DIGITAL
MUSIC AND VIDEO LICENSE AGREEMENT
PUBLISHING
This
Digital Music and Video License Agreement (the "Agreement"),
together with the Standard Terms and Conditions attached hereto
and incorporated by reference, is entered into as of the date of signature
of
this Agreement (the "Effective
Date") by and between Mohen, Inc. d/b/a SpiralFrog, a Delaware
corporation with its principal place of business at 95 Morton Street, New York,
New York 10014, (referred to in this Agreement as "Licensee")
and the licensing party listed on the attached signature page,
including, but not limited to, such licensing party's Affiliates, as defined
herein (collectively referred to in this Agreement as either "Licensor"
or "you"). Unless otherwise indicated, all capitalized terms
used in this Agreement have the meaning set forth in the Standard Terms and
Conditions.
WHEREAS,
Licensee desires to offer to Users (as defined below), solely via its digital
music service (the "Service",
defined and described more fully below and in the annexed
Exhibit A), Limited Music Downloads and Music Streams (as such terms are defined
below) embodying Master Recordings (as defined below), including Relevant
Compositions (as defined below); and
WHEREAS,
Licensee desires to offer to Users, solely via the Service, Limited Video
Downloads and Video Streams (as such terms are defined below) embodying A/V
Master Recordings (as defined below), including Underlying Compositions (as
defined below); and
WHEREAS,
in connection with the operation of the Service, Licensee seeks licenses to
reproduce and distribute the Licensor Compositions as embodied in Limited Music
Downloads, Music Streams, Limited Video Downloads, and Video Streams, and
Licensor is prepared to issue such licenses to Licensee in connection with
the
Service;
NOW,
THEREFORE, in consideration of the promises contained in this Agreement and
for
other good and valuable consideration, the adequacy and sufficiency of which
each party hereby acknowledges the parties agree as follows:
1. Grant
of
Rights.
Licensor hereby grants the following non-exclusive rights
in
and to
the
Licensed Content (listed in Exhibit B, as amended from time to time, and
incorporated by reference) to Licensee, during the Term and within the
Territory:
(a) to
reproduce Relevant Compositions and Underlying Compositions as Digital Files
on
Secured Servers;
(b) to
reproduce and distribute Relevant Compositions and Underlying Compositions
embodied in Digital Files as Limited Music Downloads, Music Streams, Limited
Video Downloads, and Video Streams;
(c) the
right
to use reputable third-party meta-data (i.e., data from All-Music Guide,
Gracenote, Muze and Pollstar) in conjunction with the Licensed Content;
and,
(d) those
rights that may not be expressly granted hereunder that permit Licensee to
carry
on its business and operate the Service as intended by the parties under this
Agreement.
1A. Delivery
of Licensed
Content. Licensor will provide Licensed Content to
Licensee
within
thirty (30) days of execution of this Agreement, and, as new Licensed content
becomes available, Licensor will provide the respective Licensed Content within
thirty (30) business days of Licensor's receiving notice from Licensee
requesting such Licensed Content.
2. Restrictions
on Grant of Rights.
(a) Any
and all rights in and to the Licensed Content not expressly granted
hereunder
are reserved by Licensor, including, but not limited to:
(i) rights
of public performance (Licensee warrants and represents that
Licensee
shall obtain licenses to publicly perform Licensor Compositions in connection
with the Service from the applicable performing rights societies);
(ii) copyrights
or other rights in musical compositions and sound
recordings,
including any musical compositions and sound recordings embodied in any Digital
File;
(iii)
(iv) rights
to
use, exploit, or permit the use or exploitation of any Licensor Composition
or
the Lyrics of any Licensor Composition in a video game;
(v) rights
to
use, exploit, or permit the use of exploitation of any Licensor Composition
of
any Licensor Composition as a ringtone, ringback tone, or other so-called
"telecommunication personalization product";
(vi) adaptation
(derivative work) rights or right to alter the fundamental character of an
Licensor Composition or the Lyrics of an Licensor Composition, or to create
any
derivative work based in whole or in part on an Licensor Composition or the
Lyrics of an Licensor Composition;
(vii) merchandising
rights;
(viii) use
of a
Licensor Composition for a marketing campaign, product tie-in, game or contest,
or otherwise to directly advertise, promote or cross-promote any product or
service; and,
(ix) permanent
download rights.
Provided
however, nothing shall prevent Licensor and Licensee from entering into a
separate written agreement according to the terms of Section 15 of the Standard
Terms and Conditions, by which Licensor grants Licensee any such rights
according to the terms of that separate agreement.
(b) This
Agreement may not be sublicensed, assigned or otherwise transferred
by
Licensee.
(c) Licensor
hereby acknowledges that User's experience of any Licensor
|
|
Composition
occurs in connection with third-party advertising; however, Licensee
shall
not: (I)without
Licensor's prior, written consent create a direct
association
|
|
between
any specific Licensor Composition and any third-party advertising
in a
manner that suggests Licensor or artists featured in any specific
Licensor
Composition is associated with or endorses any advertiser, product
or
service; or,
(ii)
knowingly display advertisements from any entity whose primary business relates
to the unauthorized distribution of copyrighted material, illegal drugs or
pornographically obscene.
(d) For
the
avoidance of doubt, ownership and control of any copyrights and/or trademarks
in
any Licensed Content is retained solely by Licensor, and neither Licensee nor
any User or other third party shall obtain any ownership rights in any work
derived from or that makes use of any Licensed Content.
3. Compensation.
In consideration of the rights granted herein, Licensee
shall pay
Licensor
the following amounts, which will be calculated on a quarterly
basis:
(a) Music
Royalty. With respect solely to Licensee's exploitation of Limited
Music
Downloads
and Music Streams, Licensee shall pay to Licensor a royalty equal to the greater
of (i) ten percent (10%) of Gross Music Revenue or twenty percent (20%) of
Master Revenue, multiplied by Licensor's Music Royalty Share.
(A) The
"Music Royalty Share" shall equal a fraction, the numerator of which shall
be
the sum of the number of Music Plays and Music Streams, and the denominator
of
which shall be the sum of the number of Music Plays, Music Streams, Service-wide
Music Plays and Service-wide Music Streams.
(B) The
"Music Master Revenue" shall equal the amount the owner of the Master Recording
embodying the Licensor Composition receives (or is credited) for the
exploitation of Limited Music Downloads and Music Streams.
(C) Notwithstanding
the foregoing, solely with respect to the Non-CMRRACompositions
exploited in Limited Music Downloads and Music Streams in Canada, Licensee
shall
pay to Licensor a royalty equal to the royalty payable for the comparable
Limited Music Downloads and Music Streams under the terms of the CMRRA
Agreement.
(b) Video
Royalty. With respect solely to Licensee's exploitation of Limited
Video
Downloads
and Video Streams, Licensee shall pay to Licensor a royalty equal to the greater
of (i) ten percent (10%) of Gross Video Revenue or (ii) twenty percent (20%)
of
Video Revenue, multiplied by Licensor's Video Royalty Share, which will be
calculated on a quarterly basis:
(A) The
"Video Royalty Share" shall equal a fraction, the numerator of which shall
be
the sum of the number of Video Plays and Video Streams, and the denominator
of
which shall be the sum of the number of Video Plays, Video Streams, Service-wide
Video Plays, and Service-wide Video Streams.
(B) The
"Video Master Revenue" shall equal the amount the owner of the Master Recording
embodying the Licensor Composition receives (or is credited) for the
exploitation of Limited Video Downloads and Video Streams.
(d) Unsold
Advertising Inventory. Licensee shall provide to Licensor, and Licensor
shall be entitled to use, a pro-rata share of six percent (6%) of Licensee's
unsold advertising inventory, which Licensor may use to promote Licensed Content
owned and/or controlled by Licensor. Licensor's pro-rata share of unsold
advertising inventory shall be determined by using the fraction used in
calculating Licensor's Music Royalty Share multiplied by six percent (6%) of
the
unsold advertising inventory available based upon the previous quarter's royalty
calculation (or in the case of the Service's first quarter after launch, a
commercially reasonable estimate of the same).
