Slashdot Mirror


Software To Stop Song Trading

Shippy writes "Palisade Systems is about to launch new software that can identify and block copyrighted songs as they are being traded online. However, the article fails to mention that it will also stop legal song downloads. The software blocks anything that's copyrighted, whether you already own the song in another format or not. Here's some snippets from the article: 'If installed in a university, for example, it could look inside students' emails, instant messages and peer-to-peer transfers...', and 'Jacobson said the identification process would not work on an encrypted network, such as is used in several newer file-swapping programs. However, the Palisade software could also act to block those applications from using the network altogether.' Great."

40 of 595 comments (clear)

  1. And, thusly... by McCrapDeluxe · · Score: 5, Insightful

    Encrypted protocols increase in popularity.

    1. Re:And, thusly... by NtroP · · Score: 5, Insightful
      The article claims that the software could block encrypted communications, apparently indescriminantly. I wonder how that would affect legit transfers like scp, ssh or vpn connections.

      I'm probably talking out of my butt here, but what if, instead of the entire "stream" being encrypted, just the "content" was, with a one-time, mutually agreed upon key? How would their software know the difference? It would never have the same "fingerprint" twice. Would it just block any traffic that looked like random noise?

      I can see this software pissing a lot of sysadmins off - could you ever be absolutely sure those "ghosts" you've been chasing weren't this software being over zealous?

      The parent is right though. This will just prompt those who wish to trade on P2P to take it to the next level. Especially now that the "Big Five" labels are trying to force Apple to charge $2.50 per song! If that happens I will stop buying songs from iTMS and say "screw the bastards, release the hounds", P2P here I come!

      --
      "terrorism" and "pedophilia" are the root passwords to the Constitution
    2. Re:And, thusly... by LostCluster · · Score: 4, Insightful

      There's no way that any piece of software would be able to peek into encrypted sessions... so the only option this software would have would be a "deny all".

      Seems like this could be useful as something a college could threaten installing unless P2P violators knock it off... but would be trading off quite a bit of legit functionality to ensure zero violations.

    3. Re:And, thusly... by Nadsat · · Score: 5, Interesting

      Yes, McCrapDeluze: what you describe is the blowback, the reaction against the controllers.

      Technology tries to liberate. Technology was once thought of as the essence of freedom's revolution itself. Recall Apple/1984... recall www-idealism. Then technology turns against itself and tries to control. Porn regulation, satillite cameras, fingerprints, RIAA server-side 'intellectual property' monitoring. Liberation vs. control. Hacktivists and regulators engaging in battle royal.

      Sure there are always loopholes and entropy... but I fear the capability of technology to regulate and control will become so strong and so automated that only the most astute hacktivists or fleeting script kiddies will find sanctuary, leaving the rest of the populace to graze like sheep on genetic grass.

  2. WiFi. The 3rd Internet by DigiShaman · · Score: 5, Interesting

    I guess it's time to start bridging those WiFi networks around the world. If you can't beat em, fuck em. I start file sharing over WiFi networks. I look forward to the days of local BBSes again. (WiFi BBS?)

    --
    Life is not for the lazy.
    1. Re:WiFi. The 3rd Internet by dont_think_twice · · Score: 5, Insightful

      Posting this concept on Slashdot is easy. Doing it is a whole different matter ...

      Mod the parrent down as a troll... nothing to see here.


      I love it. Pure, honest intellectual fascism. Basically, you say "Your suggestion is impractical, so you should be modded down, and nobody should even see your idea."

      I don't have any problems with your objections to his idea, but why insist that he should be modded troll for saying something that you disagree with?

  3. Encrypt everything by Zorak+Man · · Score: 5, Informative
    --

    404 .sig not found
  4. Hmm... by LordK3nn3th · · Score: 5, Interesting

    How does this effect pay-for programs like iTunes?

    Also, is this RIAA-only songs being blocked, or other songs? Copyrighted doesn't always mean "undistributable". Someone may hold the copyright to something but may actually let people distribute it-- am I wrong there?

    --

    ---
    Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
    1. Re:Hmm... by darkewolf · · Score: 4, Informative

      No, you are correct.

