Taking a new angle in their legal attack on Napster, attorneys representing rapper Dr.
Dre are asking the music sharing service to use an electronic signature
technology called MD5 to start
blocking specific MP3 files rather than the nearly 240,000 users of the
service who’ve traded those MP3s.
MD5 is a popular algorithm that
creates a “hash” or fingerprint of a file in the form of a unique, 128-bit
signature. The technology provides developers an efficient way to determine
whether copies of a file are an identical match. At present, MD5 is used by
the Napster system
to identify songs in a user’s personal library, and to ensure that when
users exchange MP3 files they are transmitted without errors.
According to Bruce Ward, president of NetPD, the Cambridge, England-based
firm hired by Los Angeles attorney Howard King to ferret out infringements
on the band Metallica’s and Dr. Dre’s copyrights, Napster could also use
those MD5 signatures to prevent users from trading copyrighted tunes without
having to boot those users off the service altogether, as Napster did when Metallica
challenged it last week.
“I certainly see it as being a much better solution for everyone involved,
but it remains to be seen whether Napster will use the solution,” said Ward.
Although Napster could simply block the exchange of tunes with certain
titles or artist names, Ward says MD5 is a faster and more efficient system
than doing searches on text strings.
But is MD5 reliable? According to L. Peter Deutsch, a software developer who
created an MD5 implementation, it’s practically impossible for two different
files to “collide” or end up with the same MD5 signature, and thus it’s
highly unlikely that a Napster block on an MD5 signature would erroneously
stop an non-infringing file from being transferred.
“MD5 is a very strong digest function. If you have two different objects
with the same MD5 signature, the chance that there will be an accidental
match is much lower than the chance that there will be a CPU glitch during
the comparison and it will give you a false positive,” said Deutsch.
But while MD5 signatures may be reliable and unhackable, they’re still not a
workable MP3 copyright protection scheme, according to Bruce Schneier, a
cryptographer and CTO of Counterpane
Internet Security. The problem is that variations in the MP3 encoding
process will usually cause two different “rips” of a single tune from the
same CD on a single computer to have two different MD5 signature.
Indeed, Ward of NetPD admits that the investigative service has identified
nearly 90,000 different MD5 signatures on Napster for just 34 Dr. Dre tunes.
And he concedes the number will continue to grow as new rips of Dr. Dre tunes
are added by other Napster users.
“There’s no way to preemptively block them. However, we can very quickly
find them. We’ll have to still vigilant, and we certainly will do so,” said
Deutsch also notes that an MD5-based block would unfairly impact users who,
under the Audio Home Recording
Act, have a legitimate right to obtain MP3 copies of recordings they
It wasn’t clear Thursday whether attorneys for Napster will warm to the idea
of this proposal to use MD5 signatures to block files rather that users.
Company representatives were not available for comment.
Some observers have speculated that Napster would actually prefer to block
individuals, rather than files, despite the short-term wrath it might incur,
because such a strategy enables affected users to challenge the block,
30,000 Napster users have done after being targeted as among the group of
300,000 Metallica pirates. That puts the legal ball back in the court of
Metallica’s attorneys, who must then file individual lawsuits against the
users — a prospect that King admits is unfeasible.
“Napster’s public relations agenda is to try to make it look like it’s the
bands who have denied their fans of this product, but if Napster has any
prayer left in this litigation, they must convince a court that they have an
effective copyright infringement enforcement policy,” King told InternetNews
But Schneier, the cryptography expert, said the music industry’s attempts to
use MD5 and other technical means to prevent copyright infringement are
“This is an example of the music industry’s fighting the tide. Digital files
are copyable, and any attempt to stop that will fail. It’s like saying ‘we
want to make water not wet.'”