Friday, 28 November 2003

iTunes Security blather

Tracey Meyers wins the most errors in the shortest amount of text award this week:
"So sue me" stated young Norwegian hacker Jon Lech Johansen last week after he posted a program to crack iTunes air-tight security.

Johansen posted the program called "QTFairUse", with the previously mentioned quote, on his own website. The free software has the uncanny ability to sidestep iTunes anti-copying software, MPEG-4 Advanced Audio Coding that once installed illegally views protected music files in QuickTime without paying a fee or royalty.


1) 'air-tight' security is remarkably meaningless. In fact, oscillating air is the primary security 'hole' in iTunes, followed closely by the built-in CD-burning code.
2) 'uncanny' is an odd thing to say about source code. It's pretty clear what he is doing if you can read C, and if you can't why not talk to someone who can first?
3) MPEG-4 Advanced Audio Coding is not anti-copying software, it is a compression format. The anti-copying stuff is called FairPlay.
4) That last sentence manages to call AAC illegal.
5) You can already listen to (not view, unless you count the tiny spectrum display) the protected music files in QT Player, as long as you know the username/password.
6) You have to have already paid for the music for this to work. All it does it replace the 'burn to CD' option with a less convenient way to extract the audio (It only works on one song at a time as it is played).
7) It's highly arguable that this is illegal, given that transferring music to other forms is explicitly legal - indeed were it not, the CD to MP3/AAC part of iTunes would be illegal. There may be a DMCA case on circumvention grounds here, but it isn't a good one, given the fact that iTunes will let you make CDs from the same file. In any case the DMCA is not Norwegian law.

Still, I'm surprised it took this long for someone to start the arms race in this instance. I hope my old friends in Apple don't get dragged into it.

No comments:

Post a Comment