Fraud in Music Streaming on Legit Platforms

By now, many people who pay attention to artists’ rights have read the David Segal New York Times story published on January 13 about the amateur folk duo Bad Dog discovering their songs on major streaming platforms, but with different titles and attributed to a different creator. In what should be a surprise to nobody, it is easy to game the music streaming system and siphon from the revenue pool, even if you’ve never composed or recorded a song in your life. It’s a classic case of The Internet Giveth, and The Internet Taketh Away—because many DIY tools promoted to help new artists launch careers can be used by bad actors engaging in fraud.

“David Post and Craig Blackwell have been devoted amateurs for decades, and they’re long past dreams of tours and limos,” Segal begins. Post and Blackwell are, oddly enough, both D.C. attorneys—and cyberlaw and copyright law attorneys to boot. Although they were more interested in regaining control of their music than the revenue, their difficulties point to the fact that control is everything, especially if the artist does care about revenue.

The problem lies in the fact that anybody can create an account with a music publisher/distributor, rename and reattribute a bunch of pirated tracks, and then upload the songs to multiple platforms to hijack the revenue that belongs to the real artists. Based on the Segal article, it seems that not all publisher/distributors are equal when it comes to verifying authorship or ownership of the tracks. The article cites the service called Level used in the Bad Dog incident, and I cannot comment on the specific anti-fraud efforts of all these services.

Naturally, this scam won’t work with mega hits for a variety of reasons, but for a niche indie like Bad Dog—or more critically for the new artist who is trying to start a music career—songs that are relatively obscure make a perfect target. The scammer won’t earn much from a small heist of songs, but at scale, the dividends can obviously provide sufficient passive income to make the “effort” worthwhile. I recommend the NYT article for a full account, but two segments struck me as deserving of comment—one editorial, and one semi-mercenary.

Citing these segments out of order, first is a comment by David Post, referring to the evolution of the Digital Millennium Copyright Act (DMCA) and the appearance of Napster. “In 1997, I don’t think people were thinking about this automated operation that just sucks up unprotected material, rejiggers it to make it unfindable and uploads to platforms where they can start monetizing it. That wasn’t on anybody’s radar.” For context, Post alludes earlier in the article to his own copyright skepticism, which echoes views many would describe as “copyleft.” But this was on nobody’s radar?

Okay, maybe this exact method of scamming was not envisioned in 1997, but it hardly takes a leap of imagination to see the progress from illegal P2P to legal downloads in tandem with illegal downloads, followed by legal streaming in tandem with illegal streaming. In fact, it doesn’t take any imagination because copyright piracy for profit has been a reality for about 30 years, and there are few systems on the internet that cannot be gamed—especially if the legit platform operator lacks an incentive (i.e., is shielded from liability) to remove scammers. Also, the nature of Bad Dog’s problem did not suddenly appear in late 2023. For instance, I wrote about fake Bob Seger and music tracks owned by Spotify in 2017, which can be seen as a prelude to the kind of scam at work in this instance.

So, if Post is suggesting the DMCA needs overhaul to address workarounds to notice-and-takedown, I welcome him to the cause because professional creators have been shouting into a hurricane for at least 20 years about the near uselessness of the provision as a viable remedy to piracy. Given Post and Blackwell’s day jobs, I do wonder whether they only just discovered the issue the moment it affected their music, but in any case, the DMCA brings me to the other quote from the article that I want to highlight:

To retrieve their songs, Mr. Post and Mr. Blackwell sent out what are called takedown notices, or formal requests to remove pirated music, to a bunch of different sites. The band members used their SoundCloud page to demonstrate that their recordings predated all the uploads on the streaming platforms.

As stated, the DMCA takedown provision is middling at best. Segal reports that Amazon and YouTube removed the pirated tracks quickly, but Apple and Spotify did not. What struck me about the above paragraph, though, is the duo’s use of their SoundCloud page to prove priority and ownership of the work, which is kind of a digital-age version of mailing a copy to oneself—a.k.a. the “poor man’s copyright,” which is meaningless as a mode of legal protection. That brings me to the slightly mercenary point I wanted to make that the musical artist in this same position would find it both easier, and possibly more effective, to send the Copyright Office registration numbers associated with the works that should be removed by DMCA takedown.

One aspect of a registration is that, by operation of law, it is prima facie evidence of ownership. Walk into federal court with those registration certificates, and the burden is on the opposite party to prove that you’re not the owner of the work. In fact, without registration, you can’t walk into a court with an infringement claim, but with regard to a DMCA takedown—especially sent to one of the major platforms—the registration is literally a government seal establishing ownership of the work. It doesn’t guarantee that every platform will expeditiously comply with a takedown request, but it does give them a good reason to do so.

Further (and this is the mercenary part) because I am a passionate advocate for the rights of independent creators, I highlight this incident as the co-founder of a software business called RightsClick. A suite of tools designed to make copyright management easy for the entrepreneurial creator, the app facilitates fast, simple registration that simultaneously builds a database of Titles with their associated registration numbers. Thus, the indie musician in the same position as Mad Dog could look up those numbers in about two minutes and include them in a DMCA notice. Again, not a guarantee of compliance by the platform, but a stronger incentive. Including registration numbers is, after all, what the attorneys prefer to do when they send takedown notices.

I hope readers will forgive the plug for RightsClick in this instance. I generally keep IOM commentary and that venture separate, but this story seemed like a good moment to don both hats. Regardless, the point worth emphasizing is that indie artists should register their work with the Copyright Office. No creator should ever be required to prove they own the work requested for takedown—the provision is already subject to penalties of perjury—but to the extent the platforms stall or play games in this regard, a registration number is a lot better than any other evidence one might otherwise provide.


 

UPDATE/CORRECTION:  Thanks to a representative of Bad Dog, who wrote to tell me that the duo did file a registration application for the album The Jukebox of Regret very soon after discovering the music had been pirated. This same source also states that the music was pirated within one week of publication to SoundCloud, hence the immediate use of that information to show priority and ownership. Based on this information, I wish to correct any implication that Post and Blackwell completely ignored copyright registration, though I would encourage indie artists to register before distributing work to the market. This story proves how quickly your work is likely to be pirated.

Enjoy this blog? Please spread the word :)