Software Bullet Is Sought to Kill Musical Piracy

[InfoSec News <isn () c4i org>]

http://www.nytimes.com/2003/05/04/business/04MUSI.html

By ANDREW ROSS SORKIN
May 4, 2003   
 
Some of the world's biggest record companies, facing rampant online
piracy, are quietly financing the development and testing of software
programs that would sabotage the computers and Internet connections of
people who download pirated music, according to industry executives.

The record companies are exploring options on new countermeasures,
which some experts say have varying degrees of legality, to deter
online theft: from attacking personal Internet connections so as to
slow or halt downloads of pirated music to overwhelming the
distribution networks with potentially malicious programs that
masquerade as music files.

The covert campaign, parts of which may never be carried out because
they could be illegal under state and federal wiretap laws, is being
developed and tested by a cadre of small technology companies, the
executives said.

If employed, the new tactics would be the most aggressive effort yet
taken by the recording industry to thwart music piracy, a problem that
the IFPI, an industry group, estimates costs the industry $4.3 billion
in sales worldwide annually. Until now, most of the industry's
anti-piracy efforts have involved filing lawsuits against companies
and individuals that distribute pirated music. Last week, four college
students who had been sued by the industry settled the suits by
agreeing to stop operating networks that swap music and pay $12,000 to
$17,500 each.

The industry has also tried to frustrate pirates technologically by
spreading copies of fake music files across file-sharing networks like
KaZaA and Morpheus. This approach, called "spoofing," is considered
legal but has had only mild success, analysts say, proving to be more
of a nuisance than an effective deterrent.

The new measures under development take a more extreme - and
antagonistic - approach, according to executives who have been briefed
on the software programs.

Interest among record executives in using some of these more
aggressive programs has been piqued since a federal judge in Los
Angeles ruled last month that StreamCast Networks, the company that
offers Morpheus, and Grokster, another file-sharing service, were not
guilty of copyright infringement. And last week, the record industry
turned a "chat" feature in popular file-trading software programs to
its benefit by sending out millions of messages telling people: "When
you break the law, you risk legal penalties. There is a simple way to
avoid that risk: DON'T STEAL MUSIC."

The deployment of this message through the file-sharing network, which
the Recording Industry Association of America said is an education
effort, appears to be legal. But other anti-piracy programs raise
legal issues.

Since the law and the technology itself are new, the liabilities —
criminal and civil - are not easily defined. But some tactics are
clearly more problematic than others.

Among the more benign approaches being developed is one program,
considered a Trojan horse rather than a virus, that simply redirects
users to Web sites where they can legitimately buy the song they tried
to download.

A more malicious program, dubbed "freeze," locks up a computer system
for a certain duration - minutes or possibly even hours - risking the
loss of data that was unsaved if the computer is restarted. It also
displays a warning about downloading pirated music. Another program
under development, called "silence," scans a computer's hard drive for
pirated music files and attempts to delete them. One of the executives
briefed on the silence program said that it did not work properly and
was being reworked because it was deleting legitimate music files,
too.

Other approaches that are being tested include launching an attack on
personal Internet connections, often called "interdiction," to prevent
a person from using a network while attempting to download pirated
music or offer it to others.

"There are a lot of things you can do - some quite nasty," said Marc
Morgenstern, the chief executive of Overpeer, a technology business
that receives support from several large media companies. Mr.  
Morgenstern refused to identify his clients, citing confidentiality
agreements with them. He also said that his company does not and will
not deploy any programs that run afoul of the law. "Our philosophy is
to make downloading pirated music a difficult and frustrating
experience without crossing the line." And while he said "we develop
stuff all the time," he was also quick to add that "at the end of the
day, my clients are trying to develop relationships with these
people." Overpeer, with 15 staff members, is the largest of about a
dozen businesses founded to create counterpiracy methods.

The music industry's five "majors" - the Universal Music Group, a unit
of Vivendi Universal; the Warner Music Group, a unit of AOL Time
Warner; Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI
- have all financed the development of counterpiracy programs,
according to executives, but none would discuss the details publicly.  
Warner Music issued a statement saying: "We do everything we feel is
appropriate, within the law, in order to protect our copyrights." A
spokeswoman for Universal Music said that the company "is engaging in
legal technical measures."

Whether the record companies decide to unleash a tougher anti-piracy
campaign has created a divide among some music executives concerned
about finding a balance between stamping out piracy and infuriating
its music-listening customers. There are also questions about whether
companies could be held liable by individuals who have had their
computers attacked.

"Some of this stuff is going to be illegal," said Lawrence Lessig, a
professor at Stanford Law School who specializes in Internet copyright
issues. "It depends on if they are doing a sufficient amount of
damage. The law has ways to deal with copyright infringement. Freezing
people's computers is not within the scope of the copyright laws."

Randy Saaf, the president of MediaDefender, another company that
receives support from the record industry to frustrate pirates, told a
congressional hearing last September that his company "has a group of
technologies that could be very effective in combating piracy on
peer-to-peer networks but are not widely used because some customers
have told us that they feel uncomfortable with current ambiguities in
computer hacking laws."

In an interview, he declined to identify those technologies for
competitive reasons. "We steer our customers away from anything
invasive," he said.

Internet service providers are also nervous about anti-piracy programs
that could disrupt their systems. Sarah B. Deutsch, associate general
counsel of Verizon Communications, said she is concerned about any
program that slows down connections. "It could become a problem we
don't know how to deal with," she said. "Any technology that has an
effect on a user's ability to operate their computer or use the
network would be of extreme concern to us. I wouldn't say we're
against this completely. I would just say that we're concerned."

Verizon is already caught in its own battle with the recording
industry. A federal judge ordered Verizon to provide the Recording
Industry Association of America with the identities of customers
suspected of making available hundreds of copyrighted songs. The
record companies are increasingly using techniques to sniff out and
collect the electronic addresses of computers that distribute pirated
music.

But the more aggressive approach could also generate a backlash
against individual artists and the music industry. When Madonna
released "spoofed" versions of songs from her new album on music
sharing networks to frustrate pirates, her own Web site was hacked
into the next day and real copies of her album were made available by
hackers on her site.

The industry has tried to seek legislative support for aggressive
measures. Representative Howard L. Berman, Democrat of California,
introduced a bill last fall that would have limited the liability of
copyright owners for using tougher technical counterpiracy tactics to
protect their works online. But the bill was roundly criticized by
privacy advocates. "There was such an immediate attack that you
couldn't get a rational dialogue going," said Cary Sherman, president
of the recording industry association. He said that while his
organization often briefs recording companies on legal issues related
to what he calls "self help" measures, "the companies deal with this
stuff on their own."

And as for the more extreme approaches, he said, "It is not uncommon
for engineers to think up new programs and code them. There are a lot
of tantalizing ideas out there - some in the gray area and some
illegal - but it doesn't mean they will be used."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.