Slashdot Mirror

← Back to Stories (view on slashdot.org)

Last.fm User Data Was Sent To RIAA By CBS

Posted by kdawson on from the doing-their-bidding dept.

suraj.sun sends in an update from TechCrunch on a story that generated a lot of controversy a few months back, "Did Last.fm Just Hand Over User Listening Data To the RIAA?" "Now we've located another source for the story, someone who's very close to Last.fm. And it turns out Last.fm was telling the truth, sorta... Last.fm didn't hand user data over to the RIAA. According to our source, it was their parent company, CBS, that did it. Here's what we believe happened: CBS requested user data from Last.fm, including user name and IP address. CBS wanted the data to comply with a RIAA request but told Last.fm the data was going to be used for 'internal use only.' It was only after the data was sent to CBS that Last.fm discovered the real reason for the request. Last.fm staffers were outraged, say our sources, but the data had already been sent to the RIAA. We believe CBS lied to us when they denied sending the data to the RIAA, and that they subsequently asked us to attribute the quote to Last.fm to make the statement defensible. Last.fm's denials were strictly speaking correct, but they ignored the underlying truth of the situation, that their parent company supplied user data to the RIAA, and that the data could possibly be used in civil and criminal actions against those users."

17 of 334 comments (clear)

  1. The death of Last.fm? by alienunknown · · Score: 5, Interesting
    If this does turn out to be true, who is going to use their service ever again? Even if someone doesn't have any pirated music on their computer, who wants their music collection data sent to the RIAA? What about legitimate purchased songs being flagged as being pirated?

    I guess one could simple turn off scrobbling, but that is one of the main features of the service.

  2. Wait by portforward · · Score: 4, Interesting

    So it is not "legal" to listen to music on last.fm? Can I get sued by the RIAA if I listen to songs on last.fm? If it is "illegal" to have music on last.fm, then why doesn't the RIAA send a cease and desist to CBS/last.fm? If it is legal, then why would CBS release that information? Is it so that the RIAA can have a list of IPs with names to go after if they think someone is pirating music?

    1. Re:Wait by ubernostrum · · Score: 5, Interesting

      You're looking at it the wrong way.

      User listening data is not really that useful as a tool for filing lawsuits. It is useful as a tool for tracking and potentially identifying leaks. For example: suppose User X listened to a new album ten days before it was actually released, and is friends (on the site) with User Y who listened to it twelve days before the release date, and User Y is friends with User Z whose profile matches up with an intern at the studio. Odds are that User Z -- the intern -- is the source of the leak.

  3. What data? by _Shorty-dammit · · Score: 3, Interesting

    How could anyone be sued for last.fm data? The only data you supply to last.fm when using their 'scrobbling' client is the tags of the currently playing song. Tags can be anything. I can take any song by any artist, or even just random noise, and give it any tags I wish. That doesn't magically make that song the song that I've tagged it as. I seem to recall data about U2's then-unreleased album being spoken about when the last.fm data news story came about. The album wasn't released yet, so anybody listening to it obviously got it through unofficial channels. The problem with that line of thinking is, getting a hold of the track names before its release wouldn't exactly be rocket science. I'm sure a tracklist would have been made public long before its release. It's a trivial matter to take any random songs and give them tags that correspond to the upcoming release and then play them back in your media player. And since you're running the last.fm 'scrobbling' client those tag names would be uploaded to your last.fm account as what you're currently listening to. That doesn't mean that the tags your files have are actually what your tags claim them to be. They're just tags. Tags that can be set to any arbitrary value by anyone, anytime. How anyone could possibly think this could be used as evidence of being in possession of officially unreleased material ahead of the official release is beyond me. It makes absolutely no sense at all. And the people that think this data could be used for anything to do with the legal system is downright hilarious.

    1. Re:What data? by Darkness404 · · Score: 3, Interesting

      Its not necessarily that they can convict purely on that, its the fact they can profile you. For example, they can have suspicions that IP XXXXX is associated with Last.fm username XXXXXX, they figure out that the last FM user was playing songs tagged with the leaked song titles, they then watch the IP address with the help of various ISPs. If they ever see any P2P activity they can then move in and see if they are any RIAA titles, if they are, they can sue for outrageous amounts.

      If thats legal or not, who knows, the RIAA isn't exactly known for having legal convictions based on solid evidence.

      --
      Taxation is legalized theft, no more, no less.
  4. Re:Breaking News by Creepy+Crawler · · Score: 4, Interesting

    It's the pirates first, but when will it be "Dear Ol Auntie" who gets bit with malware or extreme mistrust by a company (surprise). An attack on "Dear Ol Auntie" has already been done by Sony with little to no real punishment.

    We'd like to think that a music recommendation engine would be impartial and fair. The engine is, but the people arent. And aside from that, they most likely broke laws when they handed out identifying information to their corporate owner. There's a lot of laws regarding data security in places like California and throughout the EC.

