By ANDREW ROSS SORKIN (New York Times)

Some of the world's biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people who download pirated music, according to industry executives.

The record companies are exploring options on new countermeasures, which some experts say have varying degrees of legality, to deter online theft: from attacking personal Internet connections so as to slow or halt downloads of pirated music to overwhelming the distribution networks with potentially malicious programs that masquerade as music files.

The covert campaign, parts of which may never be carried out because they could be illegal under state and federal wiretap laws, is being developed and tested by a cadre of small technology companies, the executives said.

If employed, the new tactics would be the most aggressive effort yet taken by the recording industry to thwart music piracy, a problem that the IFPI, an industry group, estimates costs the industry $4.3 billion in sales worldwide annually. Until now, most of the industry's anti-piracy efforts have involved filing lawsuits against companies and individuals that distribute pirated music. Last week, four college students who had been sued by the industry settled the suits by agreeing to stop operating networks that swap music and pay $12,000 to $17,500 each.

The industry has also tried to frustrate pirates technologically by spreading copies of fake music files across file-sharing networks like KaZaA and Morpheus. This approach, called "spoofing," is considered legal but has had only mild success, analysts say, proving to be more of a nuisance than an effective deterrent.

The new measures under development take a more extreme — and antagonistic — approach, according to executives who have been briefed on the software programs.

Interest among record executives in using some of these more aggressive programs has been piqued since a federal judge in Los Angeles ruled last month that StreamCast Networks, the company that offers Morpheus, and Grokster, another file-sharing service, were not guilty of copyright infringement. And last week, the record industry turned a "chat" feature in popular file-trading software programs to its benefit by sending out millions of messages telling people: "When you break the law, you risk legal penalties. There is a simple way to avoid that risk: DON'T STEAL MUSIC."

The deployment of this message through the file-sharing network, which the Recording Industry Association of America said is an education effort, appears to be legal. But other anti-piracy programs raise legal issues.

Since the law and the technology itself are new, the liabilities — criminal and civil — are not easily defined. But some tactics are clearly more problematic than others.

Among the more benign approaches being developed is one program, considered a Trojan horse rather than a virus, that simply redirects users to Web sites where they can legitimately buy the song they tried to download.

A more malicious program, dubbed "freeze," locks up a computer system for a certain duration — minutes or possibly even hours — risking the loss of data that was unsaved if the computer is restarted. It also displays a warning about downloading pirated music. Another program under development, called "silence," scans a computer's hard drive for pirated music files and attempts to delete them. One of the executives briefed on the silence program said that it did not work properly and was being reworked because it was deleting legitimate music files, too.

Other approaches that are being tested include launching an attack on personal Internet connections, often called "interdiction," to prevent a person from using a network while attempting to download pirated music or offer it to others.

"There are a lot of things you can do — some quite nasty," said Marc Morgenstern, the chief executive of Overpeer, a technology business that receives support from several large media companies. Mr. Morgenstern refused to identify his clients, citing confidentiality agreements with them. He also said that his company does not and will not deploy any programs that run afoul of the law. "Our philosophy is to make downloading pirated music a difficult and frustrating experience without crossing the line." And while he said "we develop stuff all the time," he was also quick to add that "at the end of the day, my clients are trying to develop relationships with these people." Overpeer, with 15 staff members, is the largest of about a dozen businesses founded to create counterpiracy methods.

The music industry's five "majors" — the Universal Music Group, a unit of Vivendi Universal; the Warner Music Group, a unit of AOL Time Warner; Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI — have all financed the development of counterpiracy programs, according to executives, but none would discuss the details publicly. Warner Music issued a statement saying: "We do everything we feel is appropriate, within the law, in order to protect our copyrights." A spokeswoman for Universal Music said that the company "is engaging in legal technical measures."

Whether the record companies decide to unleash a tougher anti-piracy campaign has created a divide among some music executives concerned about finding a balance between stamping out piracy and infuriating its music-listening customers. There are also questions about whether companies could be held liable by individuals who have had their computers attacked.

"Some of this stuff is going to be illegal," said Lawrence Lessig, a professor at Stanford Law School who specializes in Internet copyright issues. "It depends on if they are doing a sufficient amount of damage. The law has ways to deal with copyright infringement. Freezing people's computers is not within the scope of the copyright laws."

