An Extraordinary Music-Streaming Scam

Some of you may recall that several months ago the band I play in ("Bad Dog") was embroiled in a rather unpleasant copyright infringement episode (see my earlier blog posting here) in which recordings from an album we had recently released had been copied and distributed to all of the major music-streaming platforms (Spotify, Apple Music, Amazon Music, etc.) without our permission and under new song titles and new (and pretty obviously fictitious) "artist" names.

David Segal of the NY Times picked up the story and published an (excellent) article about it that ran on the front page of the Sunday Times Business Section, which generated a fair bit of buzz in music industry circles.

Shortly after the article came out, I was contacted by someone in the US Attorney's office in NYC, and I was subsequently interviewed for an hour or so by an investigator from that office, to whom I gave as many details as I could about what had happened to us, and to our files.  He didn't say - and I didn't ask - what his purpose was in gathering all this information, but I had the impression that they were engaged in some sort of ongoing investigation involving the music-streaming business, and wanted to see if our problem was possibly related somehow to something that they were already looking into.

It turns out there was indeed an ongoing investigation, which has now yielded an indictment, released last week, alleging that Michael Smith, a musician from North Carolina, "orchestrated a scheme to steal millions of dollars of musical royalties by fraudulently inflating music streams on digital streaming platforms such as Amazon Music, Apple Music, Spotify, and YouTube Music."

The DOJ announcement of the unsealing of the indictment is available here; the full-text of the indictment is here.

The indictment contains some pretty astonishing details; I urge anyone interested in how the music industry works these days to look it over.

Here's how Smith's scam allegedly worked (all quotations are from the indictment):

First, he contracted with an AI firm specializing in music production (unnamed, and referred to as "Co-Conspirator 3" in the indictment) to deliver newly-created "songs" to him, and to transfer all the rights in those songs to him. The quality of this material may be inferred from the fact that the contract obligated CC-3 to deliver up to 10,000 "songs" to Smith every month, and the indictment alleges that between 2019 and 2024, CC-3 produced hundreds of thousands of songs for Smith.

SMITH then "created randomly generated song and artist names for audio files so that they would appear to have been created by real artists rather than artificial intelligence."

The indictment gives these examples.  First, an "alphabetically consecutive selection of 25 of the names of the AI songs SMITH used:

"Zygophyceae," "Zygophyllaceae," "Zygophyllum," "Zygopteraceae," "Zygopteris," "Zygopteron," "Zygopterous," "Zygosporic," "Zygotenes," "Zygotes," "Zygotic," "Zygotic Lanie," "Zygotic Washstands," "Zyme Bedewing," "Zymes," "Zymite," "Zymo Phyte," "Zymogenes," "Zymogenic," "Zymologies," "Zymoplastic," "Zymopure," "Zymotechnical," "Zymotechny," and "Zyzomys."

Second, an alphabetically consecutive selection of 25 of the names of the "artists" of the AI songs SMITH used :

"Calliope Bloom," "Calliope Erratum," "Callous," "Callous Humane," "Callousness," "Callous Post,"(Uncle Callous!!) "Calm Baseball," "Calm Connected," "Calm Force" "Calm Identity" "Calm Innovation" "Calm Knuckles" "Calm Market" "Calm The ' ' , ' ' Super," "Calm Weary," "Calms Scorching," "Calorie Event," "Calorie Screams," "Calvin Mann," "Calvinistic Dust," "Calypso Xored," "Camalus Disen," "Camaxtli Minerva," "Cambists Cagelings," and "Camel Edible."

To get his songs posted to the music-streaming platforms, Smith contracted with at least two different music distribution companies - a "Manhattan-based music distribution company ("Distribution Company-1") [and] a Florida-based music distribution
company ("Distribution Company-2")."

Meanwhile, Smith created several thousand fake email accounts which he then used to create fake "bot" user accounts at the major streaming platforms. At one point he had over 10,000 active bot accounts on the major platforms. He then programmed the bots so that they would stream "his" songs, over and over again, 24/7.

"After registering the Bot Accounts, MICHAEL SMITH, the defendant, then caused the Bot Accounts to continuously stream songs he owned using the following methods:

a. SMITH used cloud computer services so that he could use many virtual computers at the same time.

b. SMITH used some of the Bot Accounts on each virtual computer at the same time. SMITH typically used the web players for each of the Streaming Platforms, and had a number of Bot Accounts simultaneously streaming music on separate tabs in internet browsers on the virtual computers.

c. SMITH purchased-and subsequently modified-"macros," or small pieces of computer code that automatically continuously played the music for him."

As a result, Smith "obtained millions of dollars in royalties based on the artificially inflated streams of his music."

"On October 20, 2017, MICHAEL SMITH, the defendant, emailed himself a financial breakdown of how many streams he was generating each day and the corresponding royalty amounts. In the email, SMITH wrote, in substance and in part, that he had 52 cloud services accounts, and each of those accounts had 20 Bot Accounts on the Streaming Platforms, for a total of 1,040 Bot Accounts. He further wrote that each Bot Account could stream approximately 636 songs per day, and so in total SMITH could generate approximately 661,440 streams per day. SMITH estimated that the average royalty per stream was half of one cent, which 7 would have meant daily royalties of $3,307.20, monthly royalties of $99,216, and annual royalties of $1,207,128."

Nice work if you can get it!

Smith has been charged with wire fraud, conspiracy to commit wire fraud, and money laundering.  Notice: no copyright infringement here, unlike in our Bad Dog example, because whatever else Smith might have been doing, he did own the copyright in the "songs" that were composed for him.

Needless to say, I have absolutely no idea whether these allegations against Smith are true, let alone whether they can be proved beyond a reasonable doubt.

But it's pretty clear that whether or not Smith is guilty as charged, someone could have done - and may still be doing - what he's been charged with. That is, as a technical matter, nothing in what Smith is alleged to have done strikes me as impossible, or even particularly difficult, at least for someone who has substantial programming chops - like, say, your clever teenage nephew.  And given the money that can be made by a scam like this, it's hard to believe that nobody else is in on the game.

And that, I have to say, bums me out.  It's like Gresham's law: bad music will chase out good music. If the streaming services are clogged up with garbage, real musicians will be less inclined to use them to distribute their music.  And that, I would say, is a real loss.