iTunes Songs Don't Have DRM, But They Contain Your Email Address

from the two-steps-forward-one-step-back dept

Apple got a lot of press last week when it announced that it was going to remove the DRM from songs it sold through the iTunes Music Store. That’s a great thing in itself, since it removes the barriers legitimate customers faced in playing back music they purchased on the device of their choice. But details are coming out, and it’s not all good news: the songs are watermarked (via Slashdot) with the email address of the iTunes account used to purchase them. This is certainly better than DRM, but it’s still not great. The biggest issue is that it links files to a particular consumer — which will likely lead to the RIAA using the watermarks to attempt to “prove” that people actively shared songs and sue them. It seems inevitable that the label cartel will attempt to use the marks to inflict liability on users if music bearing their email address appears online. Which is great, until a person’s iPod gets stolen and the music ripped from it, or a friend grabs music off of somebody’s hard drive without their knowledge. The RIAA’s legal strategy has been based on flimsy evidence; removing the DRM but adding watermarks simply gives them another way to “prove” people shared music they purchased online, even though the marks won’t actually prove anything.

Filed Under: , ,
Companies: apple

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “iTunes Songs Don't Have DRM, But They Contain Your Email Address”

Subscribe: RSS Leave a comment
65 Comments
Dan says:

One step back?

The object here is to prevent piracy without inconveniencing the consumer. In listening to a song, or putting it on multiple devices, you have no problems, and yet are you really that likely to start seeding a torrent in which every song contains your email address. It may not be the ideal solution, but we’re far better off this way. Besides, there is little reason to believe that at some point, someone will be able to strip out the watermarking altogether. At least this way, the consumer isn’t completely screwed just for buying legit music.

Anonymous Coward says:

Re: Re: One step back?

What you want to do is replace them with e-mail addresses of the rich and influential, ie: senators sons, presidents daughters, Mojo Nixon, etc.

Won’t help. The RIAA is careful to avoid going after the rich and influential.

Once enough of them get a feel of the shaft, we’ll finally see a change in the world.

Like I said, they’ll never feel the shaft. The RIAA targets those less able to defend themselves.

PaulT (profile) says:

On the face of it, this is far better than DRM. It no longer negatively impacts the person who actually pays money for their music and punishes them more than a “pirate” would be (at least not in any direct way).

On the other hand, it really does depend on what happens with this information. Not only could this watermark be faked (thus implicating innocent consumers), but it also introduced perils similar to identity theft. If your iPod or laptop gets stolen, and the music collection therein uploaded to a P2P network, you could find yourself the subject of a massive lawsuit with great difficulty in proving your innocence. There’s no defence other than “I lost my equipment and I didn’t do it”, and no marginally intelligent thief isn’t going to use that defence even if they’re guilty.

So, it’s a slight step up, but still horrible for the privacy of legitimate consumers or at the very least a small obstacle as they strip out the watermark. Which actually still makes a FLAC download from a P2P network more desirable than actually paying money to iTunes…

Freedom says:

Another Angle...

This doesn’t just have to be a way to punish someone that publishes a file up via Torrent/P2P. It can be a way to punish someone that has songs on their system, iPod, whatever that are watermarked/id to someone that has absolutely no relation to them. In short, it can be used to prove that you stole the music.

It can also be used by iPods and similar devices to block music watermarked with someone’s else id. That way you can’t share the music with a friend….

Sure sounds like DRM to me! Maybe nicer DRM, but DRM nonetheless.

Freedom

PaulT (profile) says:

Re: Another Angle...

That’s a dangerous path to go down, though. First of all, there are a lot of PCs that are shared. If you have a laptop in a college dorm, or a few different iTunes accounts for different countries (which is quite possible), or even several family members sharing a PC, should you really be a target for lawsuits? Technical restrictions (one email address per iPod) would prevent a family or housemates from sharing music, thus killing a promotional mechanism and reducing the value of music.

This is why DRM, or even pseudo-DRM in this case, sucks. The people actually pirating would almost certainly get non-iTunes sourced files, or those with watermarks stripped out. The only people to suffer, yet again, are the people who actually pay for their music.

hegemon13 says:

Re: Another Angle...

“In short, it can be used to prove that you stole the music.”

As has been repeated here over and over, downloading or sharing music is not stealing, it is (possible) copyright violation. Stop drinking the RIAA’s sweetened, fruit-flavored drink.

“It can also be used by iPods and similar devices to block music watermarked with someone’s else id.”

No, it couldn’t. That would, in fact, require your music to be tied specifically to your device, which is the definition of DRM. Since none of the current players would support this format of DRM, it would not work. Plus, what would be the point of dropping one DRM format to replace it with a weaker one?

