I spent a lot of time in my career working with the media industry, and it constantly amazes me in terms of what a strange business show business really is. Take the music industry, for example, since the MTV music awards were just last night:

The music industry is, relatively speaking, a small industry. I mean, really tiny. Really, really tiny. The US music industry only generates around $9 Billion dollars annually. It may sound a lot, but to put that into context, almost any other industry that you can think of, from shrimp farming to scrap metals is actually larger than that. The beverage industry alone barely makes it in the top 10 of US industries, and it’s a $133B/year behemoth – more than 10 times the size of the music industry.

And yet, this puny $9B industry (4X smaller than Kraft!) has done more to rewrite the rules of what people can and cannot do (especially online) than almost any other, through a very specialized form of manipulation.

First, some historical context. The music industry was, until the turn of the last century, a small, relatively quiet backwater, populated mostly by sheet music sellers and performers. It’s only with the advent of the phonograph that record labels start to dominate the industry, since for the first time music could be ‘packaged’ and recorded once but sold many times. Over time, those record labels became the industry, which today mostly consists of 4 players (Sony, Universal, Warner, and EMI). Up until the late 1990s, this was a happy industry, with relatively healthy profit margins, and a real growth story – the new CD format was replacing cassettes, with a better sound and less distortion over time, and people were buying more music and replacing their aging cassettes collection with shiny new CDs. The times, they were good.

Then came Napster.

The old Napster. Not the new, de-clawed one.

Napster was the first file-sharing site, the grand-daddy of them all. Download the software, and you could share instantly all the music that was on your computer with everyone else that also had Napster. With a few clicks, you literally had access to the world’s music directory, without a cent of cost.


The music industry ignored Napster for almost a year after it was launched. After all, it could only share songs that had been ripped to the computer, something that was relatively novel and ‘niche’ in 2001. Of course, once the service reached 24 million users, the industry could no longer ignore it, and eventually sued the service out of existence.

That did precisely nothing to stop file-sharing, of course. More sharing services emerged, from Gnutella to Bitorrent, and eventually it became clear to labels that if they were to preserve their business model (selling packaged music for a fee), they needed to stop people sharing digital music. This was simpler said than done, however. The technology that had allowed labels to record music once and sell it multiple times now threatened the very model of the labels. So they fought back with an array of ideas that started out as interesting ideas and usually ended up as massive attempts to manipulate the way we understand the Internet and personal freedoms. Let’s take a look at some of these:

The original idea: Copy protection on CDs.

The desperate over-manipulation: the Sony Rootkit.

CDs were originally relatively easy to ‘rip’ to a computer. When Napster became a reality, though, labels rushed to put copy protection on CDs, making it harder to copy the CD to a computer. Most of these efforts were laughable – the problem was that since the CD specification was already set and in place in thousands of players, changing an audio CD to make it hard for computers to read usually broke the CD in some ways – some players wouldn’t play it, and angry customers would return it. Also, of course, ripping programs had no trouble updating their software when someone did figure out a new way to make an audio CD ‘computer-proof’.

Though this was a doomed effort (most of these CD protections had died by 2006), in 2005 Sony and BMG had the greatest idea: they created software that would reside on their CDs, and when users would insert the CD into the computer the software would load itself automatically and modify Windows invisibly, neutering the ability of the computer to load and rip music. It was, for all intents and purposes, a very sophisticated virus that was pre-loaded onto Sony and BMG discs, with no documentation and no warning.

When it was discovered by a computer scientist, the rootkit, as it was called, created an internet storm. It was poorly written, contained stolen code (ironically), and could easily malfunction, causing the complete destruction of the CD drive of the computer. Various attorney generals got involved, BMG and Sony were sued, and eventually settled with the FCC (although the president of BMG was not exactly sorry – he famously said that “most people, I think, don’t even know what a rootkit is, so why should they care about it?”) and were forced to discontinue the dissemination of the rootkit.


The original idea: suing Napster users

The desperate over-manipulation: inventing new laws

When file-sharing became a reality, labels sued first the Napsters of the world, and, when that failed to stem the tide and they had run out of centralized services to sue, began to sue individual users. This was a risky strategy, because the legal basis for suing people who share music was always tenuous – copyright law was originally written to protect consumers, not content owners, and it took a lot of manipulation to convince law-makers that copyright laws even allowed labels to sue individual users. Even then, the lawsuits were farcical: since the labels had only IP addresses, which can be shared between households, successfully proving an ‘infraction’ was very, very difficult. The RIAA (the industry association of the big 4 labels) sued 35,000 people since 2003, with very little success, partly because of all of that ‘due process’ nonsense courts insisted on.