      I write 'music'. I legally own the copyright, but for the most part I give it away free. Eventually going to press a CD or two but I'd prefer people listen to it, and that does mean filesharing is fine :)

      --
      "That is not dead which can eternal lie...."
      Nimheil
  5. what about my copyright? by Bhull · · Score: 5, Insightful

    how do i tell this software that i want people to trade MY copyrighted music? if they block my file swapping would that be some sort of anticompetitive thing? just because the RIAA and its labels own the majority of music being traded doesnt mean that all the music being traded belongs to them.

  6. 'finger print' by Mattwolf7 · · Score: 5, Interesting
    But how can it determine?

    Palisade's version of the technology sits inside a network, rather than inside a file-swapping program. If installed in a university, for example, it could look inside students' emails, instant messages and peer-to-peer transfers, seeking audio "fingerprints" that could be compared with information in Audible Magic's database.

    If I send my friend an mp3 of me playing some music how can it tell that from me sending a copyrighted work? Is it reading the 'finger print' and then checking byte by byte? Isn't that going to kill traffic... But couldn't it be beaten by adding one extra byte to the file? Sending in another format?

  7. MY Rights?? by Anonymous Coward · · Score: 4, Insightful
    When did trading copyrighted music online become one of my "rights"?

    Funny, on slashdot GPL violators are on step below Charles Manson, while copyright infringers of music, movies, and software are somewhere below jaywalkers.

    1. Re:MY Rights?? by Frizzle+Fry · · Score: 4, Insightful
      Perhaps that opinion mostly comes from the fact that GPL are mostly violated by people with money to make yet more money without earning it, while copyright infringers (of the most common sort targeted by the music industry) are not looking to make a profit from thier actions.

      If a company puts GPL'd code in their (closed) product, they save the money they otherwise would have had to spend to pay programmers to write equivalent code. If you copy music, you save the money you otherwise would have had to spend to buy it at a store. These are more similar than you seem to be willing to acknowledge.
      --
      I'd rather be lucky than good.
    2. Re:MY Rights?? by JamieF · · Score: 4, Insightful

      >when did you lose the right to trade copyrighted music online?

      That depends on what you mean by "trade". If you're talking about allowing anonymous strangers to make complete copies of songs from your computer that are copyrighted and not authorized for this kind of distribution by the copyright holder, then you never had that right. There is no such right. The rights belong to the copyright holder, except for fair use. Allowing unlimited copies to be made for free and given to anonymous individuals is not fair use.

      Maybe the song is copyrighted, but the copyright holder has authorized free online copying of the song. Maybe you know the person you're giving the copy to, and you know 100% for sure that they have a legal license to that song, such as from owning a CD. Those are mitigating circumstances.

      Just because it's easy to commit a crime doesn't make it not a crime anymore. Little old ladies don't fight back as much big beefy ex-cons when you try to mug them, but that doesn't make it less illegal, or less wrong. It just makes it easier.

  8. Umm... by Ryan.Merrill · · Score: 5, Insightful

    Wait... it did say that it can look into student's emails and instant messages right? So basically it is giving the University free right to look into student's messages and claim that they are merely looking for illegal songs. There has got to be something that can be done by the students at these universities to block this. This is a total invasion of privacy. If any university tries to impose this onto the students attending, the students must do something. Hopefully we haven't lost all of our rebellious nature.

  9. What is needed.. by bcore · · Score: 5, Interesting

    ..is a P2P app that can run over an SSL connection, disguised as web traffic. I'd bet that could beat this thing. Does such a thing exist?

    1. Re:What is needed.. by dolphinling · · Score: 5, Insightful

      What's wrong with just plain FTP over SSL? No one's going to be blocking FTP anytime soon...

      --
      There are 11 types of people in the world: those who can count in binary, and those who can't.
    2. Re:What is needed.. by syousef · · Score: 5, Interesting

      "What's wrong with just plain FTP over SSL? No one's going to be blocking FTP anytime soon..."

      I work as an IT consultant in Australia and work on site most of the time. Our clients - banks and insurance companies - certainly do do block FTP and SSL. They usually block anything that isn't HTTP or HTTPS on port 80. This is a genuine frustration for me as I often want to send log files and software to the HQ of the software firm I work for.

      To make matters worse one client I worked for had a policy of restricting access to external email and other content (games, porn etc.). They used web filter software which I won't name here for now. Lots of legitmate sites I'd want to get to for genuinely work related purposes were also blocked.

      I wouldn't be at all surprised if this is the method adopted by large educational institutions in the end. They won't be able to fight large corporates for very long with the limited funding they do have. It will only take a handful of large law suits to sway them towards censorship.

      Its an interesting world we live in now. It seems to have become standard practice somewhere in the late 90s to make product and then intimidate or sue your customers.

      --
      These posts express my own personal views, not those of my employer
    3. Re:What is needed.. by ultranova · · Score: 5, Insightful
      Oops. You can't sue someone for being suspicious. Yet :)

      Yes you can. You can't win, but you can drive them bankcrupt trying to defend themselves.

      It isn't about justice, it's about extortion.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    4. Re:What is needed.. by rixstep · · Score: 5, Funny

      What we should do...

      Is use steganography.

      We embed an MP3 inside a JPEG.

      Then, just to really screw them up, we embed the JPEG inside an MP3.

    5. Re:What is needed.. by Shakrai · · Score: 4, Funny
      We embed an MP3 inside a JPEG.

      Then you'll get sued by RIAA and Compression Labs at the same time! Two for the price of one! Can't beat that.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  10. How will this work any better than spam filters? by digitalvengeance · · Score: 4, Interesting

    From the article:

    "seeking audio "fingerprints" that could be compared with information in Audible Magic's database."

    We've tried database-oriented filters to stop spam in the form of keyword lists and the like for years, yet spam is more of a problem today than it was 5 years ago. Why won't the same techniques that let spam slip past our filters let content slip past these filters? Add a byte here or there, run a very light encryption routine over a file and bam - one broken filter.

    Even if the networks that use encryption in the protocol itself are stopped - encryption on the file level can be used on insecure networks and this software becomes useless.

    Josh

    --
    How many roads must a man walk down? 42.
  11. so archive it by tintub · · Score: 5, Insightful

    Is this software going to intercept any archives (.rar, .tar.gz, .zip etc.), unarchive them and check them? I'm not against such software - Universities have a right to disallow file trading on their networks, just as I have a right to use an ISP which doesn't use such software for my home connection. However, I just think that this won't work, at least not without blocking or hindering so much legitimate use that everyone revolts against it.

    --
    sig under construction...
  12. Re:Stenography by maxbang · · Score: 4, Funny

    I think you're on to something here. Writing all of your songs in shorthand, scanning them, then emailing the resulting tiff files will prove no match for this anti-filesharing initiative.

    --
    I also reply below your current threshold.
  13. Copyright-status repository? by mfh · · Score: 4, Interesting

    > They want to take the position of not filtering out all peer-to-peer [traffic], stopping copyrighted works but not the other content."

    Here's the problem: how do RIAA and MPAA distinguish, legally, between copyrighted material that is permitted (fair-use), and that which is not? I'm talking about articles, fair-use media vs. illegal-to-distribute-or-possess copyright media. How do these watchdogs inform the public of such differences? The onus is truly on the RIAA/MPAA if you ask me. The story, strangely, is "Copyright © 2004 CNET Networks, Inc. All Rights Reserved," which begs to question... how can a twelve-year-old truly understand this discombobulated law?

    That's the problem with the whole thrust of the RIAA argument against P2P (that the illegal trading of this copyrighted material hurts business). What about Internet articles? These articles are copyrighted works, published to the Internet by their respective owners, but quite often articles are mirrored by websites like Slashdot. Sometimes the copyright owners like this mirroring, and other times they do not (they seem to flip flop on it, depending on the source). Therefore, the lack of consistancy *should* make it extremely difficult to win a copyright case, although somehow the owners always win.

