All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
By Wired News reporter Cyrus Farivar
Apple has declined to explain why its new DRM-free music files are watermarked with users' names and e-mail addresses.
Earlier this week, Apple iTunes 7.2 brought the new ability to download tracks from EMI Records without copy protection. But the unprotected files are labeled with the buyer's details, leading some to wonder if Apple is appending the information as an anti-piracy measure.
But Apple is remaining mum about its reasoning.
An Apple spokesman suggested by e-mail that Wired News contact Michael Gartenberg, an analyst at Jupiter Research who has been briefed about iTunes Plus. The Apple spokesman didn't respond to further requests for comment.
Gartenberg said there are many reasons why Apple would want to tag music sold through the iTunes store. The information could be used as a proof of purchase, or to facilitate upgrades (songs previously bought through iTunes can be upgraded to higher fidelity versions for an extra 30 cents). The identifier could help identify songs missing from albums (iTunes offers a "complete album" feature), as well as to thwart piracy.
"In terms of sharing files, you're not legally permitted to do that anyway," he said. "You weren't supposed to that in the first place. You've technically violated the service agreement. Just because you've taken away the locks on the doors doesn't mean you can walk into someone's house and walk away with the TV set."
Meanwhile, eMusic, which also sells music without copyright protection, does not tag customers' purchases with any information that can be used to identify them.
"We don't put any identifying info on our files," said Cathy Halgas Nevins, a spokesperson for eMusic.
Still, that hasn't stopped privacy advocates from crying foul, especially because the identifying information isn't hidden or encrypted.
"There's absolutely no reason that it had to be embedded, unencrypted and in the clear," said Fred von Lohmann, a senior intellectual property attorney at the Electronic Frontier Foundation. "Some of the privacy problems, in light of this, is that anyone who steals an iPod that includes purchased iTunes music will now have the name and e-mail address of its rightful owner."
However, it would appear that short of spamming the iPod owner, there doesn't seem to be any compelling reason to encrypt that data – except for privacy's own sake. It is highly unlikely that any meaningful harm in terms of identity theft or harassment would come to the person who had lost their iPod in the manner that von Lohmann describes.
Nonetheless, he added that it would be very trivial for Apple to fix this problem by encrypting that information and "preserving any forensics value this might have."
Still, both Gartenberg and von Lohmann agreed that it's likely that enterprising software developers would quickly develop a way to circumvent, strip or otherwise spoof this information on the newly unprotected iTunes tracks.
"I'm also fully expecting that someone will build a tool that will change the name and e-mail address to Steve Jobs and stevejobs@apple.com," he said. "If there's one thing we've seen about the internet, [it's that] people are sometimes able to build tools that help themselves."
