3 May 2003
The New York Times, May 4, 2003
The record companies are exploring options on new countermeasures, which
some experts say have varying degrees of legality, to deter online theft:
from attacking personal Internet connections so as to slow or halt downloads
of pirated music to overwhelming the distribution networks with potentially
malicious programs that masquerade as music files.
The covert campaign, parts of which may never be carried out because they
could be illegal under state and federal wiretap laws, is being developed
and tested by a cadre of small technology companies, the executives said.
If employed, the new tactics would be the most aggressive effort yet taken
by the recording industry to thwart music piracy, a problem that the IFPI,
an industry group, estimates costs the industry $4.3 billion in sales worldwide
annually. Until now, most of the industry's anti-piracy efforts have involved
filing lawsuits against companies and individuals that distribute pirated
music. Last week, four college students who had been sued by the industry
settled the suits by agreeing to stop operating networks that swap music
and pay $12,000 to $17,500 each.
The industry has also tried to frustrate pirates technologically by spreading
copies of fake music files across file-sharing networks like KaZaA and Morpheus.
This approach, called "spoofing," is considered legal but has had only mild
success, analysts say, proving to be more of a nuisance than an effective
deterrent.
The new measures under development take a more extreme — and antagonistic
— approach, according to executives who have been briefed on the software
programs.
Interest among record executives in using some of these more aggressive programs
has been piqued since a federal judge in Los Angeles ruled last month that
StreamCast Networks, the company that offers Morpheus, and Grokster, another
file-sharing service, were not guilty of copyright infringement. And last
week, the record industry turned a "chat" feature in popular file-trading
software programs to its benefit by sending out millions of messages telling
people: "When you break the law, you risk legal penalties. There is a simple
way to avoid that risk: DON'T STEAL MUSIC."
The deployment of this message through the file-sharing network, which the
Recording Industry Association of America said is an education effort, appears
to be legal. But other anti-piracy programs raise legal issues.
Since the law and the technology itself are new, the liabilities — criminal
and civil — are not easily defined. But some tactics are clearly more
problematic than others.
Among the more benign approaches being developed is one program, considered
a Trojan horse rather than a virus, that simply redirects users to Web sites
where they can legitimately buy the song they tried to download.
A more malicious program, dubbed "freeze," locks up a computer system for
a certain duration — minutes or possibly even hours — risking the
loss of data that was unsaved if the computer is restarted. It also displays
a warning about downloading pirated music. Another program under development,
called "silence," scans a computer's hard drive for pirated music files and
attempts to delete them. One of the executives briefed on the silence program
said that it did not work properly and was being reworked because it was
deleting legitimate music files, too.
Other approaches that are being tested include launching an attack on personal
Internet connections, often called "interdiction," to prevent a person from
using a network while attempting to download pirated music or offer it to
others.
"There are a lot of things you can do — some quite nasty," said Marc
Morgenstern, the chief executive of Overpeer, a technology business that
receives support from several large media companies. Mr. Morgenstern refused
to identify his clients, citing confidentiality agreements with them. He
also said that his company does not and will not deploy any programs that
run afoul of the law. "Our philosophy is to make downloading pirated music
a difficult and frustrating experience without crossing the line." And while
he said "we develop stuff all the time," he was also quick to add that "at
the end of the day, my clients are trying to develop relationships with these
people." Overpeer, with 15 staff members, is the largest of about a dozen
businesses founded to create counterpiracy methods.
The music industry's five "majors" — the Universal Music Group, a unit
of Vivendi Universal; the Warner Music Group, a unit of AOL Time Warner;
Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI — have
all financed the development of counterpiracy programs, according to executives,
but none would discuss the details publicly. Warner Music issued a statement
saying: "We do everything we feel is appropriate, within the law, in order
to protect our copyrights." A spokeswoman for Universal Music said that the
company "is engaging in legal technical measures."
Whether the record companies decide to unleash a tougher anti-piracy campaign
has created a divide among some music executives concerned about finding
a balance between stamping out piracy and infuriating its music-listening
customers. There are also questions about whether companies could be held
liable by individuals who have had their computers attacked.
"Some of this stuff is going to be illegal," said Lawrence Lessig, a professor
at Stanford Law School who specializes in Internet copyright issues. "It
depends on if they are doing a sufficient amount of damage. The law has ways
to deal with copyright infringement. Freezing people's computers is not within
the scope of the copyright laws."
Randy Saaf, the president of MediaDefender, another company that receives
support from the record industry to frustrate pirates, told a congressional
hearing last September that his company "has a group of technologies that
could be very effective in combating piracy on peer-to-peer networks but
are not widely used because some customers have told us that they feel
uncomfortable with current ambiguities in computer hacking laws."
In an interview, he declined to identify those technologies for competitive
reasons. "We steer our customers away from anything invasive," he said.
Internet service providers are also nervous about anti-piracy programs that
could disrupt their systems. Sarah B. Deutsch, associate general counsel
of Verizon Communications, said she is concerned about any program that slows
down connections. "It could become a problem we don't know how to deal with,"
she said. "Any technology that has an effect on a user's ability to operate
their computer or use the network would be of extreme concern to us. I wouldn't
say we're against this completely. I would just say that we're concerned."
Verizon is already caught in its own battle with the recording industry.
A federal judge ordered Verizon to provide the Recording Industry Association
of America with the identities of customers suspected of making available
hundreds of copyrighted songs. The record companies are increasingly using
techniques to sniff out and collect the electronic addresses of computers
that distribute pirated music.
But the more aggressive approach could also generate a backlash against
individual artists and the music industry. When Madonna released "spoofed"
versions of songs from her new album on music sharing networks to frustrate
pirates, her own Web site was hacked into the next day and real copies of
her album were made available by hackers on her site.
The industry has tried to seek legislative support for aggressive measures.
Representative Howard L. Berman, Democrat of California, introduced a bill
last fall that would have limited the liability of copyright owners for using
tougher technical counterpiracy tactics to protect their works online. But
the bill was roundly criticized by privacy advocates. "There was such an
immediate attack that you couldn't get a rational dialogue going," said Cary
Sherman, president of the recording industry association. He said that while
his organization often briefs recording companies on legal issues related
to what he calls "self help" measures, "the companies deal with this stuff
on their own."
And as for the more extreme approaches, he said, "It is not uncommon for
engineers to think up new programs and code them. There are a lot of tantalizing
ideas out there — some in the gray area and some illegal — but
it doesn't mean they will be used."