May 8, 2024

Posts Comments

Plenty of Blame to Go Around in Yahoo Music Shutdown

July 28, 2008 by

People have been heaping blame on Yahoo after it announced plans to shut down its Yahoo Music Store DRM servers on September 30. The practical effect of the shutdown is to make music purchased at the store unusable after a while.

Though savvy customers tended to avoid buying music in forms like this, where a company had to keep some distant servers running to keep the purchased music alive, those customers who did buy – taking reassurances from Yahoo and music industry at face value – are rightly angry. In the face of similar anger, Microsoft backtracked on plans to shutter its DRM servers. It looks like Yahoo will stay the course.

Yahoo deserves blame here, but let’s not forget who else contributed to this mess. Start with the record companies for pushing this kind of DRM, and the DRM agenda generally, despite the ample evidence that it would inconvenience paying customers without stopping infringement.

Even leaving aside past mistakes, copyright owners could step in now to help users, either by enticing Yahoo to keep its servers running, or by helping Yahoo create and distribute software that translates the music into a usable form. If I were a Yahoo Music customer, I would be complaining to the copyright owners now, and asking them to step in and stand behind their product.

Finally, let’s not forget the role of Congress. The knowledge of how to jailbreak Yahoo Music tracks and transform them into a stable, usable form exists and could easily be packaged in software form. But Congress made it illegal to circumvent Yahoo’s DRM, even to enable noninfringing use of a legitimately purchased song. And they made it illegal to distribute certain software tools to enable those uses. If Congress had paid more attention to consumer interests in drafting the Digital Millennium Copyright Act, or if it had passed any of the remedial legislation offered since the DMCA took effect, then the market could solve this Yahoo problem all on its own. If I were a Yahoo Music customer, I would be complaining to Congress now, and asking them to stop blocking consumer-friendly technologies.

And needless to say, I wouldn’t be buying DRM-encumbered songs any more.

UPDATE (July 29, 2008): Yahoo has now done the right thing, offering to give refunds or unencumbered MP3s to the stranded customers. I wonder how much this is costing Yahoo.

Filed Under: Uncategorized Tagged With: , ,

Study Shows DMCA Takedowns Based on Inconclusive Evidence

June 6, 2008 by

A new study by Michael Piatek, Yoshi Kohno and Arvind Krishnamurthy at the University of Washington shows that copyright owners’ representatives sometimes send DMCA takedown notices where there is no infringement – and even to printers and other devices that don’t download any music or movies. The authors of the study received more than 400 spurious takedown notices.

Technical details are summarized in the study’s FAQ:

Downloading a file from BitTorrent is a two step process. First, a new user contacts a central coordinator [a “tracker” – Ed] that maintains a list of all other users currently downloading a file and obtains a list of other downloaders. Next, the new user contacts those peers, requesting file data and sharing it with others. Actual downloading and/or sharing of copyrighted material occurs only during the second step, but our experiments show that some monitoring techniques rely only on the reports of the central coordinator to determine whether or not a user is infringing. In these cases whether or not a peer is actually participating is not verified directly. In our paper, we describe techniques that exploit this lack of direct verification, allowing us to frame arbitrary Internet users.

The existence of erroneous takedowns is not news – anybody who has seen the current system operating knows that some notices are just wrong, for example referring to unused IP addresses. Somewhat more interesting is the result that it is pretty easy to “frame” somebody so they get takedown notices despite doing nothing wrong. Given this, it would be a mistake to infer a pattern of infringement based solely on the existence of takedown notices. More evidence should be required before imposing punishment.

Now it’s not entirely crazy to send some kind of soft “warning” to a user based on the kind of evidence described in the Washington paper. Most of the people who received such warnings would probably be infringers, and if it’s nothing more than a warning (“Hey, it looks like you might be infringing. Don’t infringe.”) it could be effective, especially if the recipients know that with a bit more work the copyright owner could gather stronger evidence. Such a system could make sense, as long as everybody understood that warnings were not evidence of infringement.

So are copyright owners overstepping the law when they send takedown notices based on inconclusive evidence? Only a lawyer can say for sure. I’ve read the statute and it’s not clear to me. Readers who have an informed opinion on this question are encouraged to speak up in the comments.

