The Heavenly Jukebox
Part II
by
Charles C. Mann
Joe Average Becomes Jane Hacker
ARGUABLY, the person most responsible for the
present turmoil in the recording industry is an Italian engineer named Leonardo
Chiariglione, and he is responsible only by accident. The director of the television
research division at Telecom Italia's Centro Studi e Laboratori Telecomunicazioni,
the Italian equivalent of the old Bell Labs, Chiariglione led the development
of a standard means for converting recorded sound into digital form, which is
now called MP3. The tale of the development of MP3 explains both how the music
industry stumbled into its current predicament and why technophiles believe
that the industry's attempts to control online copying are doomed to failure.
The International Organization for Standardization,
based in Switzerland, is the world's premier standards body, establishing conventions
for everything from the dimensions of letter paper to the size of screw threads.
Chiariglione approached the organization -- and a sister agency, the International
Electrotechnical Commission, also based in Switzerland -- about putting together
a working group to arrive at standards for digital video and audio, both of
which were on the horizon. The Moving Picture Experts Group (MPEG) met for the
first time in May of 1988. Twenty-five people attended. Not one of them was
from a record company. "Some of them came later, when the group became
larger," Chiariglione says. "But at the time -- well, nobody knew,
you see. Nobody, I promise you, had any idea of what this would mean to music."
Converting pictures and sounds into zeros and
ones creates files that are too large for most computers and networks to work
with easily: a single second of music from a compact disc takes up 175,000 bytes.
Researchers have invented methods of shrinking this information without losing
its identifying qualities, much as shorthand shrinks written language while
leaving its sense intact. Codecs, as these methods are called, take advantage
of quirks in human perception. (Codec stands for "coder-decoder.")
Because the ear can discern certain frequencies more clearly than others in
particular situations, codecs can slice away the tones people don't perceive,
decreasing the size of music files without greatly affecting the sound. "You'd
think that people would notice if you pulled out half the sounds in their favorite
music, but they don't," says David Weekly, an independent programmer who
is writing an online book about digital audio.
Chiariglione's group asked for candidate audio
and visual codecs. One response came from the Institute for Integrated Circuits
of the Fraunhofer Gesellschaft, a group of forty-seven laboratories in Germany
that helps companies develop marketable products from university research. In
the 1980s a research team from the institute and the University of Erlangen
developed a codec that let high-quality music be transmitted over ordinary telephone
lines, fine-tuning it by encoding music, including a Suzanne Vega song, hundreds
of times and listening to the results. The codec could shrink music files by
a factor of twelve or more with little loss of quality. With the Fraunhofer-Erlangen
team's help, Chiariglione's group laboriously incorporated the codec into its
first audiovisual standard, MPEG-1. Completed in 1992, MPEG-1 described three
separate but related schemes -- "layers," in the jargon -- for converting
sound into a pattern of ones and zeros. Layer 1 and Layer 2 were intended for
high-performance applications; Layer 3, a buffed-up version of the Germans'
ideas, was intended for devices that handle data relatively slowly, such as
today's personal computers. MPEG-1, Layer 3 is what is now called MP3.
To show industries how to use the codec, MPEG
cobbled together a free sample program that converted music into MP3 files.
The demonstration software created poor-quality sound, and Fraunhofer did not
intend that it be used. The software's "source code" -- its underlying
instructions -- was stored on an easily accessible computer at the University
of Erlangen, from which it was downloaded by one SoloH, a hacker in the Netherlands
(and, one assumes, a Star Wars fan). SoloH revamped the source code to produce
software that converted compact-disc tracks into music files of acceptable quality.
(The conversion is known as "ripping" a CD.)
This single unexpected act undid the music
industry. Other hackers joined in, and the work passed from hand to hand in
an ad hoc electronic swap meet, each coder tinkering with the software and passing
on the resulting improvements to the rest. Within two years an active digital-music
subculture was shoehorning MP3 sites into obscure corners of the Net, all chockablock
with songs -- copyrighted songs -- that had previously been imprisoned on compact
discs.
No one was more surprised than Chiariglione.
The main application the experts group had foreseen for MPEG-1, of which MP3
is a part, was CD-i, a now-uncommon form of interactive compact disc developed
by Philips and Sony to put games and educational programs on television sets.
But on the Net little is predictable. The development of MP3 software happened
with the burbling, self-organizing spontaneity that is one of the global network's
most salient characteristics -- and the ultimate source of the music industry's
digital dilemma.
Napster was incorporated in May of last year,
and released its software in preliminary form three months later. It quickly
caught on, spawning imitations and variants, commercial and nose-thumbingly
uncommercial: Wrapster, Napigator, Gnutella, Scour Exchange, CuteMX, iMesh,
eCircles, FileSwap, Gnarly!, MP123, NetBrilliant, OnShare, Angry Coffee -- even,
mockingly, Metallicster. Much of the software is hard to find, slow, buggy,
and unfinished, requiring so much perseverance that one might expect only adolescents
to use it. Adolescents, as it happens, are the labels' biggest market, and indeed,
the infelicities of the user experience have not deterred them from ripping
and trading CDs on these services. Estimates of the number of MP3 files on the
Net range from just under 100 million to more than a billion. Some students,
blessed with the fast Internet links common at universities, have thousands
of songs on their computers. In April the Bernstein Investment Research Group
warned that within three years the industry could lose as many as one out of
six CD sales to Internet piracy.
"The sharing may be technically illegal,
but there's no way to stop it," says Whitney Broussard, a lawyer at the
music-law firm of Selverne, Mandelbaum & Mintz. "Already the entire
body of important musical works is in compact-disc format -- unencrypted digital
copies" that are freely convertible into MP3 files. MP3 itself can't be
retrofitted to enforce copyrights, because today's ripping and playing software
wouldn't be able to comprehend the add-ons. Similarly, CD players can't readily
be changed to make copying impossible; indeed, a trial release in Germany of
copy-protected CDs foundered early this year, because some consumers couldn't
get them to play. As for halting the spread of MP3s ripped from CDs, Broussard
says, "it's too late."
Furthermore, the industry is not simply fighting
an unorganized group of college kids. In an illustration of Lenin's remark about
capitalists' selling the rope with which to hang themselves, businesspeople
are lining up to profit from activities they officially decry.
The trade association for record stores, the National Association of Recording
Merchandisers, trumpets on its Web site its support of "aggressive efforts
to fight piracy." And yet the National Record Mart, an association member
that owns more than 180 record stores, announced last March -- in an if-you-can't-beat-'em-join-'em
move -- that it would buy MP3Board.com, a company that runs a Web site that
searches for and posts links to illicit music files. When the RIAA tried to
shut down MP3Board.com, in May, the company sued, demanding that the court pre-emptively
rule that its service is legal. (The labels countersued in June.) Perhaps more
startling, Scour.com, a rapidly growing start-up with a Napsterlike service
called Scour Exchange, is bankrolled in part by Michael Ovitz, agent and manager
to the stars. A search on Scour for Robin Williams, a client of Ovitz's management
company, turned up more than fifty copies, all available for downloading, of
comedy routines from Williams's recordings.
Beset by a growing mass of enemies, the labels
and dozens of other companies -- retailers, consumer-electronics firms, information-technology
companies, trade associations, dot-coms of various persuasions -- have been
meeting to create what is uneuphoniously known as the Secure Digital Music Initiative.
The goal is to create security measures that will permit the industry to release
music on the Internet without fear of its spreading uncontrollably. Unlike the
bulk of today's online music, SDMI music will be playable only on software and
hardware that follows SDMI rules about copying. It will be as if CDs could be
played only on special stereo systems that cannot be hooked up to tape recorders.
Most important, customers won't be able to trade downloaded SDMI music on Napster
and its ilk. More accurately, customers will be able to shuttle files around
Napster freely, but the SDMI protection will control the circumstances under
which the files can actually be played. In theory, SDMI will return control
of the music to the industry -- a necessary precondition, in Bronfman's view,
for the "huge creative and industrial efforts" required to build the
heavenly jukebox and the planetary sea of content that will follow it.
The head of SDMI is an engineer with considerable
experience with large, fractious groups: Leonardo Chiariglione. Despite his
efforts, the initiative has been plagued by feuding and foot-dragging. SDMI
members include both record stores and e-commerce sites that hope to drive them
out of existence, record labels that want to shut off free music and hardware
manufacturers that are rushing scores of Walkman-like MP3 players to the market,
and such active legal antagonists as Napster and the RIAA. The multiple conflicts
have helped to ensure that the first fully functional SDMI music files will
not be available until Christmas at the earliest, more than a year after the
target date.
But even when SDMI music finally becomes available,
it "just won't work," according to Gene Hoffman, an SDMI participant
who is the president of the online music store EMusic.com. "There's no
way it will do the things they want it to do, which is to lock up this kind
of content."
Encoding computer files in a way that prevents
unauthorized copying is a form of cryptography. No matter how SDMI encodes a
song, explains Martin Eberhard, the CEO of Nuvomedia, which manufactures electronic
books, it must be listened to in unscrambled form, which means that somewhere
on the computer the song exists in "plaintext," as cryptographers
call it. The decrypted stream of data can be captured, in the digital equivalent
of putting a tape recorder in front of stereo speakers. "It doesn't matter
how good the cryptography is," Eberhard says. "Once [the music] is
decrypted, you just bypass the cryptography and re-rip the music into an MP3."
SDMI employs the further protection of embedding
digital watermarks in the music. SDMI software looks for the watermarks; if
they have been altered, which happens if the music is illicitly decrypted, the
software refuses to play the music. But watermarking, too, is vulnerable to
attack, according to Bruce Schneier, an Internet-security consultant who is
the author of Secrets and Lies, a disquisition on the pitfalls of computer networks
which is being published this month. "At the moment, the techniques are
hard to do," he says. But the Net is very good at bringing down the bar.
"You always have two kinds of attackers, Joe Average and Jane Hacker. Many
systems in the real world only have to be secure against Joe Average."
Door locks are an example: they're vulnerable to expert thieves, but the chance
that any one door will encounter an expert thief is small. "But if I am
Jane Hacker, the best online," Schneier says, "I can write a program
that does what I do and put it up on the Web -- click here to defeat the system.
Suddenly Joe Average is just as good as Jane Hacker."
Last year Microsoft released a new version
of Windows Media Audio, an equivalent to MP3 that the company touted as secure:
songs in the format could be restricted to a single personal computer. Within
hours of its release somebody with nothing else to do slammed together a program,
archly called "unfuck," that intercepted the decrypted data and stripped
away the restrictions. Hours after that the program was available on Web sites
around the world, from one of which I recently downloaded it. "If your
stuff is on everybody's desktop, people will try to tinker with it," Gene
Hoffman says. "You're giving the whole world a chance to crack your cryptography
on machines that inherently make that easy to do."
These difficulties are not restricted to music.
Contemplating the apparently ineluctable growth of the global network, book
publishers and film studios see themselves rushing toward a digital dilemma
of their own. Like the record labels, they recognize the overwhelming speed,
ease, and cheapness of online distribution. At the same time, they fear -- with
good reason -- that what has happened to the music industry will happen to them.
On March 14 Stephen King electronically released a novella, Riding the Bullet,
in a format that was readable only by using designated electronic books or special
software. Just three days later a plaintext version appeared on a Web site in
Switzerland. Remarkably, the crackers troubled themselves to break the code
even though Amazon and Barnes & Noble were offering the authorized version
at no charge.
Film studios use what is called the Content
Scrambling System to encrypt digital video discs. Last year at least two groups
of European hackers raced to break the CSS encryption; the better software,
DeCSS, was released on the Web in October. It was used by yet another band of
hackers to create a new compression scheme, called DivX, that can shrink feature
films to 600 megabytes -- small enough to be traded, Napster-style, by people
with ultra-fast connections. The software, which is distributed from a Web site
ostensibly based on a group of islands in the Indian Ocean, is hard to use,
unreliable, and popular; a week after the release of Mission: Impossible 2,
I found DivX copies on the Net. Meanwhile, the movie industry has been trying
to suppress not only the hundreds of Web sites around the world that host unauthorized
software but also the much larger group of sites that link to them. Because
new DeCSS and DivX sites pop up as rapidly as the old ones are taken down, the
studios are facing a grim, unwinnable contest of legal Whack-a-Mole.
Given the huge number of MP3 files already
in existence, the explosion of file-sharing software, the willingness of companies
to try to profit from illicit copies, and the likelihood that SDMI will be circumvented,
it seems reasonable to suppose that the music industry will never be able to
restrict copyrighted material on personal computers connected to the Internet.
Nor will print publishers or video or film producers. The content industry therefore
has two possible courses of action. One is to prepare for a world in which copyright
plays a much smaller role. The other is to change the Internet. The first alternative
is problematic, to say the least. The second could be much worse.
Continued...
(The online version of this article appears
in four parts. Click here to go to part one, part three, or part four.)
------------------------------------------------------------------------
Charles C. Mann is a correspondent for The Atlantic. His article about copyright
in the Internet age, "Who Will Own Your Next Good Idea?" (September,
1998, Atlantic), was a finalist for a National Magazine Award.
------------------------------------------------------------------------
Copyright © 2000 by The Atlantic Monthly Company. All rights reserved.
The Atlantic Monthly; September 2000; The Heavenly Jukebox - 00.09 (Part Two);
Volume 286, No. 3; page 39-59.