In the ongoing P2P wars between the RIAA, the file sharing networks, and file sharers themselves, the RIAA has been of late talking up the capabilities of Audible Magic's "acoustic filtering" technology, urging its adoption upon universities, corporations, and Congress. There are three main considerations: Does it work? How much does it cost? Does it infringe upon privacy? Questions 2 and 3 aren't all that germane if it doesn't even work.

A study by EFF technologist Chris Palmer suggests it isn't worth the cost because it's easily circumvented:

While we at EFF support universities taking steps to educate staff and students about copyright law and to control excessive bandwidth usage, it is important that universities are not sold expensive, ineffective solutions simply to appease the public relations needs of the RIAA. It is also important that policymakers not be misled by the bullish pronouncements of the RIAA and Audible Magic regarding the effectiveness of "acoustic filtering" technologies.

Information from public sources suggests that Audible Magic's filtering technology is trivial to defeat. For universities, this means an investment today may well be worthless tomorrow. Policymakers, meanwhile, would do well to examine all filtering technologies closely before putting faith in the promises of vendors. A close look at Audible Magic's technology suggests that its filtering is no silver bullet.

Acoustic Fingerprinting - How It Works

Audible Magic's CopySense, a network appliance product, examines network traffic at the content layer — that is, it analyzes the actual file transferred in an application-layer transaction. In order to determine whether the content is a copyrighted song, CopySense treats the content as audio and analyzes its acoustic properties. It examines only a small portion of the content, extracting an "acoustic fingerprint." This fingerprint is then matched against the fingerprints of copyrighted musical works in a pre-compiled database. Audible Magic boasts a database of more than 3.7 million fingerprints, growing continually.

This method is a clear improvement over earlier "hash"-based filtering approaches. With those earlier approaches, changing even a single bit in a file would frustrate efforts to match the file to a pre-calculated hash. Audible Magic's approach should be more robust against this kind of subterfuge. As detailed below, however, Audible Magic's technology can easily be defeated by using one-time session key encryption (e.g., SSL) or by modifying the behavior of the network stack to ignore RST packets.

....There are two obvious ways to defeat Audible Magic's CopySense network appliance.

Encrypt the data transfer with a one-time session key. This can be accomplished easily by employing SSL for file transfers. Because SSL is widely used for a variety of e-commerce applications, blocking or otherwise interfering with SSL communications would be problematic for most network administrators.

page 1 | 2