(e) Licensee
will use its best efforts to track Music Plays, Service-wide Music Plays,
Video Streams and Service-wide Video Streams using the system of each Covered
Device, which systems are subject to interruptions and other interference not
within Licensee's control, and that such interruptions and other interference
will affect the royalty calculations set forth above.
(f) If,
during the Term of this Agreement, we have an agreement with any third
party
publisher ("Other Agreement") granting us the same distribution and reproduction
rights granted hereunder in third-party-owned musical compositions or shares
of
musical compositions, yet prescribing a royalty computation method ("Other
Method") which, if used under this Agreement, would result in royalty
computations more favorable to you than that
prescribed
in this Section 3, we will so advise you and will pay you royalties based on
the
Other Method instead, for the portion of the Term of this Agreement during
which
the Other Agreement is effective.
4. Advance.
Licensee shall pay to Licensor the sum of Three Hundred
Thousand United States Dollars (US$300,000.00) as an advance against the amounts
otherwise payable to Licensor under paragraph 3 above, payable promptly after
the full execution of this Agreement.
5. Term.
The term of this Agreement shall commence as of the
Effective Date, and unless earlier terminated in accordance with the Terms
and
Conditions, shall continue until December 31, 2008.
IN
WITNESS WHEREOF,
the parties have executed this Agreement as of the Effective
Date:
MOHEN,
INC. d/b/a SPIRALFROG
/s/
Scott
Francis
7/26/07
President
245 5th
Ave. NY NY 10016
REDACATED
By:
Date
President
245
5th Ave NY NY
REDACATED
prescribed
in this Section 3, we will so advise you and will pay you royalties based on
the
Other Method instead, for the portion of the Term of this Agreement during
which
the Other Agreement is effective.
4. Advance.
Licensee shall pay to Licensor the sum of Three Hundred
Thousand United States Dollars (US$300,000.00) as an advance against the amounts
otherwise payable to Licensor under paragraph 3 above, payable promptly after
the full execution of this Agreement.
5. Term.
The term of this Agreement shall commence as of the
Effective Date, and unless earlier terminated in accordance with the Terms
and
Conditions, shall continue until December 31, 2008.
IN
WITNESS WHEREOF, the parties have executed this Agreement as of
the Effective Date:
MOHEN,
INC. d/b/a SPIRALFROG
REDACTED
By:
President
REDACTED
"eCommerce
Revenue" shall mean all amounts or other considerations received
by Licensee during the Term, from (i) Users, and (ii) from any other entity
(including, without limitation, advertisers), who sells goods or services on
the
Service or via a separate website that is accessed via a direct link or
advertisement on the Service and for which sales Licensee receives
consideration, including, but not limited to, Referral Fees.
"Gross
Music Revenue" shall mean Advertising Revenue which is directly
attributable to Limited Music Downloads and Music Streams.
"Gross
Video Revenue" shall mean Advertising Revenue which is directly
attributable to Limited Video Downloads and Video Streams (other than Limited
Video Downloads or Video Streams of a prelicensed video product, such as
television programs, motion pictures or video games).
"Licensed
Content" shall mean Licensor Compositions,
"Licensee"
shall mean, individually and collectively, Mohen, Inc. d/b/a
SpiralFrog and each of its Affiliates.
"Licensor
Composition" shall mean only that portion of the ownership,
interest and rights in a Composition that is owned, controlled by or licensed
to
Licensor in the Territory, which are listed in Exhibit B and which are available
for the purposes described in this Agreement.
"Limited
Download" shall mean an encrypted digital transmission of a
time-limited or other use-limited download of a Digital File embodying a Master
Recording, which is delivered via the Service from a Secured Server(s) to the
Covered Device of a User in accordance with the terms and conditions of such
User's agreement with Licensee and is only available to such User through such
Covered Device for a limited period of time in accordance with the terms of
this
Agreement.
"Limited
Music Download" shall mean a digital transmission of a
time-limited or other use-limited download of a Licensor Composition embodied
in
a Master Recording, which is delivered via the Service from a Secured Server(s)
to the Covered Device of a User in accordance with the terms and conditions
of
such User's agreement with Licensee and is only available to such User through
such Covered Device for a limited period of time. Each Limited Music Download
times out within two months from the date on which the User first downloaded
the
Master Recording, or from the date on which the User last reconnected his/her
Covered Device so that the service can renew the license and collect play-count
information or from the end of the term.
"Limited
Video Download" shall mean an encrypted digital transmission of
a time-limited or other use-limited download of a Licensor Composition embodied
in an A/V Master Recording, which is delivered via the Service from a Secured
Server(s) to the Covered Device of a User in accordance with the terms and
conditions of such User's agreement with Licensee and is only available to
such
User through such Covered Device for a limited period of time. Each Limited
Video Download times out within two months from the date on which the User
first
downloaded the Master Recording, or from the date on which the User last
reconnected his/her Covered Device so that the service can renew the license
and
collect play-count information or from the end of the term.
"Master
Recording" shall mean an audio-only master sound
recording.
"Music
Play" shall mean each instance whereby a User causes a Licensor
Composition to be heard in its entirety (as embodied on a Master Recording)
on a
Covered Device, when such content was originally delivered to the Covered Device
as a Limited Music Download.
"Music
Stream" shall mean an encrypted digital transmission of the
Licensor Composition embodied in a Master Recording from Secured Servers via
the
Service that allows a User to receive and listen to a particular Master
Recording upon request at a time chosen by the User using streaming technology
(including, without limitation, via Real Networks' RealAudio or Microsoft's
Windows Media Audio formats) through the User's Covered Device, which
transmission will (a) not result in a substantially complete portable
reproduction of such Master Recording (other than a temporary copy such as
those
used solely for caching or buffering) and (b) occur substantially
contemporaneously with the play of the given Master Recording.
"Person"
means a natural person, a corporation, a limited liability
company, a partnership, a trust, a joint venture, a division, any governmental
authority or any other entity or organization.
"Personal
Computer" shall mean an Internet Protocol (IP)-enabled desktop
or notebook computer.
"Portable
Digital Music Device" shall mean a portable digital music device
(including, but not limited to, mobile-telephone and other mobile devices that
may also operate on a wireless communications network) that is used for the
storage and play/playback of digital music files (i.e., music files encoded
in
MP3, AAC, WMA or similar audio format).
A
"Relevant
Composition" shall mean the Licensor Composition embodied on a
Master Recording.
"Secured
Server" shall mean a secured server that is (a) located in the
Territory, (b) owned and operated by Licensee or Licensee's vendor and (c)
continuously protected by means of (i) physical security that meets or exceeds
the prevailing physical security best practices in the industry and (ii)
firewall and other digital security technology that meets or exceeds the
prevailing digital security technology best practices in the
industry.
"Security
Systems" shall have the meaning set forth in paragraph 3(g)
hereof.
"Service"
shall mean the online service owned and operated by Licensee,
as
described more fully in Exhibit A hereto (hereby incorporated herein by this
reference), which offers to Users, but is not limited to, Limited Music
Downloads, Music Streams, Limited Video Downloads, Video Streams and/or Lyric
Displays that are transmitted from Secured Servers to the Covered Devices of
Users in accordance with the terms and conditions of this Agreement. The Service
shall also include and incorporate the Lyric Search Service.
"Service-wide
Music Plays" are the total number of instances where Users cause
compositions (as embodied on Master Recordings) of third-party rights-owners
contributing such compositions to the Service to be heard in their entirety
on a
Covered Device, when such content was originally delivered to the Covered Device
as limited-use downloads.
"Service-wide
Music Streams" shall mean the total number of encrypted digital
transmissions from Secured Servers via the Service of compositions (as embodied
on Master
Recordings)
of third-party rights-owners contributing such compositions to the Service
that
allow Users to receive and listen to particular Master Recordings upon request
at a time chosen by the User using streaming technology (including, without
limitation, via Real Networks' RealAudio or Microsoft's Windows Media Audio
formats) through the User's Covered Device, which transmissions will (a) not
result in a substantially complete portable reproduction of such Master
Recording (other than a temporary copy such as those used solely for caching
or
buffering) and (b) occur substantially contemporaneously with the play of the
given Master Recording.
"Service-wide
Video Plays" are the total number of instances where Users cause
compositions (as embodied on A/V Master Recordings) of third-party rights-owners
contributing such compositions to the Service to be heard and seen in their
entirety on a Covered Device, when such content was originally delivered to
the
Covered Device as limited-use downloads.
