File Sharing’s Funny Math

by on June 7, 2007 · 34 comments

Recently we learned that Apple has begun embedding information in MP3s sold by the iTunes Store that identifies the purchaser of the song. Randy Picker speculated that one motivation for this could be a form of “mistrust-based” DRM: that people would be worried about getting in trouble if a song with their name on it was released into the wild, and so fewer people would share their files.

Ed Felten suggests some reasons that this strategy might not work so well:

Fred von Lohmann responded, suggesting that Apple should have encrypted the information, to protect privacy while still allowing Apple to identify the original buyer if necessary. Randy responded that there was a benefit to letting third parties do enforcement.

More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.

If you’re not a crypto person, you may not realize that there are different tools for keeping information secret than for detecting tampering – in the lingo, different tools for ensuring confidentiality than for ensuring integrity. Apple could have used crypto to protect the integrity of the data. Done right, this would let Apple detect whether the name information in a file was accurate. (You might worry that somebody could transplant the name header from one file to another, but proper crypto will detect that.) Whether to use this kind of integrity check is a separate question from whether to encrypt the information — you can do either, or both, or neither.

From a security standpoint, the best way to do guarantee integrity in this case is to digitally sign the name data, using a key known only to Apple. There’s a separate key used for verifying that the data hasn’t been modified. Apple could choose to publish this verification key if they wanted to let third parties verify the name information in files.

But there’s another problem – and a pretty big one. All a digital signature can do is verify that a file is the same one that was sold to a particular customer. If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.

Actually, since Felten wrote his post, Peter Eckersly at EFF has examined the new iTunes format and found that there actually is a field that appears to be a cryptographic signature. So it’s likely that Apple is able to detect if the name and email address are tampered with.

Felten’s last point is an excellent one. I think there’s also a more fundamental criticism to be made of Picker’s argument. “Mistrust-based” DRM could very well reduce the number of people who upload a given file to peer-to-peer networks. But unless you can reduce that number to zero, it’s not going to do any good. Peer-to-peer networks only have to be “seeded” with one copy of a pirated file for the sharing process to start. Once that’s happened, it doesn’t really matter if subsequent users upload their own copies or share a copy of the originally-uploaded file.

So Picker’s scheme will fail if there is just one person who (1) Doesn’t know about the embedded information, (2) Doesn’t care about being caught, (3) Knows how to download tools for stripping such information out of the file, or (4) has access to a copy of the file in a non-DRMed format such as a CD. There might be a handful of really obscure songs that could be kept off of file-sharing networks this way, but for mainstream songs (which are the ones where sharing really hurts the labels’ bottom line) there’s almost guaranteed to be at least one person willing and able to upload the file.

This is counter-intuitive. With traditional burglary, reducing the number of break-ins by 50 percent will (all else being equal) reduce the damage caused by burglary by 50 percent. But with file-sharing, reducing the number of people uploading pirated tracks by 50 percent will, to a first approximation, have no effect at all on the damage done by online piracy. At worst, it will take a few more hours for the files to spread through the network. Coming up with ever-more elaborate ways to prevent uploading is a waste of time, because you’re never going to get the uploading rate down to zero. And as long as the uploading rate for a file is larger than zero, the file will be available to every P2P user who wants a copy.

  • http://www.pff.org Noel

    ***“Mistrust-based” DRM could very well reduce the number of people who upload a given file to peer-to-peer networks. But unless you can reduce that number to zero, it’s not going to do any good.***

    Here is your absolutist reasoning at work again Tim. It falls inline with how you argue that unless DRM or the DMCA stop *all* piracy, there is no point in them, and how you argue that unless patents have 100% correlation with innovation, that they are no good, and how you argue that if DMCA 1201 affects *any* reverse engineering that it stifles innovation.

    A more nuanced approach would be to state that mistrust based DRM is valuable if it reduces piracy to levels where its economical for creators to invest in online distribution.

