The Piracy Arms Race

Although Val Thomas and Jed McCaleb have never met, their careers have been locked in a hostile embrace for much of the last two years.

From his office in Midtown Manhattan, Thomas commands a virtual army of more than 4 million simulated humans that fed a steady diet of fake songs, films and other digital goods to unsuspecting downloaders. One of his prime targets has been the eDonkey file-sharing network, a hotbed of online piracy.

Just a few miles away in Lower Manhattan, Jed McCaleb and his colleagues at MetaMachine Inc. defended eDonkey against attack, making it a more efficient and reliable file-sharing tool. In effect, they created markets that were hard for Thomas’ cyber army to overrun.

Thomas and McCaleb have been central figures in a race pitting far-flung crews of youthful engineers against the multibillion-dollar entertainment and software industries. That tussle is an important part of the entertainment industry’s crusade to convince people that digitized movies and music have value too and shouldn’t be enjoyed free.

The outcome of that fight could transform the entertainment industry because “peer-to-peer” systems such as eDonkey enable perfect copies of songs and movies to be shared with millions of people around the world.

“This is unlike traditional analog piracy,” said P.J. McNealy, an analyst at American Technology Research. “The scale is so much more massive. It’s not like historical piracy levels, where it’s a threat to 15% of their sales. It’s more like a 75% to 99% threat.”

Big money is at stake. Record labels say file sharing was partly to blame for a prolonged slide in CD sales, and studio executives have grown accustomed to finding their movies online soon after they open in theaters. Although users of file-sharing networks don’t pay to swap music or movies, the companies that distribute the software can make millions by selling advertising on their programs.

The entertainment industry has been making inroads against file sharing in court. Most recently, the Supreme Court ruled in June that companies could be sued for copyright infringement if they encouraged people to bootleg.

That decision has prodded a growing number of companies in the file-sharing field, including eDonkey, to yield to the industry’s threats of lawsuits. Last week, Sam Yagan, MetaMachine’s chief executive, told a Senate committee that the company would change its software to stop users from downloading illegally.

But the industry’s courtroom victories may not reduce online piracy. Instead, downloaders may simply switch to services that are harder for the industry to sue, just as they did after the pioneering Napster file-sharing service started filtering out pirated hits.

Hence the labels and studios’ need to leaven their legal assault on file sharing with a technological one. And that’s where Thomas comes in.

The beefy 42-year-old is chief technical officer of Overpeer Inc., a subsidiary of Loudeye Corp. that is paid by the entertainment industry to combat illegal downloading with an army of computerized drones. From an office overlooking the New York Public Library, Thomas unleashes millions of fake files into popular networks such as eDonkey, Kazaa and Gnutella every hour.

The fakes look real enough, but they’re nothing but dead air or song fragments. Thomas aims to drain the fun out of file sharing by forcing users to wade through megabytes of junk before finding an honest-to-goodness pirated file -- if they ever do. It’s like trying to find a needle in a virtual haystack.

“We are not attempting in any way, shape or form to shut down a peer-to-peer network,” Thomas said. “What we try to do with our technology is prevent the copyrighted material from being distributed over those networks, and only the copyrighted material.”

McCaleb, 30, is the lead programmer at MetaMachine, the company behind the immensely popular eDonkey file-sharing software. He and his programming team work on makeshift desks in a one-room office on West 21st Street, in a row of aging commercial buildings.

Fascinated by the power and potential of peer-to-peer technology, McCaleb and his crew designed their software to help users find and download what they’re looking for, without tangling with bogus or broken files.

McCaleb wasn’t motivated by a zeal for free goods, a grudge against Hollywood or a chip on his shoulder about copyright law. Instead, he was enchanted by the thought of uniting millions of people’s computers into a giant, shared resource.

“Napster was just such an awesome idea,” McCaleb said in an interview last year. When asked what made Napster so appealing, he said, “It wasn’t free music at all. It was the fact that you were essentially summing up all these people’s hard drives and making this massive, massive hard drive. That was cool.”

Many file sharers don’t think that they’re breaking the law, no matter what the courts say. They say they’re just sampling things before buying them, or taking a flier on a song or movie that isn’t worth owning. And numerous file-sharing advocates contend that free downloading is boosting sales -- particularly for lesser-known musicians.

Thomas shares some of McCaleb’s sentiments, saying that peer-to-peer computing is “a sweet technology. It really is. But it’s being misused.” Both men are eager to see the entertainment industry use programs like eDonkey to distribute legitimate copies of their works and build businesses around file sharing.

They just don’t agree on how to get there from here.

Overpeer takes advantage of the Internet’s inability to tell who’s at the controls of any computer online. The software lets a single computer pretend to be more than 10,000 people, none of which look any different to the untrained eye from real users on a peer-to-peer network.

The bogus file swappers exist only in the software running on hundreds of Overpeer computers, secured inside a low-slung stone-and-glass “telecom hotel” -- an office building in northern New Jersey that houses Internet services, phone companies and other firms that gobble up bandwidth.

Powerful air conditioners dissipate the heat radiating from the computers’ metal cases. There’s little sign of life or the outside world -- the blinds permit no sunlight to pass through, and strangers are blocked by security guards and a pair of door locks controlled by palm-print scanners. People are scarce amid the black wire cages that cordon Overpeer’s gear off from other companies’ mainframe computers and Web servers. And the only sounds are the whir of air-conditioning fans and an alien, high-pitched whine from the machines themselves.

