m_topn picture
Atlantic Monthly Sidebar

Go to this issue's Table of Contents.

S E P T E M B E R  2 0 0 0 

(The online version of this article appears in four parts. Click here to go to part one, part three, or part four.)

Joe Average Becomes Jane Hacker

ARGUABLY, the person most responsible for the present turmoil in the recording industry is an Italian engineer named Leonardo Chiariglione, and he is responsible only by accident. The director of the television research division at Telecom Italia's Centro Studi e Laboratori Telecomunicazioni, the Italian equivalent of the old Bell Labs, Chiariglione led the development of a standard means for converting recorded sound into digital form, which is now called MP3. The tale of the development of MP3 explains both how the music industry stumbled into its current predicament and why technophiles believe that the industry's attempts to control online copying are doomed to failure.

Illustration by Jose CruzThe International Organization for Standardization, based in Switzerland, is the world's premier standards body, establishing conventions for everything from the dimensions of letter paper to the size of screw threads. Chiariglione approached the organization -- and a sister agency, the International Electrotechnical Commission, also based in Switzerland -- about putting together a working group to arrive at standards for digital video and audio, both of which were on the horizon. The Moving Picture Experts Group (MPEG) met for the first time in May of 1988. Twenty-five people attended. Not one of them was from a record company. "Some of them came later, when the group became larger," Chiariglione says. "But at the time -- well, nobody knew, you see. Nobody, I promise you, had any idea of what this would mean to music."

Converting pictures and sounds into zeros and ones creates files that are too large for most computers and networks to work with easily: a single second of music from a compact disc takes up 175,000 bytes. Researchers have invented methods of shrinking this information without losing its identifying qualities, much as shorthand shrinks written language while leaving its sense intact. Codecs, as these methods are called, take advantage of quirks in human perception. (Codec stands for "coder-decoder.") Because the ear can discern certain frequencies more clearly than others in particular situations, codecs can slice away the tones people don't perceive, decreasing the size of music files without greatly affecting the sound. "You'd think that people would notice if you pulled out half the sounds in their favorite music, but they don't," says David Weekly, an independent programmer who is writing an online book about digital audio.

Chiariglione's group asked for candidate audio and visual codecs. One response came from the Institute for Integrated Circuits of the Fraunhofer Gesellschaft, a group of forty-seven laboratories in Germany that helps companies develop marketable products from university research. In the 1980s a research team from the institute and the University of Erlangen developed a codec that let high-quality music be transmitted over ordinary telephone lines, fine-tuning it by encoding music, including a Suzanne Vega song, hundreds of times and listening to the results. The codec could shrink music files by a factor of twelve or more with little loss of quality. With the Fraunhofer-Erlangen team's help, Chiariglione's group laboriously incorporated the codec into its first audiovisual standard, MPEG-1. Completed in 1992, MPEG-1 described three separate but related schemes -- "layers," in the jargon -- for converting sound into a pattern of ones and zeros. Layer 1 and Layer 2 were intended for high-performance applications; Layer 3, a buffed-up version of the Germans' ideas, was intended for devices that handle data relatively slowly, such as today's personal computers. MPEG-1, Layer 3 is what is now called MP3.

To show industries how to use the codec, MPEG cobbled together a free sample program that converted music into MP3 files. The demonstration software created poor-quality sound, and Fraunhofer did not intend that it be used. The software's "source code" -- its underlying instructions -- was stored on an easily accessible computer at the University of Erlangen, from which it was downloaded by one SoloH, a hacker in the Netherlands (and, one assumes, a Star Wars fan). SoloH revamped the source code to produce software that converted compact-disc tracks into music files of acceptable quality. (The conversion is known as "ripping" a CD.)

This single unexpected act undid the music industry. Other hackers joined in, and the work passed from hand to hand in an ad hoc electronic swap meet, each coder tinkering with the software and passing on the resulting improvements to the rest. Within two years an active digital-music subculture was shoehorning MP3 sites into obscure corners of the Net, all chockablock with songs -- copyrighted songs -- that had previously been imprisoned on compact discs.

No one was more surprised than Chiariglione. The main application the experts group had foreseen for MPEG-1, of which MP3 is a part, was CD-i, a now-uncommon form of interactive compact disc developed by Philips and Sony to put games and educational programs on television sets. But on the Net little is predictable. The development of MP3 software happened with the burbling, self-organizing spontaneity that is one of the global network's most salient characteristics -- and the ultimate source of the music industry's digital dilemma.

