recently particpated in the first commercial release of a
music downloading system. Its technology is used for the "e_mod" system
introduced by N2K's Music Boulevard online catalog during the Plug.in
conference in July. E_mod uses a version of the Liquid Player, which plays
back downloaded tracks for listening.
Before you run out to set up a platform to pirate music off of this system,
you should know that Liquid Audio has devised a scheme that makes unlawful
duplication so difficult that it simply doesn't pay to try. You can't just
send a copy of the music data file to anyone; it's encrypted in such a way
that only the original consumer can decrypt the music. Following are some
highlights from a white paper written by Liquid Audio's VP Engineering,
Phil White, on "Security Aspects of On-line Music Commerce."
The Liquid Music System has three key characteristics that make online
delivery commercially viable: effective copy protection, secured delivery,
and reliable logging of purchase and copyright information.
Copy protection is the most important feature of online downloading of
audio samples. As White points out, the governing principle of security is
to make the cost of breaking the system greatly exceed the market value of
what you are protecting. Liquid Audio has addressed this by designing
multilayered encryption with very strong keys (56-bit DES and 512-bit RSA),
which prevents direct access to the digital data without a user-specific
Liquid Passport (or many months of supercomputer power, which is not
Any downloaded track can be played only with one particular Passport, which
contains the encryption keys and sensitive personal information, such as
credit card numbers and other customer identification (thus, a user would
not want to give away their Passport to anyone else, as it could lead to a
deep invasion of privacy and identification abuse; however the Passport can
be transferred to other playback devices owned by the user that can operate
the Liquid Player). Each individual track has unique encryption keys, and
is watermarked with the user's personal information as well.
That is, even if someone were to find some way to access the unencrypted
data, Liquid Audio uses a watermarking scheme, embedded in the digital
sample at the time it is downloaded (but inaudible to the ear), that
contains copies of the same personal information contained in the Passport,
plus tracking information of the actual purchase transaction, including the
vendor. This information is permanently present, even in an "analog"
format, and can be traced in any acoustic copies of listenable fidelity
(even if re-digitized from an analog copy), as
well as any theoretical unencrypted digital copies. Bootlegs from this
system would be clearly identifiable and traceable to the offending party,
via credit card number, etc. The huge magnitude of the expense necessary to
break the encryption, combined with the permanent traceability of any
unencrypted copies, create a situation that effectively deters attempts to
pirate music from the Liquid Music System.
Security of the transaction is assured through secure-HTTP and SSL
connections over the Internet, and a centralized licensing center that
Liquid Audio operates on a proprietary basis. Music cannot be downloaded
until copyright information is reported and the user's Passport is verified
(and the vendor will not provide such reporting to Liquid Audio until the
user has completed the commercial transaction with the vendor).
The transactions are all logged and compiled in the Liquid License Center,
which tracks the distribution for royalties payable to the record companies
and their artists.
Taken as a whole, this creates an overall system that is more secure even
than today's commercial CDs, which are unencrypted and non-watermarked. It
doesn't prevent acoustic duplication such as with cassette tapes (though if
so, unlike today's CDs which are of course easily taped, downloaded tracks
are still identifiable via the watermark, and still contain all of the
user's personal information), but exact digital duplicates are now no
longer feasible, within the Liquid Audio realm.
-- Dan Krimm, 8/97
It's becoming clear that digital rights management, especially including
encryption schemes, is not entirely effective, and is more of a danger to
fair use than it is useful for creating a business model. Once decrypted
for playback, and especially once converted to an analog signal, the music will
be able to be recaptured/re-recorded, and re-digitized for unencrypted transmission.
A better model, now that personalization is developing, is a service where the
value is in the agregation and personalized service, rather than trying to lock up
something that is inherently ephemeral. The carrot, not the stick, is ultimately
more effective, and providing an overall experience of music that cannot be extracted
from the system, the way the raw content can be, will ultimately be better solution.
The recorded-music-as-product model is on its last legs, but the
recorded-music-as-service model still seems hopeful at this point. We'd be in bad
shape if recorded music could not generate revenue on its own merits.