December 2, 2020

RIAA Hackathon Not Likely

Andrew Ross Sorkin’s much-discussed article in Saturday’s New York Times details planning by the record industry to launch aggressive cyber-attacks against suspected copyright infringers.

Some of the world’s biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people who download pirated music, according to industry executives.

The record companies are exploring options on new countermeasures, which some experts say have varying degrees of legality, to deter online theft: from attacking personal Internet connections so as to slow or halt downloads of pirated music to overwhelming the distribution networks with potentially malicious programs that masquerade as music files.

Some of the programs described are unethical and probably illegal to use. An example is a program that “locks up a computer system for a certain duration — minutes or possibly even hours — risking the loss of data that was unsaved if the computer is restarted.”

It’s not surprising that a few people are asking “what if” questions about technological measures that are theoretically available to the music industry. I of all people am not going to criticize somebody for thinking about the technical implications of security attacks that they would never imagine actually carrying out. What is surprising is that some industry people are talking to the press about the possibility of carrying out these attacks.

The music industry has carefully positioned itself as a bulwark against the depredations of a scofflaw techno-rabble. Articles like this only tarnish that carefully cultivated image. So: who is talking to the Times about this?

A close reading of the article seems to reveal that there is less here than meets the eye. The RIAA distances itself:

[RIAA President Cary Sherman] said that while his organization often briefs recording companies on legal issues related to what he calls “self help” measures, “the companies deal with this stuff on their own.”

And as for the more extreme approaches, he said, “It is not uncommon for engineers to think up new programs and code them. There are a lot of tantalizing ideas out there — some in the gray area and some illegal — but it doesn’t mean they will be used.”

The five major record companies are similarly closed-mouthed:

The music industry’s five “majors” … have all financed the development of counterpiracy programs, according to executives, but none would discuss the details publicly. Warner Music issued a statement saying: “We do everything we feel is appropriate, within the law, in order to protect our copyrights.” A spokeswoman for Universal Music said that the company “is engaging in legal technical measures.”

Nothing in these statements indicates that the majors are considering illegal or borderline-legal actions.

The main sources for the article appear to be two companies, Overpeer and MediaDefender, who have reason to tout their techno-capabilities to the industry, along with anonymous “industry executives.” My guess is that the extreme measures discussed in the article represent the fantasies of a few people in the industry, rather than an organized plan that has any chance of becoming reality.