3 May 2003


The New York Times, May 4, 2003

Software Bullet Is Sought to Kill Musical Piracy

By ANDREW ROSS SORKIN

Some of the world's biggest record companies, facing rampant online piracy, are quietly financing the development and testing of software programs that would sabotage the computers and Internet connections of people who download pirated music, according to industry executives.

The record companies are exploring options on new countermeasures, which some experts say have varying degrees of legality, to deter online theft: from attacking personal Internet connections so as to slow or halt downloads of pirated music to overwhelming the distribution networks with potentially malicious programs that masquerade as music files.

The covert campaign, parts of which may never be carried out because they could be illegal under state and federal wiretap laws, is being developed and tested by a cadre of small technology companies, the executives said.

If employed, the new tactics would be the most aggressive effort yet taken by the recording industry to thwart music piracy, a problem that the IFPI, an industry group, estimates costs the industry $4.3 billion in sales worldwide annually. Until now, most of the industry's anti-piracy efforts have involved filing lawsuits against companies and individuals that distribute pirated music. Last week, four college students who had been sued by the industry settled the suits by agreeing to stop operating networks that swap music and pay $12,000 to $17,500 each.

The industry has also tried to frustrate pirates technologically by spreading copies of fake music files across file-sharing networks like KaZaA and Morpheus. This approach, called "spoofing," is considered legal but has had only mild success, analysts say, proving to be more of a nuisance than an effective deterrent.

The new measures under development take a more extreme — and antagonistic — approach, according to executives who have been briefed on the software programs.

Interest among record executives in using some of these more aggressive programs has been piqued since a federal judge in Los Angeles ruled last month that StreamCast Networks, the company that offers Morpheus, and Grokster, another file-sharing service, were not guilty of copyright infringement. And last week, the record industry turned a "chat" feature in popular file-trading software programs to its benefit by sending out millions of messages telling people: "When you break the law, you risk legal penalties. There is a simple way to avoid that risk: DON'T STEAL MUSIC."

The deployment of this message through the file-sharing network, which the Recording Industry Association of America said is an education effort, appears to be legal. But other anti-piracy programs raise legal issues.

Since the law and the technology itself are new, the liabilities — criminal and civil — are not easily defined. But some tactics are clearly more problematic than others.

Among the more benign approaches being developed is one program, considered a Trojan horse rather than a virus, that simply redirects users to Web sites where they can legitimately buy the song they tried to download.

A more malicious program, dubbed "freeze," locks up a computer system for a certain duration — minutes or possibly even hours — risking the loss of data that was unsaved if the computer is restarted. It also displays a warning about downloading pirated music. Another program under development, called "silence," scans a computer's hard drive for pirated music files and attempts to delete them. One of the executives briefed on the silence program said that it did not work properly and was being reworked because it was deleting legitimate music files, too.

Other approaches that are being tested include launching an attack on personal Internet connections, often called "interdiction," to prevent a person from using a network while attempting to download pirated music or offer it to others.

"There are a lot of things you can do — some quite nasty," said Marc Morgenstern, the chief executive of Overpeer, a technology business that receives support from several large media companies. Mr. Morgenstern refused to identify his clients, citing confidentiality agreements with them. He also said that his company does not and will not deploy any programs that run afoul of the law. "Our philosophy is to make downloading pirated music a difficult and frustrating experience without crossing the line." And while he said "we develop stuff all the time," he was also quick to add that "at the end of the day, my clients are trying to develop relationships with these people." Overpeer, with 15 staff members, is the largest of about a dozen businesses founded to create counterpiracy methods.

The music industry's five "majors" — the Universal Music Group, a unit of Vivendi Universal; the Warner Music Group, a unit of AOL Time Warner; Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI — have all financed the development of counterpiracy programs, according to executives, but none would discuss the details publicly. Warner Music issued a statement saying: "We do everything we feel is appropriate, within the law, in order to protect our copyrights." A spokeswoman for Universal Music said that the company "is engaging in legal technical measures."

Whether the record companies decide to unleash a tougher anti-piracy campaign has created a divide among some music executives concerned about finding a balance between stamping out piracy and infuriating its music-listening customers. There are also questions about whether companies could be held liable by individuals who have had their computers attacked.

"Some of this stuff is going to be illegal," said Lawrence Lessig, a professor at Stanford Law School who specializes in Internet copyright issues. "It depends on if they are doing a sufficient amount of damage. The law has ways to deal with copyright infringement. Freezing people's computers is not within the scope of the copyright laws."

Randy Saaf, the president of MediaDefender, another company that receives support from the record industry to frustrate pirates, told a congressional hearing last September that his company "has a group of technologies that could be very effective in combating piracy on peer-to-peer networks but are not widely used because some customers have told us that they feel uncomfortable with current ambiguities in computer hacking laws."

In an interview, he declined to identify those technologies for competitive reasons. "We steer our customers away from anything invasive," he said.

Internet service providers are also nervous about anti-piracy programs that could disrupt their systems. Sarah B. Deutsch, associate general counsel of Verizon Communications, said she is concerned about any program that slows down connections. "It could become a problem we don't know how to deal with," she said. "Any technology that has an effect on a user's ability to operate their computer or use the network would be of extreme concern to us. I wouldn't say we're against this completely. I would just say that we're concerned."

Verizon is already caught in its own battle with the recording industry. A federal judge ordered Verizon to provide the Recording Industry Association of America with the identities of customers suspected of making available hundreds of copyrighted songs. The record companies are increasingly using techniques to sniff out and collect the electronic addresses of computers that distribute pirated music.

But the more aggressive approach could also generate a backlash against individual artists and the music industry. When Madonna released "spoofed" versions of songs from her new album on music sharing networks to frustrate pirates, her own Web site was hacked into the next day and real copies of her album were made available by hackers on her site.

The industry has tried to seek legislative support for aggressive measures. Representative Howard L. Berman, Democrat of California, introduced a bill last fall that would have limited the liability of copyright owners for using tougher technical counterpiracy tactics to protect their works online. But the bill was roundly criticized by privacy advocates. "There was such an immediate attack that you couldn't get a rational dialogue going," said Cary Sherman, president of the recording industry association. He said that while his organization often briefs recording companies on legal issues related to what he calls "self help" measures, "the companies deal with this stuff on their own."

And as for the more extreme approaches, he said, "It is not uncommon for engineers to think up new programs and code them. There are a lot of tantalizing ideas out there — some in the gray area and some illegal — but it doesn't mean they will be used."