On music and asymmetrical encryption keys…


I’ve been reading this really interesting article at Hack the Planet: “Route around the labels”, which describes a form of voluntary payment scheme for MP3s. To be honest, I’ve read it a couple of times and some of the technical aspects escape me (I’m tired, OK?).

Anyway, I was thinking about it, and it occurred to me that I couldn’t see why this system couldn’t be adapted to preserve copyright integrity and get people to pay for music. I know a lot of people don’t like this idea, but in the whole Napster vs Metallica debate, I have to confess I think I’m somewhere in the middle.

Let me go into a little detail about my idea (which isn’t that different from the one at Hack the Planet, I fear). Imagine a company that sells/distributes decent, trusted encryption software – say for example PGP. If they wanted to, they could produce a PGP enabled MP3 player, which decrypted on the fly. The individual puts their public “PGMP3″ key into a PGMP3 server. Then when they select an MP3 they want to download, it is encrypted according to their public key, sent to them and can only be listened to on the PGMP3 player which contains their private key.


  • What if you want to listen to them on more than one computer?
    As long as you have your own private key, you can put it on whatever piece of software/players you like. However since the MP3 is encoded using your public key, ONLY software/players with your private key in them will be able to play it.
  • What’s to stop people disseminating private keys?
    You make the private key like the PIN number of a bank account – the private key is generated for you when you sign up to buy music from a record company. This is attached to your user name, which uses that 1-Click nonsense to allow you to buy the music you want. The crucial part is that you have to give a credit card number when you get the private key and you can only buy stuff using it as well. Thus if your private key is gone, anyone can buy music using your credit card. That’ll discourage people.

I mean – there are probably considerable technical issues I’ve neglected here, but it seems like a pretty reasonable and basic idea to me. Opinions?