Original version available at http://www.szarka.org/music/beamit.html.
Stubblefield's and Wallach's A Security Analysis of My.MP3.com and the Beam-it Protocol confirms that MP3.com is making commercially reasonable efforts to prevent copyright infringement by users of their service. For a user of the Beam-It software to obtain access to music they haven't purchased, they essentially must have access to a physical copy of the CD at some point. While it's possible that the user could fool Beam-It's verification by using an exact duplicate of the original CD, or by obtaining hashed data from someone who owns the original CD, access to that CD at some point is still required, along with a deliberate choice to pirate the music. Also, although the article points out that the challenges presented by the Beam-It server might be defeated if a pattern could be discovered upon further study, it should be noted that the server's behavior could be altered without breaking the protocol (as I understand it) if such a weakness is found.
Thus, it's clear that MP3.com's system doesn't pose more of a threat to copyright holders than, for example, the existence of blank tape. After all, if I have access to a CD I don't own, I could as easily tape it for later playback as "beam" it to MP3.com! At the same time, MP3.com enhances the ability of legitimate users to enjoy the music that they have purchased, at no cost to the copyright owners. In terms of conventional economic analysis, this situation would be represented as an increase in demand, with no corresponding change in supply, leading to an improvement in social welfare. Since the provision of the Beam-It service will make both copyright holders (as a whole) and music lovers (as a whole) better off, one can only suspect that the RIAA's lawsuit is motivated by a desire on the part of major record labels to maintain their dominance of the industry at the expense of musicians and fans at large.
The privacy concerns associated with the service are real, though as someone else noted it's unfair to equate MP3.com's stated policies with RealNetwork's violation of its customers' privacy with no prior disclosure. Personally, I'm happy to provide information about my musical tastes to companies like MP3.com and CDNow that provide a real service and do so responsibly. MP3.com, however, should do a better job of informing customers that it collects other data (e.g. the IP address and MAC address) and disclosing the ways in which it is used.
Full Disclosure: I own a company that participates in MP3.com's web site affiliate program.
©2000 Robert Szarka
This document available under the terms of the GNU Free Documentation License
$Revision: 1.1 $
$Date: 2000/05/12 02:23:30 $