"Service-wide
Video Streams" shall mean the total number of encrypted digital
transmissions from Secured Servers via the Service of compositions (as embodied
on A/V Master Recordings) of third-party rights-owners contributing such
compositions to the Service that allow Users to receive, view and listen to
particular A/V Master Recordings upon request at a time chosen by the User
using
streaming technology (including, without limitation, via Real Networks'
RealAudio or Microsoft's Windows Media Audio formats) through the User's Covered
Device, which transmissions will (a) not result in a substantially complete
portable reproduction of such A/V Master Recording (other than a temporary
copy
such as those used solely for caching or buffering) and (b) occur substantially
contemporaneously with the play of the given A/V Master Recording.
"Territory"
shall mean the United States, its possessions, territories,
and
military bases (the "USA"), except that solely with respect to the reproduction
and distribution of Relevant Compositions and Underlying Compositions embodied
in Digital Files as Limited Video Downloads and Video Streams, the "Territory"
shall mean the USA and Canada. For purposes of this Agreement, distribution
of a
Digital File shall be deemed to occur within the Territory if either (a) the
Secured Server from which the Digital File is distributed to the User is located
in the USA, or (b) the Secured Server from which the Digital File is distributed
to the User is located outside of the USA and the User receiving the Digital
File resides in the USA and such User's Personal Computer is located in the
USA.
Notwithstanding the foregoing, the "Territory" with respect to Limited Music
Downloads and Music Streams shall be deemed to include Canada solely with
respect to those Compositions to the extent not licensed to Licensee through
that certain agreement between Licensee, on the one hand, and CMRRA, on the
other hand (such agreement is hereinafter referred to as the "CMRRA Agreement"
and such Compositions are hereinafter referred to as the "NonCMRRA
Compositions").
"Underlying
Composition" shall mean the Relevant Composition embodied on an
A/V Master Recording.
"User"
shall mean any individual who is a registered user of the
Service, having agreed to Licensee's user agreement, and who is authorized
by
Licensee to access Limited Downloads, Streams, Limited Video Downloads and
Video
Streams, and/or any individual who uses the Service solely to access 30-second
Music Streams or 30-second Video Streams, via the Service solely for personal,
non-commercial use.
"Video
Play" shall mean each instance whereby a User causes a Licensor
Composition to be heard and seen in its entirety (as embodied on an A/V Master
Recording) on a Covered
Device,
when such content was originally delivered to the Covered Device as a Limited
Video Download.
"Video
Stream" shall mean an encrypted digital transmission of a
Licensor Composition embodied in an A/V Master Recording from Secured Servers
via the Service that allows a User to receive, view, and listen to a particular
A/V Master Recording upon request at a time chosen by the User using streaming
technology (including, without limitation, via Real Networks' RealAudio or
Microsoft's Windows Media Audio formats) through the User's Covered Device,
which transmission will (a) not result in a substantially complete portable
reproduction of such A/V Master Recording (other than a temporary copy such
as
those used solely for caching or buffering) and (b) occur substantially
contemporaneously with the play of the given A/V Master Recording.
2.Licensee
Service Obligations.
(a) Service
Operation. Licensee will be responsible for all DRM encoding,
hosting, serving and providing clearinghouse and other functions necessary
for
the operation of the Service in accordance with the terms and conditions of
this
Agreement.
(b) User
Agreement Licensee shall require each User to enter into a user
agreement which prohibits further distribution of the Licensed
Content.
(c) Limitations
on User Access, Licensee's user agreement shall state that each User
shall only be authorized to access Limited Music Downloads, Music Streams,
Limited Video Downloads, Video Streams and Lyric Displays through the Service
on, and for each User Covered Devices shall only include one (1) Personal
Computer and up to two (2) Portable Digital Music Devices.
(d) Buy
Link. Upon a User's selection of Licensed Content, Licensee will
ensure that Users have access to a "buy button" or similar hyperlink, through
which the User can purchase permanent copies (in electronic and/or physical
format) of the applicable Relevant Composition and/or Underlying
Composition.
(e) Metadata.
Licensor will provide Licensee with all metadata associated with
the
Licensed Content, including without limitation, any and all names, full contact
information and share of composition-ownership for any composers, publishers
and/or other rights owners with whom Licensor shares ownership of each
Composition. Licensee shall use commercially reasonable efforts to use metadata
delivered by Licensor to Licensee hereunder. Licensor shall deliver such
metadata to Licensee via FTP in either XML or tab delineated format or as
otherwise mutually agreed between the parties in writing. Notwithstanding
anything to the contrary contained in this Agreement, Licensor shall retain
all
right, title and interest in and to any Licensor-provided metadata delivered
hereunder.
(f) Writer/Licensor
Credit. Licensee shall, to the extent commercially feasible, include
in any graphics and/or imagery displayed in connection with any Licensor
Composition, written credit in legible form setting forth the names of the
writer(s) and publisher(s) of such Licensor Composition. Further, upon
Licensor's notice to the appropriate Licensee contact set forth on Exhibit
C,
Licensee promptly will correct any errors in such credits. Failure to abide
by
the provisions of this subparagraph 2(g) shall not be a breach of this
Agreement.
(g) Security
Compliance.
(i) In
connection with any use of Licensed Content, Licensee shall
implement
and maintain copy protection and DRM technology and systems, consistent with
accepted industry practices (collectively, "Security Systems") with respect
the
Service under its supervision and/or control, including Secured Servers and
operating systems, that:
(A) are
designed to prevent unauthorized reproduction and distribution of Licensed
Content;
(B) encrypt
Licensed Content with a reasonably current version of DRM technology accepted
within the industry;
(C) are
sufficient to track and enforce the use and other license limitations
contemplated by this Agreement; and
(D) generally
meet or exceed accepted industry practices for the licensed delivery of music
via digital transmission.
Provided
however, Licensee may distribute MP3 files in an unprotected format when the
distribution of such files is expressly approved by Licensor.
(ii) If
Licensor has a good-faith basis to believe that Licensee is not in
compliance
with such Security Systems, Licensor shall be entitled, upon thirty (30)
business days' prior written notice to Licensee, to conduct or have a third
party conduct an examination (a "Security Compliance Examination") of the
operations and Security Systems of Licensee solely with respect to rights
covered by this Agreement. Licensee shall make commercially reasonable efforts
to cooperate with Licensor and/or Licensor's qualified designated representative
regarding such Compliance Examination. Licensor's shall not conduct any Security
Compliance Examinations of Licensee more frequently than once every twelve
(12)
months.
3.Accounting.
(a) Payment
Process.
Licensee shall pay royalties due to Licensor hereunder within sixty
(60) days after the end of each quarterly accounting period (or partial period
in the event of an early termination or expiration before the calendar close
of
such quarterly period) by wire or ACH banking transfer, provided Licensor
provides such bank account and related information to Licensee in writing within
a reasonable period of time.
(b) Accounting
Statements. In connection with each royalty payment hereunder,
Licensee shall provide Licensor with an electronic statement ("Statement")
which
shall set forth aggregate User consumption history of the Licensed Content
in
sufficient detail to determine Music Royalties and Video Royalties Payable
hereunder. Each statement shall also include detail on the Licensed Content
distributed to Users via the Service as (i) Limited Music Downloads, (ii)
Limited Video Downloads, (iii) Music Streams and (iv) Video Streams. Each
statement shall identify the number of Limited Music Downloads, limited Video
Downloads, Music Stream, and Video Streams associated with
(c) Audit. Licensor
shall be entitled, once during every calendar year, upon at least
thirty days' prior written notice, to examine the books and records of Licensee
to determine the accuracy of Licensee royalty statements (a "Royalty
Examination"). Such Royalty Examination shall be conducted by an
accountant with experience in digital music royalty payments. Such Royalty
Examination shall take place at Licensee's place of business during normal
business hours, in a manner designed to be as non-disruptive to Licensee's
business as possible. Licensor shall not conduct an audit more frequently than
once every twelve (12) months.
(d) All
statements rendered by Licensee shall be incontestable within one (1) year
of
the date due, unless an objection in writing is made for each such statement.
Any
objection
must specify, with particularity, the reason for such objection, and if an
audit
is to be conducted with respect to such statement, it must be conducted within
three (3) years of the issuance of such statement. Notwithstanding any
applicable statutes of limitations, Licensor waives any action brought in
connection with an audit of any royalty statement unless such action is brought
within one (1) year of the date of the commencement of any such
audit.
4.Licensed
Content List / Takedown
Procedure.
(a)
The
rights granted hereunder shall apply solely to the Licensed Content set forth
on
the Licensed Content List, attached hereto as Exhibit B. Licensor will provide
the Licensed Content List according to the following terms:
(i) The
Licensed Content List shall include at least all Licensor Compositions and
Lyrics licensed to the digital music provider which has received the largest
number of Licensor Compositions and Lyrics licensed owned/controlled by
Licensor.
(ii) Licensor
will provide a complete, updated Licensed Content List at execution of this
Agreement and thereafter no less frequently than monthly as Licensed Content
is
added or subtracted from the Licensed Content List via access to an FTP or
similar site as agreed upon by the appropriate, respective contacts of the
parties as listed on Exhibit C; provided however, except as set forth in
paragraph 4(a)(iv) below, nothing shall prevent Licensee from providing new
Licensed Content to Users at the street date of the Master Recording and/or
A/V
Master Recording, as applicable. If Licensor provides additional Licensor
Compositions and Lyrics licensed to any other third party digital music or
digital music video service, then Licensor shall offer such additional Licensor
Compositions and Lyrics licensed to Licensee at the same time.
(iii) The
Licensed Content List shall include, without limitation, any and all names,
full
contact information and share of composition-ownership for any composers,
publishers and/or other rights owners with whom Licensor shares ownership of
each Composition.
(iv) Notwithstanding
the foregoing subparagraphs 4(a)(i) and 4(a)(i), Licensor shall not be
considered in breach of subparagraph 4(d) if Licensor fails to provide Licensed
Content (A) due to the reasonable objection of an artist with whom Licensor
is
bound by agreement with respect to such artist's rights in a Licensor
Composition (an "Artist Agreement"), or (B) that is provided to third parties
on
an exclusive basis under written agreement for a limited term ("Exclusives");
provided however, Licensor will provide Licensee the Exclusives immediately
upon
termination of such limited term.
(b) If
any Licensed Content ceases to be owned or controlled by Licensor for
any
reason,
then upon Licensor's written notice and request, Licensee shall remove access
to
such Licensed Content from the Service within one (1) business day of such
request. Licensor shall not exercise the takedown right described in this
paragraph in a manner that intentionally would defeat or frustrate the rights
granted to Licensee under the Agreement.
(c) Licensee
shall not exploit the rights conveyed herein relating to any Licensed
Content
prior to the official USA release date of an album or individual Master
Recording, as applicable, embodying such Licensed Content. Further and
notwithstanding the foregoing, Licensee may exploit those rights conveyed herein
before such release date to the extent that Licensee must reproduce Licensed
Content to receive, store, and prepare its availability to Users (for example,
as ephemeral copies) without distributing it to Users.
5. Licensee's
Third-Part
Obligations. Except as specifically set
forth herein, Licensee
will be solely responsible for procuring any and all licenses, clearances and/or
consents that may be required to operate, or from the operation of, the Service
as contemplated hereby, and will be responsible for all payments required to
be
paid to any entity (including, without limitation, any performance rights
society or similar body, any owners of Master Recording copyrights, any
collection societies, industry organizations or similar bodies) in connection
with the Service.
6. Licensor's
Third-Part
Obligations. In
addition to the other agreements and obligations
of Licensor herein, with respect to Licensed Content, Licensor shall be
responsible for any sample clearances and/or consents, and payments, including,
but not limited to, all associated so-called writer royalties that, as a result
of the Service, may be required for, or due to, a writer and any other
third-party record royalty participants (e.g., a producer). In addition,
Licensor shall be responsible for any payments that may be due to the Musical
Performance Trust Fund and the Administrator of the Special Payment Fund of
the
American Federation of Musicians, and any similar fund established by a
collective bargaining agreement within the recorded music industry.
7.Intellectual
Property.
(a) Ownership
of Licensed Content. All right, title and interest in and to the Licensed
Content, including all intellectual property rights inherent therein are owned
and retained exclusively by Licensor.
(b) Ownership
of Licensee Service and related systems. As between Licensee and Licensor,
Licensee owns all right, title and interest in and to the Service (subject
to
ownership of Licensed Content as described in paragraph 7(a)), including all
intellectual property rights in and to all elements and components related
thereto, and all goodwill associated with the Service will inure solely to
the
benefit of Licensee. Licensor understands and agrees that it shall not acquire
any right, title or interest in or to the Licensee Service, or any part thereof,
by reason of this Agreement or the performance hereof. All rights not
specifically granted herein with respect to the Service are reserved to
Licensee. Licensor will not contest, or assist other non-affiliated parties
in
contesting, Licensee's rights and interests in the Service or the validity
of
such ownership (including all intellectual property rights in and to all
elements and components related thereto).
(c) Consumer
Data. Licensee shall be the sole owner of any and all
demographic
and User data related to the Service, including, but not limited to,
survey
information,
IP addresses, User activity, cookies and email addresses. To the extent
practicable, Licensee shall provide Licensor with anonymous, aggregate consumer
data related to Licensor's Licensed Content.
8. Representations,
Warranties and Covenants; Indemnity.
(a) Each
Party represents to the other Party that:
(i) such
Party has the full right, power and authority to execute, deliver and
perform this Agreement and to consummate the transactions contemplated
hereby;
(ii) the
execution, delivery and performance of this Agreement and the consummation
of
the transactions contemplated hereby have been duly authorized by all necessary
corporate action;
(iii) this
Agreement has been duly executed and delivered by an authorized officer, and
is
a legal, valid and binding obligation enforceable against such Party in
accordance with its terms, except as enforcement may be limited by general
principles of equity (regardless of whether such enforceability is considered
in
a proceeding at law or in equity) and the effect of applicable bankruptcy,
insolvency, moratorium and other similar laws of general application relating
to
or affecting creditor's rights generally, including the effect of statutory
or
other laws regarding fraudulent conveyances and preferential
transfers;
(iv) the
execution, delivery and performance of this Agreement will not constitute a
breach or default under any contract or agreement to which such Party is a
party
or by which such Party is bound or otherwise violate the rights of any third
Person; provided however, Licensor shall not be considered in breach of this
subparagraph 8(a)(iv) solely to the reasonable extent Licensor is bound by
an
Artist Agreement; and,
(v) except
to
the extent expressly set forth in an Artist Agreement, no consent, approval
or
authorization of or from any governmental entity or any other Person not a
party
to this Agreement, whether prescribed by law, regulation, contract or agreement,
is required for its execution, delivery and performance of this Agreement or
consummation of the transactions contemplated hereby.
(b)
Licensor hereby warrants and represents to Licensee that:
(i) Licensor
owns or controls the Licensed Content and has the right to grant all rights
contained herein to the Licensed Content;
(ii) Licensor
is a duly organized and existing company in good standing under the laws of
its
place and country of formation, and has the exclusive right, power and authority
to enter into this Agreement, to grant the rights agreed to be granted by
Licensor hereunder;
(iii) Licensor
has not made and will not make any grant, assignment, commitment, license or
do
or permit any act which will or might materially interfere with or impair the
full and complete performance of Licensee's full and complete enjoyment and
exercise of the rights and privileges granted herein; and,
(iv) There
are
no liens, claims or encumbrances which might conflict with or otherwise affect
any of the provisions of this Agreement or Licensee's promotion or exploitation
of the Licensed Content in any and all media whether now known or hereafter
devised throughout the universe in perpetuity.
(c)Licensee
hereby represents and warrants to Licensor that it shall:
(i) it
shall
take all reasonable steps necessary to implement and shall comply with its
security obligations set forth in this Agreement; and,
(ii) it
shall
use best efforts to obtain from the relevant owners, at its own expense, any
rights in and to underlying musical compositions embodied in Licensed Content
necessary to exploit the Licensed Content in accordance with this
Agreement.
