwise jeopardize the legitimate commercial
>    interests of others. We are concerned that your actions are outside
>    the peer review process established by the Public Challenge and setup
>    by engineers and other experts to ensure the academic integrity of
>    this project. With these facts in mind, we invite you to work with the
>    SDMI Foundation to find a way for you to share the academic components
>    of your research while remaining true to your intention to not violate
>    the law or the Agreement. In the meantime, we urge you to withdraw the
>    paper submitted for the upcoming Information Hiding Workshop, assure
>    that it is removed from the Workshop distribution materials and
>    destroyed, and avoid a public discussion of confidential information.
>
>    Sincerely,
>
>    [Signature]
>
>    Matthew Oppenheim, Secretary
>    The SDMI Foundation
>
>    cc: Mr. Ira S. Moskowitz, Program Chair, Information Hiding Workshop,
>    Naval Research Laboratory
>    Cpt. Douglas S. Rau, USN, Commanding Officer, Naval Research
>    Laboratory
>    Mr. Howard Ende, General Counsel of Princeton
>    Mr. Edward Dobkin, Computer Science Department Head of Princeton
>      _________________________________________________________________
>
>***********