Cover Page

Liquid Audio






Liquid Audio recently particpated in the first commercial release of a music downloading system. Its technology is used for the "e_mod" system introduced by N2K's Music Boulevard online catalog during the conference in July. E_mod uses a version of the Liquid Player, which plays back downloaded tracks for listening.

Before you run out to set up a platform to pirate music off of this system, you should know that Liquid Audio has devised a scheme that makes unlawful duplication so difficult that it simply doesn't pay to try. You can't just send a copy of the music data file to anyone; it's encrypted in such a way that only the original consumer can decrypt the music. Following are some highlights from a white paper written by Liquid Audio's VP Engineering, Phil White, on "Security Aspects of On-line Music Commerce."

The Liquid Music System has three key characteristics that make online delivery commercially viable: effective copy protection, secured delivery, and reliable logging of purchase and copyright information.

Copy protection is the most important feature of online downloading of audio samples. As White points out, the governing principle of security is to make the cost of breaking the system greatly exceed the market value of what you are protecting. Liquid Audio has addressed this by designing multilayered encryption with very strong keys (56-bit DES and 512-bit RSA), which prevents direct access to the digital data without a user-specific Liquid Passport (or many months of supercomputer power, which is not economically feasible).

Any downloaded track can be played only with one particular Passport, which contains the encryption keys and sensitive personal information, such as credit card numbers and other customer identification (thus, a user would not want to give away their Passport to anyone else, as it could lead to a deep invasion of privacy and identification abuse; however the Passport can be transferred to other playback devices owned by the user that can operate the Liquid Player). Each individual track has unique encryption keys, and is watermarked with the user's personal information as well.

That is, even if someone were to find some way to access the unencrypted data, Liquid Audio uses a watermarking scheme, embedded in the digital sample at the time it is downloaded (but inaudible to the ear), that contains copies of the same personal information contained in the Passport, plus tracking information of the actual purchase transaction, including the vendor. This information is permanently present, even in an "analog" format, and can be traced in any acoustic copies of listenable fidelity (even if re-digitized from an analog copy), as well as any theoretical unencrypted digital copies. Bootlegs from this system would be clearly identifiable and traceable to the offending party, via credit card number, etc. The huge magnitude of the expense necessary to break the encryption, combined with the permanent traceability of any unencrypted copies, create a situation that effectively deters attempts to pirate music from the Liquid Music System.

Security of the transaction is assured through secure-HTTP and SSL connections over the Internet, and a centralized licensing center that Liquid Audio operates on a proprietary basis. Music cannot be downloaded until copyright information is reported and the user's Passport is verified (and the vendor will not provide such reporting to Liquid Audio until the user has completed the commercial transaction with the vendor).

The transactions are all logged and compiled in the Liquid License Center, which tracks the distribution for royalties payable to the record companies and their artists.

Taken as a whole, this creates an overall system that is more secure even than today's commercial CDs, which are unencrypted and non-watermarked. It doesn't prevent acoustic duplication such as with cassette tapes (though if so, unlike today's CDs which are of course easily taped, downloaded tracks are still identifiable via the watermark, and still contain all of the user's personal information), but exact digital duplicates are now no longer feasible, within the Liquid Audio realm.

-- Dan Krimm, 8/97

Addendum, 2001:

It's becoming clear that digital rights management, especially including encryption schemes, is not entirely effective, and is more of a danger to fair use than it is useful for creating a business model. Once decrypted for playback, and especially once converted to an analog signal, the music will be able to be recaptured/re-recorded, and re-digitized for unencrypted transmission.

A better model, now that personalization is developing, is a service where the value is in the agregation and personalized service, rather than trying to lock up something that is inherently ephemeral. The carrot, not the stick, is ultimately more effective, and providing an overall experience of music that cannot be extracted from the system, the way the raw content can be, will ultimately be better solution.

The recorded-music-as-product model is on its last legs, but the recorded-music-as-service model still seems hopeful at this point. We'd be in bad shape if recorded music could not generate revenue on its own merits.