HTP logo 3.1.2:
About this site: Wes Felter - FAQ - Feedback - Colophon - Credits - Legal
Local: Home - Discuss - Bookmarks - Your Prefs - Login - Logout

Route around the labels

Author:   Jeff Kandt  
Posted: 7/25/2000; 1:38:04 AM
Topic: Route around the labels
Msg #: 1469 (top msg in thread)
Prev/Next: 1468/1470
Reads: 8341

As you probably know, MP3 files have text tags called "ID3" which store strings about Artist, Album, Genre, etc. The current implementation has a "comments" field which stores a maximum of something like 30 characters.

It got me thinking, what if the ID3 spec was extended to store an unlimited amount of data encoded as XML, right inside the MP3 file?

One of the many cool things you could store is a digital signature. Note that this does not mean that the files are encrypted. They simply have a digital signature appended onto the end of them which can only have been created by a certain private key. Given the corresponding public key, which you need anyway to validate the signature, you can now have cryptographically secure transactions with the person who signed the file.

Here's a suggested protocol for a voluntary payment scheme:

The entire binary portion of the file (the "content"), excluding the XML space, is signed by 1 to n private keys and each signature is paired with its corresponding public key. These pairs plus a list of URLs are all signed by each key and encoded into XML tags in the ID3 portion of the file.

If it is capable, and if the user has enabled it, the Player software reads the XML tag, validates the signature, chooses a random URL from the signed list and sends the server at that address a SOAP request, passing in a random number as a parameter. The SOAP server signs that number using the same private key which signed the MP3 file and returns the result to the client. (This is called "challenge-response".) The client now knows that it is talking to the person who signed the file. This is probably* the copyright holder.

(*Fraud is discussed below.)

At this point a secure channel has been opened and a number of things could happen, or not. The server could give instructions for how to send a payment. The player software (the client) may store that information for later use, compiling a monthly "tip list" of the most popular artists (calculated by number of minutes) and asking the user how much to tip each one. Or the user can enter a fixed amount which will be automatically divided fairly among the artists listened to that month, weighted according to minutes played.

If the user is particularly moved by a song, he can tell the player software to send an immediate tip, including an optional thank you note to the Artist, if the SOAP server supports a feedback method.

The client may send payment via Quicken, Checkfree, PayPal, or a paper check in the mail. Someday it may even send payment via SOAP by handing the server a digital token, coin or bearer instrument.

All of the available payment options are communicated in that first SOAP call. What the client software (the consumer) does with this information is completely optional.

Of course, the client may ignore the tags completely. I think maybe that's okay.

The client may even strip the tags as the files are downloaded to his own computer, or afterward. That's unethical but not illegal; you store your data any way you need to.

But nobody had better get caught _distributing_ those stripped files, since that would be a punishable violation of copyright. This is difficult to enforce. But -- and this is important -- as long as the copyight holder agrees that this is a voluntary system, why would anyone ever strip the tags?

When someone adds their own payment information to someone else's song, that's illegal. It's wrong, theft, fraud -- we can all agree on this. It's also pretty easy to discover. In order to collect payments, the thieves have to include a url which points right back to themselves. I recommend not allowing xxx.xxx.xxx.xxx style locators; tie this to DNS so it has as much legal accountability as possible. Artists should register their digital signatures along with their copyrighted works so that they can prove this sort of piracy in court.

For the artists, this makes the cost of doing business exactly one 'net-connected SOAP server, and probably a domain registration every year, although they may choose to farm all of this out to a service. Or multiple services; remember that there was a list of URLs. Since the clients by convention try a random url from the list each time, the artist could set up multiple redundant revenue streams. Even if someone hijacks one of your domains, they can't collect your payments without the correct private key. Without that, they can't respond to the challenge. And when a client doesn't get the correct response to the chalenge, it moves on to another URL.

Key management is always a concern. Legal control of private keys controlling the copyright should be explicitly enumerated in writing before each recording session or live performance. Copyright holders need to understand that losing their private key(s), or compromising them by giving one to someone they shouldn't have trusted, could cost them a lot of money.

The reason multiple keys are used to sign each file is so that one or more may be revoked if necessary. The server may hand the client a revokation notice (signed by the key being revoked). This suggests that the Artist thinks the key may have been compromised. Player software could store revoked keys indefinitely and never trust them again.

Some record companies may choose not to play this game. They may try other ways of protecting their music. Fine. We'll even give them a special tag which they can attach to all their files which says payment for this content is mandatory. We'll build mandatory enforcement of this tag into commercial Players, which will refuse to play a song for a second time until it has been bought. The recording companies will spend millions pursuing the hackers who instantly distribute software which bypasses this enforcement, but that's their folly and it won't last long.

Soon a new artist would have to be crazy to sign a contract with a recording label which puts those kind of walls between them and their fans -- by then the money stream coming out of the free distribution model will just be too large and obvious.

Those artists stuck in existing contracts had better call their attorneys. Worst case is they may have to change their names to an unpronounceable un-XML-encodeable symbol until their existing contracts run out, kinda like Prince did. ;-)

Best of all, since we'd now have a place to for XML-encoded attributes, Dave Winer can use it to store metadata for that nifty Playlist editor he's been working on.

I'm not a cryptographer, so I've probably missed some Big Problems.

-Jeff

There are responses to this message:


This is a Manila site. © copyright 1998-2018 Wesley Felter; see the full copyright notice. Validate this page.