Randy Saaf, the president of MediaDefender, another company that receives support from the record industry to frustrate pirates, told a congressional hearing last September that his company "has a group of technologies that could be very effective in combating piracy on peer-to-peer networks but are not widely used because some customers have told us that they feel uncomfortable with current ambiguities in computer hacking laws."

In an interview, he declined to identify those technologies for competitive reasons. "We steer our customers away from anything invasive," he said.

Internet service providers are also nervous about anti-piracy programs that could disrupt their systems. Sarah B. Deutsch, associate general counsel of Verizon Communications, said she is concerned about any program that slows down connections. "It could become a problem we don't know how to deal with," she said. "Any technology that has an effect on a user's ability to operate their computer or use the network would be of extreme concern to us. I wouldn't say we're against this completely. I would just say that we're concerned."

Verizon is already caught in its own battle with the recording industry. A federal judge ordered Verizon to provide the Recording Industry Association of America with the identities of customers suspected of making available hundreds of copyrighted songs. The record companies are increasingly using techniques to sniff out and collect the electronic addresses of computers that distribute pirated music.

But the more aggressive approach could also generate a backlash against individual artists and the music industry. When Madonna released "spoofed" versions of songs from her new album on music sharing networks to frustrate pirates, her own Web site was hacked into the next day and real copies of her album were made available by hackers on her site.

The industry has tried to seek legislative support for aggressive measures. Representative Howard L. Berman, Democrat of California, introduced a bill last fall that would have limited the liability of copyright owners for using tougher technical counterpiracy tactics to protect their works online. But the bill was roundly criticized by privacy advocates. "There was such an immediate attack that you couldn't get a rational dialogue going," said Cary Sherman, president of the recording industry association. He said that while his organization often briefs recording companies on legal issues related to what he calls "self help" measures, "the companies deal with this stuff on their own."

And as for the more extreme approaches, he said, "It is not uncommon for engineers to think up new programs and code them. There are a lot of tantalizing ideas out there — some in the gray area and some illegal — but it doesn't mean they will be used."

Oh gno!?!?% I's so SKEERED!!! They gonna hax0r muh Linux b0xen, assume everyone uses Winblows! eEk@!?%!%#?

Really, i hope they all go to jail for trying this crap, its really pissing me off what they come up with these days.

ok, so as I see it here... A small "elite" team of programmers are going to attempt to make malicious programs that attack users, I.E. teens, college students, people that download music that may or may not know or be affiliated with organizations or circles that specialize in hacking, cracking, spoofing and the like that exist outside the boundries of the law...
Oh yah, they're in for a world of hurt if they piss off the wrong people. They think that just having their website go down due to hackers is a bad thing? Wait till RIAA ups the ante, and we'll see how long their office network lasts. It only takes one.

I hope the RIAA dose attack my computer. Ill be happy to sue there asses. It would be a nice pay day.

I hope they try to attack my computer. It's perfectly secure, moreso than any windows box can be. Bring it on, my mule's waiting for you.

Patience, my techno-savvy friends.

The RIAA will have a much larger problem to deal with beginning next week. They won't have time to mess with your computers. On May 14, they will no longer be able to ignore me.

And neither will anyone else.

http://www.azoz.com

meh. Let em try to do that with me and I'll get a few script kiddies to hunt em down and expose em to the rest of the hackers. I have my own music that I make from scratch on my own machine and I sometimes make loops with Cakewalk and share em so how do they know that these aren't my own files that I am sharing??? They just gonna random hack with this socalled software?

hmmmm, interesting.

oh and I have Madonna's Uncut version of 'American life' on my website right now lol. A little revenge for her Anti stance. and my WTF remix. how's the contest thingy coming along anyway?

sinisterx.com

The RIAA isn't welcome on my computer. I've strengthened my firewall and stealthed my ports. I disconnect from the Internet anyway, and turn off my computer, after each use. If the RIAA dares to put their hands on my computer, I will sue them in federal court for violating my property and hacking, a major cyber-crime. The RIAA is obsolete. Bring it on! :nod. Death to the RIAA.

It occurs to me that some of what we're observing in this is (obviously) a difference in philosophy. But perhaps not as cut & dried as the music execs and lawmakers are making it out to be...

File sharing is often portrayed as "piracy" and "theft" by those that claim to hold copyright on certain materials being transferred (conveniently
glossing over and ignoring all the swapping of non-copyrighted materials by the same technology.) Yet it has *never* been apparent to me in my research that the attitude of the file-sharers has been "I'm really saving a bundle by not having to buy any of this music!" In fact, if price-savings were the only reason for file-sharing, then we'd see much more of a "Tragedy of the Commons" effect, where no one bothered to share, and only downloaded files for their own gain.

