m_topn picture
Atlantic Monthly Sidebar

Go to this issue's Table of Contents.

"The Heavenly Jukebox," by Charles C. Mann (September 2000)
Recent coverage of the spread of "contraband" music on the Internet has missed some basic points. Chief among them: the fight against Internet piracy is being led by a peculiar and grasping business -- the recording industry -- that should not be allowed to set the rules.

Discuss this article in the Technology & Digital Culture conference of Post & Riposte.

WEB-ONLY SIDEBAR | September 2000

There's No Such Thing
as "Secure Digital Music"

An e-mail exchange with the Internet-security expert Dan Farmer

Dan Farmer, network security administrator for EarthLink, is renowned in computer circles for developing such provocatively named but useful computer-security software as COPS (Computer Oracle and Password System) and SATAN (Security Administrator's Tool for Analyzing Networks). Before working at EarthLink, he worked on network security for Sun Microsystems, Silicon Graphics, and the Computer Emergency Response Team (CERT), a government center at Carnegie Mellon University. In this e-mail exchange, The Atlantic Monthly's Charles C. Mann asked Farmer to discuss how a security expert thinks about the Secure Digital Music Initiative (SDMI), the music industry's attempt to use encryption and digital watermarking to stop the unauthorized copying of online music.

More than a hundred record labels, hardware companies, software firms, and others have joined together to form SDMI, which is supposed to release its first full version of music-protection software sometime this year. Yet almost from the beginning -- and even before SDMI had come up with anything -- many Internet-security experts were scoffing that it simply couldn't work. Why is that?

To me it's not a question of whether or not the SDMI schemes will be broken -- they may or may not (although I think they will be eventually, and perhaps very quickly). The problem, as I see it, is in thinking that SDMI will have any real effect. First of all, what's the intent of SDMI? I think the main hope is that it will have a significant negative impact on piracy. But SDMI will have a limited effect on the piracy of music that was created before it came into being, because it doesn't protect all the billions of CDs, LPs, tapes, and music files on the Internet that already exist.

Let's consider how SDMI is envisioned to work. You download or somehow acquire a song. Once you have the song, what then? Let's assume that you can only play the song via a SDMI-authorized player. And let's further assume that it is impossible to break the protective shield that encapsulates the song to prevent unauthorized usage.

What then? Well, as a user I plug a recording device into the "output" plug of the authorized player and record the sounds. Now I have a copy of the music -- it might not be an exact copy (although I can get darn close if not identical), but it'll be "good enough." Now I can take this copy of the music, give it away, play it anywhere and anytime I want, etc. SDMI doesn't help at all once I've taken this step.

Napster has shown two things: that people don't give a rat's ass about the quality of the sound when compared to the availability and that the avarice of consumers is not bounded by sound ethical reasoning. It's remarkable in general to listen to the specious arguments people come up with to justify their misdeeds, but it seems to have risen to an even higher level of self-delusion with the online music situation.

Even if it was a difficult operation to copy a song, it only takes one person to do it. After that the spread of the song via the Internet or other means of propagation is only limited by the honesty of the users. And when you multiply this by millions of people...

This is why SDMI is doomed -- copy protection on computers has been shown again and again to fail. And fail it will.

From what you're saying, the record industry is in a horrible bind. They can refuse to release music online, in which case the Internet will become the exclusive domain of pirates, or they can release their music online, in which case they will only end up providing more material to the pirates. Is there any way out of this dilemma?

Even if the music industry simply gave away all their music people would complain that they don't have the bandwidth to download all the stuff -- the problem would merely shift from availability to distribution. The problem (as I see it) is that consumer desire is never going to be satiated, especially when our society has made all this digital stuff seem so alluring, as in the case of music, movies, etc. That's how both the music industry and the pirates make a living, I suppose, and why we're in such a bind right now.

There's a saying -- never try to apply a technical solution to a social problem. With the Internet we have a fairly efficient vehicle to slake at least part of the public's digital thirst, but is there a technical solution? I would say, resoundingly, no. Is there an ethical one? Some may say that unfairness drives them on, that since they cannot afford the content or get it in the ways that they most desire they will take it instead; others protest that since they wouldn't have bought the stuff in the first place no one is harmed, as they simply make a discreet copy that takes nothing away from the original. With these sorts of widespread arguments I don't see much of a social answer either. Perhaps as time goes on and our society comes to grips with the many knotty problems we encounter on the Net, we'll finally come across an answer that most can live with and that isn't ethically bankrupt.

Return to "The Heavenly Jukebox" (September 2000)

Copyright © 2000 by The Atlantic Monthly Company. All rights reserved.