(d) Licensee
agrees to indemnify, defend and hold harmless Licensor,
("Indemnitee")
from and against any losses, injuries, damages, claims, expenses
and costs (including without limitation reasonable attorneys' fees) ("Claims")
incurred or suffered by Indemnitee, arising from any third-party
actions, claims, suits or legal
proceedings
of any kind, caused by, arising from or related to: (i) Licensee's failure
to
perform any of its obligations under this Agreement and/or any breach or alleged
breach of any representation or warranty hereunder; (ii) the operation of the
Service or Licensee's business; and (iii) any acts or omissions of any Licensee
employee or agent. Licensor shall promptly notify Licensee in writing of any
Claim and allow Licensee to control the defense thereof; provided that Licensee
may not settle such Claim without Licensor's prior written
approval.
(e) Licensor
agrees to indemnify, defend and hold harmless Licensee, its
respective
officers, employees and agents, (collectively, the "Licensee
Indemnitees") from and against any losses, injuries, damages,
claims, expenses and costs (including without limitation reasonable attorneys'
fees) ("Claims")
incurred or suffered by any Licensee Indemnitee, arising from
any third-party actions, claims, suits or legal proceedings of any kind, caused
by, arising from or related to: (i) Licensor's failure to perform any of its
obligations under this Agreement and/or any breach or alleged breach of any
representation or warranty hereunder; (ii) the operation of Licensor's business;
and (iii) any acts or omissions of any Licensor employee or agent. Licensee
shall promptly notify Licensor in writing of any Claim and allow Licensor to
control the defense thereof; provided that Licensor may not settle such Claim
without Licensee's prior written approval.
9. Termination;
Survival.
(a) Licensor
shall have the right to terminate this Agreement after providing
thirty
(30) days' prior written notice to Licensee in the event of a material breach
of
any provision of this Agreement, only if during such thirty (30) day period,
Licensee fails to cure such alleged breach.
(b) Licensee
shall have the right to terminate this Agreement at any time on thirty (30)
days' prior written notice to Licensor, in the event of a material breach of
any
provision of this Agreement, only if during such thirty (30) day period,
Licensor fails to cure such alleged breach.
(c) All
representations, warranties and indemnities shall survive expiration or
termination
of this Agreement.
(d) Within
ninety (90) days after the effective date of any termination under this
paragraph,
each User's rights to the Licensed Content shall lapse.
(e) This
subparagraph 9(e), paragraphs 8, 11, 14, 15, 17, and 18 and those obligations
of this Agreement that may reasonably be expected to survive the termination
or
expiration of this Agreement shall survive the termination or expiration of
this
Agreement.
10. Assignment. This
Agreement shall not be assignable by either without the prior
written consent of the non-assigning party and any such assignment shall be
invalid ab
initio. Notwithstanding
the preceding sentence, either party may assign this Agreement in conjunction
with a transfer, merger and/or acquisition of a substantial portion of the
assigning party's business, stock, or assets, or to any entity controlled by,
controlling or under common control with the assigning party.
11. Choice
of Law. The parties agree that it is to their
mutual benefit that their respective
rights and obligations under this Agreement are guided by, and their disputes
hereunder are determined in accordance with, a well developed body of law.
Accordingly,
the
parties agree that the validity, interpretation and legal effect of this
Agreement shall be governed by the internal laws of the State of New York,
U.S.A., applicable to contracts entered in and performed entirely within the
State of New York, U.S.A. The parties agree that any legal suit, action or
proceeding arising out of or relating to this Agreement must be instituted
in
New York, and Licensor and Licensee each (i) irrevocably submits to the
exclusive jurisdiction of the United States District Court for the Southern
District of New York, or the Supreme Court of the State of New York, County
of
New York, and (ii) waives any objection to the venue of any such suit, action
or
proceeding and any claim relating to forum non conveniens. In any such suit,
action, or proceeding, any summons, order to show cause, writ, judgment, decree
or other process may be delivered to Licensor or Licensee outside the State
of
New York or outside the United States and when so delivered, such party shall
be
subject to the jurisdiction of such court, and amenable to the process so
delivered as though the same had been served within the State of New York but
outside the county in which such suit, action or proceeding is
pending.
12. No
Partnership. Nothing
contained herein shall be
construed to place the
parties
in the relationship of partners or joint venturers, and Licensee shall have
no
power to obligate or bind Licensor in any manner whatsoever.
13. Notices. All
notices required hereunder shall be in writing and shall be given
either
by
personal delivery, telecopy or by registered or certified mail (postage
prepaid), and shall be deemed given hereunder (unless actual receipt is
hereinabove required) on the date delivered, telegraphed, telecopied or telexed
or a date forty-eight (48) hours after the date mailed. Until further notice,
the addresses of the parties shall be as follows:
|
LICENSEE:
Mohen,
Inc
95
Morton St,
New
York, NY 10014
Attn:
Chief Executive Officer
With
a courtesy copy to:
|
LICENSOR:
[Address
as indicated on the signature page.]
|
|
|
Hughes
Hubbard and Reed LLP One Battery Park Plaza
New
York, New York 10004 (212) 422-4726 fax
Attn:
Harry Packman
|
Each
party will provide current contacts for each of technical, content, marketing,
financial, and publicity matters. The initial list of such contacts for each
party is attached as Exhibit C.
14.Confidential
Information.
(a) The
Party
receiving Confidential Information shall not disclose the Confidential
Information of the disclosing Party, except as permitted under this Agreement.
All Confidential Information will be held and protected by the receiving Party
in confidence and will be used and disclosed by the receiving Party only as
required to render performance or to exercise rights and remedies under this
Agreement. The foregoing shall not apply to any information generally available
to the public, independently developed, or lawfully and independently obtained.
The receiving Party may disclose the disclosing Party's Confidential Information
to its officers, directors, employees, legal representatives, accountants,
tax
advisors, agents and contractors, on a need-to-know basis. Notwithstanding
the
foregoing, this Agreement and its contents may be disclosed by Licensee to
a
third party under appropriate confidentiality requirements in connection with
(i) a due diligence examination being conducted by such third party in
connection with the corporate organization, reorganization, or capitalization
of
Licensee; (ii) subject to a court order or subpoena; or, (iii) as required
in a
case brought by or against a party hereto.
(b) The
disclosing Party's Confidential Information is and will remain the property
of
the disclosing party, and no disclosure under this Agreement grants or confers
any ownership rights in or license to any of that information to the
non-disclosing party (excluding express licenses and grants set forth in this
Agreement).
(c) Promptly
upon expiration or termination of this Agreement and upon the request
of the disclosing Party, the receiving Party will either: (i) return to the
disclosing
Party all
of its Confidential Information; or (ii) destroy all of such
disclosing Party
Confidential
Information and certify to such destruction in writing.
15. Entire
Agreement; Amendment; Copyright
Act Amendments of No Effect. This Agreement, including
all exhibits, schedules and attachments hereto (incorporated herein by this
reference), represents the entire understanding of the parties with respect
to
the subject matter hereof, supersedes all prior and contemporaneous agreements
and understandings of the parties (whether written or oral) with respect to
the
subject matter hereof. This Agreement may not be altered or amended except
in a
written instrument executed by both parties. This Agreement shall be deemed
to
exist and the parties intend to be bound only upon signature of a written
agreement by both parties, and no negotiation, exchange of draft or partial
performance shall be deemed to imply an agreement or other understanding between
the parties. Any revisions pending as of the Effective Date to section 115
of
title 17 of the U.S. Code, and any revision to section 117 of title 17 of the
U.S. Code that may subsequently be enacted shall, regardless of form or content,
have no affect whatsoever on the terms of this Agreement.
16. Force
Majeure.
Neither
party shall be liable to the other for any failure or delay caused by events
beyond the parties' control, including, without limitation, sabotage, failure
or
delays in transportation or communication, failures or substitutions of
equipment, labor disputes, accidents, shortages of labor, fuel, raw materials
or
equipment, technical failures, fire, flood, war, blockage, acts of public enemy,
civil disturbance, and/or any resultant interruption in public services,
including mail delivery.
17.Waiver;
Severability; Headings;
Counterparts.
