Oh, the irony.  Apple simply did not bother to change its file format, other than eliminating the encryption step.  There are various reasons why a user's ID should be embedded in a content file, such as those related to the site's Terms of Service, and there is most likely software on Apple's servers that depends on user IDs being in a certain position in iTunes files. 

If a user were to purchase a "DRM-free" file on iTunes and simply post it to a file-sharing site, then it would be easy to see where the file came from and therefore who the culprit is.  Yet the presence of the user ID as header metadata in cleartext means that it's easy to remove with simple tools, or by burning the track to CD and re-ripping it to the user's computer.  A better solution -- for both piracy and privacy -- would have been to embed the user's identity as a watermark in the audio itself.  This would have made the user ID virtually impossible to remove and only possible to detect with proper software. 

That has been the rationale behind a handful of attempts to use forensic watermarking to drive piracy deterrence solutions, including Digimarc's ImageBridge and MyPictureMarc, Bitmunk's modified file-sharing network, and the Fraunhofer Institute's Light Weight DRM (LWDRM) scheme.  The basic idea of all of these schemes is that if your identity is bound up in the file, then you'll only send copies of it where you're comfortable; and if you're comfortable with the risks inherent in a certain usage of content, then the odds are good that it's legit. 

Yet Apple would have incurred costs in adding watermarks to its music downloads, including the cost of embedding a new watermark into each file before it is downloaded.  Apple would also have had to make the watermarking technology available to third parties (or use a commercially available watermarking scheme) so that it could have some use in forensic piracy detection.  None of this is consistent with the cost-minimizing way in which Apple has implemented iTunes from the beginning.

Meanwhile, a new approach to watermarking appears to be at the heart of lala.com's new encryption-free digital delivery service, which the company announced earlier this week.  The Silicon Valley startup was originally a CD-selling site; it has launched a number of new business models that attempt to skirt around the prevalent ones in the industry; Warner Music Group intends to license these services.  One of them is an "online locker" service, similar to Michael Robertson's original MP3.com, in which users can upload copies of tracks from their own collections to a website, from where they can stream the tracks.  Another is a free on-demand streaming service, similar to Rhapsody or Napster but at no cost to users for unlimited streaming rights.  Lala intends that this service will promote music and induce users to buy it, on CD or via digital downloads, and the company will pay royalties to record labels.

As for the digital downloads, Lala is building a service that will download unencrypted AAC tracks directly from its website to users' iPods.  Reports from Digital Music News and elsewhere about how the service works -- and how it thwarts indiscriminate redistribution of files -- are conflicting but suggest that the scheme involves watermarking the files with users' identities.  We'll report on this once we are able to determine exactly how the scheme works.  However, the information we have gleaned thus far leads us to suspect that it's similar to LWDRM -- in other words, that the "DRM-free" epithet the company uses to tout its service may also be a bit of an overstatement.

Get DRM Watch Newsletter

Click here to subscribe to DRM Watch