Last.fm’s User Data is Useless to the RIAA
Written by Ernesto on May 24, 2009In February TechCrunch rumored that Last.fm had ratted out its users to the RIAA. Now they have another source claiming data was shared with the music industry group, including IP addresses. Without going into the validity of these allegations, we’d like to point out that this data is completely useless to the RIAA, from a legal point of view.
With millions of active users, Last.fm is one of the largest and most appreciated music communities on the Internet. The company was acquired by CBS Interactive back in 2007, prompting some to speculate that this had led it to the darkside. The allegations reached a crescendo recently with claims that Last.fm shared the listening habits of its users with the RIAA. Last.fm has denied all allegations, but let’s assume for a moment that there’s some truth in them.
In their most recent writeup TechCrunch published new details which were provided by another source, and in the article they hint at the following doomsday scenario. “Their parent company [CBS] supplied user data to the RIAA, and that the data could possibly be used in civil and criminal actions against those users.” TechCrunch makes it sound really scary, but how useful is this data really in a court of law?
Let’s start with a little background. Last.fm’s data is provided by its users who report their recently listened-to songs to allow the site to track their listening habits. The data comes from the ID3 tags or similar metadata formats that MP3s and other digital music files carry. These list the artist name, title of the track, name of the album and more info related to the music file.
So what can the RIAA do with this data? Since the metadata doesn’t state that a track was pirated, only pre-release tracks that appear on Last.fm would be worth looking into. However, since the RIAA only have access to metadata reported to the site there is not much they can prove with it, even if they have access to Last.fm’s entire database.
The RIAA would only be able to check which IP addresses played a music file tagged as ‘track X’ by ‘artist Y’, but since everyone can easily edit these tags they can never really be certain that an individual was indeed in possession of the track, let alone that they shared it with others.
So, suggesting that the RIAA is going to use Last.fm’s data (if they indeed got their hands on it) to go after file-sharers is complete nonsense. As evidence, Last.fm’s data is not going to be worth much in court. In fact, there are plenty of better ways to track down copyright infringers and the RIAA is well aware of that. They are experts by now.
The only thing the RIAA has to do is hire someone to monitor various public BitTorrent trackers where the music is traded, and they can easily catch thousands of people in the act. The upside of this method is that they can verify that the person on the other end is actually sharing the data. Plus, they will know that the files are indeed the titles they are looking for.
The RIAA of course knows all of this, and if they indeed requested the data it was for purposes other than taking legal action. So, assuming that the RIAA was indeed requesting data from Last.fm, why would they want to know what music people are listening to on their computers?
Most likely the RIAA is interested in the business intelligence value of the data. For years record labels have been tailoring their music releases to the listening habits of ‘pirates’, and it is not unlikely that they are interested in Last.fm’s data for similar purposes. IP-addresses can come in handy here to spot some of the regional differences in popularity of artists or tracks.
Whatever their reasons are, dragging pirates to court is not likely to be one of them. Perhaps the TechCrunch tipster is an insider at one of the record labels who wants to scare the shit out of Last.fm’s users? Or has Michael Arrington himself been hired as one of the footsoldiers in the RIAA’s war on piracy? Who knows, but anything is more plausible than the RIAA taking people to court for reporting “copyright infringing” metadata to Last.fm.
Update: Apparently Last.fm’s official client also does fingerprinting as LANjackal points out. However, the ‘evidence’ would still be far from usable in court.
Previously: BitTorrent Spammers Target The Pirate Bay
Next: Anti-Piracy Boss Saved From Death, Can’t Close Torrent Sites
67 Responses
Why wont the RIAA just fuck off? how about that idea..
wow I got in second? no way
on a real note: I still wouldnt be surprised if the RIAA used that data in court… they dont seem like a bunch who would turn away from evidence no matter how crappy… even more so when they can just threaten to sue and take some easy money out of some of those people
Interesting.
not really
… am I seriously hearing people who are familiar with the RIAA’s tactics saying that they would only use legally-gathered, hold-up-in-court evidence to blackmail people? (O_o)
Can’t be. My hearing must be on the fritz again. Damn old age.
Riaa suxxx,
ofcause thay will try to blackmail people thats thair new business model, like the good old maffia, just on bigger scale!
I dont understand, i thought last.fm was a free online radio service, which pays royalties for each track played to the appropriate performance rights organizations. How are the users infringing any copyrights here? all you can do is stream LEGAL music, and perhaps make comments on the particular track/artist.
