One of the largest companies offering to protect copyright music and movies from online piracy, MediaDefender's credibility and competence are now being questioned following a security breach that led to more than 6,000 of the company's e-mails being posted to the Web. Industry sources confirmed the authenticity of the e-mails.
Besides casting light on controversial tactics employed by MediaDefender, the company's correspondence also show it was buckling under the weight of a mushrooming file-swapping community and growing skepticism from entertainment executives about the effectiveness of antipiracy services.
"We're still not seeing you guys perform well on Soulseek," a peer-to-peer file-sharing community, one Sony executive said in an e-mail that was viewed by CNET News.com. "Can you please investigate the problem and actually solve it (going on months now). In my most recent search I selected Beyonce "Beautiful Liar" and was able to download almost everything.
longtime music industry attorney and executive
"If you can't provide a good solution," continued the Sony executive, "we will either have to request serious credits or pull this network from your services. As it stands right now it's a waste of our resources at this level of protection."
So how did the file-sharing hunter become the hunted, apparently attacked by a group calling itself the MediaDefender-Defenders? Give credit--or blame--to a technology battle in which widely scattered file sharers are outmaneuvering entertainment conglomerates.
What MediaDefender and its competitors do for those big entertainment outfits is fairly simple, even if the technology is complex: they alert copyright holders if their content is circulating on the Web and send legal "takedown" notices to sites hosting unauthorized copies of films or songs. They also attempt to disrupt file sharing.
They've been around since file sharing hit the Internet, led by outfits such as the pioneering NetPD, which started tracking the IP addresses of people sharing music on Napster. Following Napster's demise, the next wave of less centralized file-sharing networks, such as Gnutella,of copyright protector.
"There was a period in 2002 or 2003 when the music industry really bought into the antipiracy business," said Eric Garland, CEO of Big Champagne, a company that tracks online entertainment. "MediaDefender emerged as the lead vendor. (Music executives) celebrated wildly when the Napster verdict came down, but were highly disappointed when the courts didn't save them. They believed that technology would be the answer. They really wanted that to be true."
Antipiracy's ups and downs
Seven-year-old MediaDefender thrived in those antipiracy boom years, Garland said. The company says on its Web site that it has worked for every major record label and movie studio. Last year, ArtistDirect, a digital-entertainment company, acquired the Santa Monica, Calif., company.
Some of MediaDefender's competitors didn't fare as well and buckled under the music industry's unrealistic expectations, Garland said. The antipiracy start-ups never promised to sweep the Web of file sharing, but that wasn't what the music companies wanted to hear, he said. File tracking became harder and harder while file sharing got better and better. When performance failed to meet high expectations, record companies became disillusioned. The music industry began setting performance targets and hiring companies to test efficacy.
"After the first blush of enthusiasm faded, the antipiracy companies began disappearing," Garland said. "The music...industry wanted a quick fix and there just wasn't any."
Some of the better known companies of that period, such as Overpeer, Ranger Online and NetPD, no longer exist as standalone antipiracy companies. A few shut down; others were acquired or changed models., Vidius,
MediaDefender combats piracy with four different approaches, according to an item in the blog Arstechnica. Among them is a technique called decoying, which entails sending empty files that mislead file sharers into believing that they are downloading a movie or song file.
MediaDefender also tries to load corrupt data into unauthorized files. This would work on older protocols such as FastTrack/Kazaa, but the company had no answer for BitTorrent--the Michael Jordan of file-sharing tools, nearly impossible to defend against.
BitTorrent breaks a file into many pieces and is distributed among many different users. A hash file is used to reassemble the pieces. Unlike protocols that came before, BitTorrent evaluates a file in its entirety and automatically boots junk bits and bytes.
Swarming is another strategy that describes an attempt by MediaDefender to pound BitTorrent files with corrupt data. It can't corrupt the file, but the technique is designed to hang up the reassembling process, which can mean slower download times. Nonetheless, the emergence of BitTorrent and its seeming imperviousness to corruption meant that an entire category of protection was cut off for companies like MediaDefender.
MediaDefender's e-mails show that the company's efforts against most BitTorrent "clients," or the programs that let people download BitTorrent files, were ineffective. The one BitTorrent client that MediaDefender's defenses seemed to work on was uTorrent. In one e-mail exchange, MediaDefender executives were gleeful when they learned that Paramount Pictures was planning to test the company's effectiveness by tracking its abilities on uTorrent.
"Please add all of their titles (there are only 4 of them, I think) to interdiction," writes one MediaDefender manager. "If we perform solidly on BitTorrent, they will probably give us more business :)."
In another exchange from July, MediaDefender managers are upset that the company is asked to prove the effectiveness of its technology on a client other than uTorrent. BayTSP was the company hired by a MediaDefender client to track the company's effectiveness.
"Bay did very little testing using uTorrent," a MediaDefender executive wrote. "I thought the tester was down with uTorrent. Can you gently push him? Top priority. Thanks."
Another problem that seemed to plague the company was a lack of resources. E-mail exchanges between NBC Universal and MediaDefender from last May show that problems arose when the Hollywood studio asked the antipiracy company to protect some new content. MediaDefender executives realized their resources were maxed out and couldn't service any more content. They looked for ways to make room. One idea executives considered was to cut back on protecting content belonging to another client: Universal Music Group.
"The only UMG projects active now are the ones already on Billboard," said an e-mail from a MediaDefender employee. "We've tried to reduce it as much as possible. We'll probably have to bite the bullet on a few projects and pick a couple projects to not protect at all."
It's not clear whether MediaDefender went through with the plan. MediaDefender and Universal Music Group did not respond to interview requests. But Universal's contract with MediaDefender can be found among the e-mails pilfered from the company. It calls for the music company to pay $4,000 for one month of protection for an album and $2,000 for a month's worth of protection for a single song.
Sounds like a lot of money, but it's difficult to know whether the protection actually worked or will in the future. As file-sharing protocols continue to improve, circumstances are bound to get even more difficult for companies like MediaDefender, said Chris Castle, a longtime music industry attorney and executive.
"I think that one of the problems in general is that you can't put a $100 piece of security on something that sells for 99 cents," Castle said. "There is only so much money you're going to spend to protect a piece of content and that means there's only so much that antipiracy companies can afford to do."