Software Bullet sought to kill Musical Piracy

N.Y. Times ^ | 5/2/03 | Andrew Ross Sorkin

[plain talk]

Some of the world's biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people that download pirated music, according to industry executives. The record companies are exploring options on new countermeasures, which some experts say have varying degrees of legality, to deter online theft: from attacking personal Internet connections so as to slow or halt downloads of pirated music to overwhelming the distribution networks with potentially malicious programs that masquerade as music files.

The covert campaign, parts of which may never be carried out because they could be illegal under state and federal wiretap laws, is being developed and tested by a cadre of small technology companies, the executives said. If employed, the new tactics would be the most aggressive effort yet taken by the recording industry to thwart music piracy, a problem that the IFPI, an industry group, estimates costs the industry $4.3 billion in sales worldwide annually. Until now, most of the industry's anti-piracy efforts have involved filing lawsuits against companies and individuals that distribute pirated music. Last week, four college students who had been sued by the industry settled the suits by agreeing to stop operating networks that swap music and pay $12,000 to $17,500 each.

The industry has also tried to frustrate pirates technologically by spreading copies of fake music files across file-sharing networks like KaZaA and Morpheus. This approach, called "spoofing," is considered legal but has had only mild success, analysts say, proving to be more of a nuisance than an effective deterrent.

The new measures under development take a more extreme — and antagonistic — approach, according to executives who have been briefed on the software programs. Interest among record executives in using some of these more aggressive programs has been piqued since a federal judge in Los Angeles ruled last month that StreamCast Networks, the company that offers Morpheus, and Grokster, another file-sharing service, were not guilty of copyright infringement. And last week, the record industry turned a "chat" feature in popular file-trading software programs to its benefit by sending out millions of messages telling people: "When you break the law, you risk legal penalties. There is a simple way to avoid that risk: DON'T STEAL MUSIC."

The deployment of this message through the file-sharing network, which the Recording Industry Association of America said is an education effort, appears to be legal. But other anti-piracy programs raise legal issues.

Since the law and the technology itself are new, the liabilities — criminal and civil — are not easily defined. But some tactics are clearly more problematic than others. Among the more benign approaches being developed is one program, considered a Trojan horse rather than a virus, that simply redirects users to Web sites where they can legitimately buy the song they tried to download.

A more malicious program, dubbed "freeze," locks up a computer system for a certain duration — minutes or possibly even hours — risking the loss of data that was unsaved if the computer is restarted. It also displays a warning about downloading pirated music. Another program under development, called "silence," scans a computer's hard drive for pirated music files and attempts to delete them. One of the executives briefed on the silence program said that it did not work properly and was being reworked because it was deleting legitimate music files, too.

Other approaches that are being tested include launching an attack on personal Internet connections, often called "interdiction," to prevent a person from using a network while attempting to download pirated music or offer it to others.

"There are a lot of things you can do — some quite nasty," said Marc Morgenstern, the chief executive of Overpeer, a technology business that receives support from several large media companies. Mr. Morgenstern refused to identify his clients, citing confidentiality agreements with them. He also said that his company does not and will not deploy any programs that run afoul of the law. "Our philosophy is to make downloading pirated music a difficult and frustrating experience without crossing the line." And while he said "we develop stuff all the time," he was also quick to add that "at the end of the day, my clients are trying to develop relationships with these people." Overpeer, with 15 staff members, is the largest of about a dozen businesses founded to create counterpiracy methods.

[supercat]

I wonder what portion of the file trading is being done music the RIAA sells? I suspect it's a pretty big percentage, but I suspect the fraction is shrinking, as more and more people are discovering the joys of "independent" music which--whether being shared legally or not--the RIAA has no authority over.

Is the RIAA making any effort whatsoever to limit its attacks to people who are actually pirating RIAA music?

[Renegade]

These people are NUTS!! You can copy a digital form of a song off the radio--FM or you can copy the song from cable TV on VIDEOTAPE and transfer to CD .What is the difference between this and KAZAA etc . They want to declare war on the individual and they will lose. As soon as something is developed to counter downloading a new item will pop up to counter that ..They are teading on thin ice . The major companies will go the way of the dot.com era if they continue to harass the common people .