Doesn’t the RIAA make money from sites like this from royalties? WTF is their problem now?
If I remember correctly, last.fm does not only rely on the ID3 tags to identify a track but also uses some kind of fingerprinting system.
I found this in a quick google search:
http://blog.last.fm/2007/12/07/client-14-released-fingerprinting-begins
there problem is that they need more money to keep funding their extravagant lifestyles at everyone elses expense.
mod the above +10000 up
If the RIAA has an IP address and enough “proof” to suggest a crime to a judge (any judge, they can always try several until they find the one that agrees with them). Then they sue the ISP for the street address associated with the IP address.
Then they sue for a warrent for the police to search search the house, computers, underwear…
I don’t know if the RIAA have done this already, but at least one other organisation has.
@7, nice reading buddy, this article explains what lastfm is. You install the app and it “scrobbles” everything you’re listening to on your media player to your lastfm site. You can listen to the radio there, but that’s only part of why the site exists.
allow last.fm to finger print your track, is enabled by default in the last.fm scrobbler, so the RIAA could fuck you.
To say its useless is deceiving. To the RIAA its a goldmine of info with or without the “proof”. They can still threaten the users who they suspect to have released the prerelease tracks and for many of them, force them to settle because they cant afford a drawn out court battle.
Even without the IP addresses ( just the usernames ) they can easily google the screennames to find out who they are (facebook/myspace/etc) and do the damage.
Well they could use the data to find out who is listening to pre-release leaks of albums.
But still, it’s user provided tag data… which could be made up. Though I don’t see anyone changing tags to make it look like they’re listening to leaked albums.
Then again, I guess some people will do anything to look cool.
As far as last.fm fingerprinting music… maybe the official client can or something. But I doubt any 3rd party apps would do it as they only follow an ID3 tag data submission API.
This article completely missed why they request the data in the first place.
There was a major leak of of some album ways before its release date, and that is why RIAA was interested in it. And from the legal and technical point of view, they can sue then when they find the users.
If you havent listened to non-prerelease tracks tho, you dont have nothing to worry about.
Techcrunch is deleting nay-sayer posts from their thread about this incident.
I have seen people question the validity of the allegations and then after a refresh they disappear.
Seeing as how Techcrunch has provided no actual evidence, and are actively deleting comments that are anything other than supportive (not talking about trolling or flaming, but anything that disagrees with their view – try it and see for yourself!) I put -no- stock in this at all.
Since when has the RIAA needed actual “proof” to start legal action?
Interesting post.
http://torrentino.net
One can say that IP addresses alone aren’t enough to prove one commited the infringement either, but the RIAA manages without any recourse once threatened with a settlement.
IP addresses from P2P networks is no more plausible proof than IP addresses from LAST.FM. Both can be used. Data on P2P networks can also be fake or renamed something else, just like the LAST.FM data.
the rumor was that they would apply social network analysis to the dataset to track down were the leaks originated inside the companies.
this isnt a story, this is a “what if…” speculation on a rumor.
Guys, this whole article rests upon the idea that the RIAA needs evidence in the first place to make music listeners pay. What rigorous evidence was presented in the cases of the many thousands of alleged “pirates” who had to pay out thousands of dollars each to the RIAA?
Having an IP address and “proof” that a listener was listening to a song before an album’s release date, for example, is probably better “proof” than they had in any of the cases where listeners had to pay out for “pirating”. Don’t be so naive: if the RIAA wants to push this and are indeed in possession of the information, all precedent says they will be successful.
TechCrunch are full of shit wankers anyway.
I’m crossing my fingers that someone will start a class-action lawsuit against Last.fm and CBS over this. This is a *huge* violation of privacy for law-abiding Last.fm users who now have their data in the RIAA’s files. And Last.fm is not a *free* service. It offers free service but some of us have also paid for the apparent privilege of having our privacy violated.
#24, Kai has it exactly right.
TechCrunch has never provided proof of any sort and seem not to care for the validity of what just any shit-for-brains source tells them.
Typical blogwhine for attention, nothing more.
Whether RIAA can use the data or not isn’t the issue. If story is true then Last.fm/CBS have broken the law and should be penalized accordingly.
#15 is spot on
Michael Arrington speculated that it was really a record label not the RIAA trying to track the spread of an album that got leaked around that time. I forget the artist I think he said Universal.