  • Doug Lay

    Noel, your lack of technical background is showing here. It only takes one uploaded copy of a file for the file to become globally available. It’s a binomial distribution, not a multinomial distribution. Either a file is available or it’s not. A single copy is as good as ten thousand copies.

    Techniques that can reduce the number of downloaders can be effective incrementally. Techniques to reduce the number of uploaders, however, are only effective at all if they reduce available copies of a file to zero.

  • http://www.pff.org Noel

    ***“Mistrust-based” DRM could very well reduce the number of people who upload a given file to peer-to-peer networks. But unless you can reduce that number to zero, it’s not going to do any good.***

    Here is your absolutist reasoning at work again Tim. It falls inline with how you argue that unless DRM or the DMCA stop *all* piracy, there is no point in them, and how you argue that unless patents have 100% correlation with innovation, that they are no good, and how you argue that if DMCA 1201 affects *any* reverse engineering that it stifles innovation.

    A more nuanced approach would be to state that mistrust based DRM is valuable if it reduces piracy to levels where its economical for creators to invest in online distribution.

  • http://www.pff.org Noel

    Doug, you adopt Tim’s logic. Imitation really is the best form of flattery, but is it wise:)

  • Doug Lay

    Noel, you can run around spouting 2=2=7 all you want. It’s a free country. I just hope no content holders seriously think you’re going to be able to save their bacon taking that approach.

  • Doug Lay

    Noel, your lack of technical background is showing here. It only takes one uploaded copy of a file for the file to become globally available. It’s a binomial distribution, not a multinomial distribution. Either a file is available or it’s not. A single copy is as good as ten thousand copies.

    Techniques that can reduce the number of downloaders can be effective incrementally. Techniques to reduce the number of uploaders, however, are only effective at all if they reduce available copies of a file to zero.

  • http://www.freedom-to-tinker.com Ed Felten

    As Tim points out in the post, Peter Eckersley found a signature field in the Apple files. So I corrected the post that Tim quoted. For the record, his quotes capture the original version of the post correctly.

  • http://www.pff.org Noel

    Doug, please you’re getting ahead of yourself.

    You claim that there are no numbers between 0-100% (by claiming that DRM is not useful unless it entirely stops piracy), then argue I’m bad at math:)

    But in any case, even if I did run around yelling 2+2=7, its better than ranting about some worthless revolution that never and will never happen.

  • http://www.pff.org Noel

    Doug, you adopt Tim’s logic. Imitation really is the best form of flattery, but is it wise:)

  • Doug Lay

    Noel, you can run around spouting 2=2=7 all you want. It’s a free country. I just hope no content holders seriously think you’re going to be able to save their bacon taking that approach.

  • http://www.freedom-to-tinker.com Ed Felten

    As Tim points out in the post, Peter Eckersley found a signature field in the Apple files. So I corrected the post that Tim quoted. For the record, his quotes capture the original version of the post correctly.

  • http://www.pff.org Noel

    Doug, please you’re getting ahead of yourself.

    You claim that there are no numbers between 0-100% (by claiming that DRM is not useful unless it entirely stops piracy), then argue I’m bad at math:)

    But in any case, even if I did run around yelling 2+2=7, its better than ranting about some worthless revolution that never and will never happen.

  • Doug Lay

    In the case of uploading to file sharing networks, it only takes one copy to make the item available for downloading around the world. So in this case, yes, there are no numbers besides zero and one. This is what I mean by “binomial”. Whether or not you call this a “revolution” is up to you, but it has happened. To claim otherwise is willful blindness.

  • http://www.pff.org Noel

    DRM critics say it does not stop piracy, but then criticize law enforcement efforts in the name of a revolution. Basically, they’re 1) making an argument, 2) trying to stop others from disproving the argument, 3) trying to generalize their cause. In some cases, DRM critics argue that peer-production obviates the need for professional creators to leverage DRM- an argument that seems intended to entirely moot steps 1, 2, 3 in case any of them are wrong.

  • Doug Lay

    In the case of uploading to file sharing networks, it only takes one copy to make the item available for downloading around the world. So in this case, yes, there are no numbers besides zero and one. This is what I mean by “binomial”. Whether or not you call this a “revolution” is up to you, but it has happened. To claim otherwise is willful blindness.

