RealTime IT News

NetPD: Block Napster Files, Not Users

Taking a new angle in their legal attack on Napster, attorneys representing rapper Dr. Dre are asking the music sharing service to use an electronic signature technology called MD5 to start blocking specific MP3 files rather than the nearly 240,000 users of the service who've traded those MP3s.

MD5 is a popular algorithm that creates a "hash" or fingerprint of a file in the form of a unique, 128-bit signature. The technology provides developers an efficient way to determine whether copies of a file are an identical match. At present, MD5 is used by the Napster system to identify songs in a user's personal library, and to ensure that when users exchange MP3 files they are transmitted without errors.

According to Bruce Ward, president of NetPD, the Cambridge, England-based firm hired by Los Angeles attorney Howard King to ferret out infringements on the band Metallica's and Dr. Dre's copyrights, Napster could also use those MD5 signatures to prevent users from trading copyrighted tunes without having to boot those users off the service altogether, as Napster did when Metallica challenged it last week.

"I certainly see it as being a much better solution for everyone involved, but it remains to be seen whether Napster will use the solution," said Ward.

Although Napster could simply block the exchange of tunes with certain titles or artist names, Ward says MD5 is a faster and more efficient system than doing searches on text strings.

But is MD5 reliable? According to L. Peter Deutsch, a software developer who created an MD5 implementation, it's practically impossible for two different files to "collide" or end up with the same MD5 signature, and thus it's highly unlikely that a Napster block on an MD5 signature would erroneously stop an non-infringing file from being transferred.

"MD5 is a very strong digest function. If you have two different objects with the same MD5 signature, the chance that there will be an accidental match is much lower than the chance that there will be a CPU glitch during the comparison and it will give you a false positive," said Deutsch.

But while MD5 signatures may be reliable and unhackable, they're still not a workable MP3 copyright protection scheme, according to Bruce Schneier, a cryptographer and CTO of Counterpane Internet Security. The problem is that variations in the MP3 encoding process will usually cause two different "rips" of a single tune from the same CD on a single computer to have two different MD5 signature.

Indeed, Ward of NetPD admits that the investigative service has identified nearly 90,000 different MD5 signatures on Napster for just 34 Dr. Dre tunes. And he concedes the number will continue to grow as new rips of Dr. Dre tunes are added by other Napster users.

"There's no way to preemptively block them. However, we can very quickly find them. We'll have to still vigilant, and we certainly will do so," said Ward.

Deutsch also notes that an MD5-based block would unfairly impact users who, under the Audio Home Recording Act, have a legitimate right to obtain MP3 copies of recordings they own.

It wasn't clear Thursday whether attorneys for Napster will warm to the idea of this proposal to use MD5 signatures to block files rather that users. Company representatives were not available for comment.

Some observers have speculated that Napster would actually prefer to block individuals, rather than files, despite the short-term wrath it might incur, because such a strategy enables affected users to challenge the block,