Who is spying on your downloads?

The recording industry would love to keep tabs on every Napster trader or Gnutella user, but even the sneakiest software won't stop music piracy.

Published March 27, 2001 8:28PM (EST)

I can see you. I know that you recently downloaded the latest Limp Bizkit album off Gnutella, plus a few Korn singles and as much of Dr. Dre's back catalog as you could find. I know that you dabble in pornography, especially pictures of buxom cheerleaders. I know that you have been struggling to download a DivX copy of "The Matrix" -- although every copy you find is incomplete -- and that you own pirated versions of Quake and Photoshop. I know that your IP address is 28.294.22.1, your ISP is Earthlink, and you logged in last at 2:26 a.m.

The recording industry is watching you. Or so the most recent media reports would have you believe. As the Napster wars keep escalating, the recording industry is redoubling its efforts in the hunt for new and improved ways to keep its music out of your shared databases. The newest tactic is surveillance. Increasingly, the recording industry is watching individual users on any given peer-to-peer (P2P) network, using programs like Copyright Agent and Media Tracker to discern who is downloading what and when.

You always knew that it was possible to peek into the hard drive of another user on a peer-to-peer network; that's what P2P is all about, right? Using Napster's "Hotlist" feature, for example, you yourself might even track daily changes in your favorite users' collections. And of course, you always knew that your username was attached to an IP address, and an IP address was attached to an ISP, and that it was possible that someone could figure out who you were and what you were downloading. Maybe you were even one of the lucky few who were blocked from Napster because you had a Metallica song in your collection: You were a pioneer in discovering that file trading isn't quite as inconspicuous as most people once imagined.

But P2P networks always seemed anonymous. There were, after all, millions of users on them; what were the odds that anyone was personally watching you?

Perhaps you shouldn't have bet against those odds, because these days the record industry is trying to watch you. But that doesn't mean that it's time for you to log off in fear of Big Brother. P2P industry veterans believe the surveillance campaign is more of a scare tactic than an effective tool; and despite the recording industry's attempts to watch you, they are sure it won't make a difference to P2P in the long run. As Eben Moglen, professor of law and legal history at Columbia University, puts it, "Is the RIAA and its friends doing some kind of technology surveillance? Yes. Is it going to work? No. It's really dumb. It's another serious mistake by an industry going out of business in the stupidest way, bumping its head on the steps on the way down, because the record industry was always a bunch of thugs and that's what they still are."

This week, the technology news site 7amnews exposed a program called Media Tracker, which the International Federation of the Phonographic Industry (IFPI), the British equivalent of the Recording Industry Association of America (RIAA), has reportedly begun using to track individual users on any given peer-to-peer network. 7amnews published screenshots depicting a program that can track a user's collection of shared files, grab his IP address and then automatically send a warning letter to the user's ISP demanding that the user stop sharing his or her files.

Although neither the IFPI nor the RIAA was reachable by press time to confirm whether Media Tracker was in fact being used by the recording industry, it seems a fair bet that if it hasn't yet happened, it's just a matter of time until it does.

Marketing firms such as Big Champagne have already launched programs that track usage of P2P networks in the name of market research and sell the results to entertainment industry clients. Although Big Champagne promises that it tracks only general trends, and doesn't share information about specific users, there's nothing to stop the recording industry from developing its own programs that do.

Similarly, Napster is now contending with a company called Copyright.net, which conducts stings on P2P users. In late February, at the request of dead singer Roy Orbison's estate, Copyright.net's "Copyright Agent" software tracked over 1 million Orbison songs being traded on Napster. After grabbing the IP addresses of those Roy Orbison fans, Copyright.net subpoenaed their ISPs and requested the users' names. The company then forced Napster to block 60,000 fans from its service. (Playing both sides of the fence, however, Copyright.net also helps blocked users get reinstated back on the Napster system.)

Is such snooping an invasion of privacy? Technically, no. Anything you put in the public directory of your P2P software is fair game -- that's why the surveillance software can find it. And if you get in trouble for having those Limp Bizkit tunes in your public directory, well, that's your own problem too. You are allowing the general public to pirate copyrighted tunes off your hard drive -- no matter if your own MP3 copies are perfectly legal.

