Last.fm User Data Was Sent To RIAA By CBS 334
suraj.sun sends in an update from TechCrunch on a story that generated a lot of controversy a few months back, "Did Last.fm Just Hand Over User Listening Data To the RIAA?" "Now we've located another source for the story, someone who's very close to Last.fm. And it turns out Last.fm was telling the truth, sorta... Last.fm didn't hand user data over to the RIAA. According to our source, it was their parent company, CBS, that did it. Here's what we believe happened: CBS requested user data from Last.fm, including user name and IP address. CBS wanted the data to comply with a RIAA request but told Last.fm the data was going to be used for 'internal use only.' It was only after the data was sent to CBS that Last.fm discovered the real reason for the request. Last.fm staffers were outraged, say our sources, but the data had already been sent to the RIAA. We believe CBS lied to us when they denied sending the data to the RIAA, and that they subsequently asked us to attribute the quote to Last.fm to make the statement defensible. Last.fm's denials were strictly speaking correct, but they ignored the underlying truth of the situation, that their parent company supplied user data to the RIAA, and that the data could possibly be used in civil and criminal actions against those users."
The death of Last.fm? (Score:5, Interesting)
I guess one could simple turn off scrobbling, but that is one of the main features of the service.
Wait (Score:5, Interesting)
So it is not "legal" to listen to music on last.fm? Can I get sued by the RIAA if I listen to songs on last.fm? If it is "illegal" to have music on last.fm, then why doesn't the RIAA send a cease and desist to CBS/last.fm? If it is legal, then why would CBS release that information? Is it so that the RIAA can have a list of IPs with names to go after if they think someone is pirating music?
I don't get it (Score:2, Interesting)
Last.fm collects listening data from the ID tags of mp3-files and the likes, right? ID tags can be modified to say anything. It's even possible to send completely bogus information to Last.fm without listening to any music files at all. So what does the collected data actually prove?
What data? (Score:4, Interesting)
How could anyone be sued for last.fm data? The only data you supply to last.fm when using their 'scrobbling' client is the tags of the currently playing song. Tags can be anything. I can take any song by any artist, or even just random noise, and give it any tags I wish. That doesn't magically make that song the song that I've tagged it as. I seem to recall data about U2's then-unreleased album being spoken about when the last.fm data news story came about. The album wasn't released yet, so anybody listening to it obviously got it through unofficial channels. The problem with that line of thinking is, getting a hold of the track names before its release wouldn't exactly be rocket science. I'm sure a tracklist would have been made public long before its release. It's a trivial matter to take any random songs and give them tags that correspond to the upcoming release and then play them back in your media player. And since you're running the last.fm 'scrobbling' client those tag names would be uploaded to your last.fm account as what you're currently listening to. That doesn't mean that the tags your files have are actually what your tags claim them to be. They're just tags. Tags that can be set to any arbitrary value by anyone, anytime. How anyone could possibly think this could be used as evidence of being in possession of officially unreleased material ahead of the official release is beyond me. It makes absolutely no sense at all. And the people that think this data could be used for anything to do with the legal system is downright hilarious.
Re:What data? (Score:4, Interesting)
If thats legal or not, who knows, the RIAA isn't exactly known for having legal convictions based on solid evidence.
Re:Breaking News (Score:5, Interesting)
It's the pirates first, but when will it be "Dear Ol Auntie" who gets bit with malware or extreme mistrust by a company (surprise). An attack on "Dear Ol Auntie" has already been done by Sony with little to no real punishment.
We'd like to think that a music recommendation engine would be impartial and fair. The engine is, but the people arent. And aside from that, they most likely broke laws when they handed out identifying information to their corporate owner. There's a lot of laws regarding data security in places like California and throughout the EC.
Probable cause for a search warrant (Score:3, Interesting)
Track listings of unreleased albums, along with accurate track length information (which the Audioscrobbler protocol provides), could be used as probable cause for a search warrant.
No more Last.fm for me (Score:2, Interesting)
I cancelled my Last.fm account immediately after I read this article. Fu** them for this.
I shouldn't have done this from the start. I feel stupid. I should've seen something like this coming.
TechCrunch was basically right the 1st time (Score:3, Interesting)
I can't help but wonder (Score:4, Interesting)
... If this has anything to do with the fact that Tech Crunch is sponsored by a competitor of Last.fm.
Re:Little use as legal evidence (Score:4, Interesting)
But seeing as the last.fm data was obtained in an underhand manner and then released to an unrelated 3rd party, does that mean that the RIAA pirated the data? :-)
I hope this did happen... (Score:5, Interesting)
Take them through Criminal Courts rather than Civil courts...
