Re: Blue Spike and Digital Watermarking with Giovanni

2000-01-16 Thread Robin Whittle

Hi Eugene,

There are many parts of your recent comments which I disagree with, as
much as I understand them.  Some of what you write isn't really clear
to me, and I don't feel like debating each point in detail.

However, here are a two points of clarification, regarding "Napster"
and my definition of "linear media".

Prosecuting consumers who are engaged in low-order piracy, for their
own benefit or perhaps to raise enough money for a six-pack of beer by
flogging a few copies of music to friends is not the same as
prosecuting a company, organisation or person who systematically makes
a product or service which is arguably intended primarily to
facilitate unlicensed replication of copyright material.  

I don't support the knee-jerk reaction to the big record companies -
the furious copying of commercially available music as an alternative
to paying for it.  From what little I know about this, if Napster are
primarily facilitating this, and especially if they are profiting from
it, then I hope the RIAA win the case.

In my paper at http://www.firstpr.com.au/musicmar/ I define five types
of copying:  

1 - Purchaser copying 
2 - Listener sharing 
3 - Listener theft 
4 - Listener piracy 
5 - Commercial piracy 

1 is necessary for the purchaser to derive full value from their
recorded music.  2 does not reduce sales, since the recipient was not
planning on purchasing the music.  Very often it is the best form of
marketing - giving a free sample with a personal recommendation from a
friend from which the recipient can become enthused and so later
purchase from the artist.  

3 is the listener avoiding their own purchases by copying.  4 is one
listener doing this on a small scale for others, perhaps for a small
profit.

Someone who directly or indirectly facilitated 3 or 4 as a primary
purpose of their actions (rather than it being just one thing a CD-R
burner can do) is arguably guilty of 5.

But this and quite a bit of this whole discussion is beyond the scope
of a crypto list.


By "linear media" I meant to include text, video, sound and
potentially some other things.  For instance, while this may not exist
yet, it would be linear media by my definition: recorded, rather than
interactive, cyberdildonics (electronic control of vibrators and the
like).

The criteria for "linear media" is that the listener/user/consumer
experiences the "product" as a linear set of sensations, which can be
recorded. (Anything which can be recorded can be recorded digitally,
but this is not an essential part of my understanding of what "linear
media" means.)

In contrast, a video game is not "linear media".  Although it involves
sound and vision, it also must involve feedback from the player. 
Therefore the video game is not recordable, and can only be provided
by some mechanism, such as a computer running a program.  That opens
up many more opportunities for copy (or rather *run*) protection.

1 - Program won't run unless it can talk to dongle.

2 - Program won't run unless it can talk to server via the Net.

In both cases, it would be possible, although not necessarily
cost-effective, to reverse-engineer the code and patch it so the real
dongle or Net connection was not required.

To overcome this difficulty, some essential functional element of the
program could be implemented by the dongle or remote server.  For the
dongle, this could be quite costly to implement - but potentially very
hard to work around.  For instance, a central algorithm of the game is
executed by a CPU running in a tamper-proof card or module (lets
assume this is possible, which it probably is to a high degree with
sufficient expense and careful design).  Communications to and from
this buried CPU are encrypted and the card erases the necessary keys
for communicating with it if the device is tampered with, or if it
does not get regular signed messages that the user has paid their
subscription.  (There would be many other ways of achieving the same
thing, such as the algorithm's code being in RAM and being erased if
the module is tampered with etc.)

Locating a functional part of the program on a remote server really
does make the player dependent on friendly relations with whoever runs
that server.  Unless someone else can write a local CPU program to
replicate the functionality of the remote algorithm, then this
approach is bulletproof.  (Or run a replica of the algorithm on
*their* server and charge people to access it!)

As far as I know, watermarking (AKA digital fingerprinting) does not
refer to serial numbers or doing anything to computer programs.  It
concerns using steganographic techniques (or similar) to encode secret
data so it is hidden (from human senses and from simple
reverse-engineering efforts) in the noise component of "linear media"
such as analogue or digital recordings of sound or still or moving
images.