    IANAL, yet my argument is that two distinct laws ought govern copy protection, because this fork-in-the-road is quite ambiguous. Firstly, how are any of us to know the status of copyrighted materials downloaded? What if we download a song over P2P, expecting the song to be one of the songs that are fair-use, and we pass the song along to a ton of other people? Secondly, how do we distinguish between the legality copyrighted articles that are online and music, and the fair-use music?

    Because there exists no truly accurate copyright-status repository, I think all the people under suit from a watchdog might have some ammunition.Without a bona fide/impartial database of illegal filenames and md5 checksums to verify your current P2P files, how can you be responsible for these files?

    Furthermore, if you downloaded a song from P2P, you should legally be able to upload it back to that P2P, if you truly believed the files to be fair-use, which could truly be any file.

    --
    The dangers of knowledge trigger emotional distress in human beings.
  14. This will work for about ten seconds by Poilobo · · Score: 5, Interesting

    If this is based on fingerprinting technology it would be pretty trivial to cutoff the Type 1 and Type 2 tags, reverse the content and stick'em back on. Reverse the process after downloading. Of course you could always UUencode the song and add a zip extension to it or a multitude of other tricks to hide what your doing.

    Never underestimate the power of broke, bored, determined college students.

    --
    Sig (appended to the end of comments you post, 120 chars)
  15. Re:wouldn't it be simpler by Anonymous Coward · · Score: 5, Insightful

    I attend a Big 10 School, and while
    interviewing for a tech-related position with
    the head of dorm network-type stuff, I was told
    that well over 90% of the internet traffic (barring worms and the like) can be attributed
    to file-sharing. With the tightness of funds
    that today's universities are dealing with,
    maybe that bandwidth money could be better spent.

  16. Re:wouldn't it be simpler by FlipmodePlaya · · Score: 4, Insightful

    Actually, it would be cheaper to do neither. The U of Rochester, up here, is doing that, and they are under constant criticism for the program. People tend not to like money being spent on music for others (Windows users who live on campus) as opposed to their education, after they had paid for the latter. I don't see why a University is liable for the actions taking place over its network anyway... Make the students agree not to do it, so you can't be blamed, and let the RIAA hang them if they do.

  17. Re:wouldn't it be simpler by FsG · · Score: 4, Insightful

    Simpler, perhaps, but not a particularly good idea. What gives my college the right to decide what kind of music I'm going to listen to, and whom I'm going to buy it from? Despite common belief, not all music is owned by the RIAA, and I certainly wouldn't want a part of my tuition going into the pockets of these monopolists.

    --
    I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
  18. Re:wouldn't it be simpler by Alsee · · Score: 4, Insightful

    spend money and give students a paid subscription for music downloads

    Pointless so long as the RIAA refuses to sell anything except DRM crippled crap.

    Even if the college did jack up their fees and force such a subscription on me, I'd still take free non-crippled files (P2P) in prefference to "free" (pre-paid) crippled files.

    If they offered ordinary MP3's they'd attract more customers. The RIAA's refusal to sell a non-crippled product is purely self destructive. It's not like they've ever kept a single song from reaching P2P by refusing to sell MP3's. Using DRM only accomplishes one thing - driving away customers.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  19. Re:wouldn't it be simpler by LostCluster · · Score: 5, Insightful

    With the tightness of funds that today's universities are dealing with, maybe that bandwidth money could be better spent.

    Every college's Terms of Service says that their computer systems are for "academic use only" or some similar phrase, in part because they have to in order to get grant funding to pay for their bandwidth. You might not remember signing that TOS, but trust me, every student at a college has signed something when they accepted admission that basically binds you to everything the school ever puts out as a "rule" whether you bother to read it or not.

    So, forget the dream that they have to give you totally unrestricted bandwidth as part of the price of your dorm room. They never promised that to you, so if it goes away, tough.

    Colleges have mostly played dumb that P2P has been going on, trying to claim that they're just a common carrier that can't really coprehend what's fair and what's foul over their network. Once they start trying to block copyrighted content, they'll start becoming liable for whatever slips through their checkpoint.