Whether or not copyright owners can send warnings based on inconclusive evidence, the notification letters they actually send imply that there is strong evidence of infringement. Here’s an excerpt from a letter sent to the University of Washington about one of the (non-infringing) study computers:

XXX, Inc. swears under penalty of perjury that YYY Corporation has authorized XXX to act as its non-exclusive agent for copyright infringement notification. XXX’s search of the protocol listed below has detected infringements of YYY’s copyright interests on your IP addresses as detailed in the attached report.

XXX has reasonable good faith belief that use of the material in the manner complained of in the attached report is not authorized by YYY, its agents, or the law. The information provided herein is accurate to the best of our knowledge. Therefore, this letter is an official notification to effect removal of the detected infringement listed in the attached report. The attached documentation specifies the exact location of the infringement.

The statement that the search “has detected infringements … on your IP addresses” is not accurate, and the later reference to “the detected infringement” also misleads. The letter contains details of the purported infringement, which once again give the false impression that the letter’s sender has verified that infringement was actually occurring:

Evidentiary Information:
Notice ID: xx-xxxxxxxx
Recent Infringement Timestamp: 5 May 2008 20:54:30 GMT
Infringed Work: Iron Man
Infringing FileName: Iron Man TS Kvcd(A Karmadrome Release)KVCD by DangerDee
Infringing FileSize: 834197878
Protocol: BitTorrent
Infringing URL: http://tmts.org.uk/xbtit/announce.php
Infringers IP Address: xx.xx.xxx.xxx
Infringer’s DNS Name: d-xx-xx-xxx-xxx.dhcp4.washington.edu
Infringer’s User Name:
Initial Infringement Timestamp: 4 May 2008 20:22:51 GMT

The obvious question at this point is why the copyright owners don’t do the extra work to verify that the target of the letter is actually transferring copyrighted content. There are several possibilities. Perhaps BitTorrent clients can recognize and shun the detector computers. Perhaps they don’t want to participate in an act of infringement by sending or receiving copyrighted material (which would be necessary to know that something on the targeted computer is willing to transfer it). Perhaps it simply serves their interests better to send lots of weak accusations, rather than fewer stronger ones. Whatever the reason, until copyright owners change their practices, DMCA notices should not be considered strong evidence of infringement.

Filed Under: Uncategorized Tagged With: , ,

Voluntary Collective Licensing and Extortion

April 25, 2008 by

Reihan Salam has a new piece at Slate about voluntary collective licensing of music (which was also the topic of an online symposium organized by our center at Princeton). I’m generally a fan of Reihan’s work, but this time I think he got it wrong. His piece starts like this:

What would you do if a bully—let’s call him “Joey Giggles”—kept snatching your ice-cream cone? OK, now what if Joey Giggles then told you, “If you pay me five bucks a month, I’ll stop snatching your ice cream.” Depending on how much you hate getting beaten up, and how much you love ice-cream cones, you might decide that caving in is the way to go. This is what’s called a protection racket. It’s also potentially the new model for how we’ll buy and listen to music.

[…]

Now Big Music is mulling the Joey Giggles approach. Warner Music Group is trying to rally the rest of the industry behind a plan to charge Internet service providers $5 per customer per month, an amount that would be added to your Internet bill. In exchange, music lovers would get all the online tunes they want, meaning that anyone who spends more than $60 a year on music will come out way ahead. Download whatever you want and pay nothing! No more DRM! Swap files to your heart’s content—we promise, we won’t sue you (or snatch your ice-cream cone)!

This idea, that collective licenses amount to extortion – pay us or we’ll sue you – is often heard, but I don’t think it’s a valid criticism of collective licenses. The reason is pretty simple: if this is extortion, then all of copyright is extortion. The basic mechanism of copyright is that the creator of a work gets certain exclusive rights in the work. Exclusive rights means that there are certain things that nobody else can do with the work, without the creator’s permission. “Nobody else can do X” is another way of saying that if somebody else does X, the creator can sue them. When you buy a licensed copy of a work instead of downloading it illegally, what you’re buying is an enforceable promise that you won’t be sued (plus the knowledge that you’re playing by the rules, but that is intimately connected to the lawsuit protection). So the basic mechanism of copyright involves people paying a copyright owner for a promise not to sue them.

To put it another way, if you accept our current copyright system at all – even if you accept only a streamlined, improved version of it – then you’ve already accepted the kind of “extortion” that would be used to sell voluntary collective licenses. The only alternative is a complete redesign of the system, more complete even than a voluntary collective license.