Rather, it seems to me that the prevailing attitude is one of
out-and-out *rebellion* against the Corporate Juggernaut. Instead of
cost-savings, it seems that many of the file-sharing community engage in their practices specifically to "stick it to The Man", and perhaps show them that they don't want or appreciate being harnessed with the yoke of Consumerism, and the incessant little pop-ups, reminders, license do-dads, and so on that constantly pester you to send somebody, somewhere, your money. (I liken this to being nibbled to death by 1000 little fishies. You don't necessarily notice one or two, and none of them really hurt, but in aggregate, it saps away your life force [...your time, your attention, your savings, etc.] )

In this regard, we run into an interesting disconnect between the two groups:

-The Music Industry, thinking it's all about the money they're "losing" (rather than the customer loyalty they're actually losing), struggles to retain their hegemony and perceived "right" to collect money from the masses.
I personally feel that much of that "right" was actually earned
trade" by providing a service as middleman. They located, recorded, produced, and delivered music, for which service we paid them. Now that we have the ability to record and distribute (and yes, directly pay the artist for) such music, we no longer need that middleman. This has them scared, and it should.
As a friend said to me this weekend: "How many buggy-whip makers do you see, nowadays?"

-The file sharers, conversely, need to step up to the plate as well. Many of them already swap free software (and there is certainly the 'warez' crowd, too, but I'm talking about truly free, open-source software) and live
in a world that the RIAA and crew don't understand. But to really drive their point/philosophy home, they need to just *stop* dealing with the copyrighted stuff, and drop it completely. They need to not only swap truly 'open-source'
music, but they need to start *creating* it. (That's the thing that will take the most effort. It's much harder to create than it is to copy.)

If they're going to listen to copyrighted stuff, then they should consider paying the artists responsible for it. And the artists, for their part, should set up widely publicized (and perhaps encoded in the music files
themselves) addresses where they accept payment via PayPal or E-gold or what have you.

Then, in what would seem a fitting thumbing-of-the-nose to the RIAA, they could send the $0.30 (or whatever dismal cut the artist gets) directly to the artist as a "thank you" for producing the music, and leave out the
middleman costs for the promotion, advertising, cover art,
manufacturing, distribution, store-shelf-stocking, retail markup, etc. In short...all the services that they *didn't* use in downloading a digital copy of the music.

If people started paying artists directly, and creating their own open-source music, and otherwise *ignoring* the content of the music industry, then perhaps those folks in the industry would begin to realize that they are
becoming like the buggy-whip makers, and might begin to look toward their next career jump into something that actually needs to be done. (Like addressing homelessness, hunger, poor-water-quality, etc.!)

It just struck me in reading about this escalating battle that the two sides are really talking apples & oranges. The People seem to be rebelling
against the Corporate Death Star, and the music industry people seem to think that if they can just squash the Rebels, that everyone will get back into their cozy 1950's boxes and keep sending money their way.

They fought against cassettes, and against CD's, and against CD-R's, and against MiniDiscs, and against writable DVD's, and MP3, and so on. They
want it to be a one-way street, but it seems that the people have graduated beyond that.

Thoughts? Comments?

Pat

Generally, these are PROGRAMS that are in development. As long as the player (mp3/other) has no known exploits (update winamp to 2.9+), it is impossible to affect a computer in a negative way with "inert" data files, such as mp3s.

The user is going to have to be aware of the existence of malicious files (they SHOULD be already!) and be cautious; beware the double-extension (music-file.mp3.exe) and don't double-click to open items (use right-click context menus or file>open in the application).

They (anyone) have *no* magic fix for anything; any malicious program they have relies on the stupidity/ignorance of the user in order to work. Be aware, be safe.

Pat,

A - It's nice to see someone call it the "yoke of consumerism."

B - Overall, very nice explanation. As I'm sure you're aware, there are a large and growing number of musicians and other artists already putting the music out there. I also hope more people come to appreciate it and direct their energies away from just taking RIAA's junk-food. Seems like the artists could easily announce their methods for moolah through the use of comment fields in their songs, assuming people have the sense to double check their money is going to the right place before sending it anywhere.

You know, some pirates are associated with crime figures or the mob. Just as someone who ***ks around with the mob in Las Vegas disappears or pays their debt, I figure sooner or later someone in the RIAA wil get a visit too.

