This has not been a good week for internet rights and privacy. First, the infamous but fortunately revoked changes to Facebook’s TOS, then Tumblr deleted five “anonyblogger” accounts that had been used to insult other users, leaving many users concerned about censorship on the platform. The latest cause for concern is a rumor regarding Last.fm possibly providing user details to the RIAA that would reveal which individuals had listened to unreleased tracks.
That leaked U2 album is causing all sorts of trouble. The unreleased album, which is due out on March 3, found its way onto BitTorrent and was downloaded hundreds of thousands of times. That, apparently, sent music industry lawyers over at the Recording Industry Association of America into a fit. As a result, word is going around that the RIAA asked social music service Last.fm for data about its user’s listening habits to find people with unreleased tracks on their computers. And Last.fm, which is owned by CBS, actually handed the data over to the RIAA. According to a tip we received:
I heard from an irate friend who works at CBS that last.fm recently provided the RIAA with a giant dump of user data to track down people who are scrobbling unreleased tracks. As word spread numerous employees at last.fm were up in arms because the data collected (a) can be used to identify individuals and (b) will likely be shared with 3rd parties that have relationships with the RIAA.
Supposedly, the operations team which handed over the data in the first place weren’t told the true purpose for the transfer or who was getting the data until after the fact, and only when they had to help with some corrupted data. It sounds like it was more of a corporate decision. I’ve contacted both CBS and the RIAA. Most of the Last.fm team is in London, where the weekend has already started. For now Last.fm says: “To our knowledge, no data has been made available to RIAA.” (The RIAA declined to comment).
Setting aside what actually happened to the data, and assuming this rumor is true, why would the RIAA target Last.fm? It wasn’t streaming the U2 album, and it is not an illegal download service. But Last.fm has millions of users who are heavy music consumers, and many of them download Last.fm’s Scrobbler software which keeps track of every single song you listen to on your computer, no matter which music player you use. In other words, it captures tracks played from illegal BitTorrent downloads just as easily as from iTunes.
. . . your record collection (including your skipping history) may be viewed by all other users of Last.fm (who may include other organisations or representatives of other organisations who have registered as Last.fm users) and that they may easily associate this information with your Last.fm username.
But most probably never even considered it a possibility that individually identifiable information about their listening habits (legal, illegal, or otherwise) could be handed over to an organization known for taking consumers to court for file-sharing. What makes this even more egregious is that it appears to be absent any legal precedent (such as a pending lawsuit) for which Last.fm could at least hide behind as an excuse.
Incidents like this highlight how the social Web can sometimes bite back if you are not careful. It also raises the issue of who owns all of this data about you and what they can do with it. (The same issue that caused Facebook to backtrack on recent changes to its data policy). Unfortunately, it’s come down to this: you really shouldn’t share any data on the Web you wouldn’t feel comfortable seeing in a court of law.
(Please contact us at tips [at] techcrunch if you have more information about this).
This is largely viewed to be an untrue rumor at the moment, but it is a disconcerting possibility.