No
right
that either party has regarding this Agreement may be waived or modified except
by the waiving party in writing. If any provision of this Agreement is held
to
be invalid or unenforceable, the remainder shall remain in full force and
effect. The division of this Agreement into sections, clauses, paragraphs or
subdivisions thereof, and the insertion of
headings,
are for convenience and reference only and
shall
not affect the construction or interpretation hereof. This Agreement may
be executed in one or more counterparts, each of which shall be deemed to be
an
original, but all of which shall be one and the same document. A copy or
facsimile of a signature shall be binding upon the signatory as if it were
an
original signature.
18. Limitation
of Liability.
IN
NO
EVENT SHALL EITHER PARTY BE RESPONSIBLE FOR ANY CONSEQUENTIAL, SPECIAL, PUNITIVE
OR OTHER INDIRECT DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST REVENUE OR
PROFITS, IN ANY WAY ARISING OUT OF OR RELATED TO THE AGREEMENT, EVEN IF THE
AFFECTED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, UNLESS
DUE
TO THE GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OF THE NON-AFFECTED PARTY. EACH
PARTY'S MAXIMUM AGGREGATE LIABILITY TO THE OTHER PARTY UNDER SECTION 8 SHALL
NOT
EXCEED THE TOTAL AMOUNT PAID BY LICENSEE TO LICENSOR DURING THE TWELVE (12)
MONTH PERIOD PRIOR TO THE FIRST DATE ON WHICH THE LIABILITY AROSE. BECAUSE
SOME
JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF CERTAIN LIABILITY,
IN
SUCH JURISDICTIONS THE LIABILITY OF THE INDEMNIFYING PARTY SHALL BE LIMITED
TO
THE MAXIMUM EXTENT PERMITTED BY LAW. THE PROVISIONS OF THIS SECTION 18 SHALL
APPLY NOTWITHSTANDING ANY PROVISION OF THIS AGREEMENT TO THE CONTRARY AND
REGARDLESS OF THE FORM OF THE CLAIM OR CAUSE OF ACTION, WHETHER IN CONTRACT,
WARRANTY, STATUTE, TORT (INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE) OR
OTHERWISE.
19. Publicity
Neither
party shall issue any press release regarding this Agreement and/or the content
of this Agreement without the other party's prior written approval. Each party
agrees to submit to the other for prior written approval all press releases
and
other materials using or incorporating the other party's name, logos,
trademarks, trade names, and/or service marks.
-
End of
Standard Terms and Conditions -
Exhibit
A
Service
Description
(attached).
Description
of the SpiralFrog service
SpiralFrog.com
is a conditional download service (content will expire according to DRM
restrictions set on the files) for music and music videos, free to its users.
All content is provided in Windows Media format and protected via Microsoft
DRM
technology. The initial content license is for no more than 60 days followed
by
the renewal for another no more than 60 days. The licenses are renewed on a
regular basis through the membership renewal process no more than every 60
days.
All SpiralFrog users are required to go through a "membership renewal" process
regularly to extend the length of the license. The renewal process requires
the
user to complete a survey, which may be sold to advertisers for premium fees.
Once the user has completed the required survey the content is re-licensed
for
an additional period.
SpiralFrog
will implement a mechanism intended to prevent multiple users from sharing
a
single user id by monitoring simultaneous usage patterns by the same user ID.
Should we see multiple concurrent hits for a user ID on multiple IP addresses
the account will be locked out from the service and the user
notified.
SpiralFrog
maintains a key in its metadata database for each licensed song that indicates
the territories where the content is authorized to be distributed. SpiralFrog
uses the incoming IP address to determine the origin country of the logged
on
user and disables the content not approved for that particular territory from
being viewed by the user. Spiralfrog uses an IP-to-country mapping database
licensed from MaxMind.com to determine the country of origin of the
user.
Users
register one time in order to download music by providing their email address,
nickname, password, their age, gender and state/territory or zip code/postal
code.
Once
registered, users can download as many songs as they wish, one song at a time,
by first typing in a provided randomized unique code to prevent computerized
downloading. Each download is guaranteed to take at least 90 seconds regardless
of internet connection speed.
Once
downloaded, songs can be played on the user's computer through Windows Media
Player and may be side-loaded on up to two devices through Windows Media Player
device synchronization (any WMA-DRM or WMV-DRM compatible device). Users must
come back regularly to renew and re-license in order to keep their music library
current otherwise the license will expire causing the tracks to be
unplayable.
A
Windows
.Net application and an ActiveX control (or a Firefox plugin) are installed
on
the user's computer. Combined the components are known as the SpiralFrog
Download Manager. The Download Manager enables the secure downloading of content
from SpiralFrog and is responsible for DRM license management and
reporting.
After
a
successful logon, users can browse for their favorite content by genre or
artist, or search by name of song, artist or other details. Users are also
presented a number of "Top XX" lists, e.g. "most downloaded", "recent releases"
or "SpiralFrog recommends".
Among
the
metadata included are artist name, track name, album name, genre, album art
and
30-second preview clips.
|
·
|
Users
can queue a list of songs that they wish to download. The queue is
processed sequentially on a first-in-first-out
basis.
|
·
|
Before
the first download, the user is required to enter a visual verification
code.
|
·
|
Once
the visual verification has been validated, the first download will
start.
The license to play the track is acquired at the end of each download.
The
user must then choose to download the next track, play the just downloaded
track, or continue browsing the
site.
|
·
|
Users
must renew the license(s) to downloaded content no more than every
60 days
so the service can collect play-count
information.
|
·
|
During
the license renewal process, users must complete an online survey
while
viewing additional pages of advertising, so that all content is updated
and playable for no more than an additional 60
days.
|
·
|
Once
the survey is complete, the user must perform the Visual Verification
process in order to download more
files.
|
·
|
Advertising
is not specific to each download and there is no set duration of
advertising during the renewal
process.
Audio
tracks take a minimum of 90 seconds to download, videos take a minimum of 120
seconds. During the download process the user is able to continue interacting
with the site, where they are presented with additional advertising. There
will
be no interface or links to illegal or peer to peer sites.
After
downloading the music track or music video, the user can play the content
according to the limits set by the DRM restrictions on the file:
· The
license is set to expire no more than 60 days from date of
downloading.
· CD
burning is not allowed.
· File
can
be synchronized with up to 2 portable devices.
· There
is
no limit on the number of plays per file.
· Collaborative
play is not allowed.
The
DRM
license download is initiated by the SpiralFrog Download Manager, after the
digital media download completes. The SpiralFrog server process generates a
session ID for each download and the license granting step by the Download
Manager is tied to that session ID, thus it cannot be used by other
users.
Each
SpiralFrog user is required to go through a regular license renewal
process where they complete surveys, typically
branded and sold to
advertisers. Once the user has completed the license renewal
process the tracks and/or videos for which the
licenses are being
renewed are updated to be playable for an additional period. The sequence of
steps is as follows:
|
·
|
The
client sends a "Generate License" request to SpiralFrog server after
the
download has completed.
|
·
|
The
server responds with a random Visual Verification challenge, the
challenge
text and the challenge request time is stored at the server and tied
to
the end-user's session ID.
|
·
|
The
SpiralFrog client presents the Visual Verification challenge to the
user.
|
·
|
The
user enters the Visual Verification response, and the SpiralFrog
client
calls the Microsoft DRM component (part of Windows Media Player)
to
generate a license request for the previously downloaded
songs.
|
·
|
The
SpiralFrog client sends the Visual Verification response and the
license
request to the SpiralFrog server .
|
·
|
The
SpiralFrog server validates the Visual Verification response and
only if
it matches the Visual Verification request and the request has not
timed
out a license is generated and sent back to the
client.
|
·
|
The
SpiralFrog client saves the license on the client computer/device
through
the Microsoft DRM component.
PC
Identification or License Count
The
SpiralFrog client supports only Microsoft Windows based computers/devices and
relies on Microsoft Windows Media DRM technology to identify a specific computer
or device. Windows Media DRM makes each media player unique by linking the
player to a host computer. SpiralFrog content files will only play on the
single, original computer to which they are directly downloaded by the
SpiralFrog client application, or approved MSDRM compliant ("Plays For Sure")
portable devices.
Portable
Device Count
SpiralFrog
users can synchronize the downloaded music or video files to a portable device
that is compatible with the Microsoft DRM, such as those portable devices that
carry the "Plays For Sure" logo, designed to ensure compatibility and compliance
with the DRM restrictions.
