Bowing to a threatened recording industry lawsuit, a Princeton University computer scientist decided against revealing Thursday how he and other researchers thwarted security measures meant to protect copyright digital music.
Edward Felten, an associate professor whose team included Rice University and Xerox-PARC researchers, had been silent for days on whether he would present his findings at the International Information Hiding Workshop in Pittsburgh.
On Thursday, a frustrated Felten said he decided against releasing the information because of the potential for lawsuits against the researchers, their schools and conference organizers. He did not say what he would do next.
“Litigation is costly, time-consuming and uncertain, regardless of the merits of the other side’s case,” he said.
Lawyers for Princeton and the recording industry had been negotiating for a week on whether Felten could present the research for public review. The industry wanted to review the findings first.
“This is a challenge to his academic freedom in the sense that he wanted to present his findings and could not, but it’s not over,” said Steven Schultz, a Princeton spokesman. “We hope he can publish, and we are working on helping him figure that out.”
Felten said his team disabled five of six electronic signatures that had been added to recordings as inaudible background noise. The safeguards, called “watermarks,” are designed to prevent the dissemination of copyright music when devices that play or record digital audio are programmed to recognize them.
Watermarks are a type of steganography, a discipline Felten argues is especially vulnerable to hackers. The watermarks in the test cases were created by Verance Corp. of San Diego.
In steganography, a message is hidden within another message. It is unlike encryption, a more processing-intensive software tool that encodes digital information into a secure format that appears as gibberish. Encrypted data can only be decoded with a mathematically generated key.
Felten said the team’s preliminary findings have been leaked and published on Internet sites, but not by him or the other authors. One computer scientist who was not part of the team said its work confirms what has been done before and is already widely available.
“What the recording industry is censoring is material that is already in the public domain. You can walk down to Barnes and Noble and buy it,” asserted Cambridge University computer security researcher Ross Anderson.
Early this month, the Secure Digital Music Initiative Foundation – which was founded by the Recording Industry Association of America – sent Felten a letter suggesting he could be sued. The letter suggested that some of the technology created by Verance was confidential.
The recording industry “strongly believes in the freedom of speech,” said Matthew Oppenheim, senior vice president of business and legal affairs for the recording trade group.
“This issue, however, is about the competing interests of scientists – those of the watermark technology companies… and those of Professor Felten, who seeks to describe how to circumvent those technologies,” Oppenheim said.
Stung by the Napster phenomenon, the recording industry is struggling to develop protections to prevent the illegal distribution of digital music distributed over the Internet. All five major music labels have promised online subscription services for this summer – but none has announced how they plan to prevent illegal copying.
Felten’s team had accepted a public challenge last year from the SDMI Foundation to try to break a series of digital security measures. The team refused to sign a confidentiality agreement in return for a cash prize, deciding instead that they would publicize their findings.
The former chairman of the SDMI Foundation said he is not sure who is right in Felten’s dispute but suggested sensitive research should first be reviewed by the creators of the technology.
“Joe Scientist goes to work, Joe Scientist discovers stuff and publishes stuff in a system that has evolved over hundreds of years. That’s great, but I am a little leery of people who publish technical results without the proper vetting,” said Talal Shamoon, now an executive at a rights management company, InterTrust Technologies, whose clients include Bertelsmann and other music companies.
If a digitally-formatted song is copied off an audio CD or the Internet, an industry-encoded watermark could someday go with it. Devices programmed to sniff out such a watermark would then refuse to play that song.
Felten said the technology does not work, and its flaws should be exposed. The watermarks can easily be “hacked” and removed, he said.
“We are not encouraging theft,” he told reporters. “We are interested in understanding how this technology works. These are costly measures, and there is no reason to deploy them if they don’t work.”
He said he did not want to reveal his next move after backing down Thursday.
“Felten is covering his butt here. He has to. It’s a shame. Whether the SDMI Foundation would have a case is debatable. He had a tough decision to make, and he chose to play it safe rather than sorry,” said Ric Dube, an analyst at Webnoize, a Cambridge, Mass., research firm covering digital entertainment.