[Infowarrior] - Apple hides account info in DRM-free music, too

Thu May 31 00:49:23 UTC 2007

Apple hides account info in DRM-free music, too

By Ken Fisher | Published: May 30, 2007 - 01:39PM CT

http://arstechnica.com/news.ars/post/20070530-apple-hides-account-info-in-dr
m-free-music-too.html

With great power comes great responsibility, and apparently with DRM-free
music comes files embedded with identifying information. Such is the
situation with Apple's new DRM-free music: songs sold without DRM still have
a user's full name and account e-mail embedded in them, which means that
dropping that new DRM-free song on your favorite P2P network could come back
to bite you.

We started examining the files this morning and noticed our names and e-mail
addresses in the files, and we've found corroboration of the find at TUAW,
as well. But there's more to the story: Apple embeds your account
information in all songs sold on the store, not just DRM-free songs.
Previously it wasn't much of a big deal, since no one could imagine users
sharing encrypted, DRMed content. But now that DRM-free music from Apple is
on the loose, the hidden data is more significant since it could
theoretically be used to trace shared tunes back to the original owner. It
must also be kept in mind that this kind of information could be spoofed.

Concerned users could convert selections to MP3, but there will be a
generational loss in quality resulting from the transcoding. We also have to
wonder: who is buying DRM-free music with the plans of slapping it up on a
P2P share, anyway? It's not like there aren't dozens of other ways to get
access to music without paying for it.
What would Apple do with the info?

The big question, of course, is what might Apple do with this information?
Because it can be spoofed, it's not exactly the best way to determine who is
sharing music, and in any case, tracing a link back such as this would leave
a copyright holder in a gray area. Embedded data or not, the mere presence
of the data in a file found on a share is not an unassailable indicator of
copyright infringement.

That said, it would be trivial for iTunes to report back to Apple,
indicating that "Joe User" has M4As on this hard drive belonging to "Jane
Userette," or even "two other users." This is not to say that Apple is going
to get into the copyright enforcement business. What Apple and indeed the
record labels want to watch closely is: will one user buy music for his five
close friends?  The entertainment industry is obsessed with the idea of
"casual piracy," or the occasional sharing of content between friends. I
wouldn't be surprised if some data was being analyzed in aggregate, although
Apple's current privacy policy does not appear to allow for this. As with
the dust-up over the mini-store, Apple should clarify what this embedded
data is used for. 

We've contacted Apple for a response but have not heard back from the
company. 