News
[PSUs]| Friday 8th June 2007 |
Ed Felten and Alex Halderman of Princeton University argue that there is no effective method for distinguishing between files that have been deliberately shared and files which have been 'stolen'. A highly probable scenario, Felten and Halderman note, given that more than 10 per cent of PCs are infected by bots that could be directed to swipe iTunes files.
The problem, they argue on their Freedom to Tinker blog, is no different from any other system that tries to label files and punish people whose labels appear on infringing files.
'If these people are punished severely, the result will be unfair and no prudent person will buy and keep the labelled files,' they note. 'If punishments are mild, then users might be willing to distribute their own files and claim innocence if they're caught. It's unlikely that we could reliably tell the difference between a scofflaw user and one victimised by malware, so there seems to be no escape from this problem.'
One thing that has emerged since the controversy first surfaced last week, is that Apple has apparently inserted an encrypted key into iTunes Plus files to detect changes to the user ID data. The Electronic Frontier Foundation discovered the presence of encrypted data and Halderman and Felten agree that 'this would let Apple detect whether the name information in a file was accurate'.
But
|
|
|
ADVERTISEMENT |
|
'All a digital signature can do is verify that a file is the same one that was sold to a particular customer, Felten and Halderman explain. 'If a file is swiped from a customer's machine and then distributed, you'll know where the file came from but you won't know who is at fault.'
Of course none of this alters much. Privacy advocates will still argue that including the Apple ID - an email address - means that anyone who gets hold of an iTunes files will get the associated email address. Given that just about any email address can be found quickly and easily using a search engine, it remains unclear what their objection is.
Unless an iTunes user shares an iTunes file or, if using Windows, fails to employ proper security measures, then only you and Apple know that you bought that particular song. And Apple does not need the embedded ID (or 'surveillance system' as one commentator called it) to know which songs a user has bought; that data is already securely stored in the purchase history on Apple's servers.
DRM Watch says that the weight of evidence suggests there is nothing sinister in the ID labels.
'The basic idea of all of these schemes is that if your identity is bound up in the file, then you'll only send copies of it where you're comfortable; and if you're comfortable with the risks inherent in a certain usage of content, then the odds are good that it's legit,' Bill Rosenblatt argues on the DRM Watch website.
'Yet Apple would have incurred costs in adding watermarks to its music downloads, including the cost of embedding a new watermark into each file before it is downloaded.Apple would also have had to make the watermarking technology available to third parties (or use a commercially available watermarking scheme) so that it could have some use in forensic piracy detection.'
But this is not what Apple would have done, he says.
'None of this is consistent with the cost-minimising way in which Apple has implemented iTunes from the beginning.'
Submit to: Digg | Slashdot | Del.icio.us | Technorati