Reihan does recommend a redesign. He endorses Terry Fisher’s suggestion of a government tax on broadband access, with the revenue used to pay musicians based on the popularity of their songs. This system has its benefits (though on balance I don’t think it’s good policy). But if you start out worried about strong-arm extraction of money from citizens, a mandatory tax scheme is an odd place to end up.

This is the fundamental problem of copyright policy in the digital age. It’s easy for people to get copyrighted works without paying. So either you forgo payment entirely, or you give somebody the mandate to collect payment. Who would you prefer: record companies or the government?

Filed Under: Uncategorized Tagged With: ,

Slysoft Commercializes Next-Gen DVD Circumvention

November 27, 2007 by

We’ve been following, off and on, the steady meltdown of AACS, the encryption scheme used in HD-DVD and Blu-ray, the next-generation DVD systems. By this point, Hollywood has released four generations of AACS-encoded discs, each encrypted with different secret keys; and the popular circumvention tools can still decrypt them all. The industry is stuck on a treadmill: they change keys every ninety days, and attackers promptly reverse-engineer the new keys and carry on decrypting discs.

One thing that has changed is the nature of the attackers. In the early days, the most effective reverse engineers were individuals, communicating by email and pseudonymous form posts. Their efforts resulted in rough but workable circumvention tools. In recent months, though, circumvention has gone commercial, with Slysoft, an Antigua-based maker of DVD-reader software, taking the lead and offering more polished tools for reading and ripping AACS discs.

You might wonder how a company that makes software for playing DVDs got into the circumvention business. The answer has to do with AACS’s pickiness about which equipment it will work with. My lab, for example, has an HD-DVD drive and some discs, which we have used for research purposes. But as far as I know, none of the computer monitors we own are AACS-approved, so we have no way to watch our lawfully purchased HD-DVDs on our lawfully purchased equipment. Many customers face similar problems.

If you’re selling HD-DVD player software, you can tell those customers that your product is incompatible with their equipment. Or you can solve their problem and make their legitimately purchased discs play on their legitimately purchased equipment. Of course, this will make you persona non grata in Hollywood, so you had better hire a few reverse engineers and get to work on some unauthorized decryption software – which seems to be what Slysoft did.

Now Slysoft faces the same reverse engineering challenges that Hollywood did. If Slysoft’s products contain the secrets to AACS decryption, then independent analysts can extract those secrets and clone Slysoft’s AACS decryption capability. Will those who live by reverse engineering die by reverse engineering?

Filed Under: Uncategorized Tagged With: , ,

Does Apple Object to iPhone Unlocking?

August 29, 2007 by

I wrote Monday about efforts to “unlock” the iPhone so it worked on non-AT&T cell networks, and the associated legal and policy issues. AT&T lawyers have aggressively tried to stop unlocking; but Apple has been pretty silent. What position will Apple take?

It might seem that Apple has nothing to lose from unlocking, but that’s not true. AT&T can exploit customer lock-in by charging higher prices, so it has an obvious incentive to stop unlocking. But AT&T also (reportedly) give Apple a cut of iPhone users’ fees, reportedly $3/month for existing AT&T users and $11/month for new users. This isn’t surprising – in exchange for creating the lock-in, Apple gets to keep a (presumably) hefty share of the resulting revenue.

Apple’s incentive is much like AT&T’s. Apple makes more money from iPhone customers who use AT&T than from those who use other cell providers, so Apple gains by driving customers to AT&T. And it’s not pocket change – Apple gets roughly $150 per user – so even though Apple gets money for selling iPhones to non-AT&T users, they get considerably more if they can drive those users to AT&T.

Thus far, Apple seems happy to let AT&T take the blame for intimidating the unlockers. This mirrors Apple’s game plan regarding music copy-protection, where it gestures toward openness and blames the record companies for requiring restrictive technology. If this works, Apple gets the benefit of lock-in but AT&T gets the blame.

From Apple’s standpoint, an even better result might be to have iPhone unlocking be fairly painful and expensive, but not impossible. Then customers who are allergic to AT&T would still buy iPhones, but almost everybody else would stick with AT&T. So Apple would win both ways, selling iPhones to everybody while preserving its AT&T payments.

What a clever Jobsian trick – using a business model based on restriction, while planting the blame on somebody else.

Filed Under: Uncategorized Tagged With: , , , ,