When Apple announced its iCloud Music Match service, a lot of people started suggesting that it "legitimized" infringement
, or in some manner created an amnesty program for infringers: pay $25/year and all of your infringing copies get replaced by licensed copies from Apple. In fact, this really pissed off
some copyright holders. The whole thing struck me as a huge exaggeration
, because no one was looking at the files on your hard drive to see if they were infringing anyway.
But... what if they started now? And what if they started now because they could... thanks to Apple's iCloud Music Match.
I still think this is a huge stretch (and I'll explain why below), but Slashdot
points us to a story from someone suggesting that rather than "amnesty" for unauthorized file sharers, Music Match could be used to track down infringers
. My initial response was that this was totally crazy, because it wouldn't know if the non-iTunes-bought tracks were authorized or not. After all, you could have bought them elsewhere or ripped them. However, the author of the article, Daniel Nolte, does a good job walking through both scenarios and explaining why Apple might still be able to figure out what files were likely infringing:
Although the ‘DRM free’ MP3 now being provided from many of the the major music download companies can be played anywhere, each download is watermarked with header information specific to the exact purchase and purchaser. This article from Techcrunch gives more details on ‘dirty’ MP3s. Consequently, if you purchase a ‘DRM free’ MP3 file from iTunes and then share it, and the person(s) who received it saves it to their iCloud, then Apple will know both (i) who shared their copy and (ii) whose copy is illegal. For files from other watermarked retailers, the same information would only require coordination with the other site.
Next consider music purchased from sites that sell legal but ’clean’ MP3s without watermarks. These files will have unique MD5 or SHA-2 signatures that can distinguish them to a particular company. They will certainly have different signatures than the watermarked versions (because the addition of the watermark) and they will be unique from versions of the same song encoded by others. When Apple’s servers detect a number of copies far in excess of the ‘clean’ mp3 company’s reported sales, they will know where to suspect illegal copying.
Then there will be MP3s that individuals created themselves from, for example, ‘ripping’ their CD collections. While these are not watermarked to the individual, they appear to be unique for each ‘rip’. To confirm this, I ran a test with fresh installations of the exact same CD ripping software on two different computers. I then had them rip the same track from the exact same CD using the unchanged system default settings on both computers. The MD5 hashes did not match. Small differences between the two reads, the internal timestamps, the system metadata, etc. likely resulted in the mismatch. It will almost certainly also be different from the file hashes from legal download sites, both those that watermark and those that do not. In short, if you and thousands other people have MP3s of the same song with the same file hash value, you will not be able to credibly claim it occurred because all of you ripped it from your CD collections.
The obvious next response is that Apple would never let its data be used in this manner, as it would kill the service. But Nolte notes that might not matter either:
Apple would not have to. They would simply have to comply with an information demand from the RIAA, who has had no problem with being seen as the bad guy in hardball enforcement against file sharing. Moreover consider this:
- Apple is the largest music retailer on the planet.
- Apple believes, possibly justifiably, that it loses billions of dollars annually to illegal music file sharing.
- The easiest way out of the legal jam over challenged content in your iCloud storage would be to convert the suspected iCloud music by buying it from Apple. Apple becomes almost like a white knight in the process.
While this is possible
, I don't think it's probable for a variety of reasons. While the RIAA may not have a problem being seen as the bad guy in hardball enforcement, I think that even it has some limits, and this almost certainly passes those limits. I could
actually see a random misguided indie label seeking this kind of information, but I'm not convinced it would really get that far. I would hope that most courts would recognize that this was a fishing expedition, rather than a reasonable search based on evidence of specific infringement. Simply demanding all data would (hopefully) be a non-starter.
In the end, I think both claims are probably overblown. Music Match is neither a way to launder infringing files, nor is it a honeypot to get you in trouble for your infringing files. It's just a service to sync music.