MediaForce--one of several companies that tracks people trading files through Napster, Gnutella and similar services--announced Thursday that it had found a way to find copyrighted works by evading the encrypted network, exposing a serious hole in Aimster's claims to privacy.
The New York-based company's terms of service bar anyone using the network from spying on its members. It also argues that attempts to track use of its service violate digital copyright law's ban on subverting cryptography schemes.
MediaForce's approach isn't particularly complicated--it's simply running searches on Aimster's network using the company's own software and taking down the results.
The outcome of these searches, and Aimster's attempts to have them deemed illegal, could go a long way toward shaping the future of online file-swapping as people look for an alternative to Napster.
"What's been unique is that Aimster has billed itself as an encrypted private network," said MediaForce CEO Aaron Kessler. "But we haven't broken their encryption or reverse engineered their software at all."
From its beginning, Aimster has offered a different kind of file-swapping system than the huge, anonymous networks run by Napster or iMesh. The company's software draws from the buddy lists on AOL Instant Messenger (AIM) to create its own lists of trusted friends. Files don't get traded through the AIM network, but people who transfer their buddy lists to Aimster can offer files to and download files solely from the few people on their buddy lists.
But a month or so ago, the company began offering another service where people can open their hard drives to anyone, much like Napster. Aimster says this service is solely for finding buddies with similar interests--a person searching for "Metallica" would be able to see who else likes Metallica and then add those people to a buddy list, for example.
The effect has turned the service into something similar to Napster, where people can search tens of thousands of hard drives simultaneously without a buddy list system.
It's this feature that MediaForce is tapping into. Aimster's original buddy system is still secure. But as soon as Aimster users reach into the wider network in search of a larger number of files, they open themselves to monitoring by MediaForce or anyone else who chooses to look.
The outstanding question--one that will help determine the fate of file-swapping--is whether MediaForce is doing anything wrong by taking down names. Like other companies, including Media Enforcer, it acts on behalf of music publishers and record labels, contacting Napster and Internet service providers to point out specific people who are trading copyrighted music.
Aimster has noted in its terms of service that people can't use the software to spy on each other.
"You will at all times herein refrain from tracking, monitoring, surveying, eavesdropping or collecting information on the activities of other users," the company's terms of service read. "For any single breach of the terms of this paragraph you agree to pay...a lump sum of $1 million."
But the company is also making a more ambitious argument. Because it has encrypted its network and deems people's files--and its own software--to be copyrighted or potentially copyrighted material, anything that breaks that encryption is a violation of federal copyright law, the company says.
Fire with fire
That argument attempts to turn the copyright holders' most potent weapon back on them. The federal Digital Millennium Copyright Act (DMCA) does make it illegal to distribute or use tools that are explicitly designed for circumventing technology that protects copyright.
Previously, Aimster has said that breaking the encryption on its network to spy on its users would violate this copyright law. It's even gone to court seeking approval for its service, arguing that record companies are trying to stop trades of completely legal files and instant messages.
Now it's saying that MediaForce is going too far by taking down information that is freely available to anyone that turns on the Aimster software. The monitoring company is using the software--which automatically decodes the network's transmissions--for unauthorized purposes and is therefore breaking copyright law, Aimster says.
"We would say there is a pretty strong case that they are taking a risk under federal law," said Johnny Deep, an Aimster spokesman. "It's as if they had hacked in and found the decryption key and were using it for unauthorized purposes."
This untested interpretation of federal copyright law could help set the rules for file-swappers and copyright police. Aimster has yet to act against MediaForce but is threatening legal action.
"We'll let them keep hanging themselves in the press and then go to the attorney general with the articles," Deep said.