  • http://www.pff.org Noel

    DRM critics say it does not stop piracy, but then criticize law enforcement efforts in the name of a revolution. Basically, they’re 1) making an argument, 2) trying to stop others from disproving the argument, 3) trying to generalize their cause. In some cases, DRM critics argue that peer-production obviates the need for professional creators to leverage DRM- an argument that seems intended to entirely moot steps 1, 2, 3 in case any of them are wrong.

  • eric

    Noel, reality matters.

    In the case of the recent release of the keys to high definition DVD encryption, one person uploaded the hex number to the internet. Shortly afterward, it was on hundreds of thousands of web pages around the world, and I’m sure on p2p networks as well. The same would be true for a single copy of a new album. This has also happened. The last U2 album was stolen (one copy) prior to release and uploaded (once) to the internet, and from there spread worldwide.

    Tim’s statement isn’t just an argument, it is what actually happens in real life. To deny it is to reject reality.

    Tim did admit there would be a marginal effect. Fewer copies uploaded in the beginning might slow the spread of the file worldwide by a short amount of time. Obviously there is a finite effect. Finite and infinitesimal. If that’s the basis of your objection, OK, but it is irrelevant in practical terms. Between 0% and 100% it is so close to zero, I don’t understand the quibble.

  • http://www.blogger.com/profile/14019452 Steve R.

    Noel: The piracy argument is a red-herring to hide the fact that the content producers are extorting property rights by depriving the consumer of property rights that they have traditionally enjoyed.

    For example, I can read a book in the US or I can read it in England. The content industry has imposed region codes so if I buy a DVD here, I can not watch it in England.

    I can buy the book today and read it five years from now. The content industry is claiming that if I “miss” watching a program that I paid for, I can not use technology to save if for future viewing.

    From my point of view, the pirates are the content producers who seize every means to restrict the rights of consumers.

  • eric

    Noel, reality matters.

    In the case of the recent release of the keys to high definition DVD encryption, one person uploaded the hex number to the internet. Shortly afterward, it was on hundreds of thousands of web pages around the world, and I’m sure on p2p networks as well. The same would be true for a single copy of a new album. This has also happened. The last U2 album was stolen (one copy) prior to release and uploaded (once) to the internet, and from there spread worldwide.

    Tim’s statement isn’t just an argument, it is what actually happens in real life. To deny it is to reject reality.

    Tim did admit there would be a marginal effect. Fewer copies uploaded in the beginning might slow the spread of the file worldwide by a short amount of time. Obviously there is a finite effect. Finite and infinitesimal. If that’s the basis of your objection, OK, but it is irrelevant in practical terms. Between 0% and 100% it is so close to zero, I don’t understand the quibble.

  • http://weblog.ipcentral.info/ Noel

    Eric, Tim doesn’t seem to consider DRM alongside the DMCA nor law enforcement, and consequently does not consider that piracy can be deterred even when it takes only one uploader to make a file ubiquitous.

    I”m not sure why Tim does not consider DRM *and* the DMCA (or other copyright enforcement mechanisms), since neither alone is meant to deter piracy. They’re supposed to work together. Rather Tim seems to focus on one at a time, such as here, and argues that DRM alone does not stop piracy.

    Tim also analyzes one patent at a time and asks how it contributes to innovation rather than a dataset of patents, so I’m not surprised to see him take a similar approach with DRM.

  • http://www2.blogger.com/profile/14380731108416527657 Steve R.

    Noel: The piracy argument is a red-herring to hide the fact that the content producers are extorting property rights by depriving the consumer of property rights that they have traditionally enjoyed.

    For example, I can read a book in the US or I can read it in England. The content industry has imposed region codes so if I buy a DVD here, I can not watch it in England.

    I can buy the book today and read it five years from now. The content industry is claiming that if I “miss” watching a program that I paid for, I can not use technology to save if for future viewing.