Napster was incorporated in May of last year, and released its software in preliminary form three months later. It quickly caught on, spawning imitations and variants, commercial and nose-thumbingly uncommercial: Wrapster, Napigator, Gnutella, Scour Exchange, CuteMX, iMesh, eCircles, FileSwap, Gnarly!, MP123, NetBrilliant, OnShare, Angry Coffee -- even, mockingly, Metallicster. Much of the software is hard to find, slow, buggy, and unfinished, requiring so much perseverance that one might expect only adolescents to use it. Adolescents, as it happens, are the labels' biggest market, and indeed, the infelicities of the user experience have not deterred them from ripping and trading CDs on these services. Estimates of the number of MP3 files on the Net range from just under 100 million to more than a billion. Some students, blessed with the fast Internet links common at universities, have thousands of songs on their computers. In April the Bernstein Investment Research Group warned that within three years the industry could lose as many as one out of six CD sales to Internet piracy.

"The sharing may be technically illegal, but there's no way to stop it," says Whitney Broussard, a lawyer at the music-law firm of Selverne, Mandelbaum & Mintz. "Already the entire body of important musical works is in compact-disc format -- unencrypted digital copies" that are freely convertible into MP3 files. MP3 itself can't be retrofitted to enforce copyrights, because today's ripping and playing software wouldn't be able to comprehend the add-ons. Similarly, CD players can't readily be changed to make copying impossible; indeed, a trial release in Germany of copy-protected CDs foundered early this year, because some consumers couldn't get them to play. As for halting the spread of MP3s ripped from CDs, Broussard says, "it's too late."

Furthermore, the industry is not simply fighting an unorganized group of college kids. In an illustration of Lenin's remark about capitalists' selling the rope with which to hang themselves, businesspeople are lining up to profit from activities they officially decry.

The trade association for record stores, the National Association of Recording Merchandisers, trumpets on its Web site its support of "aggressive efforts to fight piracy." And yet the National Record Mart, an association member that owns more than 180 record stores, announced last March -- in an if-you-can't-beat-'em-join-'em move -- that it would buy MP3Board.com, a company that runs a Web site that searches for and posts links to illicit music files. When the RIAA tried to shut down MP3Board.com, in May, the company sued, demanding that the court pre-emptively rule that its service is legal. (The labels countersued in June.) Perhaps more startling, Scour.com, a rapidly growing start-up with a Napsterlike service called Scour Exchange, is bankrolled in part by Michael Ovitz, agent and manager to the stars. A search on Scour for Robin Williams, a client of Ovitz's management company, turned up more than fifty copies, all available for downloading, of comedy routines from Williams's recordings.

Beset by a growing mass of enemies, the labels and dozens of other companies -- retailers, consumer-electronics firms, information-technology companies, trade associations, dot-coms of various persuasions -- have been meeting to create what is uneuphoniously known as the Secure Digital Music Initiative. The goal is to create security measures that will permit the industry to release music on the Internet without fear of its spreading uncontrollably. Unlike the bulk of today's online music, SDMI music will be playable only on software and hardware that follows SDMI rules about copying. It will be as if CDs could be played only on special stereo systems that cannot be hooked up to tape recorders. Most important, customers won't be able to trade downloaded SDMI music on Napster and its ilk. More accurately, customers will be able to shuttle files around Napster freely, but the SDMI protection will control the circumstances under which the files can actually be played. In theory, SDMI will return control of the music to the industry -- a necessary precondition, in Bronfman's view, for the "huge creative and industrial efforts" required to build the heavenly jukebox and the planetary sea of content that will follow it.

The head of SDMI is an engineer with considerable experience with large, fractious groups: Leonardo Chiariglione. Despite his efforts, the initiative has been plagued by feuding and foot-dragging. SDMI members include both record stores and e-commerce sites that hope to drive them out of existence, record labels that want to shut off free music and hardware manufacturers that are rushing scores of Walkman-like MP3 players to the market, and such active legal antagonists as Napster and the RIAA. The multiple conflicts have helped to ensure that the first fully functional SDMI music files will not be available until Christmas at the earliest, more than a year after the target date.

But even when SDMI music finally becomes available, it "just won't work," according to Gene Hoffman, an SDMI participant who is the president of the online music store EMusic.com. "There's no way it will do the things they want it to do, which is to lock up this kind of content."

