In February TechCrunch rumored that Last.fm had ratted out its users to the RIAA. Now they have another source claiming data was shared with the music industry group, including IP addresses. Without going into the validity of these allegations, we'd like to point out that this data is completely useless to the RIAA, from a legal point of view.

With millions of active users, Last.fm is one of the largest and most appreciated music communities on the Internet. The company was acquired by CBS Interactive back in 2007, prompting some to speculate that this had led it to the darkside. The allegations reached a crescendo recently with claims that Last.fm shared the listening habits of its users with the RIAA. Last.fm has denied all allegations, but let’s assume for a moment that there’s some truth in them.

In their most recent writeup TechCrunch published new details which were provided by another source, and in the article they hint at the following doomsday scenario. “Their parent company [CBS] supplied user data to the RIAA, and that the data could possibly be used in civil and criminal actions against those users.” TechCrunch makes it sound really scary, but how useful is this data really in a court of law?

Let’s start with a little background. Last.fm’s data is provided by its users who report their recently listened-to songs to allow the site to track their listening habits. The data comes from the ID3 tags or similar metadata formats that MP3s and other digital music files carry. These list the artist name, title of the track, name of the album and more info related to the music file.

So what can the RIAA do with this data? Since the metadata doesn’t state that a track was pirated, only pre-release tracks that appear on Last.fm would be worth looking into. However, since the RIAA only have access to metadata reported to the site there is not much they can prove with it, even if they have access to Last.fm’s entire database.

The RIAA would only be able to check which IP addresses played a music file tagged as ‘track X’ by ‘artist Y’, but since everyone can easily edit these tags they can never really be certain that an individual was indeed in possession of the track, let alone that they shared it with others.

So, suggesting that the RIAA is going to use Last.fm’s data (if they indeed got their hands on it) to go after file-sharers is complete nonsense. As evidence, Last.fm’s data is not going to be worth much in court. In fact, there are plenty of better ways to track down copyright infringers and the RIAA is well aware of that. They are experts by now.

The only thing the RIAA has to do is hire someone to monitor various public BitTorrent trackers where the music is traded, and they can easily catch thousands of people in the act. The upside of this method is that they can verify that the person on the other end is actually sharing the data. Plus, they will know that the files are indeed the titles they are looking for.

The RIAA of course knows all of this, and if they indeed requested the data it was for purposes other than taking legal action. So, assuming that the RIAA was indeed requesting data from Last.fm, why would they want to know what music people are listening to on their computers?

Most likely the RIAA is interested in the business intelligence value of the data. For years record labels have been tailoring their music releases to the listening habits of ‘pirates’, and it is not unlikely that they are interested in Last.fm’s data for similar purposes. IP-addresses can come in handy here to spot some of the regional differences in popularity of artists or tracks.

Whatever their reasons are, dragging pirates to court is not likely to be one of them. Perhaps the TechCrunch tipster is an insider at one of the record labels who wants to scare the shit out of Last.fm’s users? Or has Michael Arrington himself been hired as one of the footsoldiers in the RIAA’s war on piracy? Who knows, but anything is more plausible than the RIAA taking people to court for reporting “copyright infringing” metadata to Last.fm.

Update: Apparently Last.fm’s official client also does fingerprinting as LANjackal points out. However, the ‘evidence’ would still be far from usable in court.