@1 – OMG, the first comment was hilarious; it was straight to the point and damn true. That should be modded as +10 funny.
XD
arrington is the biggest douchebag in the valley. he can’t even go to europe without someone spitting in his face.
he is simply hyping this story to increase his page views and ad revenue.
also, don’t criticize him on techcrunch. they will ban your ip address from commenting.
don’t believe in free speech Michael?
FM will never catch on … you people need to try AM.
Your article is not entirely true, they could do more than you think – if a Last.fm user has “Allow Last.fm to Fingerprint your tracks” (which means to send a hash of it, for all you techies) it is in fact very simple to compare the hashes to downloaded copies.
So, you’re telling me that its OK to give my data to RIAA without asking my permission first, breaking a number of US/EU Data laws along the way – not to mention my privacy?
Useless? Maybe. But is it ok? Hell no.
Is this blog writer a Last.fm fan? In your first sentence you say “most appreciated” as if its a fact, and as if it is true today.
They (probably) handed over PRIVATE data to CBS who gave it to the RIAA, who can STILL use it against the listeners regardless of a judge’s opinion of the evidence.
Yes, they have gone to the ‘dark side’, their employees and fans just don’t know it yet.
oops… scratch ‘RIAA’, replace with ‘record company’ in last post
Still, when a company can _do_ that… time to move to http://libre.fm , guys ;-)
I love that Ernesto used the word “shit” on his article. Lol! Awesome!!!
also, you can listen to music from a shared itunes library and it’ll appear in your last.fm, which would be another way songs you weren’t in possession of could appear in your feed.
Its not against the law to listen to music acquired illegally (have you ever heard of someone being sued for downloading, and then being sued for listening to the music ?). lastfm simply advertises that you’ve listened to an mp3, it has no idea how the mp3 was acquired. Even if the mp3 had comment tags on it saying “I got this on piratebay and didnt pay for it, suck it RIAA”, they wouldnt be able to do squat with this info in court.
Its against the law to acquire music illegally, thats what the RIAA have to prove in court. lastfm gives no clues about how you acquired the music. Possibly they could conclude that the mp3 was acquired illegally if you listened to it prior to release date, but thats circumstantial . The RIAA would need direct evidence (ie proof of someone at the house downloading the music illegally) to win successfully at court.
Playlist data can be used as evidence that someone knew about and played certain tracks. Having last.fm’s “proof” that someone listened to and knew certain files existed on their computer could be useful in a civil case, where the burden of proof is relatively low. Sure, it’s circumstantial, and there’s no absolute proof of anything, but if even an *apparent* connection is shown between those listened-to, known-about tracks and some files believed to have been shared on a certain computer owned by the defendant, it provides the RIAA with ammo to say the defendant was a “willful” infringer; otherwise the defendant might try to claim “I don’t know how those files got there, I wasn’t in control of the file sharing software, someone must’ve put them there without my knowledge.” Even if the files weren’t shared but appear to have originated from an unlicensed distributor, they can be used in an ad hominem attack to discredit a defendant in a case involving other files. So, technical arguments about how many ways they could be wrong are just piss in the wind. In a civil case, a preponderance of circumstantial evidence is all the plaintiff needs to prevail, even when the judge has a clue. That’s why filesharing lawsuits are always civil cases, not criminal.
its not about if its usable in court or not, its that people are not notified that it is being shared with the riaa, Last.fm and CBS is really a dick, I also don’t believe the th BOSS of last fm doesn’t know that cbs is handing over the data to RIAA, it could be just a strategy, so I say stop using LAST.FM its a piece of sit anyway.
There’s another reason why Last.fm user data won’t hold in court.
You can make Spotify scrobble tracks to your Last.fm account. If you buy Spotify Premium subscription, you get to listen some albums (for ex. Green Day’s 21st Century Breakdown) 1-2 weeks before they hit the stores.
Let’s all just make the switch to http://www.jamwee.com …it looks more fun anyway. Especially with the Twitter style interaction.
These are not the titles you are looking for!
regarding the Update in the article:
Last.fm clearly stated this (in their blog and documentation) when the whole fingerprinting process got started.
Just look up their old blog posts on this.
