RIAA expose Fingerprint tactics for catching music sharers

A Brooklyn woman, currently only identified as “nycfashiongirl”, is seeking to keep her identity private in a case brought against her by the Recording Industry Association of America (RIAA) for sharing 900 music tracks on the Internet.

She claims that songs on her family’s computer were from compact discs she had legally purchased but the RIAA claim they have proof that her files were in-fact downloaded from file sharing networks. Their evidence includes showing that her music files contained hashes, a type of electronic finger print that can included in the files, that trace them back to being downloaded from Napster. This is the first time that the forensic methods used for detection have been exposed.

What has yet to come to light is how the RIAA knew what hashes to identify. One view is that the music industry ‘seeded’ the file sharing networks with their own fingerprinted versions of music tracks and created ‘Honey-traps’, computers sitting on the filesharing networks, waiting for people to download them. The RIAA claim that this method had been used since May 2000.

Some observers feel that the release of the use of fingerprints may be to create Fear, Uncertainty and Doubt (FUD), encouraging people to delete the music tracks that they may have previously downloaded.

What is currently unclear is whether copyright law has been breached –

  • if people already own a music CD and then download one of its tracks from a file sharing network
  • if people download a track and then subsequently buy the CD

The lawyer representing “nycfashiongirl” claimed the argument was “merely a smokescreen to divert attention” from the related issue of whether her Internet provider, Verizon Internet Services Inc., must turn over her identity under a copyright subpoena. “You cannot bypass people’s constitutional rights to privacy, due process and anonymous association to identify an alleged infringer,” he said.