September 18, 2020

Implementing EFF

Recently, the EFF issued a white paper suggesting an approach to the problems of music distribution. The proposal would let people buy a blanket license allowing unlimited access to music from any source, in exchange for a payment of about $5 per month into a fund that would be distributed among copyright owners in proportion to the usage of each copyrighted work. The plan is voluntary, with neither consumers nor copyright owners compelled to participate. Commentary on the plan has been generally positive, though the RIAA said it wasn’t interested.

Ernest Miller pointed out a problem that would need to be resolved. Consumers who bought a license would be free to use P2P networks to download music; but it wouldn’t do to let them upload freely, as those uploads would be an unstoppable source of unpurchased music for non-participants. Peter Eckersley suggests that this problem could be solved by publishing an (unforgeable because digitally signed) list of the IP addresses of licence participants, and allowing anybody to transfer files to the people at those IP addresses.

It seems to me that if the EFF plan is going to happen, it will start with a deal between the RIAA and a university, in which the university creates a fund to pay out to copyright holders, in exchange for (a) free rein to do anything at all with copyrighted music within the campus (but not to distribute it outside the campus), and (b) permission for anyone, either on the campus or off, to transmit music to people on campus.

The university could help ensure compliance by blocking P2P traffic that would otherwise lead to outgoing transfers of music. (As always, the blocking would be easily circumvented by those who wanted to do so. Its only purpose would be to let well-intentioned people share music within the campus without accidentally making it available to outsiders.)

This is a much better deal for universities than a Penn State-style transaction, in which a university buys its students subscriptions to a limited music service. An EFF-style license allows unlimited use of music in courses, and it allows students and faculty to experiment with new uses of music. It also allows cross-university sharing and collaboration on music projects, if multiple universities join.

This might be a good deal for some university, if the price is right.


  1. It seems to me that between the thousands of hackers out there, they will always find a way to get past whatever crypto/signing/DRM is in place to protect digital music. Thus modifying the proposal to restrict the files in certain ways seems futile. Instead, I think the priority should be on making the service easy enough to use and of a high enough quality that people would rather use it than use P2P networks. P2P isn’t perfect: once you’ve found your file, there’s still a good chance it’s going to be corrupted or of low quality. Between the guaranteed quality of service and the legality issues being covered, I’d expect to see a massive number of users opt to use such a system. People don’t mind paying for things in this open market economy, but when you basically have a monopoly on the market (RIAA) and your prices are way above what most people want to pay, the chance of legal action seems like a reasonable risk in exchange for getting that market’s products for free.

  2. The deal I am discussing doesn’t involve buying a “service”, but instead buying the right to do whatever one likes with music (except redistributing it to non-participants). Participants would be free to use whatever service they chose, or no service at all.

    I agree that it’s fruitless to use technology to try to stop people from redistributing music. But technology does have a place in helping people avoid actions that accidentally make music available to the world.

  3. The university could help ensure compliance by blocking P2P traffic that would otherwise lead to outgoing transfers of music.

    My problem with this suggestion is that it assumes the only legitimate P2P traffic is music sharing. There are a growing number of non-infringing P2P uses for document and software distribution that would be blocked by such a scheme. It continues the practice of assuming guilt (infringement) rather than innocence and restricts non-technical users, who would not necessarily be able to work around a university imposed P2P block.

  4. Bored Huge Krill says:

    hmmm. This is certainly a creative and interesting proposal. I’ll be watching with interest to see where it goes.

    What interests me most is the restriction on uploading via some kind of certification. This is a hard technical problem (and I’m going to assume – for now – that the uploaders will voluntarily support such a lock). What makes it hard is scalability. How big would the list of subscribers need to be? And how would it get distributed? And who would verify it…?
    Public key cryptography primitives are very expensive computationally, even if you use the lowest cost primitives we know about to date – and don’t actually solve the problem – so I guess I’m not convinced that any kind of cert is going to work. How would one deal with certificate revocation?
    The more I look at this problem, the nastier it gets…

    I’m suspecting that the technical solution is going to involve an on-line verification with a trusted third party, and a distribution of keys using something like a Needham-Schroeder protocol. The server that performs the key distribution would need to be owned by the license fee administrator, and would require a separate (possibly quite long-term) authentication with that server from every client. The key to the scalability is going to be keeping the peer-to-peer key distribution lightweight.

    Am I way off beam here? I’m sure somebody will set me straight if I am :-).

    returning to the voluntary-ness of the program, the interesting thing is that subscribers could easily, if they chose, “leak” files to non-subscribers by choosing not to require this peer-to-peer authentication & authorization. But I’m thinking that they wouldn’t do that. Why would they? If a user is paying the $5 fee (or however much), why not insist that others that want to make copies from them do the same?
    Of course, you would still have unlocked sharing between groups of friends, but I suspect that anonymous sharing without the uploaders insisting on A & A would largely disappear, mostly because the scheme appeals to the users’ basic sense of fairness. And that has to be the key to any such scheme.

    Just my random thoughts….