Hackers bite Apple in its iTunes

MusicMusic IndustryConsumer Electronics IndustryBusinessTechnology IndustryCrime, Law and JusticeCrime

Until last week, it appeared that Apple Computer Inc.'s iTunes Music Store had solved the problem of how to sell music over the Internet with just enough digital security to satisfy nervous record labels but not so much as to deter consumers from using it.

But a few enterprising Mac hackers figured out how to get more mileage from one of the built-in features of iTunes 4, streaming music between Macs on a local network (such as a home network).

Within a week of iTunes 4's introduction, Web sites such as ShareiTunes.com and Spymac were offering lists of song collections that could be streamed from the hard drives of dozens of online Mac users who made their collections available.

Streaming, it should be noted, is distinct from downloading. When you stream a file, it's like listening to the radio; no file is transferred to your hard drive. Many Mac users doing this believed that since they were just listening and not downloading, the activity was legal.

Before anyone could start debating the legality of streaming, however, other clever hackers devised a way to use the sharing function to download songs from one another's drives.

Suddenly, Apple was an unwittingly accomplice to illegal file-sharing, the very vice its Music Store had been created to discourage.

Yet the news has not generated the level of distress from the recording industry one would expect, though it clearly is concerned.

"The streaming was supposed to be for personal use," said Hilary Rosen, chairman and chief executive of the Recording Industry Association of America in New York. "We do not think it is appropriate to undermine rights granted for personal use by spreading them to millions of strangers."

The association filed a lawsuit in 1999 that eventually killed Napster Inc., and serves as the record labels' primary instrument in their protracted fight against music piracy.

"I think we were all a bit surprised, given how far Apple has gone to satisfy the music fan, that there is still such passion for getting around any legitimate system," Rosen said. "It shows that there was always reason to be skeptical about those who have justified their theft by saying that there was no good legitimate alternative."

But the streamers and the downloaders in many cases are not the same people, and the streamers are convinced what they were doing wasn't illegal.

While copying songs from strangers over the Internet is clearly illegal, the streaming issue is murkier.

Fred von Lohmann, senior intellectual property attorney for the Electronic Frontier Foundation, a nonprofit group that seeks to defend users' digital rights, said: "Both streaming and downloading can present infringement issues [assuming you are sharing the songs without authorization], since you are both reproducing and performing the songs."

Because of the severe limitations of iTunes streaming -- one must have the exact Web address of the host, and sharing is limited to five users at a time -- some contend that it doesn't qualify as "Webcasting," and, thus, breaks no laws.

Regardless, Lohmann said he doesn't think Apple could be held liable for the hacks because iTunes was not designed with the intent of file sharing, and Apple could not be held responsible for what a few individuals might do with it.

Several other factors also serve to limit Apple's culpability. The software being hacked, iTunes 4, is linked only to Apple's music service in that it is how Mac users access the service. The music service itself, in no way, has been hacked.

In addition, the Advanced Audio Coding file-compression format that Apple uses in its music store prevents large-scale streaming or downloading, as AAC-coded songs can only be played on three Macs authorized by the same user account. Streaming and downloading AAC-coded songs to strangers doesn't work.

So the songs that Mac users have been sharing mostly have been standard MP3 files ripped from CDs, not music bought from Apple's store.

Perhaps this, along with the stiff limitations of sharing -- and that it is confined to the relatively tiny Mac OS X-using community -- explains the muted response from the record labels.

As for the sites offering streaming, they reacted quickly -- and ethically -- when they learned of the downloading software, which sports such names as iLeech and iSlurp.

At first, they tried to block users from "harvesting" the Web addresses required by the downloading software, but when it became apparent that could be circumvented, most of the streaming sites shut themselves down.

Spymac had a message in place of its streaming music page last Wednesday announcing the feature had been removed until a way to block people from downloading songs could be devised.

David Benesch, who provided the code to Spymac to enable streaming from the site, posted this message on his Web site: "I tried to promote the use of iTunes' built-in features, not get around them."

Benesch said he was "incredibly disappointed that these programs were developed" and expressed concern that Apple would react by removing the sharing feature from iTunes.

Apple, based in Cupertino, Calif., has said little about the issue except to emphasize that the music-sharing function of iTunes 4 is intended only for personal use and that Apple doesn't support sharing beyond that, including streaming over the Internet.

Aram Sinnreich, an independent music industry analyst affiliated with Annenberg School for Communication at the University of Southern California, said the quick adaptation of the iTunes software to Internet streaming "should teach Apple and the record labels that people want this interface. They want to be able to search a library and listen to what they want."

He said he sees the current iTunes controversy as a test case for limited file sharing. While the labels have denounced large-scale file sharing, a la Napster and KaZaA, Sinnreich said some executives have expressed support for limited file sharing between family and friends -- the sort of small-scale sharing Apple intended with iTunes.

In any case, the labels appear willing to give Apple a chance to fix the problem before they get testy.

"We are in constant touch with Apple, and these issues are being addressed," said Jeanne Meyer, senior vice president of corporate communications for EMI North America.

Of course, the resounding success of the online music store -- it sold 2 million songs in its first 16 days -- has bought Apple some much-needed goodwill.

Certainly, the labels will not tolerate a major security hole in the Windows version of the iTunes Music Store, due later this year, with its millions of potential users. Since only two of the five labels have as yet agreed to license their music for a Windows version, Apple needs to find a cure for this headache quickly.

Some possibilities:

  • Eliminate the sharing feature altogether from iTunes, in both the Windows version and the next Mac version. As this option doesn't fit with Apple's user-friendly philosophy, it's not likely.
  • Eliminate all formats but AAC from iTunes. This drastic solution also is unlikely, as it would inconvenience all iTunes users, whether they were sharing or not.
  • Create a Windows version with no sharing feature while concocting a way to limit sharing on Macs to the originally intended local networks. This retains a "Mac advantage" along with addressing the downloading issue among Mac users.
  • Have iTunes force-quit the hacker software when it detects unauthorized streaming and downloading. Makers of the screen-capture utility Snapz Pro X discovered recently that taking a screen shot of iTunes 4 caused the utility to quit, so the tactic is feasible.I would offer yet another, more radical, solution in the spirit of the iTunes Music Store's mission of weaning people from illegal file sharing: make it easier to buy music legitimately.Apple should extend the 30-second streaming previews currently available from the Music Store to full-song previews, perhaps by adding a full-streaming subscription option for, say, $5 or $10 a month for those who desire full previews.Apple Chief Executive Steve Jobs dismissed the subscription concept when he introduced the Music Store, but it could serve a role in broadening the store's appeal while discouraging third-party hacks.Users would have far less motivation to stream their personal collections over the Internet if Apple's full 200,000-song collection was available.Plus, the ability to preview entire songs rather than 30-second snippets would give more people the confidence to purchase new, unfamiliar songs they otherwise would not buy.Like the rest of the Music Store, the full-preview streaming option would be a win for everybody. Users get to sample more music, downloading and paying for songs when they're ready, while Apple and the record labels would get more money from the increase in sales.

  • Copyright © 2014, Los Angeles Times
    Comments
    Loading