Forgot your password?
typodupeerror
Music Media

AIMster Uses Pig Latin Encryption to Defeat RIAA 300

Posted by Hemos
from the pretty-darn-funny dept.
wiggles writes "On Sunday night, Napster started filtering out copyrighted song names from its system. People have been proposing alternate ways of naming their music files so as to defeat such filtering, but no workable solution has emerged... until now! AIMster is offering a Pig Latin encoder that will encrypt your mp3 titles. They state that, under the DMCA, it would be illegal for the RIAA to reverse engineer their encoding scheme and try and filter the encrypted filenames from Napster. Beating the RIAA over the head with the DMCA is fun!"
This discussion has been archived. No new comments can be posted.

AIMster Uses Pig Latin Encryption to Defeat RIAA

Comments Filter:
  • Had a talk with someone over at Aimster and found out that it barely depends on AIM. About the only thing it uses AIM for is to look at the buddy list. Everything else (file transfer, searching, chats, etc...) is in their software. In fact, you can run Aimster without having AIM installed (if you ignore some warning messages).
  • That has no bearing on what I said. I *know* that's what they mean. And in this case, that's not what aimster does.

    This in no way appears to protect a copyright holders rights.
  • Yeah, they should have used a strong encryption algorythm.

    Like EBCDIC.

    Seriously, though, you could argue that the *list* of songs itself is a copyrightable work (recent stupid copyright changes make databases of public facts copyrightable), and thus DMCA applies. QED.

    Unfortunately, lawyers are allowed to use sense, instead of just logic, unlike computers. This is why hackers get into so much legal trouble - it's *almost* logical, but not quite.
  • >rot13(rot13(plaintext)) == plaintext

    No shit? You`re smart!
  • If you haven't checked it out, www.opensecrets.org [opensecrets.org] is a great reference for these things. For the 1999-2000 election cycle, RIAA contributed $46,888 to the Republicrats. The breakdown is 51% to the Republican half, and 49% to the Democratic half.

    OpenSecrets groups 24 entertainment PACs under the heading TV/Movies/Music. I don't know that all of these companies / PAC's are DMCA fans, but some of them certainly are (MPAA, ASCAP, Sony, Disney, MGM, and Time Warner for sure are fans.) The group as a whole gave $3,288,367 to the Republicrats (split D's 43% R's 57%).

    If you ever had any doubts that most political contributions are for the exclusive purpose of buying influence with both parties (AKA bribery) as opposed to offering support to the one party that they actually want to win, here is proof. Some of the companies actually give money to only one party. This accounts for a whopping $55,000 out of the $3 million given. The rest of the money was contributed by companies and PAC's who are giving significant sums to both parties. The most even split in the Movie/TV/Music category is Disney. R's:$141,071 D's:$140,500. Disgusting.
  • Please don't take the Garth Brooks approach that "used CDs = piracy."

    Oh, I'm not. I'm trying to illustrate the RIAA mentality that seems to suggest that a CD is actually just a nontransferable single-site license for one person to listen to nine songs, all other uses prohibited.
  • by Jerf (17166)
    The problem, obviously, is that the encryption is not desgiend to protect a copyright holder, sadly enough.

    Remember, there are songs on Napster not owned by any of the companies RIAA represents. While what you say is true, RIAA is put into a legal Catch-22... they can't download an arbitrary file encrypted in this manner, no matter how provocative the title, unless they are certain in advance that it's a copyright violation, because if they download something that isn't theirs, then they will be themselves in violation.

    True, the protection may not extend to the illegal files, but nobody can be sure they're illegal until they are downloaded, which could itself be illegal. Oops. They will get some 'legal' files if they're not careful (for example, parody files).

  • by Squid (3420) on Tuesday March 06, 2001 @06:39AM (#381756) Homepage
    For the purposes of the DMCA I don't know that it matters WHAT kind of protection mechanism is in place, only that you can't circumvent it.

    A new music format could be double-rot13'ed (that is, plaintext) and if the RIAA sticks a label on it that says "This product is copy protected" then you could be sued if you reverse engineer the player software and discover that it's doing nothing, or even so much as attempt to play the format in a non-sanctioned player.

    Well, IANAL anyway...
  • by stinkydog (191778) <sd.strangedog@net> on Tuesday March 06, 2001 @06:40AM (#381759) Homepage

    The problem with 'pig latin' and the DMCA is that there is not copyrighted material to protect.

    Then solution is to create a plugin that creates an encrypted header (rot13, rsa, enigma whatever) that contains copyrighted information as well as the song name. The header should look like this:

    Metallica.MP3 (Aimster Business Plan: Use DMCA to bludgen RIAA as much as possible. Copyright 2001 Aimster Inc.)

    Then, decypting the 'copyrighted' portion of the message creates the infringment. Then Aimster sues the RIAA. Even searching for RIAA material will create hundreds of violations. Unfortunatly the larger header will consume a bit of bandwidth :)

  • I concur. A quick search for Metallica, which *should* be the most heavily filtered name on the service, returned the maximum 100 matches. Most were songs. I did see a few pig latin variations... A few were non-metallica songs in metallica folders.
  • And effective kind of protection mechanism.

    The DMCA exists to add legal "effectiveness" to just about ANY protection mechanism. That's my point: they just have to put legal threats behind it and if it looks like the threats might deter people, the protection mechanism is effective.

    At least that's how it's been used so far.
  • remember that bands like Phish and the Dead encourage their fans to tape their live performances and swap them with other fans.

    As one possible alternative, I'd like to point to the etree project [etree.org]. Their goal is to create a collection of high-quality recordings of various concerts from artists that permit such recordings.

    One could argue that it's not quite the same as mp3's (it's nice that it's higher quality, but it's a bit more unwieldy), but it does provide an alternative, particularly one that should be free of an legal problems.

  • How about just open secrets? [opensecrets.org]

    The RIAA's 98 lobbying moneys [opensecrets.org]

    2000 donations [opensecrets.org] by TV/movies/music combined. -- over 100% increase since the 96 presedential election. The entertainment industry is ranked 8 in amount contributed to elections across ALL industries.

    Time Warner, Seagram and Sons, and Disney leading the pack.

    You can also look up individual investors. Jack Valenti (MPAA) knows which side of the bread to butter--ALL of them, donating equally to Gore, Bush, and McCain. His congressional donations are...interesting.

    Hilary Rosen actually has a decent donation list. She gave Hatch 1000, but then took it back (apparently) and donated a decent chuck to a pro-choice group.
  • reverse-engineering an effective copy-control mechanism is illegal

    I'm tired of seeing this on Slashdot (and elsewhere).

    The DMCA uses the word "effectively" in this way: "... such that the method effectively controls access to the work" (paraphrasing). However, this does not mean that the method needs to be crack-proof, unhackable, or even all that great. "Effectively" is not being used in the sense of, "is good at what it does."

    It is used in the sense of, "has the effect of." Go re-read the law again, only this time everywhere you see "effectively" replace it with "has the effect of".

    "... such that the method has the effect of controlling access to a copyrighted work." is the interpretation that the courts use when they read the law, not "... such that the method is good at controlling access to a copyrighted work." That's why all this nonsense talk about 40-bit CSS encryption being a poor choice misses the point - it's not that the encryption is weak, it's that the encryption is there period.



    --
  • I don't think people will do that because,
    a) they don't know such music exists,
    b) they wouldn't know where to find it if they did,
    c) the genereal populace doesn't like music that they haven't been told they like by extensive marketing campaigns.

    Which isn't to say I wouldn't love for this to happen.

    -----
    "People who bite the hand that feeds them usually lick the boot that kicks them"
  • DMCA states that you are not allowed to circumvent access control "without authorization." It doesn't explicitly say whose authorization is needed, but the implication is that it is the copyright holder's.

    Thus, if you piglatin-encode "Trapped Under Ice," then Metallica or someone who represents them (e.g. RIAA) is prefectly within their rights to decode the song. If they do, and then listen to the song and it reveals that you violated their copyright, then they can come after you and their evidence was legally obtained.

    If they decode a file and listen to it and discover that it is not a copyright violation, then they aren't going to say anything. No one will ever know that they decoded it, and no one will ever be able to prove that they broke the law.

    Thus, this scheme accomplishes nothing. Well, it accomplishes one thing: it reveals something about the mentality of the Aimster guys.


    ---
  • The idea is that the filenames are a copyright of the user & thus attempts to decrypt the filename fall under that clause

    If you are sharing your files via napster, you could hardly claim that it was invasive for someone to look at the shared file names.

    And no, a file name would not have a copyright -- only creative works are entitled to copyright, so a purely functional title such as "artist - track.mp3" is not going to be protected in any way. Even in pig latin or french or any other language...

    ---------------------------------------------
  • It is not described! Nowhere on this page is the algorithm actually described!

    ...except, of course, right in the Slashdot headline. So technically, /. is in violation of the DMCA by publishing the algorithim. Heathens.

    -----
    "You owe me a case of beer. Sucka'."

  • Doesn't have to be a copy protection scheme. The
    DMCA says it's illegal to circumvent an access control scheme.
    --
  • I don't think many will argue that the DMCA is a flawed and very unfair piece of legislation, and that for many different reasons it should be repealed / struck down. I also think that most would agree that the goal ( of the online community, at least ) in mind is to be able to share / trade information freely, without being monitored / jailed / oppressed / etc. So why are we considering trying to live within the tiny confines of a flawed system, when we should be trying to defeat the system itself? Live with the DMCA so that we can use it's relatively insignificant protections? I say, to hell with the DMCA, to hell with hundreds of years of copyright protection, to hell with intellectual property feudalism. Lets try and get down to the real root issues that people don't like, and solve the problem from the ground up. Trying to cobble together a compromise on top of a hundred years of irrelavant law may be impossible.
  • by Kjellander (163404) on Tuesday March 06, 2001 @07:42AM (#381805)

    I'm sure I'll regret posting something that sounds like a defense of the RIAA, but the DMCA states that it is illegal to attempt to circumvent a copyright protecion mechanism. Inasmuch as Aimster's Pig Latin Encoder does not protect copyright, but just mangles filenames, it's not a copyright protection scheme. Thus, it is perfectly legal for the RIAA to begin using the encoder to request both the regular and pig-latinized versions of songs be removed from Napster.

    Then by the exact same argument CSS is NOT a copyright protection mechnism. CSS just mangles the contents of the files through encryption, it doesn't hinder the direct bit-for-bit copy of the files in any way.

  • I see a move/counter move battle similar to the ones between the sattelite TV industry and the sattelite TV pirates coming.

    Napster filters certain copyrighted info, people cipher their filenames to get around the filter. Napster updates their filtering methods to compensate for the cipher, people develop new ciphers, napster compensates again, people develop new ciphers.....

    LK
  • Simply breaking any old encryption is not, nor is it a copyright issue.

    This is what has constantly amused me as I've seen the string of stories on Slashdot proclaiming how enterprising hackers plan to turn the DMCA on itself. The DMCA does not ban reverse engineering or breaking of encryption per se. I've read the DMCA [loc.gov] and it specifically targets circumvention of copyright protection systems. Unless AIMSter users are encrypting music to which they own the copyright then they're so called claims of reversing the DMCA are so much piss in the wind. The DMCA would simply be a license to pirate/steal/share digital works and protect yourself by encrypting them if that was the case. The RIAA, MPAA and congressmen who drafted the DMCA are not that stupid.

    Bottom Line: If you are not encrypting work to which you own the copyright then the DMCA does not apply to you.

  • A single "artist - track.mp3" entry can not be copyrightable under current law. A COLLECTON of these entries (probably) would be - the courts have held that a database (list) of publicly available facts is copyrightable, at least under certian circumstances.
  • Since this is just a simple transformation and no key is required to undo it, it is not encryption, and thus probably not covered by the DMCA.

    --
    "Where, where is the town? Now, it's nothing but flowers!"

  • that's absolutely correct -- so if your file and directory structure (which would legitimately be considered valuable information) is encrypted, the RIAA couldn't republish that information. But that's hardly what they're doing, they're searching for file names/ID3 tags that are publically accessable and marking down folks who have a given match...

    ---------------------------------------------
  • Isthay isay absolutelyay illarioushay! Onglay ivelay Apsternay!
  • Uh, it's not Napster that's "using pig latin," it's cohort of Napster's users.

    Right, but that distinction is insignificant to the RIAA and to the courts (who, quite frankly, have not demonstrated a particularly vast amount of technical knowledge.) The bottom line is that Hillary Rosen and her legal army can go to the courts and say "Napster promised to filter out copyrighted material, and they're still trading copyrighted material. The only thing remaining that you can do to fix this situation is shut them down."

    This would be a Bad Thing (TM) simply because of the size of the Napster community. As you point out, there are always other options such as OpenNap, but you are not going to get the depth and breadth of choice on an OpenNap server as you get on the "real" Napster, simply because there are fewer users. Now, if you're looking for the latest Eminem track, chances are you can connect to any random OpenNap server and be in luck. But if you're looking for a specific song from a specific live performance of a certain band, get ready to spend some time browsing OpenNap servers.

    Napster is great because there is a ton of "alternative" material available on it. It would be a shame to see this resource die simply because a few of us had to "push our luck" with the RIAA. Again, I do believe if that there was ever a corporate entity that needed to be a taught a lesson, the RIAA is it. But we need to face reality here, and the reality is that the RIAA has got (bought) the ear of the courts and is currently in the position to shut Napster down with a single flick of Hillary Rosen's gnarled, twisted little finger.

    Keeping Napster running does not mean that the protocol cannot be worked on, improved, and deployed in other capacities. I agree with you about the DCMA, though .. let's take this legislative joke to its logical extremes and demonstrate to the public just how ridiculous it is.
  • I hear the military are using ROT52. Apparently the NSA put a backdoor in ROT26 to facilitate key recovery. Go figure...
  • by Fatal0E (230910) on Tuesday March 06, 2001 @05:53AM (#381835)
    What does it mean to "Encode" the file names? The Aimster Pig Encoder encodes the file names by simply changing the words in the file name very slightly. For example, "Music" becomes "usicM", "Hello" becomes "elloH", and you can guess what becomes "uckF ouY, ouY pyS astardsB".
    Is it considered reverse engineering a scheme if said scheme is advertised (ok not advertised but spelled out) on their web page?

    RIAA: "We didn't reverse engineer anything, you told us how to do it."
    "Me Ted"
  • Of course the point of this whole mess is to force the RIAA, MPAA, etc... into fighting the DMCA in court

    There are much better ways to do this.

    Just publish some content (that you own the copyright to), using a access-control scheme that is compatable with their own. (For example, publish a CSS-protected DVD.) Then sue manufacturers for making equipment that is capable of playing your copyrighted work.


    ---
  • by mrogers (85392) on Tuesday March 06, 2001 @06:58AM (#381840)
    If you moved the first syllable, luck would become ayluck (because it only has one syllable). You move everything before the first vowel sound to the end, and append 'ay'.
  • That one doesn't even go to 2.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.
  • No, we all understand perfectly that research has demonstrated quadruple ROT13 is no more effective than double ROT13, which is why double ROT13 is in such widespread use.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.
  • by NMerriam (15122) <NMerriam@artboy.org> on Tuesday March 06, 2001 @11:07AM (#381843) Homepage
    Purely functional works are not protected?

    That's not what I (or the courts) said. Only creative works are eligible for copyright, functionality has nothing to do with it. Its completely possible for a work to be both creative and functional, and generally creativity is a VERY low bar to clear. But purely factual information ("this song is by britney spears. This song is 'oops, i did it again', this song is 3:00 long", etc) is not creative in any way, and limiting the ability of people to republish those facts would be VERY counter-productive of copyright law.

    Particular arrangements of facts (dictionaries, encyclopedias, phone books, etc) are creative in that the arrangement of the collective work itself is an act of creation, even though the constituent facts are not creative. So you can republish all the phone numbers you like, but you can't list them exactly the same way as the phone company does in their phone book.

    As to the file list/ directory structure, it would be an interesting question where the threshold is. Since you are sharing the information to anyone with Napster (there is no discrimination as far as I know for RIAA Napster accounts) you could hardly claim it was a violation of your rights for them to view your files (especially since they have no way of NOT viewing them when they search -- Napster decides which search results to return to a client).

    If you encrypted your drive structure, and left the encrypted text file containing that info on a public drive, and the RIAA brute-forced it open to find out you have MP3 files, they would be violating the DMCA. But "encrypting" the individual files with pig latin and publishing the individual file names on Napster makes it a much harder argument to make.

    If you had all your MP3 files saved as a tar file named "myfiles.tar.mp3" and the tar file was encrypted, I doubt they would be able to legally assault the tar file to determine its contents. If your had an UNencrypted tar file named "myfiles.tar.mp3" and they just decompressed it (which is similar to what is being done with piglatin -- a very common code is being used) you wouldn't have a leg to stand on (anti-circumvention-wise).

    ---------------------------------------------
  • I compiled the list, so I hold the copyright. I am, therefore, entitled to control access to the list according to any criteria I see fit.

    You're making a pretty clear decision by making it available to anyone on Napster. AFAIK, Napster does allow you to block users but beyond that has no provisions for negotiating licensing arrangements in return for access privleges. The act of sharing a directory is not passive, you have given Napster (also by their user agreement) and by extension others on the Napster network the ability to peruse your file list.

    And Napster does not return your complete file list (when searching) -- only those entries that match a user search. And individual file results would not be covered under copyright regardless of your licensing statements (or else it would be illegal for me to look up a phone number in the book and tell it to you!)

    ---------------------------------------------
  • by Shoeboy (16224) on Tuesday March 06, 2001 @05:54AM (#381849) Homepage
    Right here [westnet.com].
    I'd paste it, but there's this lameness filter thing.
    And yes, it will compile and run on any system.
    --Shoeboy
  • Uhm. The RIAA makes no claims about DeCSS... Last time I checked, DeCSS is the MPAA's problem.

    Theres so much evil in the world its easy to get some of it confused with the other :)

  • The label of information isnt really right I think. It refers, in this case, to anything which can be duplicated at little or no cost, ie, something that many can benefit from without the original holder losing his use of it.

    Basically intellectual property.

    I agree tho. The time is rapidly approaching where the entire concept of intellectual property has to be revised.

    The concept exists solely to further development of society and mankind through creating an incentive to create. However, copyright no longer does create that incentive in many related industries. Making money in music or litterature has little to do with authors copyright anymore. The creative people create either way (they ARENT getting the money today, but they ARE still creating - chalk that up to either some altruistic creativity or industry propaganda tricking them), and copyright serves only to maintain huge profits for media conglomerates. Not even remotely something it was supposed to do, and by now only serving to deprive humankind from arts and not serving as any incentive anymore.

    The entire basis of intellectual property need to be reconsidered with the new reality of cost-free reproduction, far huger markets through cost-free transmission and far more creative people than we had 200 years ago. The creative people need to be compensated, not the media corporations.
  • by mindstrm (20013) on Tuesday March 06, 2001 @05:56AM (#381864)
    Under DMCA, reverse-engineering an effective copy-control mechanism is illegal. This is what the RIAA claims that DECSS does.

    Simply breaking any old encryption is not, nor is it a copyright issue.

    If that encryption is used for copy control.. then it is. This is not.
  • If they can't find all such services, the media companies can consolidate and buy ISPs until they can just shut down any server they don't like (in progress).

    Can you say AOL-Time Warner?

    ---
    Check in...OK! Check out...OK!
  • I'm afraid that your assertion that "people always find a way of circumventing those big companies" is utterly, completely wrong. To my view, you share a lot of Slashdotter's exasperating tendency to believe that the Internet is uncontrollable by corporations/governments, it's just not so.

    Clearly Napster is being cracked down on by the RIAA. It was just the next weekend that they were sending out cease-and-desist orders to all "Napster-like services" and hosting ISPs (as reported here on Slashdot) -- including every one of the open products that you reference.

    If they can't find all such services, the media companies can consolidate and buy ISPs until they can just shut down any server they don't like (in progress). If that doesn't work, they can convince CD and hard drive manufacturers to include built-in copy-protection (in progress). If the servers are offshore, they can have lawyers and diplomats "educate" those ISPs about how much bandwidth they're "losing" (in progress). If push comes to shove they certainly will receive search warrants, break down doors, and make high-profile arrests, hardware confiscations, and heavy fines (also in progress, esp. at certain university dormitories).

    I have a huge fear that our decade-or-so Internet Nirvana will soon look like the 60's, in which a bunch of idealistic college students were absolutely convinced that the government couldn't stop a revolution based on the people's power, and look foolish for it in retrospect.

  • Bottom Line: If you are not encrypting work to which you own the copyright then the DMCA does not apply to you.

    But, apparently, once you DO encrypt even a single work to which you own the copyright, then the DMCA applies to you in full force.

    Remember that the MPAA has successfully argued that DeCSS may be banned, because it decodes *their* copyrighted works, even though it also decodes works copyrighted by others.
  • by inkydoo (202651) on Tuesday March 06, 2001 @05:56AM (#381875)
    I'm sure I'll regret posting something that sounds like a defense of the RIAA, but the DMCA states that it is illegal to attempt to circumvent a copyright protecion mechanism. Inasmuch as Aimster's Pig Latin Encoder does not protect copyright, but just mangles filenames, it's not a copyright protection scheme. Thus, it is perfectly legal for the RIAA to begin using the encoder to request both the regular and pig-latinized versions of songs be removed from Napster.
  • by Bob The Cowboy (308954) on Tuesday March 06, 2001 @09:13AM (#381876)
    The RIAA is pissing off a huge portion of their fan base. They can see the impact on their bottom line when sales decrease after napster is gone.

    What are you talking about? the RIAA doesn't have a fan base. Joe Sixpacks doesn't know who or what the RIAA is. He buys music (or downloads it off napster) and never sees "RIAA" anywhere at all.

    Hell, most people I know think that they download their mp3's off of a website called napster.com. Also, I sincerely doubt many Jow Sixpack's got high speed access for Napster. A Jow Sixpack I know got cable because he wanted his games to run faster... when I asked him if he wanted to play online sometime he didn't even know you could do that.

    And more importantly, when people start flocking to independent music that doesn't pull these kinds of shenanigans, sells music for reasonable prices, and generally doesn't treat the music-buying public as the enemy.

    I don't see the hordes of teenyboppers that are the RIAA's favorite markey moving toward independent music any time soon. Or 95% of the rest of the music buying population.

    Bill
  • Your trying to find a band but can't figure out how to spell it in pig latin?


    Like, Oingo Boingo? This is just gonna be another cause of baldness.

    Everyone pullin their hair out because they can`t figure out how to spell stuff in pig latin.

    Thats what you get when you teach pigs how to speak!
  • Um, I don't recall anyone saying 'if you do a bit for bit copy, minus the part of the disk with the keys on it'. If you perfectly duplicate a DVD, you can play it. The fact they take steps to make that harder, like not allowing random applications to read the key areas, and zeroing the key area on blank DVDs they give out, does not make that statement any less then 100% true. If you can read the key area of the disk (Which I think you can if you unlock it. I think it's even possible with some windows DVD players to start them up, and have them unlock the disk for you.), and if you purchase blank media without the key are zeroed, you can certainly make an exact duplicate of a DVD that works perfectly.

    And, I have to add, the 'CSS' isn't either of these protections. One of them is a hardware setup where a program has to unlock it before doing certain things (which doesn't even involve the content, just the keys), and one of them is just selling disabled media. CSS is the actual content scrambling system that the keys decode. CSS is not involved in the lack of key copying ability.

    -David T. C.

  • This is funny - it had me laughing out loud - but I do have a few concerns about using legislation of which we don't approve in order to beat the nasty people round the head. Would Aimster react positively or negatively to someone producing an Open Source reverse-engineered piece of sofware for doing this? What if the RIAA did it themselves? Is this substantively different to DeCSS?

    So, it's funny, and it's parodying the whole mess, but let's be careful, now. Do we see ESR writing closed source code to get back at M$? No, we don't...
  • by cje (33931) on Tuesday March 06, 2001 @05:57AM (#381885) Homepage
    Seriously.

    This is just going to be more ammo for the RIAA. When Napster says to the court, "We're filtering out all copyrighted songs," the RIAA can just come back and say "No they're not; they're using Pig Latin now." This will likely result in Napster being shut down entirely, regardless of the promises that David Boies and the rest of the team make. The RIAA has always taken the position that Napster users will do whatever is necessary to trade music "illegally." They will claim that this just demonstrates their point.

    This would be shameful since there really is a lot of music legally traded on Napster. And not just the indie stuff, either .. remember that bands like Phish and the Dead encourage their fans to tape their live performances and swap them with other fans. This is exactly the type of application that Napster was built for.

    Now, I'm not siding with the RIAA here. They're a bunch of greedy bastards with little to no interest in the artists they claim to represent. But they're also a bunch of greedy bastards with a vast legal team and a bunch of sympathetic courts. The way things are right now, Napster can at least be salvaged for those of us who use it to trade "legal" material. So let's not goad the RIAA any more than we need to.
  • Man, I liken all of this to the RSA in Perl T-shirt that I wear occasionally. It made a mockery of the arguement that encryption was 'munitions' and not available for export.

    Go Pig Latin!

    It is making a mockery of this whole shennanigans. They will lose. We all know it. Victory is ours, it will just take some time, and the MPAA and the RIAA and all the other fwits will almost certainly try stupider and stupider schemes to enforce the un-enforcable.

    So, in the mean time, everyone do your bit ... help make them look like the fools they are.

    Holy Shit! The Emperor Has No Clothes!

  • A nice idea, but you really dont want to add to the already large file size. The solution? ROT13 the last 256 bytes of the MP3 (ID3v1 tag) and then XOR the MPEG header by the MP3 filename minus its given extension.
    You are hereby controlling access to the MP3's contents, and copyrighting its ID3 text value (over 200 characters). This will hold up under the DMCA, and simple ROT13/XOR will not add to the file size. (XOR probably isnt a good idea, but any rotating cipher would work just as well)

    ---
  • If somebody had told me 4 years ago that any of this stuff would happen (the DeCSS t-shirts, legally protected pig latin "encryption", etc...) i would have laughed out loud. I saw this story today, and i thought "okay, this seems logical" but then upon taking a step back, holy shit the computer culture has gotten even sillier than it was before...
  • by Grab (126025) on Wednesday March 07, 2001 @02:26AM (#381890) Homepage
    Not the exact same argument, and you've spelt out why quite clearly. CSS mangles the CONTENTS! Aimster just mangles the FILENAME, but does not change the content of a file. They're still infringing copyright, they're just making it more difficult to spot it with an automated tool.

    Let's take an example. Say I copied "Baby one more time" and tried to sell it as my own work, as a song called "Hit me baby". Maybe I've changed the name of the song, but it doesn't at all change the fact that I've infringed copyright.

    To be honest, I'd be surprised if one of their kids didn't come up with the idea, it's that lame.

    Grab.
  • by CokeBear (16811) on Tuesday March 06, 2001 @05:59AM (#381900) Journal
    If, for some reason the RIAA was violating the DMCA, how long do you think it would be before the same lawmakers who wrote the damn thing in the first place fixed the bug in the law to make AIMster the bad guys?

    And, just curious, but totally unrelated, of course, but how much has the RIAA and its members given to the Republican party in the past year?
    How 'bout the Democrats?
    hmmmm?
  • You mean cat surely?!

    No way. While cat and echo are both pretty much functionally equivalent cryptography suites, I'd have to say that echo's user interface is far superior.

    When I'm inputting a lengthy chunk of ciphertext into echo's decryption engine, I rely heavily on its advanced editing capabilities. If I discover a typo at the beginning of my inputted ciphertext, for instance, I can hit control-A, and echo jumps me back to the beginning of the line, where I'm just a few characters away from my error. If I try that in cat, I get:

    $ cat
    mmonkey boy^A^A^A

    What the hell is that? I'm sure the mathematicians and programmers who wrote cat were smart people, but why couldn't they spend a little extra time incorporating echo-style advanced editing capabilities?

    And while we're on the topic of cat's user interface, what's up with it not exiting? After I decrypt something in echo, it drops me back to my command prompt, where I can quickly email the decrypted message to my cohorts. Cat, on the other hand, makes you do some control-C or control-D mumbo jumbo for no apparent reason.

    To each his own, whatever floats your boat, yada yada, but I prefer echo's user friendliness. Comparing echo to cat is like comparing Microsoft Windows to Microsoft DOS.

  • by bitchx (322767) on Tuesday March 06, 2001 @06:00AM (#381910)
    A careful reading of the DCMA would show that it's not going to protect you, sadly. The relevent passage reads:

    `(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and

    The problem, obviously, is that the encryption is not desgiend to protect a copyright holder, sadly enough.

  • If the people are giving the tool away for free, then the RIAA dosn't even need to reverse enginer it, they just have to download it.

    Rate me on Picture-rate.com [picture-rate.com]
  • The only way they could prevent this is by shutting down the internet itself or by banning general-purpose computers. Corporations might have a lot of influence, but even they aren't going to do that. They *will* fail evenutally, it's just a matter of time.
  • Or maybe we use H4X0R 5P33K to encode the filenames.

    Metallica would become M374111C4
    Greatest Hits would become 6R347357 H175
    RIAA would become 14M3R2

    and so on.

    One could get the number of possible ASCII characters down to 64, thus making a basic compression algorithm possible. Then, to decode the data, those obscure compressions can be run through a program using an algorithm that converts them into plausible words. This algorithm could even be patented to screw up the legal system further for the RIAA.

    The more we abuse the system, the more likely the flaws will be exposed.

    --
  • by Stavr0 (35032) on Tuesday March 06, 2001 @06:03AM (#381932) Homepage Journal
    Real pig latin moves the first syllable to the end and appends 'ay'.
    Tried looking up a FAQ or some other 'formal' definition but no ucklay.
    ---
  • > If you want to screw the record industry, make it possible for bands to distribute and sell their own stuff efficiently without paying more than half to the record industry.

    Hear, hear!

    Some entrepren-howeveryouspellit-urial geek who regrets missing out on the e-IPO goldmine of the past few years should see this as an opportunity to make a name for him-or-her-self, do the public and the world's musicians a favor, and probably get rich as a mere side effect.

    --
  • It's all pretty funny and pokes fun at silly laws, but seriously, do we want it known how easy it is to get past filters (so that they find a better way to control copyrighted music)?

    Yes we do, for the simple reason that they will fail miserably, and so the sooner this happens the sooner we can all get on with our lives.

    They are never going to find a way to prevent the distribution of copyrighted music. All they can do is spend billions of dollars harrassing those who do. Unless they're willing to throw every Napster user in jail (which would be an enourmous PR disaster) they're simply not going to be able to stop it. So the sooner we demonstrate that, the sooner they'll leave us alone.
  • by Anonymous Coward on Tuesday March 06, 2001 @06:05AM (#381943)
    A stupid thought: could we interpret the "copyright protection mechanism" as "a mechanism to protect people from copyrights"...?
  • well, i found one: try beatles yesterday. i guess they're doing it by title only and not artist, a bunch of other beatles stuff does come up.
  • by ConceptJunkie (24823) on Tuesday March 06, 2001 @06:06AM (#381947) Homepage Journal
    The "key" is knowing how to arrange the letters. If you use ROT13, the key is 13. If you XOR everything by 42 the key is 42.

    As silly as it is, I think the logic is valid. I personally prefer double or even quadruple ROT13 for maximum safety, but this is an interesting application of the "logic" used to create the DMCA.

    There's no doubt that as more and more legislation is passed, we'll see more and more examples of ludicrous conslusions drawn from the tortured reasoning behind the legislation. Face it, our generally techno-illiterate legislatures know what they want to do, but they don't know how. Preventing people from ripping off the record companies is a reasonable goal (not that they have made any effort to keep the record companies from ripping off the consumers, but that's a slightly different issue). However, any legislation that is going to work, has to crafted by people who not only understand intimately the capabilities of the state-of-the-art, but have enough insight to predict what things might be like 10, 20 or more years down the road. The current legislation smacks of 19th century law (which isn't bad in itself) and seems to completely fail to understand 21st century technology (which is disasterous).

  • by john_uy (187459) on Tuesday March 06, 2001 @06:06AM (#381952)
    it is very good that people always find a way of circumventing those big companies. if the big companies are smart, the consumers are even smarter.

    the whole p2p and file sharing industry should cooperate and try to develop a file sharing system that will NOT be countered by any government or institution or at least be stopped.

    after the napster controversy, there are numerous programs out there spawning in the hope of gaining market share from napster. better features are included in their program that is deemed to be 'unstoppable'.

    i just suggest that all of those product makers like freenet, aimster, etc. create a universal program with plug-ins for each other.

    it is nice to encrypt the data while having a p2p transfer system. you can also have index servers located worldwide that can be donated by people. you can also use the power of search engines to look for the files that you want thereby making the system rather difficult to shut down.

    for the music and movie industry, i think that the concept of pay per view or pay per hear is also good. like a person can donate a $0.01 TO THE ARTIST each time the song/movie is played. in the long run, the artists are happy and you are happy. at least you can get the most updated songs all the time.

    ha. RIAA may have won the first round. but let's wait and they will not be able to stop everybody from sharing files.

    this concept is not just for the music sharing service. this can be good to share files like newest software versions without having to create a download site. this will reduce costs for companies and improve the overall speed of the net.

    i hope that even though the unfortunate event of napster happened, the internet will not be and SHOULD NOT BE controlled.

    johnlaw

  • Owhay areway ouyay entlemengay? Allway ouryay mpay3 areway elongbay otay usway!

    PS I'll give props to the first person to write an on-topic haiku in piglatin ;).

    Alex Bischoff
    ---
  • By that logic, it would only be illegal for me to transmit an entire CD to you. Transmitting only track 3 should be just fine

    No, because track 3 is still a creative work by itself. An individual file name is not a creative work, it's a piece of factual data that is not covered by copyright (this is assuming you have typical "track number - artist - song.mp3" naming, if you name your files with Haikus then it might well BE a creative work.)

    The only POSSIBLE copyright claim you could have would be on the collective file system, because it took you work to organize things in a particular way, and the organization itself is a valuable service.

    You can quote individual numbers from the phone book all you like, because its a collection of FACTS, and facts are always in the public domain. The collective phone book, however, is copyrighted by your phone company.

    ---------------------------------------------
  • Well, then could Jon Johannsen encrypt (rot-13 or whatever) DeCSS, and then 2600 could link to it, and MPAA couldn't download and de-rot13 it without violating DMCA?

    i.e. to prove that 2600 was violating court order, they'd have to violate DMCA themselves.
  • by cetan (61150) on Tuesday March 06, 2001 @06:08AM (#381959) Journal
    Uhm. The RIAA makes no claims about DeCSS... Last time I checked, DeCSS is the MPAA's problem.
  • It is not described! Nowhere on this page is the algorithm actually described! There are only examples of "clear text" and "crypted text" given. You can get that with any other encryption algorithm that may not be reverse-engineered.

    If something is obvious, it does not need to be reverse-engineered, and I would seriously doubt it will fall under the DMCA.
  • Right - I've just looked at all the discussion on /., and I'm going to post another comment, and it's a congratulation. Well done, Aimster.

    We all know that this isn't really going to make anyone safer, or stop the RIAA doing anything. In fact, I doubt that Aimster really care how much they upset the RIAA, or if the RIAA care themselves. My suspicion is that it's a publicity play. Getting your users (and /. is _right_ in the middle of their target audience) to see new things isn't always easy, so - time to generate some free publicity. And it's worked. People are debating the rights and wrongs of their (pretty specious, I suspect) argument, they're getting thousands of hits from /., and lots of links from the news agencies, probably.

    Which is what they wanted. Nice work - you've got your users covered, you've made RIAA spend some money on _really_ checking with their lawyers, just in case, and you've raised your profile outside your user network, too. I rather like it!
  • by Shoeboy (16224) on Tuesday March 06, 2001 @06:09AM (#381968) Homepage
    Are you insane?
    Sure encryption with ROT13 is fast, but decryption is a bitch.
    Go ahead if you've got a quad xeon box, but on anything else, forget about it.
    While encryption is an linear, decryption is an N^2 operation. Even with a processor capable of performing 10^12 operations/second you'd requre months to decrypt a gigabyte of text.
    Admittedly, there's some academic research that indicates an N lg N solution for ROT13 decryption is possible, but nobody has built a working prototype.
    And don't even get me started on the amount of CPU time a ROT26 algorithm requires. It's been proven to be an NP complete problem. Can you say "computationally unfeasable"?
    I knew you could.
    --Shoeboy
  • my concern is this... the RIAA doesn't need to reverse engineer anything... the web site TELLS THEM how it's encoded. Does the fact people are given instructions on how to decode the coded message actualy negate the exact thing they were trying to accomplish?


  • by griffjon (14945) <{GriffJon} {at} {gmail.com}> on Tuesday March 06, 2001 @06:18AM (#381972) Homepage Journal
    They've taken aim square at their foot, and pulled the trigger. Let's see what happens as they shut napster, opennap clones, and other servers down, and piss off not just us geeks who will grumblingly return to FTP servers and ratios or guntella/freenet/mojonation/etc., but the millions of Joe Sixpacks who got highspeed access just for napster.

    The RIAA is pissing off a huge portion of their fan base. They can see the impact on their bottom line when sales decrease after napster is gone.
  • by SlashGeek (192010) <petebibbyjr@[ ]il.com ['gma' in gap]> on Tuesday March 06, 2001 @06:10AM (#381981)
    Because a computational process is used, and requires an alghorithm to do autonoumsly, yes, this is encryption. Even though it may be simply interpreted by reading the name manually, this requires writing code to decrypt this on the computer level. And as soon as code is written do undo intentional scrambeling, it is considered "decryption". Since the point is here to use a computer to do this without any human intervention, this is proteceted under the DMCA.

    This has got to be some of the funniest sh*t I have heard in a while here on /. I love irony.


    "Everything that can be invented has been invented."

  • The problem is that pig latin is a natural language and therefore might not qualify as an encryption scheme. In fact, copyright holders are entitled to the sole right to translate their work. Hence, the RIAA could claim that the songs on AIMster are their song titles, translated into "pig latin" and demand that the pig latin translations of their song titles be blocked.

    It would be funny to have the RIAA submit a list of songs to be blocked, in pig latin, though!

    Lenny
  • by astrashe (7452) on Tuesday March 06, 2001 @06:22AM (#381990) Journal
    I think you're 100% right.

    Putting aside moral arguments on one side or another, pushing for global piracy networks doesn't make sense because it isn't winnable. I'm not saying that there won't always be file trading networks around -- just that they'll be shut down frequently, and that finding them will probably be more trouble than it's worth.

    There was an interesting article on arstechnica awhile back. The writer said that Napster's offer to the recording industry would be rejected, because it created a distribution system that would be a level playing field for small companies as well as for big companies.

    We need to shift our focus away from piracy, and towards the creation of an open and level electronic distribution system. If you want to screw the record industry, make it possible for bands to distribute and sell their own stuff efficiently without paying more than half to the record industry.

    If your position is "I want everything to be free" your voice will be marginalized, and you won't count.
  • by cleetus (123553) on Tuesday March 06, 2001 @06:23AM (#381991) Homepage
    This is just going to be more ammo for the RIAA. When Napster says to the court, "We're filtering out all copyrighted songs," the RIAA can just come back and say "No they're not; they're using Pig Latin now."

    Uh, it's not Napster that's "using pig latin," it's cohort of Napster's users. While Napster could legitimately be faulted for a weak-ass filtering system, This also serves to highlight the difficulty of content verification in general, a problem with not only Napster, but all the rest of the P2P protocols for the most part. In fact, I would argue that this problem is just a cousin to those that plague NetNanny and the like, and that it's just not worth trying to effect any content management scheme through filtering.

    This will likely result in Napster being shut down entirely

    Good. I thank Mr. Fanning for the protocol and his nifty beta software, but, like all good networking protocols, development for this one is best left open source community. if Napster could provide a service to me beyond a moderately accurate catalogue of other people's mp3s, I might think about giving them my money. Until then, the opennaps at al. will be my choice for finding music.

    Finally, I think that Aimster's citation of the DCMA as a defence for it's plugin is another reason to use it. Forcibly exposing the idiocy of this cancer of a law in such a public and widespread manner will in the end do the cause of fair use more good than harm.

    cleetus

  • m-wor-e-wor-t-wor-a-wor-l-wor-l-wor-i-wor-c-wor-a- worzel
    o-wor-n-wor-e-wordip

    Rich

  • In all likelihood, the filename is no more copyrighted then your address, and for the same reasons. File names that are simply labels for the contained files will almost certainly not meet originality or creativity requirements.

    If Aimster is trying to go on a "My filenames are copyrighted" argument, then this entire exercise was even more futile then anyone imagined. (Or, alternatively, solely a press stunt.)

    Furthermore, you might be surprised what a "circumvention device" is. It's not clearly defined. Simply typing it "by hand" into the computer on the tech's desk could make that computer a circumvention device. It's very, very vague.

  • by Jerf (17166)
    Please re-read the fourth-to-last paragraph (the one with bold words). The DMCA does not make a distinction for those trying to enforce their own copyright (and it can't; it's trivial to set up any number of scenarios where anybody could use that as their own personal loophole). And there are perfectly legal files on Napster which can be "protected" in this way. Napster is not equivalent to copyright violation, and the presence of legal songs means that RIAA could find itself in violation if it "cracks" one of those... and they would, to 100% certainty (specifically, legal paradies).
  • The battle is never over. Although I'm not even a sattelite user, I believe that the move/counter move struggle is still ongoing, even if Directv is in the lead.

    LK
  • Even with this solution, the RIAA still prevails. Their goal was to reduce the amount of illegal trading of music. They are well aware that there will still be a mere 1% or so that can find alternate solutions. But this is an insignificant impact. The few techie geeks (no insult implied here as I fall into this category as well) that go out of the way to get these files are having to resort back to the old days of trading (almost) newsgroups, irc, ratio ftp sites, etc. Or in this case multiple pieces of software that becomes time consuming to get what you want.
  • I personally prefer double or even quadruple ROT13 for maximum safety

    Moderation: Funny=+1.
    BWAHAHAHAHAHAA. Good one ConceptJunkie.
    ---

  • You are not allowed to decrypt this message.

    Screw you, I just did.

    Besides, you didn't invent that cipher: my computer came with a decryption utility for it. I don't remember exactly what it's called... I'll have to skim through some man pages. I think it's like "echo" or something. Maybe some of the crypto-heads on /. can reply with the exact name. It's GPL'd, too, if I remember correctly.

  • by Bonker (243350) on Tuesday March 06, 2001 @06:15AM (#382006)
    Is this a good thing?

    Of course the point of this whole mess is to force the RIAA, MPAA, etc... into fighting the DMCA in court. Ironic yes, but I wonder if we're not actually starting to use the protections offered by the act they way they should be used.

    Since Napster is no longer a suitable example, I'll refer to Gnutella. With a fairly simple layer of 'copy control' encryption layered on top of the file transfer protocol, it becomes illegal for the RIAA to try to stop users from trading files. It forces them to fight the DMCA, which they lobbied for, but at the same time, it protects individual's rights to do as they will with the stuff they have bought. I want to share all my Eminem CD's, which is legal under 'fair use' but will get me whipped with a garden-hose if the RIAA has their way? This scheme allows me to do so and makes it a crime for RIAA to try to figure out that I'm doing it.

    Perhaps we should take this seriously, not to get rid of the DMCA, but to exploit the hell out of all the protections it offers to those who know how to use and abuse them while we still have the chance.

    Aimster claims to do this with some pretty good encryption, but alas, it is entirely dependant on AIM, which, frankly, sucks donkey balls. I'd much rather see the OpenNap or Gnutella guys develop something similiar.

    C'mon, Aimster. Let's see a non-AOL dependant version of your software!
  • by Rentar (168939) on Tuesday March 06, 2001 @06:24AM (#382007)
    It is not described! Nowhere on this page is the algorithm actually described! There are only examples of "clear text" and "crypted text" given. You can get that with any other encryption algorithm that may not be reverse-engineered.
  • the RIAA can just come back and say "No they're not; they're using Pig Latin now."

    If they use that exact sentence in court it'll make it obvious how ridiculous the whole situation is.

    Maybe.

    and a bunch of sympathetic courts.

    s/sympathetic/easily purchased/

    At any rate, the RIAA is going to continue its war on the music-buying public no matter what happens to Napster. This is the same bunch of clods that tried to ban the selling of used CDs, remember? (Is trading songs on Napster any more or less legal than buying a CD for fifty cents at Goodwill?)
  • It's always the first time for someone.
    ___
  • Weakness of the system is not relevant under the DMCA [cornell.edu]. CSS could have been XOR 255 and DeCSS would be just as illegal. Judge Kaplan didn't say anything about CSS meeting any standard of being difficult to break as a part of why he convicted the defendants.
  • In other words, I bet you'd lose all protection under DMCA if such a program were available.

    Just like DVDs lose all protection because DeCSS was available?

    Well we know that's wrong. What's the (legal) difference?

  • IMHO, Aimster made a nice pass at this, but screwed up. They needed to put a license on download so that it was only allowed for personal use. RIAA can simply use the program like anyone else and then search for the results like anyone else, download the file like anyone else, and then listen to it and confirm that it's a violation. If it were only licensed for personal use, this would not be possible.

    I have to assume that you disabled animated gifs... for that is how Aimster brag about precisely such a license on their homepage [aimster.com]. ("Can't Touch This! The Aimster Service is Private and Encrypted!") While I'm part way down the comments, it would seem that a great many people are missing Aimster's irony altogether... from the linked page:

    "And please check out Aimster at www.aimster.com, if you have a chance. Aimster is the first file and messaging service to give you full encryption over all your messages and files"

    Which is not to say that (having a central server) they are immune to the "loophole in the loophole" that you point out. Freenet, on the other hand...


  • "I also think that most would agree that the goal ( of the online community, at least ) in mind is to be able to share / trade information freely, without being monitored / jailed / oppressed / etc. "
    I am a musician. I don't live off of my music yet . I can imagine that the right of the musician is to deside wheter he want he music release under a free as beer licence or no so free as in cadilac licence...I don't think the goal is to infinrge on ppl's rights but to stand up for ppl's rights.

  • But does "the copyright holder" refer to the copyright holder of the song (eg Sony), or the copyright holder of the technological measure (eg AIMster)? I think it's going to take a million dollar lawsuit to decide that one. :-)
  • by Squid (3420) on Tuesday March 06, 2001 @06:32AM (#382028) Homepage
    And more importantly, when people start flocking to independent music that doesn't pull these kinds of shenanigans, sells music for reasonable prices, and generally doesn't treat the music-buying public as the enemy.
  • All napster did was put the filter on the AUTHOR field, not the TITLE field. So you can still download all the metallica you want, without downloading any Etallicamay.
  • by LinuxParanoid (64467) on Tuesday March 06, 2001 @06:34AM (#382033) Homepage Journal
    This particular approach is bogus, since as others have pointed out, the DMCA is not about methods of encryption but about methods of copy control.

    This does raise an interesting question. How can we consumers use methods of copy control to prevent excessive and DMCA-illegal snooping by the new corporate thought police?

    --LP
  • I don't take credit for it, and was actually embarrased at shamelessly using an old and rather stale joke, but hey, like the man said, it's always the first time for _someone_.

  • by Squid (3420) on Tuesday March 06, 2001 @06:35AM (#382036) Homepage
    If, for some reason the RIAA was violating the DMCA, how long do you think it would be before the same lawmakers who wrote the damn thing in the first place fixed the bug in the law to make AIMster the bad guys?

    Orrin Hatch, one of the key players, has already dropped strong hints that he's not happy where the DMCA has gone. I suppose next time he should READ proposed legislation before he votes for it. But anyway.

    And, just curious, but totally unrelated, of course, but how much has the RIAA and its members given to the Republican party in the past year?
    How 'bout the Democrats?


    Politicians are cheaper if you buy them in bulk.

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser

Working...