    --
  5. TechCrunch was basically right the 1st time by NewYorkCountryLawyer · · Score: 3, Interesting

    This news shows that TechCrunch was basically correct with its first article. I recall that many people were ready to believe the denials of last.fm and of CBS; I don't know why. Those who dumped all over TC last time owe it an apology. Last.fm is unsafe. Period.

    --
    Ray Beckerman +5 Insightful
  6. I can't help but wonder by xXShadowstormXx · · Score: 4, Interesting

    ... If this has anything to do with the fact that Tech Crunch is sponsored by a competitor of Last.fm.

    --
    I see dead pixels!
  7. Re:Little use as legal evidence by stiggle · · Score: 3, Interesting

    But seeing as the last.fm data was obtained in an underhand manner and then released to an unrelated 3rd party, does that mean that the RIAA pirated the data? :-)

  8. I hope this did happen... by s0litaire · · Score: 5, Interesting
    ...Think about it (well people in the UK anyway). We could all club together and take CBS, Last.FM and hopefully the RIAA to court over breaking of the: Data Protection Act of 1998.

    Take them through Criminal Courts rather than Civil courts...

    --
    Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    1. Re:I hope this did happen... by Alain+Williams · · Score: 3, Interesting
      I was thinking along those lines, but it is even easier than that - you just need to make a complaint to the Data Protection Registrar and get him to do it. I don't even know if you really need to know of the exact facts -- get the DPR to investigate.

      What could they be got on:

      • Using data for purposes other than for which it was obtained -- and told the Data Subject (ie you & me) what it was being collected for
      • Copying personal data overseas. Last.fm is a UK organisation, CBS is in the USA
      • It would be interesting to view the Data Protection Act application, in that they need to state what they will do with data

      It might be worth doing even if Last.fm is innocent - it may be high profile enough to make other organisations think twice before doing this sort of thing.

  9. Re:No more Last.fm for me by Jah-Wren+Ryel · · Score: 4, Interesting

    I cancelled my Last.fm account immediately after I read this article. Fu** them for this.

    I shouldn't have done this from the start. I feel stupid. I should've seen something like this coming.

    Talk about over-reacting. Don't you think you should give it a few more days or weeks to see how it really plays out?

    I cancelled the day they announced the CBS buyout myself. But you waited through the buyout and the first variation of this story, maybe its true, maybe its false, but since you gave them the benefit of the doubt then, why are you cancelling now when there is really no new evidence, just a new variation on an old story?

    --
    When information is power, privacy is freedom.
  10. Re:Ain't Just a River in Egypt by jabithew · · Score: 3, Interesting

    Er, this isn't actually a troll. Denial ain't just a river in Egypt. Last.fm told its parent company, who then told. Hence "I didn't tell on you...my mom did".

    This post makes sense and is relevant.

    --
    All intents and purposes. Not intensive purposes.
  11. Re:It comes down to this: by RegularFry · · Score: 4, Interesting

    Oh, for mod points.

    The one thing that surprises me is that Russ Garrett says that legal action isn't possible. That surprises me. You have an entity suffering real, quantifiable damage (count the "I'm unsubscribing RIGHT NOW" posts upthread) as a direct result of libellous, allegedly incorrect information being published, when that entity exists in a country with some of the most plaintiff-friendly libel laws in the world.

    WTF?

    --
    Reality is the ultimate Rorschach.
  12. Re:Last.fm Terms of Use by stephanruby · · Score: 3, Interesting

    That's not the original terms. It was changed recently. Not that I read the original version either, but let's pretend for a minute that I did read the original terms. Can someone remind me of what they were?

  13. Re:Breaking News by wintermute000 · · Score: 3, Interesting

    Some possibilities
    a.) they sell your info to marketers. Threat level: meh, unless it results in spam etc. which then rises to annoying but I can deal with it.
    b.) they profile you. Threat level: severe. e.g. they prove your IP scrobbled a song and can produce a BT log tying your IP to a swarm on the same song/album. Or just put you on a watchlist.

    The info itself is not inherently risky but it does expose you to some other associated risks like example b.) above. And the argument 'mp3 tags does not equal owning the song' is going to be as effective as the 'ip is not identity' argument in that its not going to stop them coming after you with a daft but painful and potentially expensive lawsuit. Heck in this case its even more clearcut, what you intentionally mislabel the song? what songs were you listening then? do you own them etc. etc.

    Its hard to prove whether you pirated X song you scrobbled or not but its how this info is combined with other info that has me worried specifically re: pirated music or accusations thereof.

    On a wider note, the cynical geek in me finds it hard to believe that anybody is remotely surprised, esp. as last.fm users are going to be technically inclined, couldn't y'all see it coming?!?! Nothing on the internet is private if someone wants to look hard enough, and they (as in 'the man') don't need proof to make your life a living hell via these RIAA lawsuits or anything similar.

  14. Re:Breaking News by Ant+P. · · Score: 3, Interesting

    Last.fm's main office is in London.

    They're about to get crushed by the Data Protection Act, at the very least.