By now, you probably know that someone figured out how to record songs from Napster's groundbreaking portable subscription service by saving them as unprotected WAV files. Apparently, someone named warlock1711 posted the discovery on the CD Freaks bulletin board, and from there it spread to Engadget and BoingBoing, then to Reuters and the mainstream press.

When I first heard about the so-called hack, I happened to be recording a phone interview with Gene Steinberg about his Mac Night Owl online radio show. Naturally, we were presented with the perfect opportunity to discuss our immediate reactions to the news. At first, I was somewhat swept up by the headlines about Napster being "hacked." But then I realized what the hack really involved: It entails using Winamp, along with a free plug-in, to record music in real time. That's not a hack. That's a recording. When your playback software decodes a secure music file so that you can hear it, those unsecured bits can be captured and saved by another program. It's the digital equivalent of dubbing a cassette, which is hardly the scenario I had initially imagined. (I had envisioned someone stripping an entire library of Napster songs of its Digital Rights Management protection in, say, an hour or so.) Then, after the songs are recorded as WAVs, they'll need to be recompressed to MP3 or something else to make the file sizes manageable again.

The heat is on
Napster is feeling the heat in the media and blogosphere right now, and I'm sure the record labels are none too happy about their music slipping from Napster and Microsoft's "secure" environment. However, in reality, the same problem affects every other purveyor of secure music. You can record in real time from any secure audio source by using programs such as Total Recorder (Windows) or Audio Hijack (Mac) to capture audio in the same way the above-mentioned Winamp plug-in does.

As CNET News.com's John Borland brilliantly pointed out, Microsoft has offered one solution to this industry-wide problem since the year 2000: the Secure Audio Path (SAP), which adds noise to audio as it's played back by music software. An approved sound card then strips the noise from the file and plays it, evidently with no effect on sound quality. If you were to try this Winamp trick on a system with SAP, your recordings would be fouled by digital interference.

With security comes hassle
So why don't more online music services choose to have their secure music piped through Microsoft's Secure Audio Path? Well, for starters, it would bar playback software from altering bass, treble, and other EQ settings. Furthermore, users would be forced to use the right Microsoft-approved sound cards. Even worse, the manufacturers of those cards would have to keep up with Microsoft's updates to the system to ensure that users installed them. Otherwise, music would mysteriously just stop playing. Online music services and the people trying to figure out how to use them face enough challenges as it is. They shouldn't also have to worry about potential sound-card monkey wrenches.

Napster's security is holding up as well as anyone else's right now. The only difference that might anger the labels is that a dedicated free rider could theoretically record more than 500 albums in a month this way for $15, whereas doing the same thing with an à la carte service at 99 cents per download would cost almost $5,000. The thing is, whoever's going to go through the whole process probably downloads illicitly from peer-to-peer services and belongs to a CD trading circle anyway. People "hacking" Napster with Winamp might be upsetting the labels, but they're not costing the labels sales. These folks don't pay for music anyway.

You can't digitize the air
Perhaps music subscription services will embrace Secure Audio Path to satisfy the labels' security needs, but I'm hoping the labels are happy enough with Napster's "pretty good protection" (to coin a term) that they don't shy away from subscription services. After all, the only way to protect the music completely--to make it truly impervious to some sort of real-time-recording hack--would be to make the entire chain, from the online music store to your speakers, purely digital. This would mean buying new digital stereos, speakers, cables, and more, which is hardly a likely scenario. And even then, some dedicated free rider could always record the sound right from nice speakers using expensive mics to disseminate it on tomorrow's P2P networks since there's no way to secure the air between his speakers and microphones.

Until then, my advice to the labels, if they're listening, is that they should learn to accept some small degree of piracy. For most people, paying $15 per month for peace of mind and ease of use is preferable to spending all that time jumping through technical hoops.

Should the labels adopt Microsoft's Secure Audio Path? Is a small level of piracy inevitable? TalkBack to me below.