    So... that's why any blocks we're going to see going up are going to be whole-protocol blocks or bandwidth throttles. They won't be blocking in the name of copyright protection, they'll be blocking in the name of bandwidth protection...

  20. Re:wouldn't it be simpler by UID1000000 · · Score: 5, Interesting

    This is a good point. Frankly make them sign a contract or a LOI stating that if they do anything illegal that they have to indemify the university of any illegal actions and take full recourse for the aforementioned.

    But if 90% of their traffic is P2P why not make it all internal traffic thus eliminating bandwidth costs? If there is a way to do this for instance block the ports that P2P programs use, hell block all the ports except 80 and then setup a VPN client with all ports open but restrict traffic to being only internal. Then the bandwidth load is reduced by 90% and the traffic (which would probably cut down) might come down by as much as 60-70%.

    If new items need to be introduced to the P2P networks on the campus then the students should have to go out and use their own, their parents or some cafes' then they can bring it back into the closed school network.

    What do you think of that?

    --
    UID 1000000 is just around the corner.

  21. JOIN THE RIAA TODAY! JUST FOUR EASY STEPS! by britneys+9th+husband · · Score: 5, Funny
    RIAA (RECORDING INDUSTRY ASSOCIATION OF AMERICA) is the first organization which
    gathers GREEDY RECORD EXECUTIVES from all over America and abroad for one common goal - being GREEDY RECORD EXECUTIVES.

    Are you GREEDY ?
    Are you a RECORD EXECUTIVE ?
    Are you a GREEDY RECORD EXECUTIVE ?

    If you answered "Yes" to all of the above questions, then RIAA (RECORDING INDUSTRY ASSOCIATION OF AMERICA) might be exactly what you've been looking for!
    Join RIAA (RECORDING INDUSTRY ASSOCIATION OF AMERICA) today, and enjoy all the benefits of being a full-time RIAA member.
    RIAA (RECORDING INDUSTRY ASSOCIATION OF AMERICA) is the fastest-growing GREEDY RECORD EXECUTIVE community with FOUR OR FIVE members all over United States of America. You, too, can be a part of RIAA if you join today!

    Why not? It's quick and easy - only 4 simple steps!

    First, you have to obtain a copy of THE COMPLETE WORKS OF METALLICA and listen to it. (You can download the music (~280mb) using BitTorrent, by clicking here.

    Second, you need to succeed in posting an RIAA "first post" on slashdot.org, a popular "news for thieves" website

    Third, you need to join the official RIAA irc channel #RIAA on irc.riaa.com, and apply for membership.

    Fourth, you need to pay the nonrefundable RIAA MEMBERSHIP FEE of FIVE MILLION UNITED STATES DOLLARS (US$5,000,000)
    Talk to one of the ops or any of the other members in the channel to sign up today!

    If you are having trouble locating #RIAA, the official RECORDING INDUSTRY ASSOCIATION OF AMERICA irc channel, you might be on a wrong irc network. The correct network is lawsuitnet, and you can connect to irc.riaa.com as our official server. If you do not have an IRC client handy, you are free to use the RIAA Java IRC client by clicking here.


    If you have mod points and would like to support RIAA, please moderate this post up.

    ______________$*________________________________
    | _____________&@_______________________._a,____ |
    | _________._______a_______aj#0s_____aWY!400.___ |
    | __ad#7!!*P____a.d_______#!-_#0i___.#!__W#0#___ |
    | _j#'_.00#,___4#dP______j#,__0#Wi___*00P!_"#L,_ |
    | _"#ga#9!01___"#01______"4Lj#!_4#g_________"01_ |
    | __"#,_________*@`_________`___-!^_____________ |
    | __#1_,%________$^_____________________________ |
    | __J1__$%______________________________________ |
    | __jk___58___RECORDING INDUSTRY_ASSOCIATION____ |
    | _______________OF_AMERICA_____________________ |
    | ______________________________________________ | (c) RIAA 2003, 2004
    ` _______________________________________________'

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
  22. I used to work for Palisade... by Anonymous Coward · · Score: 5, Interesting

    I was working for Palisade when they developed the first version of PacketHound.

