November 1, 1999
CD Software Is Said to Monitor Users' Listening Habits
By SARA ROBINSON
ealNetworks' popular RealJukebox
software for playing CD's on computers
surreptitiously monitors the listening habits and certain other activities of people
who use it and continually reports this
information, along with the user's identity,
to RealNetworks, said a security expert
who intercepted and examined data generated by the program.
In interviews last week, company officials acknowledged that RealJukebox,
which can copy music to a user's hard
drive and download it from the Internet as
well as play it, gathers information on what
music users are playing and recording.
|
|
The RealJukebox software collects information on what music users play and record.
|
Dave Richards, RealNetworks' vice
president for consumer products, said the
company gathered the information to customize services for individual users.
He
and other company officials insisted that
the practice did not violate consumer privacy because the information was not being stored by RealNetworks nor distributed to other companies.
But privacy advocates and security experts interviewed last week were unanimous in condemning the practice, calling it
a violation of the privacy of the 13.5 million
registered users of RealJukebox, almost
all of whom have given the company their
names and e-mail addresses.
Even if the company's use of the data is
benign, these experts said, the practice is
unacceptable because of the secrecy: RealNetworks, one of the largest distributors of
audio software on the Internet, does not
inform consumers that they are being identified and monitored by the company.
The information that RealNetworks
gathers is extensive. According to Richard
M. Smith, an independent Internet security
consultant from Brookline, Mass., who discovered RealJukebox's monitoring functions, each time the program is started on a
computer connected to the Internet, it
sends in the following information to the
company: the number of songs stored on
the user's hard drive; the kind of file
formats -- RealAudio or MP3 -- the songs
are stored in; the quality level of the
recordings; the user's preferred music
genre, and the type of portable music player, if any, that the user has connected to the
computer. Officials at RealNetworks said
most of this information was used to offer
music selections to users based on their
preferences.
All this information is combined with a
personal serial number known as a globally unique identifier, or GUID, which is
assigned to each user when he or she
registers the software.
RealJukebox is distributed only on the
Internet, and users are instructed to register -- giving the company their names, e-mail addresses and ZIP codes --
when they install the software.
What is more, if RealJukebox is
used with its default settings, it automatically loads each time a CD is
inserted in the CD-ROM drive, and if
the computer is connected to the
Internet, the title of the CD is sent,
together with the GUID, to RealNetworks.
"Either they have been dazzlingly
careless with their treatment of personally identifiable information or
they are completely disingenuous,"
said Jason Catlett, founder and president of Junkbusters, a privacy
watchdog organization. "Which is
worse? If they are not disclosing
what they are doing, that is unconscionable."
Some other CD player programs
also assign GUID's to each copy of
the software. The difference lies in
what they do with it. The Microsoft Corporation, for example, says that
the unique identifier in its Windows
Media Player is used for such things
as purchasing multimedia from a
Web site. It is not routed through
Microsoft, nor does Microsoft require users to register, and it does
not gather information through Media Player, said a spokesman for
Waggener Edstrom, a public relations firm that represents Mircrosoft.
The fact that RealJukebox is gathering this information is not mentioned in the long privacy policy the
company posts on its Web site. Nor is
it acknowledged in the licensing
agreement that users must approve
when installing the program.
David Banisar, a lawyer in Washington who specializes in Internet
law, said that RealNetworks' surveillance practices could violate various
state and federal statutes, including
the Computer Fraud and Abuse Act.
"It's a new type of case that hasn't
been brought before," he said. "But I
think it's a pretty good case."
Banisar argued that RealJukebox could be considered a "trojan
horse," a legitimate program that
contains hidden instructions to perform illegitimate functions.
Company officials said on Friday
that the registration procedure for
the free version of RealJukebox did
ask for personal information, including name and e-mail address, but
they said that users could skip the
registration and still use the program and that RealJukebox would
stop prompting users to register after five attempts. Some customers,
they said, had stumbled on this fact
and had declined to register.
However, customers who purchase RealJukebox Plus, a version
with enhanced features that RealNetworks sells online for $29.99 with
a money-back guarantee, cannot
avoid registering since they must
type in a unique serial number to
install the program. And in this case,
RealNetworks also gathers credit
card and mailing address information before it assigns the number.
Richards of RealNetworks
said the reason the program tallied
the number of songs a user had recorded was to enable the company to
determine whether the user was "naïve" or "sophisticated." This better
enables the software to steer sophisticated users toward its advanced
features, he said.
But this seemed at odds with a
statement by Steve Banfield, RealNetworks' general manager of consumer products, who said the company was gathering only "aggregate
usage" information about users of
the software.
Privacy experts said the kind of
information being gathered by RealJukebox had the potential to be used
to detect copyright violations.
Banfield said that to his knowledge, the company had no plans to
allow information about individual
users to be used in this manner.
But Catlett of Junkbusters
said that such information could be
subpoenaed under the Digital Millennium Copyright Act. "This usage and
tracking information is a way for
them to collect intrusive profiles
about people and possibly set up
prosecutions for copyright infringements," he said.
Like some 250 other such programs, RealJukebox licenses the
right to use a database of CD titles
and tracks that is compiled and
maintained by a company called
CDDB. This enables the software to
display the title and tracks of a CD
moments after it is loaded into the
computer.
To do this, the program
must send out information to CDDB
every time a user plays a CD.
But unlike other popular programs, RealJukebox routes the information through its own servers
and tags it with the GUID, which
uniquely identifies the user.
Banfield said the information
went to CDDB via a proxy server, a
computer that masks certain data, to
protect the privacy of RealJukebox
users. He said it was his understanding that CDDB typically collected a
user's e-mail address each time its
database was queried, but by using a
proxy server, he said, RealNetworks' users were all generically
identified as user@real.com.
Banfield painted RealNetworks as a defender of consumer
privacy, asserting: "Everyone else
who uses that database sends them
their e-mail address. We don't."
Ann Greenberg, senior vice president of marketing and business development for CDDB, said last week
that her company "strongly encourages but does not require" e-mail
addresses or any other identifiers
than enable the company to tally
unique users of its database. She said
the addresses were purged every
four days. But she said it was not fair
for RealNetworks' to blame CDDB
for gathering personal information.
Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.
