☆ GagaGate, DRM and How To Cripple The Cloud

I’ve been watching the music marketing stunt that Amazon have pulled today with some interest. The story is that Amazon US are selling the new Lady Gaga album Born This Way in digital-only form for $0.99 today only – the whole album for the price of a track (no luck in the UK where the album is £3.99). As the news has spread, it’s obviously being bought in huge quantities – it’s currently the #1 purchase – and transferred straight to Cloud Drive, Amazon’s new online music locker and player.

Except it’s not. Customers have now been reporting for several hours that it’s not showing up in their accounts – only the digital booklet and in some cases one or two tracks are showing up. Amazon admits there’s a problem – their PR folk are churning out responses (clearly cut and paste from Twitter) to press inquiries saying

We’re experiencing high volume and downloads are delayed. If customers order today, they will get the full @ladygaga album for $0.99. Thanks for your patience.

That text has also replaced the bold claims about being able to listen to the album straight away on the product page. What could possibly be going wrong? After all, it’s very straightforward to add a pointer to a shared file into a directory, and I think that’s all Cloud Drive does with purchased music (which is why storing it there is free – symbolic links are virtually free). Amazon is clearly embarrassed by it – they are busily deleting customer comments from the product if they even mention the outage, regardless of the star rating.

One clue is the product details of the album. They include the text “Record Company Required Metadata: Music file contains unique purchase identifier. Learn more.”  Follow the link and you’ll find:

Embedded in the metadata of each purchased MP3 from this record company are a random number Amazon assigns to your order, the Amazon store name, the purchase date and time, codes that identify the album and song (the UPC and ISRC), Amazon’s digital signature, and an identifier that can be used to determine whether the audio has been modified.  In addition, Amazon inserts the first part of the email address associated with your Amazon.com account

I think that’s the answer. My hunch is that the GagaGate meltdown is all the fault of DRM. Rather than just adding a pointer to a shared file to the Cloud Drive, Amazon are required by the record company to create a unique copy of the file for every customer, watermarked digitally signed to show who bought it. What’s more, the unique copy includes at least one MD5 hash that has to be computed on a per-file basis. So Amazon has both an enormous computing task and potentially an enormous storage bill (assuming it doesn’t just compute the watermark signature on the fly at download, which is possible but doesn’t help with the compute bill).

All for what? Removing the metadata is unlikely to be massively challenging (albeit illegal under the DMCA). This means the record label is crippling their retailer’s business just so it can express its mistrust and low esteem for its paying customers while doing pretty much nothing to actually protect revenues –  that it already knows will be enormous – from serious criminals. Congratulations to the label, you’ve managed to turn a great example of how to compete with “free” into a bad experience for your customers.

One more observation: The Amazon UK digital download does not mention watermarking/signing. I wonder whether it’s because the record label trusts the British, or whether it’s just not disclosed?

[Updated to reflect information I received that the file has a uniquely-computed digital signature added, rather than a watermark. Lower (still significant) compute burden but even easier to remove]

One Response

  1. TBH, given the alternatives then this is the kind of “DRM” that I’m least concerned about. For all intents and purposes I can still move it around to any supported device and I don’t need to worry about compatibility of the DRM system. It won’t affect my usage of the track in the form of playing it, and I don’t plan to put it on file sharing, so the details won’t be in any files that anyone but me and my family sees.

    I guess the only problem is that I can’t re-sell the digitals because then my “fingerprint” is on the track, which would implicate me if it got on to file sharing systems.

    If Amazon could have a “I’ve sold this track to…” database then we’d be about as close as you can get to being like the physical item, given that the digitial item is completely different in the sense of being infinitely copyable with no impact on the original.

Comments are closed.

Follow

Get every new post delivered to your Inbox.

Join 6,773 other followers

%d bloggers like this: