So the hue and cry about Apple playing the villain is getting tiresome. I guess this is the hangover from DRM, where music files had info the user didn’t want and felt limited/threatened by. But the RIAA got the desired end result — it became much more difficult to share files purchased through Apple’s music store.
But Apple was caught in an arms race against their own customers, and managed to leverage the success of iTunes to remove DRM from some files. Great news, right? I mean, people didn’t want the DRM removed so they could so anything they weren’t supposed/hadn’t agreed to do, right?
Not so fast.
EFF: DRM-free iTunes files carry “more than just names and e-mail addresses”:
Well, the Electronic Frontier Foundation picked up on this newfound information about the embedded personal data and investigated a bit further. As it turns out, the DRM-free AAC files from iTunes contain more than just names and e-mail addresses. While they decoded some DRM-free AAC files to PCM/WAV and found that there isn’t a watermark in the compressed audio signal, there are “surprisingly huge differences” in the encoded files. “Much bigger differences than just different tags, or even different signed/encrypted tags,” the EFF wrote.
Hmm, there is some additional information stored in the file. Wonder what it could be?
Apple’s File Labeling: An Effective Anticopying Tool?:
But there’s another problem – and a pretty big one. All a digital signature can do is verify that a file is the same one that was sold to a particular customer. If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.
Well, perhaps it’s something legitimate, like a hash of some unique data, like an iTunes account name/number, a timestamp of when the file was purchased, an order number. In fact, maybe the additional information is actually intended to protect legitimate purchasers who don’t make their files available on the network, and if they do, they have put themselves in a position to be prosecuted.
There is a big difference between privacy and anonymity. If you put your private information out on the street, you have no grounds to complain if by doing so you break the law and get punished for it. The EFF, et al, can thunder away about click-wrap agreements, but I think it’s pretty clear that there is an expectation that purchased goods will not be distributed freely.
Privacy and anonymity are conflated in a lot of these discussions. Perhaps this will serve as a way to clarify the issue.
Does this mean I agree with the RIAA cartel’s ham-fisted approach to customer relations? Not a bit of it. Their place in the pantheon of idiots is assured. But at the same time, do I think that people who buy something, even a string of bits with no tangible characteristics, and then give that away and deprive the seller of additional revenue, shouldn’t be punished? Nope.
If this is what Apple is doing, it’s perhaps the first intelligent thing to happen in this ongoing mess: cutting the supply of illegal goods will have more of an impact than going after the people who download copies.
Apple could be more transparent on this but at the risk of helping someone anonymize these files. What reason does a legitimate music listener have to do that vs someone who wants to distribute files with no identifying information?
As a thought experiment, what info does Apple have access to (and no one else does) that it could use to watermark a file so no one could forge your ownership of it:
- the timestamp of the purchase. Heck, you’d have to guess the time zone as well (UTC? PDT?)
- the purchase method (gift card, credit card, PayPal)
- the type of card, if a credit/debit card (these could numeric values, not text)
- the client software version (iTunes) (again, a number)
- the OS version
- the hardware type (mine is PowerBook 6,3 — go nuts)
- the referring URL (the store is a webserver of sorts, after all)
If you can somehow derive all of that info and encode it in a file and get me in hot water with the Man, that’s pretty clever. That could all be just a long numeric value with certain places assigned to specific values. Add in some private key encryption, and if Apple is on the side of the angels, as I choose to believe they are, this would be pretty hard to break and not worth it for the kind of low-end pranking everyone seems afraid of.