Declaration of Scott Craver

in Felten v. RIAA (Aug. 13, 2001)

Grayson Barber (GB 0034)
Grayson Barber, L.L.C.
68 Locust Lane
Princeton, NJ 08540
(609) 921-0391

Frank L. Corrado (FLC 9895)
Rossi, Barry, Corrado & Grassi, P.C.
2700 Pacific Avenue
Wildwood, NJ 08260
(609) 729-1333

(Additional Counsel listed on signature page)
Attorneys for Plaintiffs

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEW JERSEY

I, SCOTT CRAVER, of full age, hereby declare:

1. I am presently a Ph.D. candidate in the department of Electrical Engineering at Princeton University. My primary area of research is information security, in particular the study of "information hiding." I am a co-author of the book Information Hiding: Techniques for Steganography and Digital Watermarking, and have authored and co-authored a number of research papers on the subject of digital watermarks.

2. A "digital watermark" is a signal that is added to digital music, images, or video clips, to label that data for some purpose. Digital watermarks are typically very faint signals, imperceptible to most people, intended to ride along, unobtrusively, with the multimedia to which they have been added. A number of uses have been proposed for such labels, but perhaps the most common one is copyright control: a watermark can label a piece of music as someone's intellectual property, or communicate the owner's desire to restrict said music from being copied or distributed.

3. In the months of September and October 2000, I participated with several colleagues in a public challenge posed by the Secure Digital Music Initiative, or SDMI. SDMI publicly invited people to try to break their music security technologies, some of which involved digital watermarks. A number of us at Princeton University quickly organized to participate in the challenge, later joining forces with researchers from Rice University and Xerox PARC.

4. After the challenge period was over, we announced our results: we had successfully defeated all the watermarking technologies. Our definition of "success" was that when we submitted attacked music samples from which we had removed the watermarks, the SDMI oracle replied by e-mail with a message that the submitted samples were "valid." I believe the oracle used two criteria: that the attacked samples had passed a watermark detector showing that the watermark could no longer be detected, and that they had passed a listening test intended to ensure that the attacked samples sounded better than a 64 kbps MP3 digital audio file.

5. After we had succeeded according to the oracle's messages, we received additional e-mails asking us to participate in a second phase of testing. In this second phase, we would be sent one watermarked music file, which we would have been permitted to attack only once, without an oracle to tell us whether we had succeeded. This arrangement appeared to be designed to test whether we could remove a watermark inaudibly on the first try, without any feedback.

6. At this point, we would be participating in a contest with no apparent scholarly value, as we could not learn anything new from this second phase. Further, its terms were unrealistic: a real-world attacker would certainly attempt more than once to remove a watermark, using the feedback from an MP3 player or other audio device to refine an attack. Hence, the ability to defeat the technology in realistic circumstances would not be considered a "success" under this second phase.

7. Based on our work in the first phase of the Challenge, we had learned a great deal about some of the technologies' inner workings. As is typical in a situation like this, we wrote a paper summarizing our results, and submitted it to a conference on the subject, the fourth Information Hiding Workshop (IHW). The IHW paper was accepted, to be presented in April 2001.

8. Within weeks of the presentation date, however, I received a phone call at home from Ed Felten, the head of our research group: we had received a letter from the Recording Industry Association of America (RIAA.) Rice University and Xerox PARC also received letters from the RIAA. So did the organizer of the conference, along with his employer. They alleged that we could all be subject to legal action if we presented our results, telling us to withdraw our paper from the workshop, and destroy it.

THE NATURE OF ENCRYPTION RESEARCH

9. In the study of encryption and information security, it is common for researchers to analyze, and attempt to break, codes and security systems proposed by others. It is through this open process that we learn to design better systems, and fix security problems before they can be exploited in unwanted ways. The relationship between those who design, and those who break, security systems is symbiotic; both are regarded as essential for scientific progress. One can analogize the relationship to that between automobile manufacturers and automobile crash-testers.

10. Indeed, our analysis of SDMI has already led to the development of better technology. During the challenge period, I attempted to extract a watermark hidden within a music clip, and quickly became dissatisfied with known methods for extracting this particular kind of watermark data. No published method proved reliable enough for my purposes. After the challenge was over, I focused my research efforts on designing more powerful and reliable methods for watermark detection.

11. The result of this effort was a new method for detecting hidden data that is substantially superior to the previous state of the art. With this technology, a watermark can be detected more reliably. Watermarks can thus be made more faint, incurring less distortion upon audio data, yet remain detectible. The amount of information one can conceal in an audio clip can also be increased. These improvements were significant enough, in fact, that they satisfied the research requirement of my Ph.D. general examinations. In short, our analysis of a digital watermarking technology led to the development of a better digital watermarking technology.

