Nercy Escobedo
Christine Ianuzzi
Professor Keith W. Ross
Iryna Zenyuk

Covert war on the Internet battleground
Dr. Keith W. Ross uncovers the entertainment industry’s quiet attack on digital privacy

Keith W. Ross
Leonard J. Shustek Professor of Computer Science (www)

In the past six years, the entertainment industry has been waging war with an insidious enemy. The adversary is not one, but millions—disguised as your friends and neighbors and colleagues and children. Armed with a computer and access to the Internet, they are steering away hundreds of millions of dollars in sales from music and film companies by sharing copyrighted content on peer-to-peer (P2P) networks.

Battles have been fought in the courts, against companies and individuals, with mixed results. Now, the music industry is striking back with stealth, says Polytechnic Professor Keith W. Ross, who with a team of researchers, has studied this new little-known attack.

P2P networks work by allowing users with an Internet connection and file-sharing software—Kazaa/FastTrack’s Media Desktop, for example—to download files directly from other users’ hard drives. That means a single user on a P2P network can buy a CD, copy its songs onto his/her computer and share those songs with potentially millions of file sharers on the network.

In an aggressive attempt to curtail the illegally online trading of songs, music labels are hiring professional counterhackers, companies that specialize in polluting files—corrupting data to make them unplayable and falsifying metadata, which describes characteristics of the file such as song and artist names. The desired result is users becoming frustrated with the quality of shared files and returning to buying CDs or using legal pay-per-download services like Apple’s iTunes.

Ross, who holds the Leonard J. Shustek Chair in Computer Science, and graduate students Jian Liang and Rakesh Kumar have conducted and published a study that examined the extent of polluted files in Kazaa/FastTrack, the most widely used P2P network. They developed indicators to determine which recordings are most likely to be polluted, observed the extent of pollution in file sharing systems and identified the methods by which pollution occurs.

Using 10 Linux-based computers, MySQL open-source software and software designed by Liang, the team randomly tested different versions of seven popular songs from different record labels. Each version sounds identical to the ear, but becomes unique when measured by the team’s software, which detected variations in metadata and at the bit level.

The results told the team that about 50 percent of the versions and copies of the songs they tested were polluted, therefore ruling out accidental user pollution. User pollution occurs when people alter songs by making changes to the original, truncating the end of a song, for example.

The team determined a file to be polluted if it was non-decodable or if its length wasn’t within +10 percent or -10 percent of the original CD version.

They then tested several older songs and found that pollution levels for those songs were minimal, leading to the conclusion that pollution companies were flooding the network with corrupted files of newer, hit songs rather than older, less sought-after songs.

They also found that files that were in fact polluted were falsely given positive ratings. Each file on Kazaa/FastTrack can be rated for quality, therefore establishing a filtering system through which users can decide whether or not to download certain files. The pollution companies have been successfully bypassing the filtering system and perpetuating the spread of polluted files.

Music swappers on a P2P network can prevent polluted files from spreading by only downloading files from friends or other trusted sources and by listening to songs before they put those files into a shared folder from which other users can download. They can also establish a reputation system, similar to Ebay’s feedback system, where users are rated by other users for the quality of files they make available.

The music industry’s methods seem to be succeeding in reducing the number of file sharers on Kazaa/FastTrack, while increasing the number of file sharers on other P2P networks such as eDonkey and BitTorrent. “The number of users has not declined in the P2P space,” says Ross “They’ve moved to other systems.”

In June 2005, the entertainment industry received promising news when the Supreme Court ruled that P2P file-sharing software company Grokster was responsible for fostering and encouraging illegal actions instead of the individual user. This overturned a 2003 court decision that the company cannot be held liable when their users download copyright material without permission.

And there are many users. P2P traffic makes up about 60 percent of all traffic on the Internet. At any given time, there are over eight million users on P2P networks sharing copyrighted files with each other. This fact, the music industry claims, has drastically affected music sales over the last few years. Forrester Research Inc., a Cambridge, Mass.,-based technology research company, estimated that more than $700 million in sales were lost in 2003 because of widespread file sharing on P2P networks.

The problem P2P networks poses to the entertainment industry is the content of the files being shared. These files are often, but not exclusively, proprietary and copyrighted, leaving users satisfied and the entertainment industry lamenting.

The mass-scale power and influence of P2P networks is what Ross foresees to be an important asset in creating what he calls a “worldwide computer, where everyone’s computer is doing all these things for other computers, people and organizations.” This vision is not confined to the entertainment industry. One potential example is employing the combined computing power of the network to analyze complicated data of gene sequences.

However, as Ross’ study has shown, security concerns need to be addressed before a worldwide P2P network is feasible. A joint collaboration among copyright-interested parties, scientific researchers and software users has the ability to make P2P possible on a grand scale and provide protection of copyrighted material and access to tons of data.