Internet security companies are developing a new wave of technologies to track and interrupt the downloading of copyrighted music and videos over the Internet, threatening the anonymous impunity that has drawn millions of consumers to Napster Inc. and other file-swapping networks.
Unlike previous efforts to stop piracy by scrambling song or movie files, the new techniques try to ferret out bootlegged files and detect unauthorized copying across networks.
Some companies even claim that, with the help of consumers' Internet service providers, they can block any attempt to share a pirated file.
The security companies say they're not interested in compiling lists of pirates, but their efforts could still give users of "peer-to-peer" networks such as Napster, Gnutella and Freenet the uncomfortable feeling that they're being watched. In fact, that's just what these companies are doing, although they say they're only looking for their customers' copyrighted works.
Nor do the companies behind the new security measures, including Vidius Inc. in Los Angeles, IpArchive in Boulder, Colo., and Copyright.net in Nashville, say they want to destroy the peer-to-peer networks. Instead, they say they're trying to interrupt the pipeline of pirated content and, in some cases, point consumers to authorized sources for the material they want.
These new tactics add a new dimension to the battle over copyrights and the burgeoning duplication of music and movies online.
One executive at a major Hollywood studio who saw Vidius' technology in action said: "They were able to geographically locate [an unauthorized download], down to the point where they can go to the Internet service providers, they can go to the universities [or] corporations where it's being downloaded and say, 'You're busted.' "
That kind of claim makes security experts skeptical and privacy advocates leery.
But Derek Broes, chief executive of Vidius, contends that his company's efforts could actually benefit consumers by persuading reluctant studios, publishers and record companies to make their most popular content available online.
Still, the new security tools are double-edged swords. Although Vidius and IpArchive say they are interested only in pirated entertainment and software, in theory the same technologies could be used on any large data file, such as a digital book of religious instruction or a video presentation on treating HIV.
Robert Ellis Smith, editor of Privacy Journal, a monthly newsletter that explores contemporary threats to privacy, said the anti-piracy technologies are just one element in a wave of efforts to track consumers' behavior on the Web. But he gives Vidius and IpArchive credit for being overt and direct when enforcing copyrights by cutting off a download.
"I don't see the privacy threat," Smith said when told about the new technology. "The user [affected] has raised some suspicion, and it's fair enough that a company protects its proprietary content."
Redwood City, Calif.-based Napster has led the explosive growth of online music swapping, drawing 14.4 million users in January alone, according to online research firm Jupiter Media Metrix.
Movie copying hasn't reached mass-market proportions because the files take hours to download, but the number is growing. Broes of Vidius estimates that half a million copies of films are made daily through Gnutella and other all-purpose peer-to-peer networks, with digital copies of TV shows being downloaded with even greater frequency.
The music and film industries fear that these free outlets will eat into their traditional businesses and prevent them from building new ones on the Web. So they've responded with lawsuits, most notably against Napster and the now-defunct Scour, and with technology designed to guard against unauthorized duplication.
There are three basic elements of the technological defense: marking files so they can be identified and traced, encrypting them to deter copying, and responding when unauthorized copies start to move on the Net. A number of companies have been active for years in the first two areas, but the third is a relatively new arena.
One technique, used by online music company EMusic.com Inc. of Redwood City, Calif., and copyright enforcer Copyright.net, is to scan the files that peer-to-peer users make available for sharing. If they find someone with files matching a copyrighted work, they'll either send a notice asking the user to stop sharing that file, or they'll ask Napster to remove that person from its service.
Richard Rose, a Copyright.net vice president, said his company's actions have knocked 49,000 Napster users off the system in the last few weeks for violating copyrights. The company also is monitoring other peer-to-peer networks on behalf of its 750 music-publishing clients, Rose said.
The shortcoming for EMusic and Copyright.net is that peer-to-peer users can avoid detection by making small changes in their digital music files. That's because Copyright.net looks merely at the name of the file, although EMusic checks an identifier based on the amount of data in the file.
Other companies, such as Audible Magic Corp. of Los Gatos, Calif., have developed ways to identify music files based on their actual sound. That way, unless the song itself is changed, a copyrighted work can still be identified.
IpArchive and Vidius combine multiple identification tools with widespread detection mechanisms that watch files as they enter or exit key points on the Internet. For example, their technology could be inside a regional aggregation point for an Internet service provider, a campus computer network or even the software used by a movie downloading service.
Richard Schmelzer, founder and chief executive of IpArchive, said his software has been deployed already by several major Internet pipelines, although he would not disclose which ones.
Once IpArchive's technology spots an unauthorized transfer passing through its monitoring point, Schmelzer said, it can stop the transfer and send a notice directing the would-be downloader to an authorized source of the file. The company won't identify the sender or the recipient, he said, because, Schmelzer said, "That's a line I don't want to cross right now, for obvious reasons."
Vidius, meanwhile, is in trials with a handful of movie companies to demonstrate its ability not just to document problems, but also to intervene.
Vidius can and does identify the Internet addresses of senders and recipients, Broes said. Whether it can match those numbers to names, however, depends on the level of cooperation it receives from the parties' Internet providers.
The main goal for Vidius is to help the movie studios and Internet providers offer piracy-resistant, video-on-demand services over the Web. If the technology is incorporated into the video-delivery system, Broes said it can detect when a user tries to send a copyrighted file and can stop the file from traveling over the Internet.
Vidius can also monitor and search peer-to-peer networks for other pirated copies of its customers' works, such as a digital video made of a film in a theater. If it sees a file on its list start to move, Broes said, Vidius can either ask the Internet service provider involved to stop the transfer in compliance with copyright law, or it can interrupt the transfer itself.
The studio executive who's seen Vidius' technology in action, speaking on condition of anonymity, said one potential benefit is pinpointing the sources of piracy within a production. The goal isn't to stop every unauthorized copy, the executive said, but to shut down the major sources and "dissuade other people from jumping on the bandwagon."
Broes acknowledged that monitoring and intervening in file transfers on the Net raises some serious privacy issues. But he said his company's technology would be used only to enforce copyrights.