SDMI: We're not hacked yet Music & MP311/8/2000; 11:25:06 PM 'The three remaining watermarks in the Hack SDMI contest weren't all "successfully" broken after all -- or so goes the news that is coming out of the SDMI meetings Wednesday in Washington. Although all three watermarks had hacks that passed the "oracle" test (which examined whether or not the watermark had been removed), according to the official testing committee report sent out today, two of the security systems managed to pass through the listening and repeatability tests unscathed.'Oh? Well... look closer...'The latest results are hardly cut-and-dried. According to SDMI documents, the attempt to break the watermark from Verance, one of the participating companies, failed the listening tests -- but only by a 2-to-1 vote (which suggests that one set of "golden ears" found the sound quality of the hacked files to be perfectly adequate). Another watermark, from Blue Spike, did not pass the repeatability tests, which required that the attack be repeated on three different songs; but only because they failed on one or two of three possible tracks, which suggests that the hacks were successfully repeated on at least one song.'Of all the possible responses SDMI could have come up with to the results of this contest... this is about the stupidest I can think of. Despite the evidence in front of them that the security systems are already not working reliably, they seem all set to go ahead anyhow, because the submitted cracks only half met SDMI's fairly arbitrary criteria.Well, you know what? In the end, their arbitrary rules for 'winning' only matter one way: Who gets what "prize" money. Out here in the real world, once a few people get a hold of those "half-working" hacks, and a better sample set (from real-world SDMI-protected music), those "half-working" hacks will mutate into "fully-working" hacks in no time at all. And shortly after that, they'll be perfected. These problems aren't going to just go away once the public gets their hands on real SDMI music, not to mention all those "boycotting" hackers. I can only hope that internally SDMI is calling this a failure, because based on this official information, it is a failure, and where it isn't a failure, it will be. (I'd guess less then two months for "the public" to fully hack any of the current systems, esp. based on the fact we've already got hints on how to crack them.)