But what they CAN do is try to use this metadata to establish an actual monetary value to the “statutory damages” of piracy and file-sharing. This is important considering Nesson’s strategy in the three-cases he’s combating the RIAA.
maybe they are interested in the listening habbits of the users. they are the riaa after all.
f*ck last.fm
FK LAST.fm those noobs. Good thing i never used them.
it’s useless alright buy why the hell is last.fm storing ips????
last fm is so gay.
i hope it all goes to hell.
Hmm … maybe I should delete my Last.fm profile. :/
#24 has exactly what i was about to say.
This article assumes mafiaa needs real evidence and in most of their previous records they haven’t had good solid evidence.
I can only assume that the same people who believe Last.fm shares their data with the RIAA or the majors are the same people who believe that the first moon landing was shot in a studio somewhere in the Neva desert.
Q: Why would RIAA would they want to know what music people are listening to on their computers?
A: They could use the statistics to figure out what songs to flood P2P with fakes.
But anyone on a music industry mail list could have obtained a pre-release album. Back in my student days I used to work for a PR company and we mailed out pre-release albums to all the student and commercial radio stations.
OK so we have a Last.fm backlash because their parent company (a record label so we can see why) divulged their data to the RIAA. So we have established that Last.fm refused to do so and CBS persuaded them to hand over the logs to them for ‘analysis’ and then CBS hand them to the RIAA … so that makes Last.fm noobs and hated? Come on people!
Nonetheless, there is a degree of naivete here is there is a belief that the RIAA will not use this against users. All evidence has gone to the contrary even when the ‘proof’ has been more circumstantial than this.
This doesn’t mean I will stop using Last.fm or deleting my account. I may stop ’scrobbling’ as the companies involved can’t be trusted with information I have given or could provide them but their service is still very good
BTW … the premise of the OP that the record labels are using this data to find out and service the listening habits is absolute horseshit! The record labels have never been interested in what we want, only what mediocre shit they can deliver from their established stables. 98% of their music is archived never to be heard by the public.
Last.fm and other services like it service the long tail of the music industry … and they don’t like us having more choice as it means they have to work harder with more bands/artists
I’ll still use last.fm, but soon as word gets out of anyone using it in court, byebye last.fm!
~
Kamic
http://www.failfriend.com
[quote]Apparently Last.fm’s official client also does fingerprinting as LANjackal points out. However, the ‘evidence’ would still be far from usable in court.[/quote]
True. The software – including the fingerprinting – is open source (see http://blog.last.fm/2007/08/29/audio-fingerprinting-for-clean-metadata), so one can generate and scrobble false fingerprinting data too. This is not very likely of course however.
This defence of last.fm is terrible. RIAA generally employs the threat of legal action when dealing with individual pirates and settles outside of court for exorbitant sums. The claims often don’t even make it to court. And though this information may be useless on it’s own, it’ll destroy certain defences. For example, if so-and-so was using the defence of an unencrypted ( wireless connection and somebody else must’ve been responsible for the actual fire-sharing. This has already been brought up by others here, but this is a far more significant breach of trust than the author is willing to acknowledge because of his or her own biases towards the service.
What’s all the fuss about RIAA getting last.fm data? What do people think last.fm’s business model is? They gather data and sell it to the music industry. Last.fm doesn’t share, they sell.
Now, if the RIAA wanted specific data on users who play a certain album or tracks, they could write an app to farm that info and then work through legal channels to force last.fm to disclose that info. I personally don’t think the RIAA would ever bother since they could farm public torrent trackers and gnutella daily for users and never sue them all.
Besides, the RIAA announced that they were no longer going to go after file sharers.
how about suing RIAA for invading privacy? We all know that a cop need a warrant to come in your house when suspicious criminal activity but not without any reasonable doubt. How come RIAA could go above the law, obtain your information before you even become a prime suspect or person of interest?
how about suing RIAA for invading privacy? We all know that a cop need a warrant to come in your house when suspicious criminal activity but not without any reasonable doubt. How come RIAA could go above the law, obtain your information before you even become a prime suspect or person of interest?
Once the have an IP address of a “likely infringer” why wouldn’t they just sniff traffic from that host and see if it’s filesharing and if so go after them on that basis, completely disregarding the original source of the IP?
Your claim that this data is completely useless to the RIAA is wrong. The data has forensic value and certainly CAN be used against end users.
This is 100% fake – look at the ars post
http://arstechnica.com/tech-policy/news/2009/06/lastfmriaa-drama-round-2-denials-denials-denials.ars
17 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.