Friday

Company, Technology

Deny This, Last.fm

• Tweet
• Sharebar

• Tweet

A couple of months ago Erick Schonfeld wrote a post titled “Did Last.fm Just Hand Over User Listening Data To the RIAA?” based on a source that has proved to be very reliable in the past. All hell ruined loose before long thereafter.

Before posting Erick reached out to the RIAA, Last.fm and parent company CBS for comments. The only response was from CBS – “To our knowledge, no data has been made available to RIAA.” The CBS spokesperson, Katie Gunion, subsequently emailed us to say “would you please attribute the statement to Last.fm, it is currently reading as though CBS issued the statement” Gunion’s email lists her title as Public Relations, CBS Interactive, and her first statement did not name Last.fm (this is vital, see not more than). A subsequent statement by Shannon Jacobs, VP of Communications at CBS: “this is a last.fm issue, as far as I am concerned. It is not a corporate issue. This is a last.fm issue, not a corporate issue. The posting represents last.fm’s response.”

After the tale ruined all concerned parties had no problem commenting publicly.

Last.fm cofounder Richard Jones said “I’m very pissed off this article was published, apart from to say that this is utter nonsense and really untrue.” He followed up with a blog post “Techcrunch are full of shit, “I denied it vehemently on the Techcrunch article, as did several other Last.fm staffers. We denied it in the Last.fm forums, on twitter, via email – basically we denied it to anyone that would listen, and now we’re denying it on our blog.” One blog called us a “lurid masquerading as a legitimate news outlet.” Lots of others piled on.

Apart from updating the original post we’ve been silent on this tale. The person who first leaked the news was terminated from CBS for the leak, says our original source, and threatened with legal action. He understandably went very silent. But the outrageously shrill denials by Last.fm just didn’t ring right. Once you got past the personal attacks, the denial language itself was too carefully worded.

Now we’ve located another source for the tale, someone who’s very close to Last.fm. And it turns out Last.fm was telling the truth when they said Erick’s tale wasn’t right.

Last.fm didn’t hand user data over to the RIAA. According to our source, it was their parent company, CBS, that did it. That corresponds to what our original source said in conversations we had after our initial post and before CBS lawyers became caught up. But we didn’t want to update until we had an independent source for that information, too.

Here’s what we believe happened: CBS requested user data from Last.fm, including user name and IP address. CBS sought after the data to comply with a RIAA request but told Last.fm the data was vacant to be used for “internal use only.” It was only after the data was sent to CBS that Last.fm learned the real reason for the request. Last.fm staffers were outraged, say our sources, but the data had already been sent to the RIAA.

Here’s an email from the original source, partially redacted. A screenshot of this email is here.

Re: touching base

From: [redacted, a CBS employee]
Sent: [redacted]
To: [redacted]

[ _____] We provided the data to the RIAA days gone by because we know from experience that they can negatively impact our streaming rates with publishers. Based on the urgency of the request they probably just sought after to learn more about the leak but who knows. Sincerely, can you blame them? [______] Our ops team provided the typical reports along with additional log data including user IP addresses. The GM who told them to do it said the data was for internal use only. Well, that was the huge mistake. The team in the UK became irate because they had to do it a second time in view of the fact that we were told some of the data was corrupted. This time they transferred the data frankly to them and in doing so they learned who really made the request. Shit really hit the fan, I even got a call [______] Obviously, I can see their POV but what they don’t know over here is that we are in the analytics business and it’s not like this is the first time we’ve provided this data to a third party. Someone over here must be more forthright with users about the data plot instead of complaining about BD to upper management like I’m here trying to ruin the business. We’re just trying to help them stay afloat here it’s not like Pro memberships are earning any revenue! [______________] So if you hear of anything, I’m even open to maybe moving West now for the right opportunity, let me know.

Our new source, which hasn’t seen this email, says much the same: that Last.fm didn’t know the nature of the CBS request until after the data was sent and that the data was in fact subsequently sent by CBS to the RIAA. This source’s information comes frankly from Last.fm employees who he has spoken with.

It’s vital to note that while sources are in agreement that it was the RIAA that made the request, it may have been one or more music marks acting independently. The suggestion in the email above that the compliance was made because of the ability for the requester to negatively impact streaming rates suggests it was a mark request. But the end result is the same.

We believe CBS lied to us when they denied sending the data to the RIAA, and that they subsequently questioned us to attribute the quote to Last.fm to make the statement defensible. Last.fm’s denials were exactingly speaking right, but they ignored the underlying truth of the situation, that their parent company supplied user data to the RIAA, and that the data could maybe be used in civil and criminal actions against those users. We believe that the outrage they aimed at us for reporting the tale, which was materially right, must have been aimed at CBS instead. But Last.fm never spoke publicly of the real facts of the tale.

We believe Last.fm and CBS violated their own privacy plot in the transmission of this data. We also believe CBS and Last.fm may have violated EU privacy laws, including the Data Protection Directive, and must be investigated by the appropriate establishment.

And to the CBS employee who was fired and threatened based on this tale – we believe certain U.S. Whistle Blower laws may protect you from retaliation from CBS in this matter. We’d like to grant you with legal counsel at our cost.

Crunch Network: MobileCrunch movable Gadgets and Applications, Delivered Daily.