SpiralFrog
supports synchronization with the portable device through the Windows Media
Player, or a compatible program such as Microsoft Active Sync. The DRM copycount
parameter is used to limit the number of devices that a track may be put on.
When a track is put on a portable device the copy count is decremented limiting
the number of devices a track may be placed on. SpiralFrog permits users to
have
a maximum of two portable devices that can be synchronized with the
PC.
Overview
of SpiralFrogTM
Security
1. Introduction
This
white paper describes those technical details of SpiralFrog.com as they
relate to prevent unauthorized access to the music content. This paper is
written according to the outlines provided by major record labels.
2. Overview
of User Experience
SpiralFrog.com
is a conditional download service (content will expire according to DRM
restrictions set on the files) for music and music videos, free to its users,
financially supported by rich media and banner advertising. All content is
provided in Windows Media format and protected via Microsoft DRM
technology.
After
registering for the service at the SpiralFrog.com web site, users are
required to install SpiralFrog Download Manager on their PC running Windows
XP
or Vista (no other operating systems are supported). After installation, users
will then go back to the web site and logon to the service with the
userid/password chosen at registration. After a successful logon, users can
browse for their favorite content by genre or artist, or search by name of
song,
artist or other details. Users are also presented a number of "Top XX" lists,
e.g. "most downloaded", "recent releases" or "SpiralFrog recommends". Among
the
metadata included are artist name, track name, album name, genre, album art
and
30-second preview clips.
SpiralFrog
users can synchronize the downloaded music or video files to a portable device
that is compatible with the Microsoft DRM, such as those portable devices that
carry the "Plays For Sure" logo, designed to ensure compatibility and compliance
with the DRM restrictions.
After
downloading the music track or music video, the user can play the content
according to the limits set by the DRM restrictions on the file:
- File
is
set to expire no more than 60 days from date of downloading
- CD
burning is not allowed
- File
can
be synchronized with up to 2 portable devices
- There
is
no limit on the # of plays per file
- Collaborative
play is not allowed
All
content will be offered in Windows Media Audio (WMA) or Windows Media Video
(WMV) format and the service will use the Microsoft DRM tools to setup, report
and manage such restrictions.
Downloaded
content files are conditional downloads where the license is set to expire
based
on a predetermined term. The initial content license is typically for 60 days
followed by the renewal for another approximately 60 days. The licenses are
renewed on a regular basis through the membership renewal process, generally
every 60 days. All SpiralFrog users are
SpiralFrog
Confidential – Do Not
Distribute
Externally
required
to go through a "membership renewal" process regularly to extend the length
of
the license. The renewal process requires the user to complete a survey, which
may be sold to advertisers for premium fees. Once the user has completed the
required survey the content is re-licensed for an additional
period.
3.
Functional Components
3.1.Description
of Components
SpiralFrog
consists of a web site supported by the SpiralFrog back end web and database
servers for browsing Artists, Tracks, and Albums as well as related music data.
A SpiralFrog Download Manager is installed by the user on their computer which
enables the downloading of individual tracks or videos sequentially, i.e. one
at
a time. Spiralfrog does not supply any other application to end
users.
The
Download Manager provides a consistent timing, 90 seconds per download for
the
downloading of audio content (longer for video files), a visual verification
("Human Interactive Proof' dialog) that ensures that a person rather than a
computer has downloaded the file, and once verified correct, a DRM license
is
granted to allow the user to play the file. The download manager also provides
the interface to the SpiralFrog back end systems to update user play count
data.
The
SpiralFrog server system consists of the following components:
|
-
|
SpiralFrog
server software running on Windows Server that handles the serving
of web
pages and communication with the SpiralFrog Download Manager, including
granting of DRM licenses. As our service grows, our scalability plan
calls
for adding more of these servers.
|
-
|
A
relational database that contains the metadata, user registration
data and
usage data.
|
-
|
File
system storage that contains all content files in DRM-protected format.
In
its early days, SpiralFrog plans to use Limelight, a Content Distribution
Network (CDN), to provide scalability for file delivery. Protected
audio
and video files are stored on the SpiralFrog servers. The first time
that
audio/video content is requested for download it is pulled (by Limelight)
down to servers on the Limelight network. All subsequent downloads
of the
same content are pulled from the Limelight servers. To pull content
from
the SpiralFrog servers, Limelight accesses the website
download.spiralfrog.com. Access to this website is granted only to
the IP addresses of specific Limelight servers which were given to
us by
Limelight. Limelight is the only entity that has access to this web
site
due to the IP address restriction. No end users are ever directed
to this
web site. When a user attempts to download content, it is moved to
a
Limelight server for downloading to the user's machine. Subsequent
downloads of the same file are pulled from Limelight servers. All
content
is stored in protected and unplayable format at all times. Deep linking
into the Limelight file storage is prevented using the Limelight
MediaVault encryption scheme. A Limelight white paper can be provided
to
describe how this feature works.
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
Starting
with the US launch in late summer 2007, SpiralFrog plans to serve the media
files directly from its own clustered file server. Deep linking will be
prevented in the same fashion as with Limelight, the only difference being
that
at the start of the download, SpiralFrog's own servers will check that the
hash
is valid for the file. All systems will be regularly updated to ensure the
most
optimal performance and security of the SpiralFrog service.
3.2.System
Diagram
Web.
Browser with Download manger
Relational
database
4.
General System Security
4.1.System
Location
Currently
all SpiralFrog server components are physically located at Adhost.com
facilities in downtown Seattle — at 140 Fourth Avenue North, Suite 360, Seattle,
WA 98109.
Adhost.com
is a professional internet hosting company which rents space at their
earthquake-protected, generator-backed building. Starting with the US launch
in
late summer 2007, we plan to relocate the server farm to another collocation
provider, Equinix in Ashburn, VA. The address and location of the SpiralFrog
data center at Equinix facilities is
44470
Chilum Place Cage 9000 Rack 301 Ashburn VA 20147
SpiralFrog
will not change collocation providers without UMG approval.
4.2.Protection
Against Unauthorized
Local Access
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
Any
facilities used for hosting SpiralFrog equipment will be required to be
restricted to authorized personnel only. Full ID checks of each person entering
the co-location facilities are performed on a 24/7 basis – only those on an
"authorized" list will be allowed access. All cabinets holding SpiralFrog
resources are locked within the computer rooms, which protects each company's
servers from unauthorized access. SpiralFrog will allow access to its servers
only by its staff server and database administrators or aelorized SpiralFrog
contractors.
4.3.Protection
Against Unauthorized
Network Access
The
file
and database servers housing the content and metadata are logically accessible
only by the server which runs the SpiralFrog server software. Each end-user
must
logon (using credentials chosen at registration) before a connection is
activated. Furthermore, all content is stored in Microsoft DRM protected format
without the necessary license –which means that even if hackers would gain
access to the files, they would not be of any use since they miss the required
DRM license. To prevent automated downloads (where a computer program is
simulating a user), SpiralFrog server requires users to key back a series of
slanted characters, known as Human Interactive Proof, after each successful
download.
Each
song
has a unique license key ID which is embedded in the file. After downloading
the
file to the user's computer, SpiralFrog Download Manager presents the.visual verification
dialog. After verifying that the characters were correct, the SpiralFrog
download manager requests the SpiralFrog server to grant the license to the
file. The license key is generated by the Microsoft DRM component from the
key
ID and a license seed, which is secret. The license seed is stored in the
machine running SpiralFrog server software which runs on its own protected
account. The license seed is in a file protected by an "ACL" (access control
list) which allows access only after verifying the userid and password of the
requesting process. Only SpiralFrog server and database administrators have
access to the credentials to access this account.
4.4.Security
Breach
Plan
SpiralFrog
keeps track of the download activity by registered user. A trigger will be
set
if a user exceeds a set number of downloads per day to further monitor against
automated download fraud. Users found to be violating their license agreement
(which must be accepted at install time) will be revoked of their access
privileges. As part of the revocation the affected user's account will be
deleted and generally the user's IP address is added to the list of revoked
IP
addresses (no new accounts can be created from these addresses for 6 months).
