Friday, June 8, 2007

Big Brother Is Watching You: Now In iTunes!

Are the songs that are being billed as free of so-called digital rights management technology really "DRM-free" or are there still strings attached? Apple's recent rollout of songs without copy protection software at its iTunes Store has given listeners new flexibility, but questions have emerged over the company's inclusion of personal data in purchased music tracks.

The Electronic Frontier Foundation, a consumer watchdog group, said the embedded user information in the purchased track raises privacy issues. Apple has always embedded user information, your user name and your e-mail, into its copy-protected tracks. But until iTunes began offering DRM-free music from EMI Music last week, no one raised much of a ruckus.

What the heck is DRM? Well, DRM technology puts a sort of software lock on digital songs or movies, dictating where and how the content can be played and distributed. With DRM-free content, some songs purchased from iTunes now work directly on portable players other than the iPod, including Microsoft's Zune. DRM-free means you're not restricted from putting the songs on other devices anymore, but it doesn't give you a license for piracy either. I'm sure other online music retailers will similarly embed user tags once they start to introduce DRM-free songs.

Though piracy of digital music over the Internet remains unabated even with the growth of legitimate online retailers like iTunes, Apple's debut of DRM-free songs could tempt some of its users to share their purchased tracks with others online. Technology blogs were among the first to reveal that personal data remained in the unrestricted iTunes tracks. Their reports last week prompted speculation that the data could be used to trace copies uploaded to online file-sharing networks back to the people who originally purchased the tracks, opening those users to music industry copyright lawsuits including individual grandmothers and punk kids.

I'm on the fence in terms of the privacy issues but I think that users should always know what they're getting into. I think companies are going to have to do this as some way for tracking purchases as many music lovers have pulled too far toward information freedom. The fact that the personal information stored in these type of song files is not encrypted. If someone were to lose their iPod or have their laptop stolen, for example, anyone using simple software tools could access the personal data in the songs. It blows my mind that Apple (and I LOVE their computers) would embed this kind of personal information without protection in the files. I mean, it's not as bad as leaking your credit card number or your Social Security number, but it's still a pretty hefty security leak. Okay David Holtzman, I've read your book Privacy Lost and now I'm waiting for you to blog this topic on GlobalPOV!

So how can you stop this data from being sent if you make a copy? Well, the solution is pretty simple and is popping up all over the internet. You can remove their identifying data from the files simply by burning the tracks to a CD and then ripping the songs back to their computer in the MP3 format.

Apple should have been more upfront about its purpose for the embedded information and they should tell customers what they're doing before they spend money with you. It'll be an interesting wait to see what becomes of this issue.

In the meantime...be careful. It seems their might be a bad Apple out there!