In an attempt to foil those seeking free music, the recording industry is flooding the Internet with fake song files
It plays like something out of the “Twilight Zone”: consider the story of Joe Music Fan. He logs on to his favorite peer-to-peer network to download the new Eminem song. But when he boots up the track, something spooky occurs. Eminem is repeating the same four words over and over. “Holy Encryption!” Joe Music Fan exclaims, “Spoofed again.”
Scenes like this occur a million times a day among the clients of the burgeoning peer-to-peer (P2P) services that have taken over music file sharing from Napster. Recording companies are now taking the offensive against music piracy, and Napster successors such as Morpheus and LimeWire are facing their onslaught—the flooding of their P2P services with so-called spoofs, that is, falsified MP3 files that appear under a song’s usual track name but, when played, offer only a frustrating mix of looped choruses or noise.
The idea is to hit pirates where it hurts —boxing their ears with spoiled music to encourage them to buy CDs or obtain music on the Web through legitimate methods rather than download songs illegally for free. “Copyright owners would like to use technology to protect their interests so long as they’re not causing damage,” says Cary Sherman, president of the Recording Industry Association of America (RIAA, Washington, D.C.), the recording industry’s trade group. The question is: what, if any, damage is being done?
The company behind the spoofs is Overpeer Inc. (New York City). Overpeer is run by Marc Morgenstern, former senior vice president for new media for the music publishing company, American Society of Composers, Authors, and Publishers (New York City). Overpeer employs dozens of engineers who create altered MP3 files. According to Morgenstern, they protect more than 30 000 titles—including songs, videos, and games—by producing spoofs of them and putting them on the Internet. He calculates that his group blocks more than 200 million acts of piracy every month when its spoofs are downloaded instead of the real things.
“It’s a real cat-and-mouse game,” Morgenstern says. “We continually upgrade and adapt our solution to keep up with the changes of the peer-to-peer clients.”
P2P company Morpheus says that it will have anti-spoof wares in its next upgrade. And BearShare, used by Gnutella surfers, and KaZaA software already employ forms of user ratings that can blow a spoof’s cover.
Mark Gorton, CEO of LimeWire LLC (New York City) just doesn’t see any long-term impact. “I don’t think spoofs have potential to hurt the peer-to-peer network,” he says. “People who download something other than what they’re looking for just delete it and try something else.”
Surveys tell a different story. Lee Black, a senior analyst for Jupiter Research (New York City), a technology research firm, has found that spoofs do frustrate many users. This could help the music industry get its wish: drive consumers to join its online music subscription clubs, MusicNet Inc. or Pressplay (both in New York City).
Meanwhile, content owners want ever stronger weapons. The Peer-to-Peer Piracy Prevention Act, introduced in Congress by Representative Howard L. Berman (D-Calif.), would grant content owners the right to unleash a barrage of hack attacks against online pirates. An example might be denial of service, an online attack that swamps a server with so many requests for a single file that the computer crashes, or at least cannot fulfill legitimate requests.
But the act’s draconian aspects—such as relieving government hackers of liability for any damage done during the pursuit of pirates—have created opposition. Berman no sooner introduced the bill than the Computer & Communications Industry Association (Washington, D.C.), a trade group whose member companies include Yahoo! and AOL Time Warner, issued a press release, declaring that “the last thing we need is to create a protected group of hackers.”
Unprotected hackers expressed their displeasure by swamping the RIAA’s Web site with their own denial-of-service attack. With spoofing on the rise, the salvos have likely just begun.