« Decentralizing Distribution | Main | What's the "harm" in establishments of religion? »

June 06, 2007


Feed You can follow this conversation by subscribing to the comment feed for this post.

Fred von Lohmann

Thanks to the magic of public key encryption, I don't think identity information needs to be embedded in the clear, even if you envision third party enforcement. Apple simply shares its key with authorized third party enforcers (either through voluntary negotiations or in response to a subpoena filed in a John Doe action).

Moreover, if intended as an identity-based DRM system, it makes little sense for Apple to keep this secret, while embedding information in a readily-editable form (I predict a batch editing tool will be made available that re-writes all names to Steve Jobs and all email addresses to [email protected], which tool, incidentally, would appear to be perfectly legal to distribute and use).

So, whatever your view on identity-based DRM, it is no excuse for embedding PII in the clear. All that does is create the possibility that unauthorized individuals will get it (iPod thieves, eBay hard drive harvesters, etc). However remote you think that possibility might be, it's hard to discount when weighed against the nonexistent justification for in the clear embedding.

Randy Picker

1. I agree on the probably tech response; something to strip the identity info or to switch it.

2. As to the legitimacy of that tool, presumably that will be a tool that will be making derivative works of the original works. That will take us down the path of assessing the legitimacy of that tool under Sony, Grokster and the like.

3. On the public key encryption point, I don't think that I get it. Decentralized punishment means that third parties inflict costs on sharers. These will not be parties authorized by Apple or in privity with Apple and so Apple would never be in the position of sharing a key, public or private, with them. These will be strangers to Apple who will benefit from the disclosed information by harvesting it and using it in the way that I describe. The information needs to be generally available to strangers for this to work.

Fred von Lohmann

On point #3, since we're only talking about materials made available through the iTunes Store (the only materials in which Apple is embedding names/emails), Apple does have privity with the most relevant third parties intent on "inflict[ing] costs on sharers" (i.e., major record labels).

Moreover, any strangers not in privity who have legitimate copyrights (joint authors, music publishers) likely can obtain the key via a subpoena obtained after filing a John Doe suit.

Randy Picker

I'm not getting it still and either don't understand the encryption scheme or am being unclear about the punishment scheme.

Having any third party able to read identity from the file means that some third parties will grab that information and use it in a way that the file sharer doesn't like. That possibility will deter sharing. These won't necessarily be third parties that have anything to do with Apple. These may be spammers in the Caymans who constantly troll the Internet looking for email addresses. It could be someone else who uses the email address in a way that the sharer dislikes. Apple itself isn't in the spamming business and wouldn't be willing to inflict a spam penalty, but it makes it possible for third parties to inflict that penalty if the email address is readable by third parties who are willing to put the address to a use disliked by the sharer. I don't know that that address needs to be in the clear, but it needs to be readily readable by my Caymans spammers. These spammers need to be strangers to Apple, as Apple doesn't want anything to do with them directly, even though it will be delighted by their activities--inflicting the spamming punishment--should the sharer upload the file.

This is a version of the difference between compensation models and deterrence models. If we think that file sharing hurts the labels then we might want to compensate them (or artists (fighting issue I understand but doesn't matter for this point here)). If we are just doing deterrence, then we just need to have sharers face penalties, and it doesn't matter who inflicts the penalty, so long as it occurs. So compensation could be a penalty and it could be paid to labels/artists, but for deterrence, third party penalties will suffice as well. The Cayman spammers are exactly that.

Doug Lay

What happens when someone who didn't intentionally share their files on public networks gets their email harvested by spammers? Perhaps, as Fred suggested, their iPod gets stolen or their hard drive hacked. You're not addressing the possible negative PR that could result for Apple if a victim of thievery receives further punishment in the form of spam, due to Apple's policy of embedding purchasers' personal information in the clear.


This 'what if an ipod were stolen' thing is absurd - your contacts and photos might be on your ipod too. You've got a lot more to worry about than someone having your name and AppleID. Your name and address are on a lot of junk mail you through away too....

