Big Music's Worst Move Yet

By Alex Salkever The music file-swapping masses got a fresh jolt of fear on Jan. 21 when the Recording Industry Association of America filed 532 lawsuits against alleged copyright infringers for downloading or sharing pirated tunes on the Internet. The suits made good on the RIAA's promise in December not to skip a beat in its legal war against music piracy.

That promise came after a U.S. Appeals Court in Washington, D.C., in December found that the RIAA could not use the Digital Millennium Copyright Act to force Internet service providers to cough up the identities of alleged file swappers without notifying them beforehand. The DMCA is a law designed to help copyright holders protect their intellectual property. The court ruled on a technicality but used strong language to underscore that the RIAA had clearly overstepped its bounds.

In response, the RIAA shifted its attack to a more cumbersome form of lawsuits. In these so-called John Doe suits, RIAA lawyers file against an Internet protocol address (an ID that every computer connected to the Net has) that they believe is attached to a computer engaged in illegal file trading. Should the court deem the suit worthy of consideration, then the ISP used by that computer to access the Net could be forced to reveal the subscriber's identity.

LOST WAR. This is more time-consuming and costly than the procedure the Appeals Court shut down, which allowed any copyright holder to demand the identity of an ISP's customers without any proof of wrongdoing or any sort of due process. Even in the John Doe suits, it's not clear how much support the RIAA will get from ISPs already furious with it for earlier tactics that spooked subscribers and resulted in suits against clearly innocent parties.

One has to admit: The RIAA sure is tenacious in pursuing its strategy. What it doesn't seem to realize, though, is that it has already lost the war (see BW Online, 1/16/04, "Did Big Music Really Sink the Pirates?"). The recording industry's hardball tactics have fueled a technological shift that'll make it nearly impossible to pursue file swappers in the future.

How so? The culture of fear and loathing that the RIAA has created is starting to put encryption on the must-have list of every Joe and Jane Internet user. The results will be wide-ranging and will pose a threat to the movie industry, the software industry, and just about any other industry involved with the creation and sale of intellectual property.

TREADING LIGHTLY. The often-made argument that RIAA pressure would push file swappers to adopt more and more drastic means of evasion has been borne out over time. First came Napster, a system of centralized servers envisioned by Sean Fanning. U.S. courts easily identified it as an enabler of copyright infringement due to the manner in which Napster's servers willingly facilitated illegal music file trading.

The next generation of file-swapping setups eliminated central servers and built peer-to-peer networks that directly connected file sharers to each other. These networks have proven far more impervious to lawsuits. The companies that make the software used to build these networks have had some success in arguing that they only build the tools and play no direct role in copyright violations that occur on these networks -- which could just as easily be used for legitimate purposes such as sharing personal photos, computer files, and other forms of noncopyrighted content.

Reluctant to toss the baby out with the bathwater, courts have tread lightly since file swapping is a new technology that could provide a useful service to society in the future as a venue for sharing and even selling information.

OBVIOUS FINGERPRINTS. That forced the RIAA and other copyright holders to go after the weak link in the chain: individual users. It did so with great gusto in the spring of 2003, unleashing a torrent of lawsuits and a fearsome public relations campaign.

This offensive against file swappers, however, hinged on a simple fact. The current generation of decentralized file-swapping networks makes little or no effort to mask the digital fingerprints of individual users. Researchers working for the RIAA can easily log onto the networks, download pirated songs, and note the IP addresses of particularly egregious file sharers. The RIAA defines those as anyone offering 800 or so songs for download.

By ripping off the thin veil of anonymity and hitting hundreds of users for thousands of dollars per case in settlement costs, the RIAA has inspired the most tangible fear yet seen among Web users -- something neither credit-card thieves, nor hackers, nor even the U.S. government has managed to inspire.

"DIAPHANOUS AT BEST." No one wants to open their mailbox and see a letter from the RIAA. Parents of school-age children live in terror of just such a letter and the potential costs to their family. In truth, however, the likelihood of the average user getting nailed remains very small, largely because the RIAA can't individually sue the millions of less prolific file swappers.

But media coverage of the suits has unleashed a frightening specter of the corporate Big Brother reaching out and swatting ordinary Net users. "The RIAA's successful extraction of user identity from Internet service providers makes it vividly clear that the veil of privacy enjoyed by the average Internet user is diaphanous at best, and that the obstacles to piercing that veil are much much lower than for, say, allowing the police to search your home or read your (physical) mail," writes cyber pundit Clay Shirky in an article entitled "The RIAA Succeeds Where the Cypherpunks Failed").

This atmosphere has now led to a new reality where encryption becomes expected and pervasive. While encrypted P2P file-sharing networks remain less polished and less popular than the unencrypted variety, the masses will inevitably switch to those protected networks if the RIAA continues to sue.

CODE CRACKERS. Then it'll have a lot of trouble because lawyers won't be enough. The industry group will need cryptographers and security experts to break the protocols used for cloaking the traffic in order to merely determine whether a song traveling on the Blubster, FreeNet, BitTorrent, or Earth Station 5 P2P network is pirated or an amateur recording with no copyright restrictions.

The RIAA will have to become a lot more like the code-cracking National Security Agency in an escalating cat-and-mouse game with programmers who write encrypted file-sharing network software. Establishing a viable code-cracking operation to tackle a wide variety of alleged offenders would require huge cash outlays and serious talent. The only successful nongovernment efforts to do this type of work to date have relied on giant networks of PCs linked together or clever researchers who find specific but relatively-easy-to-patch holes in encryption software. Building such a capability would cost the record labels many millions.

Beyond music, the RIAA's aggressive tactics have already contributed to a changed security landscape, where encryption is becoming more accessible to everyone. Apple Computer (AAPL) has built a drag-and-drop system where anything stored in the home folder can be easily guarded by potent 128-bit encryption.

STRONGER CURTAIN. Of course, this isn't a direct reaction to RIAA tactics. But Apple famously brags that it adds features its users ask for. And one can only imagine that at least some of the Apple users who asked for this capability had the RIAA in mind. And Skype, the free P2P Internet telephony network built by the former founders of KaZaA, has provisions for strong encryption. Perhaps most ominous to creators of copyrighted content, the shift to encrypted P2P networks will allow not only continued trading of pirated music but also of pirated software and movies.

Should Microsoft (MSFT), Intel (INTC), and others succeed in building a generation of computers with copyright controls built into the core operating system or onto the chips, then encryption will hardly help a pirate when an MP3 won't launch without a valid digital certificate. That scenario, however, remains highly unlikely as the complications of accurately categorizing and reading each individuals' copyrighted content, from old CDs to iTunes purchased online, is daunting at the least.

In the end, large chunks of computing and the Internet will go behind a much stronger curtain of anonymity, and the pirates will remain untouchable underground -- thanks to the RIAA's misguided legal missiles. Salkever is Technology editor for BusinessWeek Online. Follow his Nothing But Net column every week on BusinessWeek Online

Toyota's Hydrogen Man
blog comments powered by Disqus