Recently we learned that Apple has begun embedding information in MP3s sold by the iTunes Store that identifies the purchaser of the song. Randy Picker speculated that one motivation for this could be a form of “mistrust-based” DRM: that people would be worried about getting in trouble if a song with their name on it was released into the wild, and so fewer people would share their files.
Ed Felten suggests some reasons that this strategy might not work so well:
Fred von Lohmann responded, suggesting that Apple should have encrypted the information, to protect privacy while still allowing Apple to identify the original buyer if necessary. Randy responded that there was a benefit to letting third parties do enforcement.
More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.
If you’re not a crypto person, you may not realize that there are different tools for keeping information secret than for detecting tampering – in the lingo, different tools for ensuring confidentiality than for ensuring integrity. Apple could have used crypto to protect the integrity of the data. Done right, this would let Apple detect whether the name information in a file was accurate. (You might worry that somebody could transplant the name header from one file to another, but proper crypto will detect that.) Whether to use this kind of integrity check is a separate question from whether to encrypt the information — you can do either, or both, or neither.
From a security standpoint, the best way to do guarantee integrity in this case is to digitally sign the name data, using a key known only to Apple. There’s a separate key used for verifying that the data hasn’t been modified. Apple could choose to publish this verification key if they wanted to let third parties verify the name information in files.
But there’s another problem – and a pretty big one. All a digital signature can do is verify that a file is the same one that was sold to a particular customer. If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.
Actually, since Felten wrote his post, Peter Eckersly at EFF has examined the new iTunes format and found that there actually is a field that appears to be a cryptographic signature. So it’s likely that Apple is able to detect if the name and email address are tampered with.
Felten’s last point is an excellent one. I think there’s also a more fundamental criticism to be made of Picker’s argument. “Mistrust-based” DRM could very well reduce the number of people who upload a given file to peer-to-peer networks. But unless you can reduce that number to zero, it’s not going to do any good. Peer-to-peer networks only have to be “seeded” with one copy of a pirated file for the sharing process to start. Once that’s happened, it doesn’t really matter if subsequent users upload their own copies or share a copy of the originally-uploaded file.
So Picker’s scheme will fail if there is just one person who (1) Doesn’t know about the embedded information, (2) Doesn’t care about being caught, (3) Knows how to download tools for stripping such information out of the file, or (4) has access to a copy of the file in a non-DRMed format such as a CD. There might be a handful of really obscure songs that could be kept off of file-sharing networks this way, but for mainstream songs (which are the ones where sharing really hurts the labels’ bottom line) there’s almost guaranteed to be at least one person willing and able to upload the file.
This is counter-intuitive. With traditional burglary, reducing the number of break-ins by 50 percent will (all else being equal) reduce the damage caused by burglary by 50 percent. But with file-sharing, reducing the number of people uploading pirated tracks by 50 percent will, to a first approximation, have no effect at all on the damage done by online piracy. At worst, it will take a few more hours for the files to spread through the network. Coming up with ever-more elaborate ways to prevent uploading is a waste of time, because you’re never going to get the uploading rate down to zero. And as long as the uploading rate for a file is larger than zero, the file will be available to every P2P user who wants a copy.