A Few Words With SDMI Head
by Brad King

3:00 a.m. Jul. 3, 2000 PDT
By the time Leonardo Chiariglione was brought in by the recording industry to help get a handle on digital music, intrepid programmers and hackers already had a six-year head start.

Undaunted by the immense task of trying to reign in music lovers who were freely sharing music files, the Recording Industry Association of America tapped Chiariglione to head its Secure Digital Music Initiative. His task was to lead that group in its development of a secure environment for music distribution.

His role isn't to create a secure format where all music will exist on the Internet.

"If you think of SDMI as the body that will specify the last screw that is needed to make products, you have the wrong perception of SDMI," he said. "SDMI is defining the security framework for products. If music is in the SDMI domain, it is because it is legitimately there."

"Publishing music in a secure format is an opportunity given to a rights holder -- but that depends on their business model. If the music you buy from a performer is something that is used as an advertisement, that is their choice and doesn't have to be secure. SDMI produces technologies for people that want to use security."

Launched in February 1999, SDMI brought together 160 music, technology, hardware, and software companies in hopes of developing a secure, open standard that would provide digital rights management for musicians –- and more importantly, allow music companies to charge for music on the Internet.

Chiariglione seemed a natural fit for the new gig. Since the early 1970s, when he got a Master's degree in Electronic Engineering at the Polytechnic of Turin and completed his PhD at the University of Tokyo, he has been in and around many of the events that helped create the new digital entertainment boom.

Along with heading up SDMI, he is also the head of Television Technologies at CSELT -- the research center for Telecom Italia group -- and was the founder of the Motion Pictures Expert Group (MPEG).

But the coalition has not jelled as easily as Chiariglione and the recording industry had hoped. Although the group has developed a standard for portable devices, only Sony has implemented the technology into its player -- and consumer response to the product has been cool.

SDMI has produced an early Phase I security outline for portable devices, but practical developments are nowhere to be found. Earlier this year, Chiariglione delivered a stern speech to the member companies scolding them for dragging their collective feet.

"My words were to stimulate and encourage," he said. "Use the word 'whip' if you want. I wanted to tell the people that we have to work hard. We have a great challenge in front of us. As long as we don't have the Phase I and Phase II screening process(es) in place, you aren't going to have the SDMI domain defined."

As the organization staggers forward towards its goal, the group is faced with the reality that they have continually been outpaced by the Internet-savvy.

It's an old story that goes back to 1993, when Jeff Patterson and Robert Lord began posting music on the Internet.

The two men translated their band's music files into one giant ASCII text file. To meet the stringent rules of the newsgroup billboards, the men broke the ASCII file into 26 separate parts so they wouldn't exceed the maximum file size for a post. Then they spent just over an hour uploading the broken ASCII files –- numbered 1-26 so that whoever downloaded the files could reassemble the music –- with a 14.4-baud modem.

They immediately began getting emails from bands eager to make their music available on the Internet. By October, the University of California at Santa Cruz gave them server space for an FTP site to host the Internet Underground Music Archive.

Over the next several years, the recording industry watched as Patterson and Lord's story continued to repeat itself, most recently with another innovation developed by a plucky college student -- Napster.

Critics of SDMI are quick to jump on each new innovation, such as IUMA and Napster, as more examples of why Chiariglione's task is ultimately pointless. He said that the secure SDMI domain will work effectively when the group finishes its task.

"There is no reason that because technology moves fast, you shouldn't apply security," he said. "The house where my grandfather lived had ridiculously weak padlocks. My house has more sophisticated padlocks. So there is no reason that because it is easy for a thief to enter a house, not to put a padlock. The same goes for SDMI."