[Jeff Chandler]

They can't be series?! These folks are playing a dangerous game which will backfire on them BIG TIME. If they spread malicious files on the Internet, they are painting a hugh bull's-eye on themselves for every hacker in the world, large and small. They can't win at this.

[gitmo]

The industry turns to the dark side.

[jimkress]

The RIAA will regret it if they try this approach to hack other computers. If the RIAA decides to use terrorist methods to gain their desired outcome they will be buried under a, now legitimized by the RIAA actions, avalanche of hacks, cracks, and other attacks on all their servers.

I would be hard pressed to not support such a massive retaliation against the RIAA if they choose to use terrorist methods against other computers.

The end NEVER justifies the means, especially in the case of the RIAA.

[3AngelaD]

Instead of spending all this time and money to screw their customers, why aren't they figuring out a way to sell mp3 files over the net at a reasonable price? I would be happy to pay to download an impeccable file of music I want to own, especially the longer classical works. But I am not happy to have to pay $17 for a CD that has only one track on it I like. Has anyone used those those Best Buy cards that give you 10 legal downloads for $10? Is there a wide choice? Is it easy or a hassle? Seems to me that is a more normal approach than spending big bucks figuring out how to sabotage the computers of your customers.

[Iris7]

Human nature never changes. Aristotle's "the political animal" will always war over new territory. Lots of posts here agree that this very easily could mean war of hacks and cracks. Should be entertaining.

[airedale]

Write your Congressmen about this in relation to the bill sponsored by Rep. Berman. This was exactly what I predicted when I talked to him at a local townhall meeting. He denied that they would do this and if they did it would be illegal. Of course the fine in the bill won't buy a dinner for four at the restaurants these guys are used to go to.

As far as I'm concerned the ISP's should blackhole anyone connected with the groups who are sponsoring this type of action and the penalties should be major jail time for the senior executives of the firms not just some flunky. That would include the executives of firms who hired the work done not just those who actually do the deed.

[Zeroisanumber]

Yeah, the record company can get nasty, but only SO nasty and only within the bounds of the law. Any response from the hackers who run these networks is likely to be much nastier and more damaging.

[Rodney King]

Another program under development, called "silence," scans a computer's hard drive for pirated music files and attempts to delete them. One of the executives briefed on the silence program said that it did not work properly and was being reworked because it was deleting legitimate music files, too.

Anyone know how they could possibly tell the difference between a file that you put on your computer from a CD, and one that you downloaded from the net?

[ChadGore]

You would need a server side, Java based applet that lowers the price of CDs to $1.00.

[LasVegasMac]

Some of the world's biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people that download pirated music, according to industry executives.

A thread a couple days ago, same subject - someone predicted that this would be the "Final Soultion."

I think the industry would be really stupid to do this. There are way too many folks out there, people with the knowledge and the will, that could cause a ton of grief in retaliation.

The old saying, "don't start what you can't finish!"

LVM

[Grig]

Insanity.

The money they spend on this pointless effort could have been used to embrace on-line distribution and profit from it.

[mvpel]

If the industry had spent more money on innovation instead of lawyers, they would have set up the type of system that Apple just recently unveiled about three years ago.

My wife and I just got an iPod, and are downloading songs for a buck apiece into it. Just spent $12 on exactly the songs we wanted from half a dozen different artists.

This is the future of the music business, and the sooner these jokers realize it, the better off they'll be.

[E. Pluribus Unum]

If an individual were to write a program to what the RIAA wants to do, he/she would be prosecuted as a terrorist.

[steplock]

"Any response from the hackers who run these networks is likely to be much nastier and more damaging."

If these record companies come out with ANY type of damaging software, I will make sure I donate $$$ to the HACKERS!!

The future is for the artist to sell directly from the internet themeselves and skip these record company scofflaws.

[JakeWyld]

re: 7

This can never be said enough!!!

Prices of CD's for a track or two are outrageous. Not to mention that the artists get only a small cut of the profits.

[Reagan is King]

This would be their last mistake in a long series of mistakes.

[Billy_bob_bob]

www.applemusic.com

$.99 a song, or $9.99 for an album. Check it out!