Since suing people individually was not working out, the RIAA and the labels began to push for new laws. These became known as ‘three-strike’ laws: the idea was that the labels would work with the ISPs to find people who shared music, and then send them nasty letters. Receive three such letters, and you’d be disconnected from the Internet – permanently.

This is fairly new, in terms of laws. The RIAA pushed hard in some geographies, like France, to actually make this system legal (it’s called the HADOPI law there). That took a lot of manipulation, which could be the subject of a separate post, but it was eventually passed (unfortunately for the RIAA, the first person punished under it is probably innocent). Here, in the US, though, they have mostly tried to work with the ISPs rather than trying to pass state or federal laws, but either way, these schemes raise interesting questions: can you be disconnected from the Internet in today’s world without any due process or the chance to defend yourself? Is Internet access a right – could you hold down a job without email, for example? The beauty of this approach by the RIAA is that, by bypassing the legal system and dealing directly with ISPs, the RIAA has essentially created a completely new law – they have defined an offense (sharing songs), defined a process to prosecute wrong-doers (the ISP letters), and a punishment (disconnection from the Internet). All without a single debate or vote. You have to admire the creativity here.


The original idea: Suing web sites like Napster

The desperate over-manipulation: Making web sites ‘disappear’ – internationally

Once the labels realized that suing users was largely a waste of time, they turned back, once again, to centralized web sites that facilitated music sharing. They were proliferating all over the web, from torrent sites to locker sites, and new ways to share music was being devised every day. Suing each site one at a time was simply impossible, so the RIAA approached the Justice department with a cool idea: what if the government could police copyright on behalf of the RIAA?

Amazingly enough, the Department of Homeland security agreed. Operations “In Our Sites” was launched, which basically was the department of Homeland Security targeting sites that offends the RIAA in some way and forcing them to shut down by essentially forcing registrars to take the sites offline. Instead of a targeted site, users are greeted with an ominous placeholder:

Amusingly enough, if your domain is seized, there is not much you can do about it. Oh well. You were probably guilty of something. So far, several hundred sites have been taken off-line.

This works well if the site is in the US. What happens if the site is Canadian, or Somalian, or German? Most countries frown on having their police and justice forces enforce complex copyright claims by a small group of 4 tiny companies, and the RIAA lacks the access and prestige it does in the US. So what could be done against those sites?

Here again, the RIAA came up with a brilliant manipulation. Since you cannot force an international site to go offline like US sites, the RIAA and others sponsored a complex piece of legislature called Protect-IP (even the name sounds good!). Basically, the act would allow the RIAA and the Attorney Generals of a state to target an international site and force US companies that link to the site – including search engines – to stop linking to it or doing business with it. So the site will still be up, but search engines like Google will not show it, payment processors like Paypal or Visa will not deal with it, and even DNS resolvers (the bits of the Internet that resolve an address like google.com to a real server somewhere in the world) to point browsers to it. In effect, the site will still exist, but you wouldn’t be able to search for it, go to it, or interact with it in any meaningful way.

The interesting feature of this manipulation is that it essentially gets around a major problem – jurisdiction. For example, file-sharing is mostly legal in Canada (frankly, from what I understand, they just can’t be bothered to outlaw it). So a music-sharing site in Canada is immune to the RIAA and its demands. But under Protect-IP, the site can essentially be completely cut off, no questions asked, and all under US law. This is one of the most innovative international manipulation I’ve seen lately.


* * *

The RIAA is not a loved organization – it is basically there to take unpopular moves and deflect some of the resulting negative PR from the labels that fund the organization. It has also largely been a failure, if you assume that success would have been less music-sharing (there’s more file-sharing than ever right now). But, from a manipulation standpoint, it has pioneered a number of different innovations that were picked up by its big brother, the MPAA (the equivalent of the RIAA, but for movies). In that sense, it has been remarkably creative and innovative – after all, what other 4 small companies can claim to have been able to craft new laws, influenced technical standards, and basically accumulated the power to take out any web site, anywhere, mostly at will? That may, in fact, be its long term legacy, well after the labels disappear into history.