Hulser says:

Re: It's a tag, not a watermark

isn’t a watermark, but simply an mp4 tag

Agreed. I think text of the TechDirt post should be corrected to replace the word “watermark”. I understand that there may be no absolute definition of a digital watermark, but I think most tech people would agree that it’s not a tag. Else why have separate terms?

When I hear the word watermark in reference to digital files, I think of something that permeates most if not all of the actual digital content itself, not just that it’s in the file’s header somewhere. In fact, if you can see something by opening a digital file in Notepad, I’d say that by definition, it’s not a watermark.

And just because you can’t see your e-mail address in iTunes (but you can in Notepad), it doesn’t mean that it’s a watermark. I don’t know what kind of tagging that AAC uses, but with ID3, you can have a frame in a tag that stores only digital information.

Again, I think the Techdirt post should be corrected. It’s misleading it its current form.

Dave says:

Good Direction

This is a real step in the right direction. The problem with DRM, etc. is that it prevents consumers from taking advantage of “fair use” – that is being able to move songs to other devises, make personal copies, make a few copies for your buddy or girlfriend. Music on the net changed all this because you could distribute/post to tens of thousands at a time. By using a watermark, consumers can now argue that under ‘Fair Use’ I have made/shared a limited number of copies of something I personally own… the song. If RIAA can go and find thousands of people with that song and the same watermark, then they have a legal case – but the good part here is the legal burden is now on them, not the customer (unless the purposely post to a internet distribution. To address the ‘what if it’s stolen’ – Given all postings have a recorded IP address, the consumer could argue it’s not from their machine (yes there’s ways around this but again, an indepth review of a person’s past practices, tech knowlege, etc would be enough to say it probably was or was not done by the consumer).
Finally – privacy is a true concern. The eamil should be encoded not as a raw email, but using a proprietary text hashing algorythm (a program that converts text strings into alpha-numeric sequences). That way – spammers, other users, etc. would not be able to access it – and of course hacking the encoding would be illegal since it would be Apple’s proprietary code. Also – if one’s email changes, then Apple should be able to link the 2 codes so it’s clear that the music is all owned by the same person.
so – I think it’s a promising direction for this stuff…

Anonymous Coward says:

Re: Good Direction

If RIAA can go and find thousands of people with that song and the same watermark, then they have a legal case – but the good part here is the legal burden is now on them, not the customer (unless the purposely post to a internet distribution.

You either have no idea how the RIAA operates or are shilling for them. The RIAA uses lawsuit threats to induce people who can’t afford to defend themselves to settle even if they are innocent.

Given all postings have a recorded IP address,

You’re sounding more and more like an RIAA shill. The fantasy that IP addresses correspond to individuals is a favorite one of the RIAA (and MPAA).

…and of course hacking the encoding would be illegal…

Now the idea that that would prevent its being cracked is really ridiculous.

I think it’s a promising direction for this stuff…

Unfortunately, that promise is rather dark.

Dave says:

Good Direction

You raise valid points – but they I think they could be addressed under the current legal definition of ‘fair use’.. ie, use by family memebers. Shared PCs I don’t think would be an issue… it’s like a shared CD player… anyone can play their CD it it – but someone owns the CD. If a college roomate takes your songs off your iTunes account, then it’s either ‘fair use’ because he’s a friend and you said go-ahead or he’s stealing your song in the same way he could steal your CD (I lost lots of CDs in college to roommates at the end of semester). Also if someone has several accounts, Apple should be able to link those so we know it’s all the same person who owns that music.

I’m not saying this is a perfect solution, but a step in the right direction as consumer rights must be balenced against copyright holder rights. It’s going to take a long time to get to a viable solution.

Comboman says:

That's life

Watermarking is NOT DRM. Most things we buy are “watermarked”; it’s called a serial number. If someone steals my registered firearm and it latter gets used in a crime, guess what? The police will be paying me visit and if I haven’t reported it stolen, I’ve got a lot of explaining to do. Is it fair? No, but that’s life. If someone steals my car and uses it as a get-away car at a bank robbery, same situation. Do a better job keeping your stuff from getting stolen (and take appropriate action if it is stolen) and you won’t be in that situation.

Hulser says:

Re: That's life

Watermarking is NOT DRM. Most things we buy are “watermarked”; it’s called a serial number.

A product, like a digital file or a gun, may have a unique identifier like a GUID or a serial number. I don’t think anyone would be surprised about this nor would there be any controversy if that’s all we’re talking about here. But this is not just an identifier of the item itself, but direct link back to the purchaser.