Re:Wait (Score:5, Interesting)
You're looking at it the wrong way.
User listening data is not really that useful as a tool for filing lawsuits. It is useful as a tool for tracking and potentially identifying leaks. For example: suppose User X listened to a new album ten days before it was actually released, and is friends (on the site) with User Y who listened to it twelve days before the release date, and User Y is friends with User Z whose profile matches up with an intern at the studio. Odds are that User Z -- the intern -- is the source of the leak.
Re:No more Last.fm for me (Score:5, Interesting)
I cancelled my Last.fm account immediately after I read this article. Fu** them for this.
I shouldn't have done this from the start. I feel stupid. I should've seen something like this coming.
Talk about over-reacting. Don't you think you should give it a few more days or weeks to see how it really plays out?
I cancelled the day they announced the CBS buyout myself. But you waited through the buyout and the first variation of this story, maybe its true, maybe its false, but since you gave them the benefit of the doubt then, why are you cancelling now when there is really no new evidence, just a new variation on an old story?
Re:Last.fm Terms of Use (Score:2, Interesting)
Whatever their Terms of Use say, if this is against a law the statement in terms of use does not make it legal. Laws approved by parliaments are above self-written terms of use, and that is why the RIAA spends so much money lobbying (to get the laws on their side).
The fact is that they may have breached the Data Protection Act (in the UK), even if the terms say that they could give data to their parent company. I believe the Data Protection Act requires them to inform every single person featured in the data set that they were going to suplly their personal data to their parent company.
Re:Ain't Just a River in Egypt (Score:4, Interesting)
Er, this isn't actually a troll. Denial ain't just a river in Egypt. Last.fm told its parent company, who then told. Hence "I didn't tell on you...my mom did".
This post makes sense and is relevant.
Re:It comes down to this: (Score:5, Interesting)
Oh, for mod points.
The one thing that surprises me is that Russ Garrett says that legal action isn't possible. That surprises me. You have an entity suffering real, quantifiable damage (count the "I'm unsubscribing RIGHT NOW" posts upthread) as a direct result of libellous, allegedly incorrect information being published, when that entity exists in a country with some of the most plaintiff-friendly libel laws in the world.
WTF?
Re:Don't support corrupt organisations (Score:3, Interesting)
Initial impressions:
Jamendo - Horrible web interface, wants to use full-window m-player plugin instead of embedded player so you can see the rest of the page (artist info, etc). Half a minute of buffering between tracks, no thanks.
Magnatune - seems all right, haven't tried searching in depth yet, but insists on "you have been listening to X from the album Y on Magnatune" between tracks, plus 4 seconds lead-in silence on every track. Meh.
Libre.fm - oddly home-drawn look to it, can't see much without registering (a la Facebook). No go.
Blip.tv - great, but seems to be tv rather than radio? Not applicable for an at-work background jukebox.
I repeat: these are the first impressions of a single individual. For now, I think I prefer Last.fm, at least until we have a full understanding of what really happened with Last, CBS, RIAA, and TechCrunch.
Re:Last.fm Terms of Use (Score:4, Interesting)
Re:I hope this did happen... (Score:4, Interesting)
What could they be got on:
It might be worth doing even if Last.fm is innocent - it may be high profile enough to make other organisations think twice before doing this sort of thing.
Re:Breaking News (Score:4, Interesting)
Some possibilities
a.) they sell your info to marketers. Threat level: meh, unless it results in spam etc. which then rises to annoying but I can deal with it.
b.) they profile you. Threat level: severe. e.g. they prove your IP scrobbled a song and can produce a BT log tying your IP to a swarm on the same song/album. Or just put you on a watchlist.
The info itself is not inherently risky but it does expose you to some other associated risks like example b.) above. And the argument 'mp3 tags does not equal owning the song' is going to be as effective as the 'ip is not identity' argument in that its not going to stop them coming after you with a daft but painful and potentially expensive lawsuit. Heck in this case its even more clearcut, what you intentionally mislabel the song? what songs were you listening then? do you own them etc. etc.
Its hard to prove whether you pirated X song you scrobbled or not but its how this info is combined with other info that has me worried specifically re: pirated music or accusations thereof.
On a wider note, the cynical geek in me finds it hard to believe that anybody is remotely surprised, esp. as last.fm users are going to be technically inclined, couldn't y'all see it coming?!?! Nothing on the internet is private if someone wants to look hard enough, and they (as in 'the man') don't need proof to make your life a living hell via these RIAA lawsuits or anything similar.
Re:Breaking News (Score:4, Interesting)
Last.fm's main office is in London [www.last.fm].
They're about to get crushed by the Data Protection Act, at the very least.