Apple's New DRM-Free Music Service Not So Free

Attention, pirates and purchasers of digital music alike!

On Wednesday, Apple officially launched its new, long-awaited DRM-free music download service. It's called iTunes Plus.

But don't get too excited, music fans. Whereas before, in the DRM (digital rights management) world, every song you downloaded from iTunes was wrapped in protective code that could hinder your personal use of the product (bad), songs downloaded from iTunes Plus are apparently not as "liberated" as Apple may have liked us to believe.

Thanks to the savvy research writers over at technology news site Ars Technica, some light has been shed on Apple's new service. As Ars Technica found out, songs sold on iTunes Plus without DRM "still have a user's full name and account e-mail embedded in them, which means that dropping that new DRM-free song on your favorite P2P network could come back to bite you." This is something that the folks at Apple probably didn't want anyone to find out so soon.

In other words, when you buy a song from iTunes Plus, your personal identification info will be automatically embedded into the song, much like DRM restrictions were embedded into songs purchased in the original iTunes. Once enough consumers buy songs from this new service, Apple will then have a wealth of usage tracking data at its disposal. Wherever all those little songs go... Apple will be watching. And if you put that song you bought from iTunes Plus up on a peer-to-peer free download network like Soulseek (yeah, we know; morally, you shouldn't share songs on a free network, but whether you like it or not, P2P networks will continue to thrive, even in the face of threats from the RIAA... so get used to it, music industry) Apple will, theoretically, be able to track your ass down (unless you're good at masking your e-identity). Then it's just a game of odds as to whether you get sued for copyright infringement or not.

For another take on this story, go here.

*Images courtesy of Wikipedia.

Contact the author of this article or email tips@austinist.com with further questions, comments or tips.

By s in Arts & Entertainment on June 1, 2007 1:13 PM 0 Comments

Comments [rss]

Jon

I can't see what the fuss is about. Apple haven't told anyone up-front that this information is in the files, and none of the coverage of this issue has gone into any depth as to the technicalities of how it is embedded (is it obfuscated? encrypted? etc.); so I wouldn't read too much into it. It may be trivial to strip (again: no coverage I've seen has enough technical info to be sure) should you want to, it may not.

s

One more interesting article from Ars Technica (I'd link these, but hyperlinks aren't allowed in comments):

In DRM we trust: world collection societies wring hands over P2P copying (June 03, 2007)

CISAC, the worldwide body that represents collection societies, held a two-day conference in Brussels on Thursday and Friday to tackle a thorny question: how do artists get paid in a digital world?

CISAC is the International Confederation of Authors and Composers Societies, a meta-collection society that has the distinction of having booted Russia's ROMS out of the group after ROMS isued a blanket music license to AllOfMP3.com several years ago. The various collection societies that make up CISAC patrol the globe, collecting payments from restaurants and retail stores that play music while shoppers shop and diners eat (among other things; it's quite a varied group). That money is collected and then distributed to artists—but CISAC is concerned that digital technology and file-sharing are eviscerating revenues.

These societies administer licenses under which users who pay the appropriate license fee can play as much music as they want for their customers. A restaurant, for instance, might pay an annual fee to play recorded music; that money is then distributed to individual performers based on a set of byzantine formulas, market sampling statistics, and the sacrifice of a goat.

In an interview with the Register, CISAC's director general expressed strong opposition to extending this licensing scheme to home computer users. The proposal is that all broadband users in a country might pay a yearly fee as part of their broadband bill and then could download as much music as they like, from whatever source they like. The revenue would be then be parceled out to artists, who might stand to make plenty if everyone paid a small(ish) fee. It's not a new idea: Barenaked Ladies guitarist Steven Page thinks this is the right approach, and it's been suggested by others who see it as the solution to the file-sharing problem.

Eric Baptiste of CISAC believes that this proposal is utterly unworkable, though, and in the interview called for strengthening the current system under which each home user pays for each product (a song or album) at a price set by that song's owner. The great disadvantage of the current system is that it requires a massive enforcement regime to keep people from trading music without paying each time they do so, and enforcement isn't working so well. Baptiste believes that more technology and more DRM could solve the problem.

Perhaps he should have listened to some of the other speakers at the conference, like British Telecom's CEO Ben Verwaayen. "Regardless of your moral outrage, people will continue to download on peer-to-peer networks," Verwaayen said in his speech, according to The Hollywood Reporter. Mark Selby of Nokia said that "the current situation is a nonsense. It is like arguing over the color of your stable lock long after the horse has bolted. If anyone believes that technology can offer total protection, they are living on another planet."

