song leaks
Most people send files to collaborators without a second thought — open a new email or text, click attach, hit send. Benjamin Thomas is not most people. “What I normally do is I encrypt it and send it with a 20 character randomized password via email,” he says. “And then I do a verbal confirmation of who the file is going to and deliver them the password through another method.”
Thomas is not employed by the National Security Agency; he’s an engineer who works closely with the rapper Lil Uzi Vert. But since Lil Uzi Vert’s most passionate fans are not fond of waiting for him to release music at his own pace — they want to hear it now, and will happily consume leaked songs in whatever form they can find them — these sort of safeguards are necessary.
Thomas’ precautions have helped drastically reduce the frequency of leaks. “He’s got a real blueprint for engineers to keep sh– under lock and key,” says Jason Berger, a partner at Lewis Brisbois, where he represents a number of producers who frequently collaborate with Lil Uzi Vert. “Uzi’s stuff used to leak a lot,” the attorney notes. “From about March of 2020 until the Pink Tape dropped [in June, 2023], not one f—ing record leaked out.”
But leaks remain a fairly regular occurrence in the music industry, especially in hip-hop, and happen in myriad ways. Despite being digital natives, the younger generation which tends to drive music is susceptible to being swindled: The Federal Trade Commission reported last year that 44% of people ages 20 to 29 said they lost money to online fraud, compared to 20% of people ages 70 to 79. When it comes to music, a lot of leaks boil down to “doing dumb stuff on the internet,” as Thomas puts it.
He puts leak into two different categories: Some stem from carelessness, others from hacking. A lot of the careless leaks are the result of common email phishing techniques.
The producer Warren “Oak” Felder recently received an email from his assistant — or so he thought. “He was asking me for something that made sense: ‘Hey, I need the bounces for some records because management asked,’” Felder says. But one sentence in the email stuck out for its odd construction, so the producer texted his assistant, who confirmed he didn’t send the email. “The amount of fake emails I get is crazy,” Thomas adds.
The same thing also happens by text. “Friends of mine in the industry have fallen victim to people phishing, where they’ll get a text from somebody that is acting like somebody else, maybe an artist, saying they had to get a new phone, for example,” says Anthony Cruz, an engineer who works closely with Meek Mill. Maybe they ask for a demo, or maybe “they’ll send you a link, and that file ends up hacking your entire account,” prying loose any closely guarded tracks.
Obtaining leaks via hacks can be more sophisticated, like the technique known as SIM-swapping. “They’ll first find as much information as they can about the person that they want to hack,” explains the producer Waves, who has an unreleased song with Juice WRLD that’s floating around online due to a leak. “Then they would call your cell phone provider, say, ‘Hey, I lost my SIM card, I just got another one. Can you transfer my number over to this phone?’”
If the perpetrator has been able to glean enough personal information — ranging from troves of previously hacked passwords that exist online to things like a mother’s maiden name — they can waltz past account protections and take over the account of the target phone. “From there, they just look through your email,” Waves says. “Sometimes they’ll even find full Pro Tools sessions and they’ll sell those. Honestly, some of them are pretty good hackers.”
Even if engineers, producers and artists are vigilant about protecting their own phones and computers, that may not be enough. Studios can be surprisingly loose with valuable materials. “A year ago, one of my clients was in one of these major recording studios and all of a sudden he’s hearing a collaboration between an A-list artist and somebody else that nobody even knew happened,” says Dylan Bourne, who manages artists and producers. “He was hearing it by accident in the studio because it was just on the computer.” Thomas “heard a story about somebody sitting outside the studio who logged into the Wi-Fi from a car,” enabling him to make off with files.
And yet another moment of vulnerability occurs when artists ask other acts for features and send over a track. “Now you’re relying on that artist and their team to protect the files,” Cruz says. “It’s out of your hands. A couple of leaks that we have been a part of have been because of that.”
Due to the danger of files ending up in the wrong hands, “a lot of artists are starting to use private servers to share music,” according to Felder. “They’re saying, ‘listen, if you send me the record, don’t text it to me, don’t email it to me.’”
One of Bourne’s clients, a producer, recently had to determine splits on a song he worked on for an A-list artist. The artist convened a listening session on Zoom “so that they could know what it made sense to argue for, but not have access to the song in any capacity,” Bourne says. “In the past people would have sent listening links.”
Another tactic Felder has taken up is “naming things cryptically.” This way, in case someone gets into a Dropbox folder or email and roots around for demos of songs featuring notable artists, at least that person can’t easily figure who is recorded on what.
Leaks are “not a situation that’s going to go away,” Bourne continues. “Artists who care have to get ahead of it and be more protective about the music.”
In the TikTok era, homemade remixes of songs — typically single tracks that have been sped up or slowed down, or two tracks mashed together — have become ever more popular. Increasingly, they are driving viral trends on the platform and garnering streams off of it.
Just how popular? In April, Larry Mills, senior vp of sales at the digital rights tech company Pex, wrote that Pex’s tech found “hundreds of millions of modified audio tracks distributed from July 2021 to March 2023,” which appeared on TikTok, SoundCloud, Audiomack, YouTube, Instagram and more.
On Wednesday (Nov. 1), Mills shared the results of a new Pex analysis — expanded to include streaming services like Spotify, Apple Music, Deezer, and Tidal — estimating that “at least 1% of all songs on [streaming platforms] are modified audio.”