Encoding computer files in a way that prevents unauthorized copying is a form of cryptography. No matter how SDMI encodes a song, explains Martin Eberhard, the CEO of Nuvomedia, which manufactures electronic books, it must be listened to in unscrambled form, which means that somewhere on the computer the song exists in "plaintext," as cryptographers call it. The decrypted stream of data can be captured, in the digital equivalent of putting a tape recorder in front of stereo speakers. "It doesn't matter how good the cryptography is," Eberhard says. "Once [the music] is decrypted, you just bypass the cryptography and re-rip the music into an MP3."

SDMI employs the further protection of embedding digital watermarks in the music. SDMI software looks for the watermarks; if they have been altered, which happens if the music is illicitly decrypted, the software refuses to play the music. But watermarking, too, is vulnerable to attack, according to Bruce Schneier, an Internet-security consultant who is the author of Secrets and Lies, a disquisition on the pitfalls of computer networks which is being published this month. "At the moment, the techniques are hard to do," he says. But the Net is very good at bringing down the bar. "You always have two kinds of attackers, Joe Average and Jane Hacker. Many systems in the real world only have to be secure against Joe Average." Door locks are an example: they're vulnerable to expert thieves, but the chance that any one door will encounter an expert thief is small. "But if I am Jane Hacker, the best online," Schneier says, "I can write a program that does what I do and put it up on the Web -- click here to defeat the system. Suddenly Joe Average is just as good as Jane Hacker."

Last year Microsoft released a new version of Windows Media Audio, an equivalent to MP3 that the company touted as secure: songs in the format could be restricted to a single personal computer. Within hours of its release somebody with nothing else to do slammed together a program, archly called "unfuck," that intercepted the decrypted data and stripped away the restrictions. Hours after that the program was available on Web sites around the world, from one of which I recently downloaded it. "If your stuff is on everybody's desktop, people will try to tinker with it," Gene Hoffman says. "You're giving the whole world a chance to crack your cryptography on machines that inherently make that easy to do."

These difficulties are not restricted to music. Contemplating the apparently ineluctable growth of the global network, book publishers and film studios see themselves rushing toward a digital dilemma of their own. Like the record labels, they recognize the overwhelming speed, ease, and cheapness of online distribution. At the same time, they fear -- with good reason -- that what has happened to the music industry will happen to them. On March 14 Stephen King electronically released a novella, Riding the Bullet, in a format that was readable only by using designated electronic books or special software. Just three days later a plaintext version appeared on a Web site in Switzerland. Remarkably, the crackers troubled themselves to break the code even though Amazon and Barnes & Noble were offering the authorized version at no charge.

Film studios use what is called the Content Scrambling System to encrypt digital video discs. Last year at least two groups of European hackers raced to break the CSS encryption; the better software, DeCSS, was released on the Web in October. It was used by yet another band of hackers to create a new compression scheme, called DivX, that can shrink feature films to 600 megabytes -- small enough to be traded, Napster-style, by people with ultra-fast connections. The software, which is distributed from a Web site ostensibly based on a group of islands in the Indian Ocean, is hard to use, unreliable, and popular; a week after the release of Mission: Impossible 2, I found DivX copies on the Net. Meanwhile, the movie industry has been trying to suppress not only the hundreds of Web sites around the world that host unauthorized software but also the much larger group of sites that link to them. Because new DeCSS and DivX sites pop up as rapidly as the old ones are taken down, the studios are facing a grim, unwinnable contest of legal Whack-a-Mole.

Given the huge number of MP3 files already in existence, the explosion of file-sharing software, the willingness of companies to try to profit from illicit copies, and the likelihood that SDMI will be circumvented, it seems reasonable to suppose that the music industry will never be able to restrict copyrighted material on personal computers connected to the Internet. Nor will print publishers or video or film producers. The content industry therefore has two possible courses of action. One is to prepare for a world in which copyright plays a much smaller role. The other is to change the Internet. The first alternative is problematic, to say the least. The second could be much worse.


(The online version of this article appears in four parts. Click here to go to part one, part three, or part four.)

Charles C. Mann is a correspondent for The Atlantic. His article about copyright in the Internet age, "Who Will Own Your Next Good Idea?" (September, 1998, Atlantic), was a finalist for a National Magazine Award.

Illustrations by Josť Cruz.

Copyright © 2000 by The Atlantic Monthly Company. All rights reserved.
The Atlantic Monthly; September 2000; The Heavenly Jukebox - 00.09 (Part Two); Volume 286, No. 3; page 39-59.