backtop


Print

Don’t copy that M4A

So Apple dropped the DRM on all of its iTunes offerings. Are pigs flying? Did hell freeze over? This is a huge victory for the online freedom groups, and a potent statement for the long-term infeasibility of restrictive DRM as a whole.

Don’t break out the party champagne just yet, though: DRM is most certainly dead, but that doesn’t mean the music industry has given up. You know the phrase: there’s no such thing as a free lunch.

As someone with a long-time fascination with cryptography and steganography – that is, scrambling data or hiding it in an otherwise innocent information, respectively – I’ve always suspected that music offerings from the larger-scale, DRM-free stores like iTunes might have little bits of traceable data hidden somewhere in their product. It’d be remarkably easy:  your average music file is at least a couple of megabytes, and an embedded tracking code, account number, or some other beacon need only take a couple dozen bits.

Apple, of course, has done just this: DRM-free iTunes downloads embed the account holder’s e-mail address in each song file, and that embedded data is impossible to edit with normal software.

The purpose of this is simple: providing accountability to the buyer – and presumably, uploader – in the event that a song turns up on a P2P network. We all know what at least a handful of (foolish, in my opinion) people are going to do: “No DRM! Let’s upload it to The Pirate Bay!I’d bet cold, hard cash on this and I am sure that within the next one or two years someone, somewhere out there is going to be sued because of it.

Of course, I’ve given Apple a little bit too much credit here: a newly-downloaded, non-DRM’d iTunes track contains the downloading account holder’s e-mail address, stored in plain text, buried somewhere in the song file; anyone with a copy of Notepad, a hex editor, or Linux’s strings command can find it – and alter it. No crazy stego here, no sir-ee. Move along, citizen.

Or is it so simple? A plaintext email address, hidden-but-not-really, would be the perfect red herring to divert our attention from other, more sophisticated beacons buried even deeper inside. There are already stego tools out there for MP3 files, and they’re open source – who’s to say that Apple hasn’t adopted those algorithms to work with its format?

The powers that be have invested too much into DRM and copyright control – not to mention the music itself – to simply let things go. Don’t want DRM? Fine – here’s a DRM-free copy of your music, Merry Christmas/Happy Hanukah/Happy Yule/whatever. But don’t think that for a second the big boys have given up.

Look on the bright side: the music data we purchased is now, once again, fully ours. We may not know entirely what is in it, but that can change – I am certainly not the first person to think of this, and I’m sure some very smart people on both sides of the virtual counter are working hard to figure out just what’s up.

Until then, however, I can’t recommend posting your newly-freed tunes online, or handing them out to friends. You never who’s watching…





"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein









Most Popular Articles







botimage
Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki