The music pirates' manifesto.

By Annalee Newitz

WITH A GROAN , I peeled the transparent sticker off my brand-new iPod. In the clean, cute font for which Apple is known, it read, "Don't steal music." Even the wrapping paper on my smooth little machine was full of antipiracy propaganda. But the software wrappings Apple places around the music the iPod plays are far worse than propaganda: they enforce, with no subtlety or charm, the licensing preferred by corporate copyright holders.

Once upon a time, Apple's slogan "Rip. Mix. Burn." meant "make as many copies as you want of your legally purchased music." Now it means "make the limited number of copies we deem appropriate." All that's being ripped, mixed, and burned are fair-use laws.

If you buy music from the Apple iTunes store, which is what Steve Jobs hopes you'll do, you pay 99 for a song but can only copy it onto three computers. What if those computers become obsolete or unusable in a few years? Too bad – no more copies for you. Your music dies with your computers. If you want to create a mix CD with your songs, you may burn only 10 copies, even though fair-use laws grant you permission to burn as many copies as you like for educational use. Ah, you say, but at least you can save iTunes songs onto as many iPods as you want! Isn't that fair? Not really – once you put music onto your iPod, you can delete it but you can't copy it anywhere else. The iPod is a one-way music device: music files go in but don't come out. It's all part of Apple's digital rights management (DRM) scheme ironically known as Fairplay.

Free-software activist Richard Stallman has dubbed DRM "digital restriction management," while the media industry views it as the latest killer app. For the past couple years the Recording Industry Association of America has been waging a losing war against people who share music over the Internet. The RIAA argues that music copyright holders like Virgin and Time Warner are losing millions of dollars a day because evil copyright infringers are freely trading music files on popular peer-to-peer file-sharing networks such as Kazaa, eMule, SoulSeek, and BitTorrent. But the RIAA's efforts to stop music sharing have ended in a series of public relations disasters, including suing a 12-year-old "pirate" for downloading copyrighted nursery rhymes and sending burly ex-cops in RIAA "uniforms" to bust music peddlers on the streets in Los Angeles. So the RIAA has turned to kinder, gentler solutions.

And that's where the high-tech industry comes into the picture. Software companies, eager to lap up profits any way they can, realized there would be a huge market for programs that could be wrapped around digital media or put into players to prevent piracy. Microsoft, Apple, and RealNetworks are at the forefront of this burgeoning market with their DRM schemes for music. Apple packages iTunes songs in its Fairplay software, while RealNetworks (maker of the popular RealPlayer) has just opened a music store full of DRM-shackled songs to compete with iTunes. Microsoft markets the Media Rights Management software package and is planning to include a controversial and elaborate DRM scheme called the Next-Generation Secure Computing Base (formerly known as Palladium) in the next version of Windows.

So far, the RIAA's efforts have met with confusion and resistance. Many consumers are puzzled by DRM – iTunes, for example, only explains its DRM policies on a part of its Web site that few customers are likely to read – and wind up with unplayable music files because they have unwittingly used up all their copies. Among hackers, DRM is a target for ideological reasons. Ian Clarke, project coordinator for anonymous file-sharing system Freenet, said, "DRM turns computers against their owners. I don't want a Disney security guard sitting in my living room watching my every move."

Jon Johansen, a Norwegian programmer who wrote the DeCSS program to break DRM on DVDs, has released a little chunk of code called QTFairUse for circumventing DRM on iTunes songs. And Princeton University graduate student Alex Halderman published a paper explaining how to bypass SunnComm's MediaMax DRM scheme by holding down the Shift key while the CD is spinning up.

What fuels the ire of hackers are what they consider the music industry's blatant lies about who loses when people share music. The RIAA claims music-sharing drives down sales and deprives artists of potential earnings. But Tom Mennecke, who analyzes peer-to-peer (P2P) trends for Web site Slyck (www.slyck.com), said, "People can see through the RIAA's argument. They know artists aren't being hurt, and that in fact P2P helps artists by putting people in touch with their music."

DRM industry consultant Bill Rosenblatt, who publishes the DRM Watch online newsletter, agreed. "No one has put any figures on the industry's revenue loss due to consumer piracy that have any credibility," he said. "Music industry executives estimate that 80 percent of all pirated content is a result of inside jobs, people at studios or mastering labs or other production houses." In other words, employees of the music industry are pirating far more than the consumers the RIAA is suing for infringement.

But it would seem the RIAA's scare tactics are working. A recent survey by the Pew Internet and American Life Project gathered statistics that revealed a precipitous decline in the number of people running P2P programs on their computers. One P2P program, Grokster, took a huge hit: according to Pew's figures, its users dropped by 58 percent over the past year. Mennecke disputed these figures, however. He pointed out that you can't track P2P use by measuring how many people download one or two programs since newer, better ones pop up all the time. "While some numbers were admittedly going down, a lot of P2P programs are doing quite well," he explained. "eDonkey has taken off, and BitTorrent is doing incredibly well. P2P is thriving."

Rosenblatt pointed out that the next move by DRM vendors will be to create P2P applications with built-in DRM. Entrepreneur and Napster founder Sean Fanning has been promising to roll out something like this with his music fingerprint database – a vast collection of copyrighted songs whose sounds have been digitally converted into unique "fingerprints." When a fingerprinted song passes through a P2P system, DRM software could recognize it no matter what format the song was in. Then the person downloading the song would be charged.

As copyright owners thrash around trying to protect the property they bought (often at painfully low prices) from artists, and DRM vendors get jiggy about selling their wares to paranoid RIAA members, consumers are left swinging in the wind.

I love music. You love music. So, why shouldn't we share it and help the artists we love get new fans? When Lynn let me rip one of her Mountain Goats CDs, I wound up buying five more of the band's CDs. After Victor gave me a copy of his solo album Bittersweet, I bought two copies of it for my friends. Charlie turned me on to funk music with a mix CD, and now I buy funk compilations at indie music vendor Amoeba Records. Steve gave me a pirated copy of an album by the Orb, and then I bought a legal version of it. I could tell countless other stories like this.

Activists like Stallman, along with vocal fair-use advocates like Seth Schoen and Fred Von Lohmann of the Electronic Frontier Foundation, are now fighting for our rights to share information legally. Stallman's classic essay "The Right to Read" warns of a future where people pay licensing fees for every piece of information and face severe penalties for sharing any kind of media. The EFF has fought in dozens of court cases to make sure this doesn't happen.

But while Stallman writes essays and the courts hash out what constitutes "legal sharing," what is a music lover to do? The answer is simple: share safely and wisely. Use P2P networks that allow you to be anonymous or hide the files you're sharing. The most popular P2P networks aren't always the safest. Bram Cohen, author of BitTorrent, warned, "Pirating with BitTorrent is stupid. BitTorrent, due to fundamental architectural decisions, is quite incompatible with anonymity. The newer apps are more robust distribution tools, so they keep running despite failures, but they aren't designed to protect end users from legal attacks."

The only truly anonymous P2P network is Freenet. On networks that use Kazaa Lite and eMule, you can choose not to display a list of the files you're sharing. While this doesn't keep you anonymous, it will prevent the RIAA police from counting how many files you're sharing and branding you a pirate. Mennecke noted that networks like SoulSeek, which specializes in rare and obscure music, are also relatively safe because the RIAA is mostly looking to bust people who are sharing Top 40 music.

Services like PeerGuardian (www.peerguardian.net) offer file sharers access to a "blocklist" of IP addresses known to be associated with the RIAA and the companies it hires to spy on the file-sharing activities of P2P networks. By using the blocklist, you can keep known copyright-enforcement agents from invading your network and looking at the information people are sharing on it.

You can also attempt to compensate artists by buying only from independent record labels that aren't a part of the RIAA. At www.RIAARadar.com, you can look up what albums are owned by RIAA corporations.

Freenet creator Clarke said our right to share any information, including music, is nothing less than a political philosophy. He pointed out it's often hard for people to see the connection between copyright law and censorship until they realize the Church of Scientology uses copyright law to keep former members of its sect from describing their experiences; Freenet includes countless testimonials from former Scientologists about being brainwashed and bankrupted. More recently, electronic voting software company Diebold tried to use copyright law to suppress memos in which employees discussed the security flaws in its software.

"My idea is simple: free communication is good," Clarke said. "It's essential to the maintenance of a healthy democracy. I see government power and corporate power as extremely similar – both need to be regulated, and you can't regulate something if you don't have access to information about it."

February 4, 2004