Some of the world's biggest record companies, facing rampant online piracy,
are quietly financing the development and testing of software programs that
would sabotage the computers and Internet connections of people who download
pirated music, according to industry executives.
The record companies are exploring options on new countermeasures, which some
experts say have varying degrees of legality, to deter online theft: from
attacking personal Internet connections so as to slow or halt downloads of
pirated music to overwhelming the distribution networks with potentially
malicious programs that masquerade as music files.
If employed, the new tactics would be the most aggressive effort yet taken by
the recording industry to thwart music piracy, a problem that the IFPI, an
industry group, estimates costs the industry $4.3 billion in sales worldwide
annually. Until now, most of the industry's anti-piracy efforts have involved
filing lawsuits against companies and individuals that distribute pirated music.
Last week, four college students who had been sued by the industry settled the
suits by agreeing to stop operating networks that swap music and pay $12,000 to
$17,500 each.
The industry has also tried to frustrate pirates technologically by spreading
copies of fake music files across file-sharing networks like KaZaA and Morpheus.
This approach, called "spoofing," is considered legal but has had only
mild success, analysts say, proving to be more of a nuisance than an effective
deterrent.
The new measures under development take a more extreme — and antagonistic
— approach, according to executives who have been briefed on the software
programs.
Interest among record executives in using some of these more aggressive
programs has been piqued since a federal judge in Los Angeles ruled last month
that StreamCast Networks, the company that offers Morpheus, and Grokster,
another file-sharing service, were not guilty of copyright infringement. And
last week, the record industry turned a "chat" feature in popular
file-trading software programs to its benefit by sending out millions of
messages telling people: "When you break the law, you risk legal penalties.
There is a simple way to avoid that risk: DON'T STEAL MUSIC."
The deployment of this message through the file-sharing network, which the
Recording Industry Association of America said is an education effort, appears
to be legal. But other anti-piracy programs raise legal issues.
Since the law and the technology itself are new, the liabilities — criminal
and civil — are not easily defined. But some tactics are clearly more
problematic than others.
Among the more benign approaches being developed is one program, considered a
Trojan horse rather than a virus, that simply redirects users to Web sites where
they can legitimately buy the song they tried to download.
A more malicious program, dubbed "freeze," locks up a computer
system for a certain duration — minutes or possibly even hours — risking the
loss of data that was unsaved if the computer is restarted. It also displays a
warning about downloading pirated music. Another program under development,
called "silence," scans a computer's hard drive for pirated music
files and attempts to delete them. One of the executives briefed on the silence
program said that it did not work properly and was being reworked because it was
deleting legitimate music files, too.
Other approaches that are being tested include launching an attack on
personal Internet connections, often called "interdiction," to prevent
a person from using a network while attempting to download pirated music or
offer it to others.
"There are a lot of things you can do — some quite nasty," said
Marc Morgenstern, the chief executive of Overpeer, a technology business that
receives support from several large media companies. Mr. Morgenstern refused to
identify his clients, citing confidentiality agreements with them. He also said
that his company does not and will not deploy any programs that run afoul of the
law. "Our philosophy is to make downloading pirated music a difficult and
frustrating experience without crossing the line." And while he said
"we develop stuff all the time," he was also quick to add that
"at the end of the day, my clients are trying to develop relationships with
these people." Overpeer, with 15 staff members, is the largest of about a
dozen businesses founded to create counterpiracy methods.
The music industry's five "majors" — the Universal Music Group, a
unit of Vivendi
Universal; the Warner Music Group, a unit of AOL
Time Warner; Sony Music Entertainment; BMG, a unit of Bertelsmann; and EMI
— have all financed the development of counterpiracy programs, according to
executives, but none would discuss the details publicly. Warner Music issued a
statement saying: "We do everything we feel is appropriate, within the law,
in order to protect our copyrights." A spokeswoman for Universal Music said
that the company "is engaging in legal technical measures."
Whether the record companies decide to unleash a tougher anti-piracy campaign
has created a divide among some music executives concerned about finding a
balance between stamping out piracy and infuriating its music-listening
customers. There are also questions about whether companies could be held liable
by individuals who have had their computers attacked.
"Some of this stuff is going to be illegal," said Lawrence Lessig,
a professor at Stanford Law School who specializes in Internet copyright issues.
"It depends on if they are doing a sufficient amount of damage. The law has
ways to deal with copyright infringement. Freezing people's computers is not
within the scope of the copyright laws."
Randy Saaf, the president of MediaDefender, another company that receives
support from the record industry to frustrate pirates, told a congressional
hearing last September that his company "has a group of technologies that
could be very effective in combating piracy on peer-to-peer networks but are not
widely used because some customers have told us that they feel uncomfortable
with current ambiguities in computer hacking laws."
In an interview, he declined to identify those technologies for competitive
reasons. "We steer our customers away from anything invasive," he
said.
Internet service providers are also nervous about anti-piracy programs that
could disrupt their systems. Sarah B. Deutsch, associate general counsel of Verizon
Communications, said she is concerned about any program that slows down
connections. "It could become a problem we don't know how to deal
with," she said. "Any technology that has an effect on a user's
ability to operate their computer or use the network would be of extreme concern
to us. I wouldn't say we're against this completely. I would just say that we're
concerned."
Verizon is already caught in its own battle with the recording industry. A
federal judge ordered Verizon to provide the Recording Industry Association of
America with the identities of customers suspected of making available hundreds
of copyrighted songs. The record companies are increasingly using techniques to
sniff out and collect the electronic addresses of computers that distribute
pirated music.
But the more aggressive approach could also generate a backlash against
individual artists and the music industry. When Madonna released
"spoofed" versions of songs from her new album on music sharing
networks to frustrate pirates, her own Web site was hacked into the next day and
real copies of her album were made available by hackers on her site.
The industry has tried to seek legislative support for aggressive measures.
Representative Howard L. Berman, Democrat of California, introduced a bill last
fall that would have limited the liability of copyright owners for using tougher
technical counterpiracy tactics to protect their works online. But the bill was
roundly criticized by privacy advocates. "There was such an immediate
attack that you couldn't get a rational dialogue going," said Cary Sherman,
president of the recording industry association. He said that while his
organization often briefs recording companies on legal issues related to what he
calls "self help" measures, "the companies deal with this stuff
on their own."
And as for the more extreme approaches, he said, "It is not uncommon for
engineers to think up new programs and code them. There are a lot of tantalizing
ideas out there — some in the gray area and some illegal — but it doesn't
mean they will be used."