    From my point of view, the pirates are the content producers who seize every means to restrict the rights of consumers.

  • Doug Lay

    Noel:

    The world is bigger than your obsession with Tim. You will be a more effective advocate for content ownders or whatever it is you’re advocating for if you get over this obsession and focus on how you can protect your constituency’s interests. Content owners could care less whether Noel thinks Tim has an inflated reputation (no disrespect intended, Tim!). They care about knowing what works to protect their interests. Picker’s proposal won’t work, no matter what direction Tim’s career takes.

  • http://weblog.ipcentral.info/ Noel

    Eric, Tim doesn’t seem to consider DRM alongside the DMCA nor law enforcement, and consequently does not consider that piracy can be deterred even when it takes only one uploader to make a file ubiquitous.

    I”m not sure why Tim does not consider DRM *and* the DMCA (or other copyright enforcement mechanisms), since neither alone is meant to deter piracy. They’re supposed to work together. Rather Tim seems to focus on one at a time, such as here, and argues that DRM alone does not stop piracy.

    Tim also analyzes one patent at a time and asks how it contributes to innovation rather than a dataset of patents, so I’m not surprised to see him take a similar approach with DRM.

  • Doug Lay

    Noel:

    The world is bigger than your obsession with Tim. You will be a more effective advocate for content ownders or whatever it is you’re advocating for if you get over this obsession and focus on how you can protect your constituency’s interests. Content owners could care less whether Noel thinks Tim has an inflated reputation (no disrespect intended, Tim!). They care about knowing what works to protect their interests. Picker’s proposal won’t work, no matter what direction Tim’s career takes.

  • http://www.pff.org Noel Le

    Doug I dont care about Tims career as much as you do:):):)

  • http://www.pff.org Noel Le

    Doug I dont care about Tims career as much as you do:):):)

  • http://enigmafoundry.wordpress.com/ enigma_foundry

    DRM critics say it does not stop piracy, but then criticize law enforcement efforts in the name of a revolution. Basically, they’re 1) making an argument, 2) trying to stop others from disproving the argument, 3) trying to generalize their cause. In some cases, DRM critics argue that peer-production obviates the need for professional creators to leverage DRM- an argument that seems intended to entirely moot steps 1, 2, 3 in case any of them are wrong.

    Noel:

    If someone comes up with DRM that does NOT require special legal protection which tramples on the First Amendment (e.g., DMCA) I would be more neutral about DRM.

    On the other hand Noel neither you nor Solveig or the other IPCentralians have ever tried to explain how DRM could be compatible with the First Amendment, or to address the very real concerns that those who are concerned about the erosion of our basic freedoms have with the DMCA…

  • V

    We’re assuming that the entire market will be flooded with 256kbps songs from iTunes. As long as CD’s are still for sale, there will be so many seeds that what iTunes does or does not do as a deterrent will not affect the availability of illegal downloads.

    What it can do, however, is draw people to its store and away from P2P, which isn’t entirely free if you try to put a price on viruses and spyware.

    At best, the identifier might convince some quantity of users to uncheck the “share my music” box in their P2P client.

    At worst, it will be used by the RIAA as evidence that not only the person hosting the songs is at fault, but so is everyone who’s name is imbedded in those files. This isn’t quite as easy as it sounds, because in order to get those names it would have to DOWNLOAD all the files. Many of those files would contain no information, some of them may be altered, which would require some effort to determine, and some would only provide evidence of one act of infringement. The RIAA tends to go after the high quantity offenders, so this all seems fairly impractical.

  • http://enigmafoundry.wordpress.com eee_eff

    DRM critics say it does not stop piracy, but then criticize law enforcement efforts in the name of a revolution. Basically, they’re 1) making an argument, 2) trying to stop others from disproving the argument, 3) trying to generalize their cause. In some cases, DRM critics argue that peer-production obviates the need for professional creators to leverage DRM- an argument that seems intended to entirely moot steps 1, 2, 3 in case any of them are wrong.

