At the "Hack SDMI" Web site, visitors can currently download six different music files. The challenge is to eradicate the watermark from the files without causing any significant degradation to the music. If you succeed in doing this -- and supply detailed information to SDMI about how you did it -- you can win up to $10,000. (Alternatively, you don't have to provide this information, but you won't win the money.)

No one remembers where the concept of the hacking challenge originated, but everyone I talked to agreed that it was a good idea -- even if some of them claimed that from the beginning they saw the hacking challenge as a great way to undermine the mess that was SDMI's watermarking "solution."

"The record companies wanted the test to see how effective the technologies are -- but the record companies didn't understand fully that all the technologies are going to be broken," explains one member. "They just wanted the most secure system, and wanted to see which ones were going to be broken. But the technology companies knew that all of them would be broken."

Then came the call to boycott the hack-SDMI challenge. Those SDMI members who had been secretly hoping that hackers would breeze through the challenge and prove once and for all that SDMI was wasting its time were dismayed. If the system wasn't tested and broken, SDMI would forge ahead and release a solution that many considered fallible.

So far, the boycott hasn't completely staved off interest. As of Sept. 27, there had been more than 17,500 downloads of the files and 150 uploads of possible breaks. One SDMI member reported that the breaks so far have been of a variety that would be very simple for other users to copy: "From what we're hearing, it sounds like the technologies that have been broken so far are using fairly easy means, [like] audio software that's easily available for download. This isn't rocket science." But there's also concern that if hackers stay away in droves, perhaps one or two of the watermarks won't be broken -- in which case SDMI will steam ahead with its "proven" solution and cost the technology companies millions of dollars in implementation costs. And worse, consumers will face a system that makes it harder to listen to music.

But if SDMI is broken, insiders say, a number of things could happen. SDMI could go ahead and try to implement watermarks anyway. Or the watermarking companies could take a look at the ways the hackers broke those marks, and then try to fix them before release -- although several of those I spoke with thought this was a relatively futile task.

Stanton McCandlish, advocacy director for the EFF, believes the latter option is most likely. As he angrily explains, "The industry is trying to get the people who actually could crack their system to try until they fail, and then SDMI knows they've got a winner. If the six [watermarks] they picked initially don't work, they can pick a seventh or eighth or ninth or 10th that does work. It's all just math -- at some point you get an algorithm that works."

But those inside SDMI believe that the breaking of all the watermarks would mean that SDMI would have to start again from scratch -- if it has the energy to start again at all. That will force a major rethinking on the part of the companies, opines one member. "Everything SDMI has done has been based on watermarking being the way to protect legacy content -- or CDs, in short. We'd be going back to square one."

Even Shamoon, chairman of the perimeter technologies working group at SDMI, thinks that "if they are all broken, as a group we'll either have to issue another call for new [watermarking] technologies -- not everyone in this space has bid, and some will be enticed to bid again -- [or] the other option is to look at a completely new protection paradigm for the screening operation. There are other options that have been discussed."

SDMI could go back to the drawing board and come up with new ideas -- such as, for example, focusing on encryption and rights management systems rather than watermarking. Or it could just give up altogether; after all, the fast pace of digital distribution advances online suggests that natural market forces will move faster than any interindustry coalition. It may simply be impossible to find a standard that will stay ahead of ever-accelerating digital music technology. As one member posits: "If SDMI continues to search for something that simply doesn't exist, then you have to wonder, Why continue this process? I'm skeptical."

Is the disaffection within the ranks of SDMI news to the record industry? Probably not: As one person puts it, "I think they know. We've made our disdain for SDMI fairly clear. We hope that we are proven correct that the technologies are breakable; that's what we've been telling them for quite some time now."

Hackers afraid of getting co-opted, record labels desperate to protect their intellectual property, technology companies anxious to avoid sinking millions into an unworkable system -- with so many divergent voices on the issue, common ground is hard to find. But there's some room for optimism. If SDMI's "solution" proves not to be a solution at all, perhaps it will instead be a wake-up call declaring that it's far past time to start focusing energies elsewhere.

Which, the frustrated technologists insist, is their ultimate goal. They may have joined SDMI in part to protect themselves; but they are also in it, they say, because they truly want to help shape the future of digital music -- a future in which artists get justly compensated for their work. As one insider explains heatedly, "There's two reasons tech companies are in SDMI: One is to not get fucked, and the other is to make sure there's a viable music industry online. The only way to do that is if artists feel that making music is worth their time." And artists will only feel it's worth their time if they believe that their music is somewhat secure, and that they'll get paid for their efforts.

It's easy to be cynical when anyone, excluding the artists themselves, declares that making things right for the artists is a primary goal. And given the current turmoil, one could also be cynical about the possibility that SDMI will ever come up with a timely, easy-to-use system that consumers and artists and record labels and technology companies all enjoy.

Representatives of the technology companies are currently throwing up their hands in frustration, but SDMI's party line is that it hasn't given up hope yet: "There are definitely people who attend SDMI who wish it would drop dead," sighs Shamoon. "It's a constant debate, an evolution. But the dissension fuels the consensus."

Or maybe dissension obliterates the consensus. Whatever the case, hackers who are sure they are doing the right thing for online distribution of music by boycotting the hack-SDMI challenge might want to consider rethinking their stance.

Recent Stories