- Robin



=

Re: Blue Spike and Digital Watermarking with Giovanni

2000-01-15 Thread Robin Whittle

Digital watermarks again!

Joe Sixpack won't believe his file contains a digital watermark with
his name in it unless there is a freely distributed Windows/Mac
program which reads the watermark and so spits out his name and other
personal details.  
That being the case, it is only a matter of time before the code and
the watermark algorithm is reverse-engineered. Then a program can be
written to remove the watermark.


What use is the watermark anyway?  It is only applicable to files
generated for a specific, legally identifiable customer.  Therefore it
does not apply to pre-pressed CD/DVD etc. discs or to broadcasts via
the Net, TV, radio etc.

Who is going to prosecute Joe Sixpack or Jo Lipstick?  Not a big
company which is interested in its public image.  Not a small company,
because of the the costs.  Maybe a big company which doesn't care
about its reputation - to set and example.  But that would only
encourage all the other Joes and Jos to copy some more!

What's the use when Joe or Joe's watermarked, or proprietary-encoded
audio file must be reproduced via a PC soundcard, and there are
programs to write the raw 16 bit data to disk as .WAV or perhaps as
.MP3?  I guess the same principle applies to video.  

(Linear media such as text, audio and video cannot be copy-protected. 
Material constituting computer software - something interactive which
must run on a CPU and do things with a user - can be protected
reasonably well via hardware keys or better still, live links to a
server via the Net.  The security of such transactions would be a
worry for network administrators . . . and anyway, watermarking is
only for linear media.)

If the watermark is inaudible, then why should we believe it will
survive compression schemes which cut to the bone of human perception? 
If it is audible, then why would anyone want to buy the watermarked
material?  Considering the bizarre beliefs in so-called "high-end"
hi-fi (which resemble religiously inspired fear and fervor - such as
so-called clock jitter in SP/DIF electrical/optical cables,
oxygen-free copper power cords . . . ) then why would this segment of
the market accept deliberately altered goods, especially when they
can't hear it but *know* it's there?


Both the Internet and CD-Rs put mass digital copying in the hands of
consumers.  Content creators need to make the most of this, not fool
themselves they can prevent it.  They need to build positive, trusting
relationships with people who might be prepared to purchase their
material.  There is no alternative.  Building these kinds of
relationships would be very difficult with the old pre-pressed disc
(or cylinder in the century before last) paradigm which constitutes
the established record industry.  Those are mass-market, time-delayed
capital- transport- and labour-intensive approaches - but worst of all
they are one-way.

Fortunately, the Net is the ideal basis for building these lasting,
happy relationships.

To continue this line of discussion, with diagrams, see something I
wrote in 1995, which is still largely relevant:  Music Marketing in
the Age of Electronic Delivery:

   http://www.firstpr.com.au/musicmar/


In all the technical forms and business scenarios I have heard of,
digital watermarks/fingerprints are technically weak and relatively
useless in a business sense.  Even if they were strong and useful in
the way they were intended, I believe the intention in many instances
is wrong.

These schemes only survive because:

1 - There is some impressive-sounding, super-secret, crypto-secure 
technical basis for them,

2 - because there is a one group of people who are willing to sell 
them, and

3 - because there is another group of people (artists and owners of 
their work) who like what they are told about watermarks 
etc. but lack the technical understanding and/or vision to realise 
they are next to useless, or worse.


- Robin


=======

Robin Whittle[EMAIL PROTECTED]  http://www.firstpr.com.au
 Heidelberg Heights, Melbourne, Australia 

First Principles Research and expression: Consulting and 
 technical writing. Music. Internet music 
 marketing. Telecommunications. Consumer 
 advocacy in telecommunications, especially 
 privacy. M-F relationships. Kinetic sculpture.
  
Real World   Electronics and software for music including:
Interfaces   Devil Fish mods for the TB-303, Akai sampler 
 memory and Csound synthesis software. 

===