Tuesday, May 18, 2004

New York Times - A New Way to Combat Online Piracy

The method outlined in this article is guaranteed to fail, and the countermeasures required would be trivial to implement. In fact, I believe that most file-sharing systems have already implemented the solution I have in mind - file hashing.

DOWNLOADING music, movies or software illegally might become less appealing if every third song or film scene was suddenly interrupted by white noise or worse, announcements urging "next time, pay for what you take!"

This "gotcha" technique - circulating flawed or reproving digital copies of songs on the Internet - has been tried in some form by a few pop stars hoping to thwart online music piracy. Two weeks ago, a University of Tulsa professor and a former graduate student of his won a patent for software that analyzes and monitors illegal music swapping on file-sharing networks, and then systematically inserts decoy files into the mix.

Prof. John Hale and Gavin Manes invented a system with decoys that appear real but contain either poor-quality recordings, buzzing or advertisements. The friendliest decoy might hold samples of songs for sale, while the most irritating could cause extremely long download times.

The inventors intend them to frustrate people who infringe copyrights when they take artistic content free from peer-to-peer networks, like the music Web site Kazaa. No longer will they get free-and-clear copies of individual songs or CD's. Instead, they will get corrupted songs filled with random noise and interruptions.

I'm surprised that a computer science professor and a PhD in the subject should be pushing such a worthless scheme; how is their method going to deal with the fact that MD5 and SHA-1 hashes of files are integrated into the file-sharing mechanisms that are most popular? The odds of obtaining a collision (i.e., getting two files to hash to the same value) are only 1 in 264 with MD5, and 1 in 280 with SHA-1, and the alteration of a single bit in a file would be enough to ensure that its hash value would be very different from an unaltered file. Consequently, all it would take to get around this antipiracy measure would be some means of disseminating information as to which hash values are those of reliable files, and which ones aren't; the thing is that there are a multitude of ways in which such things can (and already are) being done, whether through email, through online warez sites, or through IRC channels. The patent of Dr. Hale and Dr. Manes is of essentially zero value - though I wouldn't mind them making a few bucks off the ignorance, greed and fear of the big record companies.

POSTSCRIPT: After a little investigation, I've learnt that Kazaa, which is by far the most popular file-sharing system, only bothers to hash the first 300KB or so of any file, making it trivial to corrupt files that are longer than this without anyone catching on. As a result of the Kazaa programmers' boneheadedness, this antipiracy patent isn't quite as worthless as I thought it would be. Nevertheless, any utility it has will only be fleeting, and the more effective the technique turns out to be, the shorter the period in which it will enjoy success: all the more recent file-sharing networks, like eDonkey and Shareaza, carry out full file hashes, and frustration with Kazaa will only drive its users into the arms of these newer alternatives.

POSTSCRIPT 2: Something else just occurred to me - in this age of broadband connections, what is to stop determined Kazaa users from initiating 5 or 10 simultaneous downloads of different versions of the same file at once? What with the typical music file being between 3-5 MB in length, this wouldn't take very long, and as long as even 1 of the lot was the correct item, the goal would be accomplished, and the rest could then safely be deleted. I think the music companies will find that the technique outlined in this patent will prove a lot more expensive to successfully implement than they might have imagined.