    Noel:

    If someone comes up with DRM that does NOT require special legal protection which tramples on the First Amendment (e.g., DMCA) I would be more neutral about DRM.

    On the other hand Noel neither you nor Solveig or the other IPCentralians have ever tried to explain how DRM could be compatible with the First Amendment, or to address the very real concerns that those who are concerned about the erosion of our basic freedoms have with the DMCA…

  • V

    We’re assuming that the entire market will be flooded with 256kbps songs from iTunes. As long as CD’s are still for sale, there will be so many seeds that what iTunes does or does not do as a deterrent will not affect the availability of illegal downloads.

    What it can do, however, is draw people to its store and away from P2P, which isn’t entirely free if you try to put a price on viruses and spyware.

    At best, the identifier might convince some quantity of users to uncheck the “share my music” box in their P2P client.

    At worst, it will be used by the RIAA as evidence that not only the person hosting the songs is at fault, but so is everyone who’s name is imbedded in those files. This isn’t quite as easy as it sounds, because in order to get those names it would have to DOWNLOAD all the files. Many of those files would contain no information, some of them may be altered, which would require some effort to determine, and some would only provide evidence of one act of infringement. The RIAA tends to go after the high quantity offenders, so this all seems fairly impractical.

  • http://www.davidmcelroy.org/ David McElroy

    This is just a minor thing (and doesn’t deal with the main arguments here), but I want to point out that Apple doesn’t sell MP3s of any kind. The iTunes store sells Advanced Audio Coding (AAC) format files. AAC is the audio component of the MPEG-4 spec. Not all digital audio files are MP3s, contrary to common assummptions and usage. :-)

  • eric

    Noel, I do see your theoretical point about DRM and DMCA working hand in glove and they need to be considered together. I’m sure that was the intent. However, in practice, we have DRM and we have DMCA right now, together. Are they deterring unauthorized copying? Clearly DRM can be easily cracked, from FairPlay to deCSS to HD-DVD. According to you, DMCA must work with DRM to deter. Why is DMCA not doing so, then? Is it possible for DMCA to do so, in any practical way? Well yes, it is marginally deterring some copying. Yet clearly it is not having the intended effect. On the zero to 100% spectrum, where are we? Closer to the zero end, I would judge.

    Also, in the case at hand, the non-DRM AAC files (not MP3s, thank you David) are, well, non-DRM. So DMCA can’t work with DRM, since there is none to begin with! I don’t believe that stripping the identifying data from the AAC files — in about three seconds someone will create a program to do this, if it doesn’t already exist — violates DMCA anyway, since there is no DRM. So how does your DRM + DMCA argument work here? That dog won’t hunt.

  • http://www.davidmcelroy.org/ David McElroy

    This is just a minor thing (and doesn’t deal with the main arguments here), but I want to point out that Apple doesn’t sell MP3s of any kind. The iTunes store sells Advanced Audio Coding (AAC) format files. AAC is the audio component of the MPEG-4 spec. Not all digital audio files are MP3s, contrary to common assummptions and usage. :-)

  • eric

    Noel, I do see your theoretical point about DRM and DMCA working hand in glove and they need to be considered together. I’m sure that was the intent. However, in practice, we have DRM and we have DMCA right now, together. Are they deterring unauthorized copying? Clearly DRM can be easily cracked, from FairPlay to deCSS to HD-DVD. According to you, DMCA must work with DRM to deter. Why is DMCA not doing so, then? Is it possible for DMCA to do so, in any practical way? Well yes, it is marginally deterring some copying. Yet clearly it is not having the intended effect. On the zero to 100% spectrum, where are we? Closer to the zero end, I would judge.

    Also, in the case at hand, the non-DRM AAC files (not MP3s, thank you David) are, well, non-DRM. So DMCA can’t work with DRM, since there is none to begin with! I don’t believe that stripping the identifying data from the AAC files — in about three seconds someone will create a program to do this, if it doesn’t already exist — violates DMCA anyway, since there is no DRM. So how does your DRM + DMCA argument work here? That dog won’t hunt.

Previous post:

Next post: