Apple criticized for embedding names, e-mails in songs?

An article by Greg Sandoval, Staff Writer, CNET News.com, talks about how EFF is taking issue with Apple's practice of embedding customer information within iTunes music. Normally I am in total agreement with EFF, but in this case I don't understand the complaint. Having personal identifying information of the licensee of downloaded music seems reasonable to me. I couldn't find any reference to this complaint on EFF's website.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

What happens if you lose your iPod?

People claim that this will only hurt those that share their music via P2P, but occasionally iPods full of music (and the personal info the music contains) will be lost. what happens then?

What Apple should have done is encrypt the personal information, and kept the keys. This way apple (or even the RIAA) could track who is sharing purchased music, but if you iPod is lost or stolen you information is safe.

Interesting suggestion...

Interesting suggestion about encrypting the data so that third parties can't read it. I suspect that various groups would be even more upset about that, as the customer wouldn't be able to determine themselves what information is stored.

A question to those people worried about this: Do you encrypt the hard disk of your laptop? Few people do, and there is far more private information on most people's laptops than what is in an iPod. I suspect people are worried about this problem far more than they need to be.

I don't have an iPod (and have never seen iTunes), but I do have music on my cell phone (largely talk-show podcasts, but I do have an eMusic account). No information stored in the music files will be of any additional invasion of privacy given far more personal information is stored in other parts of my cell phone.

As to the RIAA/etc keeping decryption keys safe, I doubt that could happen. These are the same technologically illiterate people who believe it is possible to make bits of information harder to copy, about as "scientific" as believing it is possible to make water less wet. While crypto is great to keep messages between two individuals private, the more people that are 'intended' to share a key the more likely it will become fully public.


Free/Libre and Open Source Software (FLOSS) consultant.

It is still legal in Canada...

(at least as I type) to engage in the "copying of sound recordings of musical works onto audio recording media for the private use of the person who makes the copy," thus justifying the blank media levy. The legality of "distribution" (for lack of a better word) through P2P is, at best, undefined. So if a friend comes to my house with a blank CD to make a copy of a track, this is a perfectly legal proceeding. If he then allows a friend to come over to his place and make a copy, again this is perfectly legal. If we continue from friend to friend and so on and so forth, this is all done within the legal definitions of the Copyright Act. If the 14th friend down the line decides to throw the track on a P2P network, which contains your info from the original purchase, do we now enter legal greyzones? Not that there's been any legal action against P2P in this country (yet), but does your identity now become "listed" and "catalogued" as an infringer (based on the CRIA et al's view of the law)? Would this be concrete enough to be presented as evidence should legal recourse from the CRIA become a reality? It would seem that this method would dissuade someone from participating in the legal form of copying for fear that one's information (whether pertaining to potential law violation or simply purchased by Spam peddlers) is launched to the wild by the 14th iteration of legal copying.

Obviously, if one was to reside in another country where "private copying" was not legal, the issue of law infractions could be more defined in simply possessing a track with someone else's info.

I also don't use iTunes or know a great deal about it, such as the potential use of "phone-home" technology. It would seem that the dissemination of personal info in this manner would ultimately lead to the use of such technology to influence search results, determine if some of the tracks in your "playlist" have someone else's info (ie copied), etc.

Who is the infringer?

Remember that Apple is a US company, and isn't going to have a special version of their software for the Canadian marketplace. The USA doesn't have a comparable private copying regime (home taping is far more limited), just as Canada doesn't have a comparable Fair Use regime (fair dealings is far more limited).

As to Canadian law, a private copy is no longer a private copy if it is shared. This is quite clear in the private copying section of the Canadian Copyright Act.

Copying for Private Use

Where no infringement of copyright

80. (1) Subject to subsection (2), the act of reproducing all or any substantial part of

(a) a musical work embodied in a sound recording,

(b) a performer’s performance of a musical work embodied in a sound recording, or

(c) a sound recording in which a musical work, or a performer’s performance of a musical work, is embodied

onto an audio recording medium for the private use of the person who makes the copy does not constitute an infringement of the copyright in the musical work, the performer’s performance or the sound recording.

Limitation
(2) Subsection (1) does not apply if the act described in that subsection is done for the purpose of doing any of the following in relation to any of the things referred to in paragraphs (1)(a) to (c):

(a) selling or renting out, or by way of trade exposing or offering for sale or rental;

(b) distributing, whether or not for the purpose of trade;

(c) communicating to the public by telecommunication; or

(d) performing, or causing to be performed, in public.

1997, c. 24, s. 50.

The question in your scenario is who is doing the infringing, not whether there is infringement? While it is the person who shared the music via telecommunications who is infringing (their copying was not a private copy, and the communication is also unauthorized), the person who is identified in the file (in plaintext or via a watermark, the latter being better) is a good place to start to collect evidence.

That said, I believe that the private copying regime should be extended to non-commercial distribution and communication by telecommunications. Non-commercial filesharing and mashups of multimedia (music, movies, television) should be under a compulsory license. That said, I recognize that this isn't the way the law is now, and non-commercial sharing is quite clearly not covered by the private copying regime.

People should be careful interpreting the law selectively to mean what they want it to mean. In the USA people have been convicted of "unauthorized" access to open WIFI connections, so how lawyers and the courts interpret things can be very different than how you might interpret things.


Free/Libre and Open Source Software (FLOSS) consultant.

Easily forged...

Ed Felten weighed in on this debate. I hadn't known that the data isn't being signed, and thus no integrity check is being done. This makes it as easy to forge as the From: field in an e-Mail (trivial).


Free/Libre and Open Source Software (FLOSS) consultant.