Feeds

This music will self destruct in 5 plays: RIAA looks to the future

The content protection you'll have to comply with

  • alert
  • submit to reddit

SANS - Survey on application security programs

Analysis The RIAA's announcement last week that it would develop a digital music ID system probably is the last desperate throw of an outflanked and outmoded industry, but it'll likely get worse before it gets better. The RIAA tries to pitch its system as a positive move for "future on-line music commerce," but there's a more ominous quote a little further down the food chain: "Very soon, licence terms will be associated with the digital information asset itself, and content protection technology will require that consumers comply with those terms."

Our emphasis, of course. This does not sound like an inoffensive, relatively neutral system that simply keeps track of the amounts music download operations should pay in royalties. Au contraire, friends, the clear message is that if you don't pay as you play your music will erase itself, and maybe even mail your details to the FBI while it's about it.

The quote itself is not from the RIAA, but from Rightscom, the British consulting outfit that will be managing development for the RIAA. But one can presume that Rightscom's views regarding the future of music sales and copy protection will have some considerable influence on the nature of the ID system developed, so the presence of self-destruct systems can be seen as an ultimate objective, if not a feature of the first rev of the software.

Although the RIAA itself hasn't gone this far in public, its suggested uses for the technology imply a fairly robust level of protection, and - surely - a conveniently drastic revision of the legal definitions of 'fair use.' Music will have embedded in it identifiers and limitations on use, so for example you could own it for a set number of days, or for a set number of plays. You could, says RIAA general counsel Cary Sherman, buy one-time access to a database of 100 songs to play during a party.

You could view that as meaning that people could buy cheap access to 100 songs they didn't have, just so they could make their party go better, or more suspicious people might think of it as the beginnings of a cunning plan to make you pay for the songs you play in public, at your party. Chaos and madness lies down the latter road, but we'll get back to that. We should however note that the legal toleration of home taping for personal use is a major obstacle for the recording industry's efforts to police copyright. If copying was just plain illegal, as with other software, their lives would be a lot simpler. So go figure.

According to Sherman: "The record industry world-wide needs an infrastructure that will facilitate new digital delivery systems for music systems. An effective identification system for digital files, that is capable of specifying each unique sound recording, in all its forms, is a key element of this infrastructure." Just a slight dose of chaos and madness here to whet your appetite: How does a unique sound recording know it's unique, and not a copy? If it's a recording sold to an individual for home play, how does it know it's not being played at a rave party in a barn in Gloucestershire? If it's being played at a party, how does it know if you're taking money at the door, rather than just having a few friends round?

At the moment Sherman explains the system as having data encoded in the header of the file that will allow rights holders to track royalty payments, depending on use, but as Rightscom is still at the specifying stage, and sounds decidedly more hawkish, the end product could be a lot tougher than that sounds. Surely, though, it's a fool's errand.

If you put the data in the header, then it can be stripped out fairly easily. But it can probably also be removed if you built it into the file itself as a watermark, and even if that was difficult, there are all sorts of likely holes in the system that could only be plugged by some kind of global digital police state. If you can copy the file, and you wind up with, say, 100 people who own the same file with the same ID, how do you tell who actually paid for it? And if you can tell who actually paid for it, doesn't that imply a rather more transactional system than rev 1.0 sounds like?

Music (today) is also something you buy for life, whereas encryption systems as we know them are just for Christmas. Anything you buy now will be trivial to crack in two years, tops, so your new smart music tracks will be as dumb as your old dumb ones RSN.

Even if for some reason you can't digitally copy the file, any audio recording equipment that doesn't understand your nice new ID system will surely just copy it anyway. So they need some kind of system that makes a bizarre, unpleasant noise, say like an Iron Butterfly track*, mysteriously record on the analogue equipment instead of whatever it was you tried to record. Or they need some kind of combo ID-encryption system that cunningly manages to retain its integrity after being transferred to tape, and magically reappears when you put it back to a digital PC format.

All of this is no doubt possible, given enough recording industry bucks to throw at crazed boffins, and its even possible that those bucks could be used to arrange for new audio equipment to be chipped so that it did understand the terms and conditions of the wonderful new music format. But then the old stuff has to be made illegal everywhere, all your old tapes and CDs have to be illegal too, and the offering of a non-IDed track for copying must in itself become illegal. Even the music business can't buy enough fingers to plug this dam - face it, people, it's over.

* Actually, there's a possible upside here. If selected atrocities - Grandad, the Birdie Song, Ebony and Ivory - could be irretrievably associated with piracy, it'd make pirates think thrice, and we'd never have to hear them in a public place again, right? ®

Related items:
usic biz to define digital music ID system
Register Full Coverage: The Napster Controversy

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.