If someone steals my registered firearm and it latter gets used in a crime, guess what? The police will be paying me visit and if I haven’t reported it stolen, I’ve got a lot of explaining to do.

The key word is “registered”. The fact that guns have serial numbers isn’t controversial in that linking them to a specific owner (i.e. registration) isn’t mandatory. But in effect, that’s what the iTunes policy does by adding the e-mail address to the file, making a direct link to the purchaser.

Is the purchaser e-mail frame in a tag the same thing as DRM. No, not really. Is it watermarking? No, and to call it watermarking I think is misleading. But are people freaked out when they find out that their personal information is stored in a digital file? Of course.

Anonymous Coward says:

The tags used are below, and they are easily removable… this is not a huge privacy problem, just a minor one. If you aren’t hosting your music on an open server, you shouldn’t be too worried about these.

Losing your iPod… and having these tags in it, are MORE LIKELY to get you your iPod returned to you than to get you targeted by a fake lawsuit or hackers.

Purchased By: Real-Name
Account Name: Email-Address

Mark Levitt (profile) says:

Neither a watermark nor hidden

A digital watermark is usually a unique identifier that is embedded in the actual content of a file such that it is hidden within the content of the file itself (in this case, the music) and cannot be easily removed.

In the case of iTunes Plus songs, neither of these are true. The e-mail address is not embedded within the music content. It is a standard mp4 tag. Any tag editor can be used to change or remove it.

Also, the tag is not “hidden”. If you open iTunes and view the information about a track, iTunes itself shows you that the e-mail address is there.

Using the term “watermark” makes it sound much more nefarious than it actually is.

Anonymous Coward says:

Re: Neither a watermark nor hidden

In the case of iTunes Plus songs, neither of these are true. The e-mail address is not embedded within the music content. It is a standard mp4 tag. Any tag editor can be used to change or remove it.

I’m curious, how do you know that there are not invisible watermarks in addition to the visible tags? As I understood it, the tags were just a visible warning and the watermark was buried.

Jerry Leichter (profile) says:

Re: Re: Neither a watermark nor hidden

The way you can tell if there *is* a hidden watermark is to take a couple of copies of the same song purchased by different people and compare them at the bit level. Where are the differences? If the only differences are in the tags, there’s no watermark on the content. (I don’t know for sure that anyone has done this test, but given the amount of discussion of this topic – which is *not* new – and the ease of testing, it would astound me if no one has.)

BTW, those wringing their hands on this issue might consider that Apple is being pretty open about this by putting obvious ID’s in the tags. Suppose there was tag with the purchase date and time. Seems harmless and few people would mention it – but that ties back trivially in Apple’s databases to the account that purchased the song.

Peter Blaise Monahon (profile) says:

Replace it with the email address od the RIAA!

.

“I bought a song as a present for their birthday — just like I used to do with CDs.”

“I bought/sold the song at a music swap/used-music meetup.”

“I received the song as a gift.”

“My laptop was stolen … or lost for days, and I just got it back from the airport lost-and-found.”

Hey. how long before anyone automates a little hack tool that puts the email address of the RIAA president into every song on your computer for you?

Hahahahah.

.

Josh says:

While I agree with many of the points of the previous posters, I think they’ve all missed something.

If the objective of Apple (or RIAA) is to get people to pay for music, then this fails with the technically savvy, informed users. In fact, whether or not it is a watermark or tag, this now makes purchasing music from iTunes even less desirable than pirating it.

Now if you pay for music, and then either inadvertently or purposefully share it with someone else, it is even easier for RIAA to track you down. In fact, this may even allow them to “prove” damages – all they have to do is download the version with your email address from thousands of people and can “prove” damages in court.

Before, all they could “prove” was that they downloaded the single song from you, but not actually “prove” distribution. Now it seems like they can make a much better case for distribution – and hold you liable for thousands of downloads of a single track.

amyzhao (user link) says:

how to remove drm from iTunes

Removing-drm is your first choice to remove drm from wmv.wma and iTunes music and movie files in a legal way .Anyone who buys DRM protected movies and

music from iTunes and Windows media center wants to enjoy DRM protected media with their digital players, but it is not easy to find an all-in-one DRM removing solution http://fast-remove-drm.blogspot.com/

jessicawell says:

I’ve purchased a bunch of music from iTunes and have enjoyed listening to them on my computer. But my portable music player is not an Apple iPod, so I can’t take my songs with me. I know that I can burn it but I don’t have a cd burner on my computer so I need a different method. Is there any way I can get around this unfair restriction and transfer my iTunes music to MP3 player.

Yes,if you met the same question,please follow this tutorial: http://www.removing-drm.com/player-tips/transfer-itunes-music-to-mp3.html

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop Β»