The machines handle about 30,000 transactions a second -- more than 2.5 billion interactions on file-sharing networks each day.

“In many ways, this is a numbers game, and you match firepower with firepower,” said Marc Morgenstern, CEO of Overpeer. “It’s definitely an arms race. The fact of the matter is that the content industries recognize that it takes a lot of firepower to protect their assets, and they’re willing to take the steps necessary to do so.”

Morgenstern hired Thomas in April 2002 to boost the company’s firepower.

Built like a bar bouncer, Thomas had been a rarity in high school in the 1970s: -- a computer geek who doubled as a football lineman. His fascination led him to study computer science at the New Jersey Institute of Technology in Newark, about 10 miles from the future Overpeer data center.

He spent much of his career managing and designing computer networks and websites, putting in stints at pharmaceutical giant Hoffmann-La Roche and a series of dot-coms. In the process, Thomas became skilled at developing online services that could grow to handle a lot of traffic.

It wasn’t until he joined Overpeer, though, that he saw how enormous the file-sharing world had become. Overpeer couldn’t hope to be effective just by throwing a bunch of PCs at the problem; it needed software that could turn each computer into a giant swarm of spoofers.

“We really believe that people shouldn’t download files without the copyright owner’s permission,” Thomas said, summing up Overpeer’s philosophical underpinnings.

“We also believe that if someone owns all the rights [to a file] and wants to give it away, they should be able to do that, too. But that’s their decision. If we can help those people out, protect their livelihood, that’s a good thing to do every day.”

MetaMachine has only a few employees and limited revenue from advertisers. But it does have McCaleb.

The boyish and quiet Arkansas native spent about a year studying physics at UC Berkeley before dropping out in 1994 to become a coding mercenary in San Francisco. He’d hold down a job for a few months, then quit to write “shareware” game programs for Apple Macintosh computers.

After six years of “a lot of misplaced effort,” McCaleb said, a friend turned him on to Napster. He was working at the time for a mind-numbing dot-com that leased PCs to businesses, but he was so taken with the concept of file sharing that he quit the job and retreated to his apartment in San Francisco’s Panhandle district to try to trump Shawn Fanning’s work with Napster.

EDonkey lets users search for and download files in a way that’s fundamentally different from earlier efforts such as the original Napster and Kazaa. The software verifies each segment of a file as it downloads, and it has built-in safeguards against files whose contents don’t match their names.

That difference kept Overpeer and its competitors -- most notably ArtistDirect Inc. subsidiary MediaDefender of Los Angeles, Macrovision Corp. of Santa Clara, Calif., and SafeNet Inc. subsidiary MediaSentry Services of New York -- from launching attacks on eDonkey. As a consequence, the spoof-free landscape of eDonkey contrasted sharply with the choking overgrowth of bogus files on Kazaa, helping the former grow at the latter’s expense.

The situation changed in early 2004. After about three months of work, Overpeer’s programmers came up with a way to throw its virtual army and bogus files at eDonkey users. Company executives declined to describe their techniques, saying they did not want to tip their hand to pirates.

Over time, though, it became clear that the spoofs were not as effective against eDonkey as they had been against Kazaa. Anti-piracy firms say that eDonkey remains the most popular file-sharing network on the planet, with millions of people running it and related programs at any given moment.

In the summer of 2005, eDonkey programmers noticed something weird happening as they checked the software’s search function. When they typed random words into the search box, McCaleb said, they would occasionally get a strange mishmash of files -- all coming from the same set of eDonkey users.

“They’ve somehow poisoned the network a bit,” effectively hijacking the program’s search function, McCaleb said.

The attack, whose source is unknown, was evidently designed to stop eDonkey users from finding certain copyrighted works. The problem, McCaleb said, was that it also disrupted searches for legal files whose names included some of the same words as the protected ones.

Within a few days, McCaleb’s team circumvented the problem. Overpeer executives declined to discuss the company’s techniques or say whether their outfit was behind the attack.

“It’s totally like a race at this point,” McCaleb said in July. “It probably won’t take them very long to get around it. It just kind of goes around and around like this.”

Despite the technical challenges, Overpeer executives say they’re making a measurable dent in piracy, at least for the items they’re hired to protect. But they think it’s better to give people the chance to buy what they want on file-sharing networks than to rely exclusively on anti-piracy technology.

The idea of trying to convert pirates to buyers is gaining momentum, Morgenstern said, with the company conducting several trials with curious copyright owners.

The major record labels are backing two copyright-friendly approaches to file sharing, Mashboxx and a new version of iMesh, that substitute authorized versions of songs for pirated MP3s.

In an interview last year, McCaleb contended that those efforts would not be able to compete with file-sharing networks that continue to allow free, unfettered downloading.

“All the filtered networks in the world won’t address the problem of copyright violation if no one is using them and everyone just migrates to the non-filtered networks,” McCaleb said.

Still, MetaMachine’s Yagan said in a recent interview that his company had no choice but to embrace filtering after it received a cease-and-desist letter from the Recording Industry Assn. of America last month.

To both Yagan and Morgenstern, the key for the entertainment industry is to find a way to use file-sharing networks effectively, rather than just to neuter them.

As Morgenstern put it, “All you have to do is hang out with teenagers to realize the revolution is upon us.”