Not to mention your name and appleid are in any iTunes bought DRM'ed tracks in this stolen ipod scenario, which no one was complaining about a few weeks ago.

Privacy and anonymity are not the same thing.


Thank you, Marcos. This whole iTunes thing is over-reaction on the internet at it's finest. That VCF file is much more valuable than the string that names the account the file is linked to.

People asked for files they could play on all of their devices, then they got those files with the exact same metadata they had before, and now it's suddenly a huge problem? Shame on you. You didn't want fair-use, you wanted to share files anonymously. Don't like it? Don't use iTunes. Use eMusic, rip CDs. iTunes is not the only way to get music. End of story.

Doug Lay

For the record, I'm addressing Prof. Picker's ideas about mistrust-based DRM, and not engaging in generalized bitching about Apple. Apple can do what they want with embedding ID info in their products, but I submit that it would be very poorly received for them to advertise that file-sharers will be punished with loss of personal info, because of the real possibility that innocent users will be punished along with the file sharers. True enough that someone whose iPod gets stolen has bigger problems than their e-mail address getting leaked to spammers, but that doesn't mean they will react well to Apple reminding them of this additional minor "punishment" on top of their greater losses. Note that Apple isn't actually advertising this, it's just an idea of Prof. Picker's. A pretty dubious idea, I think.

Also, I don't share music files anonymously (nor download them anonymously, except in authorized contexts). Not sure where Noah got that idea.


It seems like an important point has been skipped over here. Who says Apple wants to punish anyone for sharing music? I think we've gotten so wrapped up in the DRM argument, and so conditioned by the RIAA lawsuits to think that if you upload a song to a file-sharing network, you'll be hunted down like a dog, that we've forgotten Apple never wanted to be in the DRM business in the first place. Their arm was twisted by the recording industry. Now, it may be the case that EMI required some form of identity embedded as a condition of going DRM-free, but I certainly don't think _Apple_, on their own, said "hey, if we put the user's e-mail address in here, they can be punished by third-party enforcers". In my opinion, it was most likely a case of simply putting the info in "because it was there", with little or no thought whatsoever to becoming or enabling a copyright enforcement squad. If they had known so many people were going to get their panties in a bunch over it, it probably wouldn't have happened. It's not important to their model.

Let's also not forget that the actual audio portion of the file isn't watermarked or encrypted in any way, so it's rather trivial to simply extract the music, leaving the metadata behind. Any decent programmer could slap together a tool to do that in a couple of minutes.

Fred von Lohmann

I agree with the earlier comment that casts doubt on whether DRM is actually the purpose behind the name/email embedding. It is just as likely that Apple uses this as "proof of purchase" information for their own internal use.

But I think I understand now -- it's Prof. Picker's view that iTunes customers should be vulnerable to online predators, spammers, etc. if their purchased songs find their way onto the Internet. Of course, I object categorically to this approach (which would justify embedding credit card numbers and SSNs, as well).

And, in any event, if deterrence is the goal here, it is hard to see how it is served by Apple's failure to tell anyone about the embedding of PII. That leaves customers without the necessary information to make ex ante decisions that respond to the deterrence you propose. (Of course, publicizing this will simply hasten the deployment of tools meant to remove the PII, which means only the unsophisticated will be subject to the punishment you propose.)

Law Student

On the surface, Apple's approach doesn't appear to harm people unless they are sharing their music with others. However, this isn't always true.

Music sharing is not always intentional. For example, a college student who uses his roommate's computer with permission may copy the music on the computer without permission. The student may share the songs with other friends, and they eventually end up on the internet. As a result, people would have to protect their music like they protect other personal information.

Having to protect your music because it contains personal information presents problems. First, people must actively protect their music, which creates more work or potentially the expense of software. Second, many people may not realize that they must protect their software, so Apple has essentially exposed them to this risk without their knowledge.

Based on this, the encrypted email address seems to be a much better option.

The comments to this entry are closed.