But that doesn't mean that surveillance is justified; can the recording industry really find no other solution to piracy except to play Big Brother and snoop on its fans? And will the tools really work, anyway?

Under the terms of the Digital Millennium Copyright Act, an ISP is required to remove a user from its system if a copyright owner insists that that user is infringing. In other words, the recording industry could force ISPs to monitor their own users or face the legal consequences. But it's an onerous burden on the ISPs to be constantly tackling them with legal warnings; some ISPs are already refusing to comply with such subpoenas. Verizon recently refused to comply with a Copyright.net subpoena, insisting that the request was not legal under the DMCA.

So, would the recording industry then sue the ISPs -- which are, increasingly, enormous telecommunications monopolies? Unlikely, says Eben Moglen. Nor, he says, would it make sense for the recording industry to try to sue, or even legally threaten, the individual users who are swapping those files.

First of all, there are simply too many P2P users to track. Moglen has been monitoring over 100 OpenNap and Napster servers, and estimates that there is approximately a terabyte of information available at any given time, essentially "vast amounts of useless data." "So given that terabyte of music shared by tens of thousands of people, is it technically feasible to collect information on those people?" asks Moglen. "Yes. it's feasible. So let's say they're collecting information on a terabyte of music. What are they going to do with that? Send a lot of e-mail messages at best. What will the people do with those e-mails? Throw them away. Is the record industry going to sue each and every one? Let's get real."

But perhaps the entertainment industry merely wants to put the fear of God into music fans who are trading copyrighted MP3 tunes (and porn, and warez, and pirated films, and whatever else you might imagine). It's possible that by picking out a few dozen of the most egregious offenders on various P2P networks, the recording industry would scare the rest of the user base into good behavior. RIAA counsel Cary Sherman has already hinted that the RIAA is considering employing this tactic against Gnutella users. In that case, programs like Media Tracker aren't really weapons -- they are elements in a public relations campaign of terror.

Scaring your customers isn't, however, a particularly logical move. If the Metallica P.R. debacle of last year proved anything, it's that insulting and alienating your fan base isn't likely to make you any new fans. Instead, Napster users redoubled their efforts to pirate Metallica tunes in order to thumb their noses at the band that was threatening to close down their favorite software. As Moglen puts it, "It's a dumb thing to scare people, because if you scare them they will hate you, and they are your customers."

Furthermore, can the record industry really keep ahead of the latest peer-to-peer software developments? Although Media Tracker or Copyright Agent may be effective monitors of networks like Napster or Gnutella, more distributed systems like Freenet or Mojo Nation are relatively immune to surveillance. When a file is uploaded to Freenet, for example, it gets passed around the servers on the network and comes to rest on various "nodes," which don't necessarily belong to the person who originally uploaded the file. In other words, while the recording industry might observe that Limp Bizkit tune being stored at a certain IP address, it's not a given that that IP address even knows that the file is there.

Explains Ian Clarke, developer of Freenet, "If you request a file from a Freenet node it will get it for you, without betraying whether it was on that node previously or not. It might be stored on that node after you requested it, but it would be silly to blame someone for having some data on their computer that you put there. That would be akin to planting drugs on someone before arresting them."

As Gene Kan, the de facto spokesperson for Gnutella, observes, the game of P2P surveillance is a kind of arms race. Technologists are going to keep inventing ever-more-wily software in order to evade industry snoops. And the industry will continue to evolve new strategies for working around that new software. Says Kan, "It's like an auction dilemma. This is a case where the tracking technique is going to incrementally catch up with the technology -- You bid a dollar, I bid a dollar and 1 cent. Technology and tracking are moving in lockstep with each other, and technology is always going to lead the way."

Arguably, the most effective way to stop music fans from pirating tunes would be to create alternatives for them: to work with Napster, or Gnutella, or any other P2P software to create a viable, legal alternative. More than a year into the war against Napster, fans are still innovating new ways to beat the system, and the recording industry has yet to produce a subscription model service that gives fans access to the music they apparently crave.

And so, the weapons of Big Brother are developed, while it remains unclear exactly how they will be wielded in the future. Sighs Kan, "Whatever happens, it certainly is going to alienate a lot of music fans."


By Janelle Brown

Janelle Brown is a contributing writer for Salon.

MORE FROM Janelle Brown


Related Topics ------------------------------------------