How many of you believe that the assasination of JFK was a conspiracy?

Dogpile,
Read my last post under Time loses something or other..About how Time Warner hacked Zapruders tape to aid in the Goverments cover up of the Kennedy murder. Sorry about using this forum to make my case for Conspiracy. I could convince you but I would have to use very unpleasant medical terms and facts found in the stolen autopsy reports and photos, which would be highly inappropriate for this forum. But I can tell you that Kennedy's murder was a necessity to put into motion the Gigantic comspiracy that even today, the RIAA is a tendril of. There are people running our Government right now that I'm sure know the names of the second and third shooter. Oh, and by the way, Lee Harvey Oswalds job was to shoot Gov. John Connely, which he botched, by shooting him in the leg.See if you can find the book, "None dare call it Conspiracy". I seriously doubt if it still exists due to the compelling articles written by former FBI and CIA agents.After reading it, I don't trust anyone anymore.

My answer to this is to use a little crackerbox computer with windows 95, and no other programs save kazaalite, once I dowload what I want, I'll check it for viruses and such, then transfer it to my high end unit for burning, editing etc.If they manage to sneak something in that damages it, no big deal, I'll wipe the disc and reload 95 and the firewalls ans stuff.

Pat,

You expressed very well the futility of the RIAA's moves against the consumer. What victory do they perceive by attempting to limit/thwart/remove technology? Technology is driving music today more than ever, and very few consumers are interested in "limited" music. Do they even try to perceive how many people are purchasing music simply because of the new technologies?

I think something that gets overlooked as well is the fact that the music industry is mostly responsible for the attitude of the copyright-sharing consumer, whether they will admit to it or not. The industry has hyped entertainment to such a perverse extreme that many consumers are now completely motivated (more like brainwashed) to acquiring only the latest, the hotest and the newest (actual talent taking the back seat). Once said entertainment is acquired, the hype impulse is to make known to anyone and everyone the fact that "I've got it". What transpires is a bit of decidedly show-offy behaivor in the sharing/displaying of what was captured. It is marketing success at its finest. Too bad the industry cannot fathom the possibilities of this phenomenon, as they are only interested in inciting fear and admonition against the base of prospects keeping their boat afloat.

That's it...break every comp in the world

Good post, Pat. I finally got back to my studio recording after taking about six months off to concentrate on school and other stuff. These proposed efforts of the perpetually clueless RIAA may end up wiping out the work of lots of legitimate indie artists. My studio uses a standalone digital audio workstation, but the final editing is done on my PC. Who's to say that someone using Pro Tools won't see their hard work inadvertantly destroyed by the same record industry that thought gluing portable CD players shut would be an effective measure against casual copying?

As far as the JFK assassination, the research I did on it last month turned up absolutely nothing to suggest that anyone besides Lee Harvey Oswald fired any shots at the presidential motorcade. However, even though I came across no credible evidence of a conspiracy, if any one group influenced Oswald, it was probably the Cubans.

I highly doubt Hitlary Rosen, General Cary Sherman or any other record industry goons are going to get their ticket punched by a high-powered rifle anytime soon. As satisfying as it might seem in light of the atrocities they have perpetrated against the public -- the DMCA, the death of Napster, Michael Jackson, etc. -- they're not exactly murdering people's families or anything.

May the RIAA and Clear Channel Communications die quick deaths.

OMG, wouldn't you know it! The powers that be are gonna resort to h4x0ring us all. When in fact the defacements they received in the past were labelled despicable crimes by their own security and pr guys... tsk tsk...

Can the anti-"piracy" hung-ups say "Ghost"??

Heh, its perfectly ok for the RIAA do hack because they are trying to defend their copyrights, but noone else can. Very fair. Isn't that the same system used to justify religious wars?

This is basically the same article as the RIAA is funding research to disable computers. Why does this site double post the same information so much?

And what is going to happen to free downloads?...how is the program going to discern legal from illegal?....RIAA sucks! I would say Napoleon and Hitler come to mind. Kinda like Do it our way or not at all......

Dick taters!...dick taters. put them out of business.

Still think it's a waste of the RIAA's time but I guess they have lots of time on their hands these days. meh.

We want a revolution, and we all want to change the world.

They don't care if their program can discern legal files from illegal ones. They're willing to piss off the artists, fans, politicians they haven't bought, Internet providers, and who knows who else in their efforts to destroy file tradiing. Like they'd really care about destroying only illegal files?