12. It is an inherent property of any scientific research, however, that it can also yield discoveries that some parties will consider Òbad news.Ó For instance, new discoveries can devalue existing technologies. The invention of the LASER led to the development of storage technologies such as compact discs, greatly reducing the market for older audio technologies such as vinyl LPs and audiocassettes---bad news to manufacturers of the old media. Evidence that a drug does not work will negatively impact the revenue of a pharmaceutical company. In computer security, technologies are directly scrutinized for flaws and defects. Any honest, independent assessment of a consumer product can affect the sales of that product, for good or ill.

13. There are, therefore, those who may wish to control the scientific process, or censor its output. This is misguided, of course, as it would merely cover up undesirable facts, providing illusory short-term benefits to a few, and long-term detriment to many. Nevertheless, should entities wish to suppress scientific research in encryption or information hiding they are now empowered to do so, thanks to the Digital Millennium Copyright Act.

THE BROAD AND UNCERTAIN SCOPE OF THE DMCA

14. The DMCA has had a profoundly chilling effect on my research in information hiding. As I mentioned, the analysis of security systems is a crucial component in the scientific process, but certain parties may have an incentive to squelch this research. Scientists are now at risk of legal action for doing the same work they have performed, unencumbered, for years. This situation could cause the entire field of information security to stagnate.

15. Of the various branches of information security, the study of information hiding is perhaps in greatest danger of being crippled by the DMCA. Much information hiding research focuses on technologies, such as digital watermarks, that are specifically geared towards copyright protection systems. Many everyday tasks of watermark researchers involve the stress testing, overwriting, modification or removal of watermarks. Acts and tools potentially in violation of the DMCA pervade the field, and thus the DMCA grants pervasive control over researchersÕ actions.

16. One very serious problem with the DMCA is uncertainty regarding its scope. I and other researchers simply have no idea what we must do in order to be in compliance with the law. This has already been illustrated by our previous research: we thought that we were in total compliance with all applicable law when we participated in the SDMI challenge, and attempted to publish our results. I find myself wondering if I will be subject to litigation for participating in future research projects, and my experience with the SDMI Challenge has taught me that even if I take great pains to ensure that I am not violating the DMCA, I may nevertheless be at risk.

17. When assembling our initial report on the analysis of SDMI, we were wary of including computer source code for the programs we wrote, because said source code might be restricted under the DMCA. It is common to use computer source code in scholarly papers to express ideas; like mathematical formulae, source code allows one to describe a concept with precision and economy. Without source code, one section of our paper became unsatisfactorily vague. The DMCA's existence has already caused us to limit the way we communicate with others in the scientific community.

18. These limitations concern me a great deal because information hiding is my primary research specialization. When I complete my Ph.D., my ability to find a job, conduct research, publish and progress in my field will be in jeopardy because of the DMCA. This is not simply a problem I may encounter in the future, as I am pressed to make decisions now about the direction of my studies and my career. I am not pleased with the prospect of abandoning years of work in this field for an entirely new, ÒsafeÓ subject to study for my remaining years in graduate school.

19. I have recently begun a new research project as part of my Ph.D. research, an extension of my work during in the SDMI challenge, on the "forensic analysis" of digital music. Essentially, if a music clip has been subjected to some unknown alteration, such as the addition of a digital watermark, or the addition of noise or distortion, one may wish to determine the nature of that alteration. There are a number of widely different techniques for testing music for certain clues left behind by various operations, and my goal is to compile and unify these techniques into a general approach for audio analysis.

20. As a part of this project, I will be writing a computer program that can be used, by someone trained in signal processing, to perform this analysis. An overview of the proposed program is at . One can think of this computer program as a better "microscope" for scrutinizing music clips. I have already begun to write code for this program. To continue with the microscope metaphor, I built the "lenses" or components of the program before the IHW conference. I hope to finish the program this year.

21. This research project grew out of my previous work on the SDMI challenge. I am motivated to write this computer program, in part, because I could have made great use of such a utility during the challenge to analyze audio; existing tools were incapable of doing everything I needed. Also, the program will utilize the new detection technology mentioned earlier, which I developed in an attempt to better detect hidden signals in music, along with analysis techniques described in our research paper.

22. This forensic analysis program that I would like to write will be designed to analyze and examine music, but not to alter the music, or eliminate or damage watermarks. However, given the recent events forcing us to withdraw a scholarly research paper from a scientific conference, I fear that this program will put me at risk of litigation when I attempt to publish it. The connection between this research project and the SDMI challenge makes me especially wary of litigation by Verance, or the RIAA; I suspect they will have as much incentive to suppress my future research as they had to suppress our previous research.

23. I must stress the general nature of this program: it will provide researchers with an environment to help them analyze audio clips. This can and will be used to examine music for the presence of watermarks, and to learn more about those watermarks, just as it can and will be used for other purposes. I intend to use this program to diagnose audio clips that have been damaged, distorted or warped. I also intend to use it to analyze the sounds of musical instruments, as I am interested in the computer simulation and synthesis of music. Applications also exist beyond the analysis of digital music. In fact, some techniques used today to detect watermarks in music were originally invented to detect echoes in seismic data, and they are still useful in this regard.