    Actually, I should say when they stole PacketHound, since it was actually created by a coworker in his off hours, outside of Palisade. The CEO at the time fired this guy and sued the developer to gain the rights to PacketHound. Kind of ironic that they stole something that is supposed to prevent stealing!

    Like Palisade's original product, called ScreenDoor, PacketHound is just a packet sniffer that sends out TCP RST packets to disrupt connections. Palisade (and Iowa State University) actually have a patent on this, even though there have been firewalls and other programs (like Snort) which do the same thing, and predate the patent.

    Palisade itself is a tiny company that is milking this one patent/idea for most of its products. But they are somehow good at getting press...

  23. Re:Slashdot: News for trolls. Stuff that's biased. by Phanatic1a · · Score: 4, Informative

    That's not a legal download.

    Bullshit.

    Don't make the mistake of assuming all nations operate under the same set of laws.

    According to the Copyright Board of Canada, downloading copyright files from P2P networks is completely legal, provided that the copying is done for private and noncommercial use. You don't even need to own the song in another format.

    So yes, over a rather large percentage of the earth's total land area, it is a legal download.

  24. Steganography by markan18 · · Score: 5, Interesting

    maybe we just need to rename songs as .doc or .jpg. If that crap can still catch them, cram the song into real images or insert them into real office documents.

    One may insert them into icmp packets (ping still allowed??). What if i encrypt all my email, will encryption be outlawed? The war on file sharing is turning into a war on drugs, we all know how effective it is.

    I think anyone can still get packets and or out a given network can download and upload songs or anything. those big 5 labels are causing real damage trying to police the internet and deserves to die real fast

    1. Re:Steganography by Brandybuck · · Score: 4, Insightful

      The war on file sharing is turning into a war on drugs, we all know how effective it is.

      Except pot smokers aren't being sued by large corporations for failing to bogart and the DEA isn't blowing the heads off of neighbors of file traders by mistake.

      --
      Don't blame me, I didn't vote for either of them!
  25. Re:Slashdot: News for trolls. Stuff that's biased. by byronne · · Score: 4, Interesting

    Alright, let me get one thing straight here. I've been in several bands over the last 10-20 years and frankly, I would fucking love it if our material was being actively traded over P2P networks, because at least then someone is listening to and enjoying what I've done. I don't care if I see a dime from P2P, cuz I didn't see a dime from the record company either. I'm still in debt, supposedly paying for the privilege of being in their 'roster' of stars. Well, fuck them. Maybe I made a bad business decision, but I feel zero obligation to think that many other 'artists' haven't also been given similar treatment. Believe me, the sooner we expose the RIAA for what it is (i.e. - a corporate protection agency) and for what it is not (artists' protection), the clearer this ludicrous debate will become.

    --
    "Look, Smithers! I'm Davy Crockett!"
  26. Legitimate sharing of copyrighted works by Eythian · · Score: 4, Informative

    iRATE is a program that downloads music that artists have put on the net. These downloads are also taylored to your own tastes, based on comparing what you like with other users. With this, there isn't a need for P2P music file sharing, and risking being sued by the RIAA, as copying this music is sanctioned by the artist. (Unsurprisingly, not much of this music is made by RIAA labels)

  27. Or SSH by Sycraft-fu · · Score: 5, Interesting

    I would LOVE to see a university try to block that. A small private one might (and I emphize might) be able to get away with it but a big one? Forget about it.

    Hell, our university REQUIRES SSH for many things. You can't telnet to the e-mail cluster any more, it's SSH only. Likewise the webmail is SSL only. You just don't have a choice, you'll use the encryption or you'll not use the system. My department is working on going to that. Going to be no telnet, no FTP, no unencrypted IMAP or pop. Everything will be SSH, SFTP (which is also SSH), or SSL. Unencrypted communications will be in-building only, or for things like the main website. You want to access any systems, you'll do it with an encrypted protocol, or use an encrypted VPN tunnel to get a local address.

    So either SSL or SSH would work well. They are just too useful and used for too many things. Try and shut that down and you'll find backlash like you can't believe.