“We’re talking more than 1 million unlicensed, manipulated songs that are diverting revenue away from rightsholders this very minute,” Mills wrote, pointing to homemade re-works of tracks by Halsey or One Republic that have amassed millions of plays. “These can generate millions in cumulative revenue for the uploaders instead of the correct rightsholders.”
Labels try to execute a tricky balancing act with user-generated remixes. They usually strike down the most popular unauthorized reworks on streaming services and move to release their own official versions in an attempt to pull those plays in-house. But they also find ways to encourage fan remixing, because it remains an effective form of music marketing at a time when most promotional strategies have proved toothless. “Rights holders understand that this process is inevitable, and it’s one of the best ways to bring new life to tracks,” Meng Ru Kuok, CEO of music technology company BandLab, said to Billboard earlier this year.
Mills argues that the industry needs a better system for tracking user-generated remixes and making sure royalties are going into the right pockets. “While these hyper-speed remixes may make songs go viral,” he wrote in April, “they’re also capable of diverting royalty payments away from rights holders and into the hands of other creators.”
Since Pex sells technology for identifying all this modified audio, it’s not exactly an unbiased party. But it’s notable that streaming services and distributors don’t have the best track record when it comes to keeping unauthorized content of any kind off their platforms.
It hasn’t been unusual to find leaked songs — especially from rappers with impassioned fan bases like Playboi Carti and Lil Uzi Vert — on Spotify, where leaked tracks can often be found climbing the viral chart, or TikTok. An unreleased Pink Pantheress song sampling Michael Jackson’s classic “Off the Wall” is currently hiding in plain sight on Spotify, masquerading as a podcast.
“Historically, streaming services don’t have an economic incentive to actually care about that,” Deezer CEO Jeronimo Folgueira told Billboard earlier this year. “We don’t care whether you listen to the original Drake, fake Drake, or a recording of the rain. We just want you to pay $10.99.” Folgueira called that incentive structure “actually a bad thing for the industry.”
In addition, many of the distribution companies that act as middlemen between artists and labels and the streaming services operate on a volume model — the more content they upload, the more money they make — which means it’s not in their financial interest to look closely at what they send along to streaming services.
However, the drive to improve this system has taken on new urgency this year. Rights holders and streaming services are going back and forth over how streaming payments should work and whether “an Ed Sheeran stream is worth exactly the same as a stream of rain falling on the roof,” as Warner Music Group CEO Robert Kyncl told financial analysts in May. As the industry starts to move to a system where all streams are no longer created equal, it becomes increasingly important to know exactly what’s on these platforms so it can sort different streams into different buckets.
In addition, the advance of artificial intelligence-driven technology has allowed for easily accessible and accurate-sounding voice-cloning, which has alarmed some executives and artists in a way that sped-up remixes have not. “In our conversations with the labels, we heard that some artists are really pissed about this stuff,” says Geraldo Ramos, co-founder/CEO of the music-tech company Moises. “They’re calling their label to say, ‘Hey, it isn’t acceptable, my voice is everywhere.’”
This presents new challenges, but also perhaps means new opportunities for digital fingerprint technology companies, whether that’s stalwarts like Audible Magic or newer players like Pex. “With AI, just think how much the creation of derivative works is going to exponentially grow — how many covers are going to get created, how many remixes are gonna get created,” Audible Magic CEO Kuni Takahashi told Billboard this summer. “The scale of what we’re trying to identify and the pace of change is going to keep getting faster.”
Kanye West filed a lawsuit in California on Wednesday (Sept. 6) against the individual or entities responsible for taking and distributing copies of his music that have ended up on social media.
In the complaint, the artist, who now goes by Ye, alleges trade secret misappropriation and breach of contract due to the unauthorized leaks of copyrighted works on both Instagram and X (formerly Twitter), arguing they have caused “substantial harm” to his reputation.
Ye’s lawyers claim that starting on Mar. 3, 2023, the owner of the @daunreleasedgod_ handle on Instagram went on a leaking spree of unreleased tracks, including “We Did it Kid,” “Shy Can’t Look,” “NASDAQ” and “Mr. Miyagi,” as well as collaborations with artists including DJ Khaled and unauthorized video footage of a Donda listening party.
The rapper’s complaint goes on to cite the @daunreleasedgod_ account on X for similarly posting unauthorized leaks on dates ranging from mid-June to late August. “Ye has suffered significant financial losses and damages as a direct result of the Defendants’ actions,” the suit alleges.
The lawsuit does not name @daunreleasedgod_ or any of its other variations as a defendant in the case, only that it was the main distribution vehicle for the leaks.
Ye’s lawsuit indicates that he “does not know the true names or capacities” of the defendants who leaked the tracks to the Instagram or X user(s), but believes that those individuals were required to sign confidentiality agreements with him before they were given access to the compositions. By leaking and distributing the tracks, the defendants breached their contract with the artist and owe him damages and any profits generated, the complaint adds.
The filing continues that the “distinctive arrangement and unique elements” found in Ye’s music amount to a trade secret “due to its economic value, secrecy, and the efforts taken to safeguard it” and that the defendants violated their contract with Ye when they “knowingly and unlawfully acquired, disclosed, and distributed” those unique works.
The case, filed by Gregory K. Nelson of Weeks Nelson, seeks to restrain the defendants and “those acting in concert with them or at their direction” from further exploitation of Ye’s compositions and demands damages, fees and other costs. While the identities of the defendants are not yet public, “Ye will amend its Complaint to set forth the true names and capacities of these defendants when they have been ascertained.”
-
Pages