This was on the front page of today's New York Times
kelly
November 1, 1999
CD Software Is Said to Monitor Users' Listening Habits
By SARA ROBINSON
RealNetworks' popular RealJukebox software for playing CD's on
computers surreptitiously monitors the listening habits and certain
other activities of people who use it and continually reports this
information, along with the user's identity, to RealNetworks, said
a security expert who intercepted and examined data generated by
the program.
In interviews last week, company officials acknowledged that
RealJukebox, which can copy music to a user's hard drive and
download it from the Internet as well as play it, gathers
information on what music users are playing and recording.
Dave Richards, RealNetworks' vice president for consumer products,
said the company gathered the information to customize services for
individual users.
He and other company officials insisted that the practice did not
violate consumer privacy because the information was not being
stored by RealNetworks nor distributed to other companies.
But privacy advocates and security experts interviewed last week
were unanimous in condemning the practice, calling it a violation
of the privacy of the 13.5 million registered users of RealJukebox,
almost all of whom have given the company their names and e-mail
addresses.
Even if the company's use of the data is benign, these experts
said, the practice is unacceptable because of the secrecy:
RealNetworks, one of the largest distributors of audio software on
the Internet, does not inform consumers that they are being
identified and monitored by the company.
The information that RealNetworks gathers is extensive. According
to Richard M. Smith, an independent Internet security consultant
from Brookline, Mass., who discovered RealJukebox's monitoring
functions, each time the program is started on a computer connected
to the Internet, it sends in the following information to the
company: the number of songs stored on the user's hard drive; the
kind of file formats -- RealAudio or MP3 -- the songs are stored
in; the quality level of the recordings; the user's preferred music
genre, and the type of portable music player, if any, that the user
has connected to the computer. Officials at RealNetworks said most
of this information was used to offer music selections to users
based on their preferences.
All this information is combined with a personal serial number
known as a globally unique identifier, or GUID, which is assigned
to each user when he or she registers the software.
RealJukebox is distributed only on the Internet, and users are
instructed to register -- giving the company their names, e-mail
addresses and ZIP codes -- when they install the software.
What is more, if RealJukebox is used with its default settings, it
automatically loads each time a CD is inserted in the CD-ROM drive,
and if the computer is connected to the Internet, the title of the
CD is sent, together with the GUID, to RealNetworks.
"Either they have been dazzlingly careless with their treatment of
personally identifiable information or they are completely
disingenuous," said Jason Catlett, founder and president of
Junkbusters, a privacy watchdog organization. "Which is worse? If
they are not disclosing what they are doing, that is
unconscionable."
Some other CD player programs also assign GUID's to each copy of
the software. The difference lies in what they do with it. The
Microsoft Corporation, for example, says that the unique identifier
in its Windows Media Player is used for such things as purchasing
multimedia from a Web site. It is not routed through Microsoft, nor
does Microsoft require users to register, and it does not gather
information through Media Player, said a spokesman for Waggener
Edstrom, a public relations firm that represents Mircrosoft.
The fact that RealJukebox is gathering this information is not
mentioned in the long privacy policy the company posts on its Web
site. Nor is it acknowledged in the licensing agreement that users
must approve when installing the program.
David Banisar, a lawyer in Washington who specializes in Internet
law, said that RealNetworks' surveillance practices could violate
various state and federal statutes, including the Computer Fraud
and Abuse Act. "It's a new type of case that hasn't been brought
before," he said. "But I think it's a pretty good case."
Banisar argued that RealJukebox could be considered a "trojan
horse," a legitimate program that contains hidden instructions to
perform illegitimate functions.
Company officials said on Friday that the registration procedure
for the free version of RealJukebox did ask for personal
information, including name and e-mail address, but they said that
users could skip the registration and still use the program and
that RealJukebox would stop prompting users to register after five
attempts. Some customers, they said, had stumbled on this fact and
had declined to register.
However, customers who purchase RealJukebox Plus, a version with
enhanced features that RealNetworks sells online for $29.99 with a
money-back guarantee, cannot avoid registering since they must type
in a unique serial number to install the program. And in this case,
RealNetworks also gathers credit card and mailing address
information before it assigns the number.
Richards of RealNetworks said the reason the program tallied the
number of songs a user had recorded was to enable the company to
determine whether the user was "naïve" or "sophisticated." This
better enables the software to steer sophisticated users toward its
advanced features, he said.
But this seemed at odds with a statement by Steve Banfield,
RealNetworks' general manager of consumer products, who said the
company was gathering only "aggregate usage" information about
users of the software.
Privacy experts said the kind of information being gathered by
RealJukebox had the potential to be used to detect copyright
violations.
Banfield said that to his knowledge, the company had no plans to
allow information about individual users to be used in this manner.
But Catlett of Junkbusters said that such information could be
subpoenaed under the Digital Millennium Copyright Act. "This usage
and tracking information is a way for them to collect intrusive
profiles about people and possibly set up prosecutions for
copyright infringements," he said.
Like some 250 other such programs, RealJukebox licenses the right
to use a database of CD titles and tracks that is compiled and
maintained by a company called CDDB. This enables the software to
display the title and tracks of a CD moments after it is loaded
into the computer.
To do this, the program must send out information to CDDB every
time a user plays a CD.
But unlike other popular programs, RealJukebox routes the
information through its own servers and tags it with the GUID,
which uniquely identifies the user.
Banfield said the information went to CDDB via a proxy server, a
computer that masks certain data, to protect the privacy of
RealJukebox users. He said it was his understanding that CDDB
typically collected a user's e-mail address each time its database
was queried, but by using a proxy server, he said, RealNetworks'
users were all generically identified as [log in to unmask]
Banfield painted RealNetworks as a defender of consumer privacy,
asserting: "Everyone else who uses that database sends them their
e-mail address. We don't."
Ann Greenberg, senior vice president of marketing and business
development for CDDB, said last week that her company "strongly
encourages but does not require" e-mail addresses or any other
identifiers than enable the company to tally unique users of its
database. She said the addresses were purged every four days. But
she said it was not fair for RealNetworks' to blame CDDB for
gathering personal information.
VICUG-L is the Visually Impaired Computer User Group List.
To join or leave the list, send a message to
[log in to unmask] In the body of the message, simply type
"subscribe vicug-l" or "unsubscribe vicug-l" without the quotations.
VICUG-L is archived on the World Wide Web at
http://maelstrom.stjohns.edu/archives/vicug-l.html
|