[ISN] Software Bullet Is Sought to Kill Musical Piracy

From: InfoSec News (isnat_private)
Date: Sun May 04 2003 - 23:58:50 PDT

  • Next message: InfoSec News: "[ISN] [defaced-commentary] ISS Defaced"

    http://www.nytimes.com/2003/05/04/business/04MUSI.html
    
    By ANDREW ROSS SORKIN
    May 4, 2003   
     
    Some of the world's biggest record companies, facing rampant online
    piracy, are quietly financing the development and testing of software
    programs that would sabotage the computers and Internet connections of
    people who download pirated music, according to industry executives.
    
    The record companies are exploring options on new countermeasures,
    which some experts say have varying degrees of legality, to deter
    online theft: from attacking personal Internet connections so as to
    slow or halt downloads of pirated music to overwhelming the
    distribution networks with potentially malicious programs that
    masquerade as music files.
    
    The covert campaign, parts of which may never be carried out because
    they could be illegal under state and federal wiretap laws, is being
    developed and tested by a cadre of small technology companies, the
    executives said.
    
    If employed, the new tactics would be the most aggressive effort yet
    taken by the recording industry to thwart music piracy, a problem that
    the IFPI, an industry group, estimates costs the industry $4.3 billion
    in sales worldwide annually. Until now, most of the industry's
    anti-piracy efforts have involved filing lawsuits against companies
    and individuals that distribute pirated music. Last week, four college
    students who had been sued by the industry settled the suits by
    agreeing to stop operating networks that swap music and pay $12,000 to
    $17,500 each.
    
    The industry has also tried to frustrate pirates technologically by
    spreading copies of fake music files across file-sharing networks like
    KaZaA and Morpheus. This approach, called "spoofing," is considered
    legal but has had only mild success, analysts say, proving to be more
    of a nuisance than an effective deterrent.
    
    The new measures under development take a more extreme - and
    antagonistic - approach, according to executives who have been briefed
    on the software programs.
    
    Interest among record executives in using some of these more
    aggressive programs has been piqued since a federal judge in Los
    Angeles ruled last month that StreamCast Networks, the company that
    offers Morpheus, and Grokster, another file-sharing service, were not
    guilty of copyright infringement. And last week, the record industry
    turned a "chat" feature in popular file-trading software programs to
    its benefit by sending out millions of messages telling people: "When
    you break the law, you risk legal penalties. There is a simple way to
    avoid that risk: DON'T STEAL MUSIC."
    
    The deployment of this message through the file-sharing network, which
    the Recording Industry Association of America said is an education
    effort, appears to be legal. But other anti-piracy programs raise
    legal issues.
    
    Since the law and the technology itself are new, the liabilities —
    criminal and civil - are not easily defined. But some tactics are
    clearly more problematic than others.
    
    Among the more benign approaches being developed is one program,
    considered a Trojan horse rather than a virus, that simply redirects
    users to Web sites where they can legitimately buy the song they tried
    to download.
    
    A more malicious program, dubbed "freeze," locks up a computer system
    for a certain duration - minutes or possibly even hours - risking the
    loss of data that was unsaved if the computer is restarted. It also
    displays a warning about downloading pirated music. Another program
    under development, called "silence," scans a computer's hard drive for
    pirated music files and attempts to delete them. One of the executives
    briefed on the silence program said that it did not work properly and
    was being reworked because it was deleting legitimate music files,
    too.
    
    Other approaches that are being tested include launching an attack on
    personal Internet connections, often called "interdiction," to prevent
    a person from using a network while attempting to download pirated
    music or offer it to others.
    
    "There are a lot of things you can do - some quite nasty," said Marc
    Morgenstern, the chief executive of Overpeer, a technology business
    that receives support from several large media companies. Mr.  
    Morgenstern refused to identify his clients, citing confidentiality
    agreements with them. He also said that his company does not and will
    not deploy any programs that run afoul of the law. "Our philosophy is
    to make downloading pirated music a difficult and frustrating
    experience without crossing the line." And while he said "we develop
    stuff all the time," he was also quick to add that "at the end of the
    day, my clients are trying to develop relationships with these
    people." Overpeer, with 15 staff members, is the largest of about a
    dozen businesses founded to create counterpiracy methods.
    
    The music industry's five "majors" - the Universal Music Group, a unit
    of Vivendi Universal; the Warner Music Group, a unit of AOL Time
    Warner; Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI
    - have all financed the development of counterpiracy programs,
    according to executives, but none would discuss the details publicly.  
    Warner Music issued a statement saying: "We do everything we feel is
    appropriate, within the law, in order to protect our copyrights." A
    spokeswoman for Universal Music said that the company "is engaging in
    legal technical measures."
    
    Whether the record companies decide to unleash a tougher anti-piracy
    campaign has created a divide among some music executives concerned
    about finding a balance between stamping out piracy and infuriating
    its music-listening customers. There are also questions about whether
    companies could be held liable by individuals who have had their
    computers attacked.
    
    "Some of this stuff is going to be illegal," said Lawrence Lessig, a
    professor at Stanford Law School who specializes in Internet copyright
    issues. "It depends on if they are doing a sufficient amount of
    damage. The law has ways to deal with copyright infringement. Freezing
    people's computers is not within the scope of the copyright laws."
    
    Randy Saaf, the president of MediaDefender, another company that
    receives support from the record industry to frustrate pirates, told a
    congressional hearing last September that his company "has a group of
    technologies that could be very effective in combating piracy on
    peer-to-peer networks but are not widely used because some customers
    have told us that they feel uncomfortable with current ambiguities in
    computer hacking laws."
    
    In an interview, he declined to identify those technologies for
    competitive reasons. "We steer our customers away from anything
    invasive," he said.
    
    Internet service providers are also nervous about anti-piracy programs
    that could disrupt their systems. Sarah B. Deutsch, associate general
    counsel of Verizon Communications, said she is concerned about any
    program that slows down connections. "It could become a problem we
    don't know how to deal with," she said. "Any technology that has an
    effect on a user's ability to operate their computer or use the
    network would be of extreme concern to us. I wouldn't say we're
    against this completely. I would just say that we're concerned."
    
    Verizon is already caught in its own battle with the recording
    industry. A federal judge ordered Verizon to provide the Recording
    Industry Association of America with the identities of customers
    suspected of making available hundreds of copyrighted songs. The
    record companies are increasingly using techniques to sniff out and
    collect the electronic addresses of computers that distribute pirated
    music.
    
    But the more aggressive approach could also generate a backlash
    against individual artists and the music industry. When Madonna
    released "spoofed" versions of songs from her new album on music
    sharing networks to frustrate pirates, her own Web site was hacked
    into the next day and real copies of her album were made available by
    hackers on her site.
    
    The industry has tried to seek legislative support for aggressive
    measures. Representative Howard L. Berman, Democrat of California,
    introduced a bill last fall that would have limited the liability of
    copyright owners for using tougher technical counterpiracy tactics to
    protect their works online. But the bill was roundly criticized by
    privacy advocates. "There was such an immediate attack that you
    couldn't get a rational dialogue going," said Cary Sherman, president
    of the recording industry association. He said that while his
    organization often briefs recording companies on legal issues related
    to what he calls "self help" measures, "the companies deal with this
    stuff on their own."
    
    And as for the more extreme approaches, he said, "It is not uncommon
    for engineers to think up new programs and code them. There are a lot
    of tantalizing ideas out there - some in the gray area and some
    illegal - but it doesn't mean they will be used."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 05 2003 - 02:33:23 PDT