Sunday, May 24, 2009

Techcrunch claim again: "CBS are shovelling Scrobble data to RIAA"

You'll recall the spat a few weeks back when Techcrunch claimed that Last FM user data was being passed to the RIAA. Last FM described Techcrunch as being "full of shit".

And, indeed, Techcrunch have now conceded their story was wrong. In one detail:

Last.fm didn’t hand user data over to the RIAA. According to our source, it was their parent company, CBS, that did it. That corresponds to what our original source said in conversations we had after our initial post and before CBS lawyers became involved. But we didn’t want to update until we had an independent source for that information, too.

Here’s what we believe happened: CBS requested user data from Last.fm, including user name and IP address. CBS wanted the data to comply with a RIAA request but told Last.fm the data was going to be used for “internal use only.” It was only after the data was sent to CBS that Last.fm discovered the real reason for the request. Last.fm staffers were outraged, say our sources, but the data had already been sent to the RIAA.

The reason CBS were happy to pass the data was, according to Techcrunch's original source, fear:
We provided the data to the RIAA yesterday because we know from experience that they can negatively impact our streaming rates with publishers.

That source was apparently sacked by CBS for the original leak.

Last FM have again issued a denial. Russ Garrett at Last FM says it couldn't have happened without his say-so:
The exact nature of the data that was allegedly transferred is still not clear. It’s implied that the data linked scrobbles to IP addresses. That particular data is controlled tightly inside Last.fm and is only stored for a short period of time. Any request for such data would have to be approved by myself first. The suggestion that CBS’s ops team provided this data is just not possible - Last.fm operates as a separate entity and their operations staff do not have access to our system.

As Arrington points out, transferring personally identifiable data (i.e. IP addresses) from the UK to the US is against data protection laws. We wouldn’t risk a lawsuit to pander to the RIAA’s requests.

If you read the response conspiracy-theorist close, you'd be struck that Garrett doesn't ever deny that anyone asked for the data, just that such requests have never been granted - which may or may not mean anything, but you'd have thought in a situation like this 'nobody has asked for anything, nothing has been given' would be the obvious response.

Last FM believe that the stories are as a result of "someone" slandering them. It doesn't suggest whom.


3 comments:

Anonymous said...

I still don't understand what exactly it is that Techcrunch are suggesting. Both articles are just silly. Why would the RIAA or CBS go to these ridiculous levels to get large amounts of data that would essentially be of no use to them? Scrobbling songs isn't illegal. There's no way of proving you aren't playing from a legal cd, download or stream (I'm currently listening to and scrobbling from Spotify that I'm listening to something that isn't out on cd yet) or whatever. Even if you were listening to a rip of something unavailable yet (i.e. a leaked album) there's still every possibility that you're listening to a promo copy. Not to mention the fact that just because you claim you're listening to a song called "Techcrunch Eat Poo" by the artist "Last.fm Probably Shouldn't Associate With People Like CBS" doesn't actually mean you are. The RIAA would have to go to a lot of bother to make any last.fm data stand up in court and why would they bother putting effort into that when they could just continue to make their current legal model of making unsubstantiated allegations instead? I understand the point that Last.fm transferring data wouldn't just be illegal but a complete abuse of the trust their users have in them but it seems like there would be little chance of them being asked at all.

The mere fact that the first people to respond to this the first time round were the RIAA to say that they didn't get the data should say a lot about Techcrunch. I mean if the kitten eating RIAA are claiming not to be in the wrong then Techcrunch must really have problems!


(I should add that I have been led to believe that there is some way of detecting digital fingerprints from source but like I said it would be hard for the RIAA to prove that you didn't just borrow a cd to play.)

acb said...

The RIAA were allegedly looking for people whose metadata contained tracks that were unreleased, which they could not have obtained legally. (In the US, at least, unauthorised possession or distribution of unreleased audio recordings is a crime as of a few years ago.)

Also, last.fm's software, by default, sends cryptographic fingerprints of the actual audio files to the server, which could be used to prove possession of a recording, certainly enough to sue someone or demand an out-of-court settlement. (last.fm say that this data is kept anonymous and not associated with the user, though if the upload logs have IP addresses, or even if timestamps and titles match up, one could reverse this.)

That is, of course, assuming that the allegations were true.

Anonymous said...

Just read that CBS are now denying it too. http://blogs.wsj.com/digits/2009/05/26/lastfm-denies-data-sharing-accusations-again/

So basically Techcrunch have gained a lot of page views with their shoddy journalism whilst Last.fm has lost a lot of business from people closing accounts for no good reason. (Not that I'd be particularly upset about CBS loosing business)

Post a Comment

As a general rule, posts will only be deleted if they reek of spam.