I came across this article:

A New P2P Help or Headache? "Cloaking Device" Makes The P2P Rounds
By: Charles Farrar
5-6-2003

CYBERSPACE - Klingon Empire, call your home world: the peer-to-peer file swapping community has developed its own cloaking device.

It's a freeware called PeerGuardian , and its creator says it can build a personal firewall that blocks as many as four million IP addresses to where, if they're P2P snoops, they can see what's being swapped but not touch the file to see if it was copyrighted material, according to Wired.

PeerGuardian began development in 2002, and its creator all but admits that he developed the freeware as much to hit back at the Recording Industry Association of America as to serve the P2P community.

Leonard told Wired he began work on PeerGuardian after file swap service Audiogalaxy was shut down last June to avoid RIAA litigation. "I was determined to do something in revenge, but something legal," he told the magazine. "I guess PeerGuardian is the closest I've come so far."

His timing couldn't have been better: the record industry, which long enough said it wouldn't target consumers while trying to stop copyright-infringing P2Ping, got its opening to do just that when a federal judge in Los Angeles ruled that file-swap services can't be held liable for copyright infringing that happens through their systems. And, last week, reports came forth indicating five major record labels back testing of programs that all but hack computers to zap MP3 music files right off the hard drives.

The website is: http://xs.tech.nu/


I don't know how well this program will work but thought I'd pass it along. As long as RIAA rules, RIAA rebels will always exist.

Sorry folks, if the link I gave above does not work when you click on it, use the copy and paste method.

let them come. i'll be waiting.

They will. We will be waiting. But what do we do then?

goldenpi,

not much. I dont think about it I simply enjoy the only good thing about the internet laely, P2P. I've been sharing for longer than I can remember whether this is true or not remains to be seen. Take what you read with a grain of salt. I'll believe all this when I see it.

This will result for sure in the rest of the world locking out the US!

If this goes out every single business firewall/router whatever will lock out us ip~s i know i will... ( so will my clients!). No one can afford a machine to crash.

long live p2p with or without the US!

hmm... did it occur to them that to make there 'programs' (or viruses) work we would have to download them and run them... either that or they'd have to (illegally) hack our computers to get the program there and running... surely what there doing is more of a crime than what we're doing... RIAA can go suck my balls! Hack my PC you little assholes! Just see what happens in return... I will have most the hacking community against you. And as i always we WILL win! The only way to get rid of software and music piracy is to get rid of the internet. and even then it would still happen just not on a large scale. Face facts, Software and Music piracy will never die! Hackers find ways around these things every day! Your losing more money by filing law suits than your making, cause you keep losing! Just stop moaning and give things away with the CD or something to make people buy the CD rather than download it! Software and Music Piracy has become too easy!

I remember in the 80's when tapes came out the music industry was freaking out. Because this meant that people could copy music. And they did. But they found a way to fix this and continue on. Formats change, we had beta then vhs, and now the change to full dvd takeover is near. And soon im usre there will be something else. The entertainment industry has been force feeding us this media, and format cgange over and over like a calf being shot feed food, to keep the veal worth its price.

Well when the mp3 came out, it changed the whole deal. Now music could be distributed freely, almost like the feelings that helped make the music, free. These companies dont hurt, they not poor. They scared old men, and scared old men in training, with theyr hand in a bag of money, afraid to loosen that grip theyve had. Not only on us but on the artists as well. And as opposed to looking rationally at the situation, they would rather think like a child. And lash out, looking the book at its cover, isntead of opening it up and seeing how powerful this mp3 media really is, and taking advantage of it. Wouldnt you say Macintosh is doing that, by buying Universal records, and giving owners of the ipod the ability to buy songs to download into theyr ipod. But wait, these are computer manufacturers, not the almighty record industry, what does Mac know about running a business and moving forward into the future with new ideals.

In short the record companies can do all they want to try to stop this, continually beating theyr head up against a closed door, trying desperatley to get inside to take control, if they would only see the door says "pull". And inside that room is kids ages 13-20 making new software to crack,remove, and or disable this new attempt the labels will make.

And i sit back and laugh, im a nobody, im not rich. But i love music, and its funny to see so many adults fight over it, like it was so many piles of shining silver, ready to buy them more items to live better and more comfortable, controlling music, but not feeling it. Music is the words of sorrow. These people dont know what that means