Following post calls to question the legitimacy of the Cryptome RIAA meeting report. Others have expressed doubts as well. I don't agree with most of its points (see free-sklyarov archives for my response), but would appreciate back-propogation to point of origin for response. John, anything you can do? on Tue, Oct 09, 2001 at 02:16:20PM -0400, Seth Johnson (seth.johnson@realmeasures.dyndns.org) wrote:

(Forwarded from p2p-legal list)

-----Original Message----- From: hal@finney.org Date: Tue, 9 Oct 2001 10:38:05 -0700

This report fails the "smell test". It sounds like the quotes have at least been doctored to provide red meat to the opposition.

...

"The failure of the CPRM specification to be applied to computer hard drives was a giant step back for the publishing, music, and entertainment industry, and we will work to develop a new specification that accomplishes what CPRM would have done."

CPRM was never intended to be applied to computer hard drives. It was for removable media. The reason it was added to the spec in question was for support of Compact Flash drives, which are accessed via the ATA hard disk spec but which are removable.

There was considerable debate about this point at the time the accusations were made that it was part of a conspiracy. IMO the defense won. There were a lot of technical people involved in that committee who were not the conspiratorial type and they had a good explanation of what was involved. The purpose of the CPRM spec was to allow writing the data encrypted on one drive and reading it back on a different drive which lacked the same encryption keys. This is a technical complication which CPRM was designed to solve. There is no need for this complexity if the data is being written and read on the same drive, as the accusers suggested, since the same keys would be available for both steps.

See http://www.theregister.co.uk/content/archive/16300.html for a "response" article and you will see that the specific accusations about CPRM have been dropped altogether in favor of a general set of complaints about copy protection.

Hence it is highly unlikely that Rosen would say that CPRM was intended for computer hard drives, but it feeds exactly the fears of the conspiracy theorists at whom this document is apparently aimed.

...

"Once we stem piracy, we will be able to raise prices in order to regain lost profits from piracy."

Again this is a highly improbable quote. In the first place it is too obvious, everyone there would already have such thoughts in mind. In the second place it can only hurt the group in the event that it was leaked out. And in the third place it assumes that piracy is forcing them to keep prices down, which seems unlikely (although not impossible).

...

Sony's Heckler stated that, "Once consumers can no longer get free music, they will have to buy the music in the formats we choose to put out."

Again, an unlikely thing to say unless the intention is to get consumers riled up.

...

Gerald Levin stated, "There has been an unconfirmed break in the DVD audio encryption scheme in Russia. We cannot ignore this threat, as DVD Audio represents the future of this company. We will have to be vigilant, and prosecute anyone who posts a program or source code to defeat CPPM in an extremely expeditious manner."

I'm not familiar with this. What is DVD audio? Are they distributing songs on DVD disks now? And what about the well known decss DVD encryption breaking algorithm? Doesn't that already retrive the audio stream? Levin represented AOL Time Warner. Do they really think that DVD audio is "the future of this company"? It's a pretty big company to be betting its future on one unproven technology.

...

Paul England stated, "By tweaking hardware slightly, we can stem content piracy by making software attacks a thing of the past."

This seems technically unlikely and in a group like this which has been burned so often by broken copy protection schemes, it would seem strange that someone would make such a bald claim. These people are not idiots and they would be highly skeptical that any such technological fixes could work.

...

One particularly disturbing fact is that Codex Data System's DIRT software is supposed to be restricted to law enforcement agencies, yet the RIAA, MPAA, and IFPI have all purchased it, and use it routinely to monitor servers which are suspected of infringing content, yet are password protected such as servers which require one to sign up for a password account like hotline servers that have no guest download.

I don't know much about this but I'm skeptical that there is automated software to break into hotline servers. Besides, those which have no guest downloads are used by only small groups, typically no more than a few dozen users, and are unlikely to be a significant threat to the RIAA. They don't care that much about small scale piracy, it is the big systems which they want to shut down.

All in all it looks like at least some of these quote have been manufactured or enhanced for political purposes.

Hal Finney

_______________________________________________ p2p-legal mailing list p2p-legal@dtype.org http://dtype.org/mailman/listinfo/p2p-legal

_______________________________________________ free-sklyarov mailing list free-sklyarov@zork.net http://zork.net/mailman/listinfo/free-sklyarov

-- Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html [demime 0.97c removed an attachment of type application/pgp-signature]