The Italian delegation to the meeting had its own idea about ways to raise public awareness of artists' contribution to society: strike. The idea would be to stop licensing all public performance rights for a single week in June to show shoppers and pub-crawlers what a world without ambient music would be like. This could backfire, though; some people might decide that it's nice.

s

From "Listening Post," a Wired Magazine blog:

Why Is DRM-Free Music Tagged With Name and E-Mail? Apple Keeps Mum

By Wired News reporter Cyrus Farivar

Itunes Apple has declined to explain why its new DRM-free music files are watermarked with users' names and e-mail addresses.

Earlier this week, Apple iTunes 7.2 brought the new ability to download tracks from EMI Records without copy protection. But the unprotected files are labeled with the buyer's details, leading some to wonder if Apple is appending the information as an anti-piracy measure.

But Apple is remaining mum about its reasoning.

An Apple spokesman suggested by e-mail that Wired News contact Michael Gartenberg, an analyst at Jupiter Research who has been briefed about iTunes Plus. The Apple spokesman didn't respond to further requests for comment.

Gartenberg said there are many reasons why Apple would want to tag music sold through the iTunes store. The information could be used as a proof of purchase, or to facilitate upgrades (songs previously bought through iTunes can be upgraded to higher fidelity versions for an extra 30 cents). The identifier could help identify songs missing from albums (iTunes offers a "complete album" feature), as well as to thwart piracy.

"In terms of sharing files, you're not legally permitted to do that anyway," he said. "You weren't supposed to that in the first place. You've technically violated the service agreement. Just because you've taken away the locks on the doors doesn't mean you can walk into someone's house and walk away with the TV set."

Meanwhile, eMusic, which also sells music without copyright protection, does not tag customers' purchases with any information that can be used to identify them.

"We don't put any identifying info on our files," said Cathy Halgas Nevins, a spokesperson for eMusic.

Still, that hasn't stopped privacy advocates from crying foul, especially because the identifying information isn't hidden or encrypted.

"There's absolutely no reason that it had to be embedded, unencrypted and in the clear," said Fred von Lohmann, a senior intellectual property attorney at the Electronic Frontier Foundation. "Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner."

However, it would appear that short of spamming the iPod owner, there doesn't seem to be any compelling reason to encrypt that data – except for privacy's own sake. It is highly unlikely that any meaningful harm in terms of identity theft or harassment would come to the person who had lost their iPod in the manner that von Lohmann describes.

Nonetheless, he added that it would be very trivial for Apple to fix this problem by encrypting that information and "preserving any forensics value this might have."

Still, both Gartenberg and von Lohmann agreed that it's likely that enterprising software developers would quickly develop a way to circumvent, strip or otherwise spoof this information on the newly unprotected iTunes tracks.

"I'm also fully expecting that someone will build a tool that will change the name and e-mail address to Steve Jobs and stevejobs@apple.com," he said. "If there's one thing we've seen about the internet, [it's that] people are sometimes able to build tools that help themselves."

Danno

It's gonna be, what, two days before there's an application to strip all identifying information from your entire library?

and then

So nearly the first technology coverage in Austinist that I have ever noticed. I wish you would stick to Austin activities. I support the service and the information provided...but seriously. Jumping on the freshman at UT mentality of stealing music and feeling ripped off when someone makes it tough, thats just idiotic.

Ars Technica is the right forum for this drivel, because they write exclusively about tech. Finding such commentary endorsing the ripping off of all the local and national bands that make this city so great and this site is simultaneously used to support, disappointing.

Tim

I have no sympathy. I'm anti-DRM because I run Linux and don't like to be told what I can do with the music I buy. I do, however, believe in actually supporting artists and buying music. I just bought some of the new DRM-free tracks last night.

The people who are pissed off by this are actually thieves. There's no legitimate reason this would be a problem for someone who buys music for their own personal use. I find the bias in this story odd to find on a site like Austinist that supports so many local bands.

I'm all for the destruction of the major record companies and the RIAA, but you still have to pay to support the little guy. Otherwise we're just destroying music as a livelihood all together.

paranoidpirates

so the DRM free songs have the same tags as every other song you buy from iTunes? what is the big deal?

I wouldn't exactly call it "hiding"if it has been there since 2003. The info is in plain view. Take a new DRM free track and do a Get Info on it in iTunes. It displays:

Kind: Purchased ACC audio file

Purchased by: [me]

Account Name: [my email]

Purchase Date: [date]

along with all the other related meta data.

Looks to be right out in front if you ask me.