Surely you've heard the one about the fox guarding the hen house? Well, what if the hens asked the fox to try and break into their house so that they could learn how to better protect themselves? Strange as it may sound, that's exactly what the creators of SDMI, the Secure Digital Music Initiative, are doing starting Friday.
SDMI is offering US$10,000 to hackers who can break SDMI's encryption code. SDMI will then patch the holes poked by the hackers, thus, presumably, making better technology.
The Secure Digital Music Initiative is one of the recording industry's responses to the copyright and payment challenges posed by digital music. Created in early 1999, SDMI embeds a "watermark" in every digital music file which manages the copying of those files. Watermarked music will play only on SDMI-compliant devices. The SDMI standard, compliance with which is voluntary, has so far failed to meet with much acceptance.
Hackers will have the chance to break the security systems of six different SDMI technologies, said Matt Oppenheim, a member of the SDMI foundation. There will be a total of $60,000 available, with $10,000 allocated for each technology. If one person breaks a technology, he or she will receive the $10,000, Oppenheim said. However, if a team cracks the code, the prize money will be split between all the team's members.
But the challenge has not been received favorably in the community SDMI is counting on. Hackers have called for a boycott.
"Thanks, SDMI, but no thanks. I won't do your dirty work for you," wrote Don Marti, the technical editor of Linux Journal, a magazine devoted to the development of the open-source operating system Linux, in an open letter posted on the magazine's Web site.
"I will never make or distribute a bootleg copy of a recording," he wrote. "I insist on my right to use copyrighted material I buy in accordance with ... (fair use) rights," including playing music obtained that way and, perhaps, making a copy for personal use.
"I will not participate in your organization's plan to seize total control over recorded music," Marti wrote, adding, "I will not help test programs or devices that ... interfere with the right of fair use."
Many who post messages on the open-source news Web site Slashdot.org agree with Marti.
"Well, ever since the fiasco with DeCSS (the DVD -- digital versatile disc -- decryption program at the center of a number of court cases), will us hackers listen to the SDMI? Of course not. There was no need to call for such a boycott. I don't think even the hungriest hacker ... would even think of touching that offer with a 10-meter cattle prod. We've all seen what happened with DeCSS. Now these corporate SOBs have got the gall to ask us for our help? I say screw 'em," wrote "dido."
The challenge has also raised concerns that information gained by SDMI and the record industry will later be used to prosecute hackers.
SDMI's Oppenheim said that is not true. Rather, he said, the only personal information that will be required is the basic biographical information legally required by states in any contest: name, address, date of birth and, in this case, e-mail address. Files can be downloaded from the site without offering any personal information, he said.
As of the middle of the day Friday, the Hack SDMI Web site had not been updated to allow interested users to download materials. The page should be updated and the materials made available by late Friday, according to Oppenheim.
Only after the site has been updated will it start to become clear if the hacker boycott has held and if SDMI will have $60,000 extra to prosecute piracy with in the future.
SDMI, in San Diego, California, can be reached at +1-858-826-2655 or http://www.sdmi.org. The Hack SMDI Web site can be found at http://www.hacksdmi.org. Don Marti's open letter to SDMI is available on the Linux Journal Web site at http://www2.linuxjournal.com/cgi-bin/frames.pl/articles/misc/0022.html. Slashdot is located online at http://www.slashdot.org.