24. I am concerned about the legality of this program even though it cannot, by itself, do more than examine music. A major reason for my concern is that the DMCA prohibits not only circumvention technologies but also components or parts of circumvention technologies. Someone attempting to remove a watermark might use my work to help find that watermark. I do not know for certain if that makes my Ph.D. research a "part" or "component" under the DMCA. Common sense suggests otherwise, but common sense also tells me that a research paper is a research paper, rather than a "technology" or a "part" or a "component."

25. Furthermore, even if a court might determine in litigation that my forensic analysis program did not violate DMCA, or that it was exempt as "encryption research" under DMCA ¤1201(g), the very fact that I would need to defend myself in court is a deterrent to my work. It would be financially costly and would put a major obstacle in the way of obtaining my Ph.D.

26. In fact, the DMCA has already proven a deterrent to this new research project. The project is an ambitious one, and would typically involve the participation of a number of researchers. I have been reluctant to invite others to join in, however, because of concerns that they, as well as the project itself, may be jeopardized should anyone decide to suppress my work with threats of litigation. I am especially concerned about researchers outside of Princeton University, whose employers could be subject to the calculated application of legal pressure beyond the UniversityÕs control. Scientific work tends to be collaborative, and so this situation is highly unfortunate: my research project will take more time to complete, and will not benefit from the contributions of others.

27. Finally, there is reason to be concerned that numerous existing consumer products may violate the DMCA. Popular computer programs for drawing and image processing, like Adobe Photoshop, can be used to damage image watermarks---indeed, they have become popular tools for researchers, who damage watermarks to test their strength. We were able to circumvent music watermarks using a standard audio processing tool, CoolEdit. Old devices that do not honor new copy protection signals, such as VCRs or existing CD players, may become illegal to own, sell, or use. If the DMCA is broad enough to restrict a research paper, it is certainly broad enough to restrict these everyday devices.

28. Curiously, digital watermarks themselves fall within this list of consumer products potentially in violation of the DMCA. The addition of a watermark to music can naturally overwrite an existing watermark, allowing watermarking software to be used as a watermark removal tool. During the SDMI challenge, for instance, we observed data suggesting that one of SDMIÕs proposed watermark technologies, when applied to music, obliterates another of their proposed watermark technologies. The subversion of a watermarking tool to destroy another watermark is not a hypothetical attack: the technique has been used in the past to obliterate watermarks in computer images. We thus have that the DMCA can outlaw even the technology it was intended to protect.

THE DMCA IMPOSES UNREASONABLE LIMITS ON THE SCIENTIFIC METHOD

29. Another very serious problem with the DMCA is its limitation on the free flow of information upon which science relies. The scientific process requires that people are able to share their results, their methods and data, and sometimes the tools they used in their experiments. In general, the first experiment, test, or attack is just that -- the first. Good science does not rely on the first experiment; other researchers must validate the first experiment by independently reproducing the results.

30. The DMCA's encryption research exemption only accounts for the act of circumvention of a copyright control mechanism, one small step in encryption research that cannot happen without scientific equipment or access to previous results, the infrastructure of the scientific method. For instance, were I to write a paper describing the effectiveness of my forensic analysis program at detecting hidden watermarks, no one could reliably confirm or disconfirm my claim without independently using my program (or even think to do so without being able to read my paper!)

31. As another example, researchers at Cambridge University developed a computer program called StirMark, which subtly distorts watermarked computer images in an attempt to render watermarks unreadable. This computer program is well known in the literature as a benchmarking aid, used by watermark designers to test the strength of their inventions. Its algorithm also expresses important ideas that we used during the SDMI challenge, to design an attack of our own that defeated one of the watermarking technologies.

32. The value of StirMark is in its availability: competing watermarking technologies can be directly compared by their resistance to this standard computer program, in much the same way that the safety of automobiles can be compared by subjecting them all to the same basic crash test. Under the DMCA, it might be legal to write such a program or use it in a specific permitted instance, but not to distribute it to others. It negates the program's value, if nobody can acquire it.

33. Furthermore, StirMark can be used on many different kinds of watermarks, so it is unclear how one could secure permission to write such a program. Must one ask permission of every company whose technology could be circumvented? What about watermarking technologies that have not been invented yet? Many copy protection systems are based on similar technologies, and have similar weaknesses.

34. The main reason, however, why I consider the DMCA unacceptable is that it gives control over academic research to parties who have no valid reason to possess that control. To protect their assets, companies have managed to splice themselves in to the scientific and peer-review process, obtaining veto power over the publication of undesirable new discoveries and bad news. This is not a mere inconvenience to scientists, but a restriction upon empiricism itself, a revision of the scientific method to include the extra step of asking selected technology or media companies for legal permission to proceed. One wonders what would have happened had tobacco companies acquired the same power over academia, decades ago, as the recording industry has now. The latter has no better reason than the former to have control over scientific research.

I declare under penalty of perjury that the foregoing is true and correct.

Attorneys for Plaintiffs

Exhibit A

[elided]

Please send any questions or comments to webmaster@eff.org.