Besides being protected via DRM. the URLs include a hash which can only be
generated by the SpiralFrog servers. The LimeLight or SpiralFrog's own servers
(once Ashburn data center is live) validate the hash and only provide the file
if the hash is correct. In addition, the server administrator will setup
triggers to monitor suspicious activity to guard against Trojan horse – type
virus/worm attacks on the web server itself
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
5.
IT & Development Policies
5.1.Operating
System & Software
Policies
SpiralFrog
client and server components are developed using Microsoft .NET technologies
and
require Windows XP or Vista operating systems on the client and Windows 2003
Server on the server. SpiralFrog relies on commercial anti-virus and security
products to protect our technological assets. Currently these systems include
hardware and software based on Microsoft and Symantec products to protect
against viruses, worms etc. and to keep the operating systems up to date with
the latest security patches. SpiralFrog will install all security patches within
24 hours of availability after being properly regression tested and deemed
suitable, from operating systems, hardware, software, and other applicable
vendors.
SpiralFrog
is a licensee of the Microsoft Windows Media Rights Manager Software Development
Kit (WMRM SDK). Microsoft WMRM SDK license agreement requires that licensees
must update the `WMRM SDK Configuration' for all Licensed Products once a week
using a Microsoft provided URL. The WMRM SDK license also requires that all
relevant Microsoft security updates are installed promptly.
5.2.System
Logs
SpiralFrog
will keep track of all download data by user in an SQL database. The database
is
organized in such a way that it is easy to generate reports on a daily, weekly
or monthly basis by record label, artist, genre or user demographic group.
SpiralFrog will also record play counts for all content – this is reported to
SpiralFrog by Windows Media Player Manager. All play count data is recorded
in
the SQL database. SpiralFrog will keep records of all database information
related to licensed content for as long as it is required to do so by terms
specified elsewhere in this agreement.
5.3.Employee
Accounts
SpiralFrog
will limit the access to its servers only to the database and server
administrators and the software architect. Access requires Windows XP Server
userid and password – passwords will be set to expire every 90 days. Employees
who leave or are terminated will have their account privileges deleted
immediately.
5.4.Backup
SpiralFrog
plans to use the offsite backup tape and storage service offered a third part
disaster recovery service provider which will permit high-speed dynamic
incremental backups of the SQL database on a nightly basis. At this time a
provider has not been selected and details will be forwarded when available.
Spiralfrog acknowledges that the backup plan must be approved formally by UMG
in
advance of becoming operational, including selection of any third parties.
The
SQL database contains no music content files – only metadata and data collected
during operation of the service. All licensed content will be stored in a
separate file server which will be duplicated on site only for backup purposes.
The backup copy which will contain content on NTFS-encrypted hard
drives,
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
is
stored
at a safe deposit box at a local financial institution behind lock and key
and
accessible only by SpiralFrog server administrator and management. In addition
to the disaster recovery plans in place by our collocation facilities,
SpiralFrog will have its own recovery plan which will allow us to restore
service in two days in case of total loss of our operational servers. The plan
calls for content, metadata and operational data to be restored from the backup
tapes or hard drives described above on an identical server setip.
5.5.Software
Change
Management
SpiralFrog
expects to continually enhance its software from the launch onward. We expect
to
make periodic changes to both the client and server software. Client software
changes will be accomplished dynamically, without requiring existing users
to
reinstall. The client software checks upon startup whether there is an update
available and will pull it down without prompting the user if so configured.
All
software changes will be tested first in a lab environment, then on one of
our
production servers with controlled access before rolling out system
wide.
5.6.Other
Policies
Part
of
the role of the server administrator is to monitor, on an ongoing basis all
system logs which include Windows Server security and audit logs. Additionally
any firewall, intrusion detection system, intrusion prevention systems, and
anti-virus logs will be regularly monitored. Triggers will be set to alert
the
administrator of critical events that relate to security, such as repeated
failed attempts at logon.
|
|
6.
Content Ingest, Storage, and
Packaging
SpiralFrog
plans to offer its audio content in WMA format, generally encoded at 128Kbps.
All streaming music videos will be offered in WMV format, 320x240 resolution,
300Kbps bit rate. All downloadable music videos will be offered in WMV format,
416x312 resolution, 1,000Kbps bit rate. All content files are protected by
Windows Media DRM. SpiralFrog uses a metadata database from AMG in addition
to
the metadata provided by our music content providers. In the case of conflicts
between metadata supplied by UMG and that supplied by third parties, Sprialfrog
will always use UMG's metadata, even if considered "incorrect". Any such
conflicts will be reported to UMG for resolution and updates.
6.2.Content
Ingestion
SpiralFrog
has developed software programs to automate the processing of our content
providers data into a format suitable to our database. This includes extracting
the metadata from XML files and entering it into our SQL database. During this
process we will also match the tracks provided by the record label to the
metadata database from AMG. The same programs will be designed to be able to
receive and process
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
incremental
updates and metadata corrections from content providers on an as-needed
basis.
6.3.Separation
of Content
Types
SpiralFrog
intends to offer all its music file content for download only, video files
can
be either streamed or downloaded. The streamed video file is a lower resolution
(320x240) version of the downloaded and is streamed in unprotected form, as
p,rmitted by our license. All downloaded audio and video content is protected
with Microsoft DRM.
6.4.Protection
of Raw Audio and
Metadata
Access
to
the master delivered content files is limited to the software architect only.
This person is responsible for receiving, processing and storing the raw
content. The unprotected content will be received and converted to the DRM
protected form with a computer located at our collocation facility, Adhost,
or
other collocation facility subject to UMG's advance approval. Even when our
Ashburn data center comes live, we will continue to do all content processing
at
the Adhost facility until further notice. Only the software architect will
have
access to this computer. One copy of encrypted files may be stored in the
software architects' personal safe deposit box at KeyBank (at 7th Ave NE)
in
downtown Seattle following the ingestion process. Spiralfrog plans to store
the
backup files on hard drives with NTFS encrypted partitions.
6.5.DRM
Packaging and Key
Management
SpiralFrog
is using Windows Media DRM version 10. All content is downloaded without the
license key. Before the first download, the user is presented the Visual
Verification dialog (slanted letters) – upon a successful entry of the
characters, the download manager will contact the SpiralFrog server to obtain
a
license key for the downloaded content. The license key is generated from a
public Key ID and a secret license seed. The key IDs are stored in a central
database (SpiralFrog is using components provided by Microsoft) and the file
header. The license keys are unique because the Key IDs are unique per song.
Windows Media DRM provides for a secure mechanism whereby each downloaded song,
after obtaining a license, is tied to the computer where the downloading took
place.
6.6.QA
&
Testing
All
DRM
protection will be done automatically, using a computer program to process
the
non-protected files into protected files. SpiralFrog plans to test each batch
of
DRM protected files by choosing a random sample from the batch (which may
include thousands of files) and test to ensure both that a DRM protected file
without the license key is not usable and that after obtaining a license the
DRM
protection works as specified. All testing will be done at our collocation
facility in a private client-server setting, after which it will be transferred
to our production servers over local private network. Depending on the
complexity and format of the metadata, SpiralFrog intends to make the content
received from content providers available in a production form within 2 weeks
of
receipt.
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
7.
Sales, Download and Licensing
Users
will first visit our website,
http://www.spiralfrog.com.
If
the user is interested in signing up for the service, the user will be first
required to register with SpiralFrog and to choose a personal userid and
password. After accepting the SpiralFrog license agreement, the user will
proceed to download the download manager used for downloading and licensing
content.
8.1
User Authentication
Each
user
must logon (using credentials chosen at registration) before the download
manager is permitted to download content. SpiralFrog maintains a unique account
for each user –registering with the service is a prerequisite for getting access
to downloadable content. SpiralFrog will implement a mechanism intended to
prevent multiple users from sharing a single user id by monitoring simultaneous
usage patterns by the same user ID. Should we see multiple concurrent hits
for a
user ID on multiple IP addresses the account will be locked out from the service
and the user notified.
8.2
Territorial Filtering
SpiralFrog
maintains a key in its metadata database for each licensed song that indicates
the territories where the content is authorized to be distributed. SpiralFrog
uses the incoming IP address to determine the origin country of the logged
on
user and disables the content not approved for that particular territory from
being viewed by the user. Spiralfrog uses an IP-tocountry mapping database
licensed from MaxMind.com to determine the country of origin of the
user.
8.3
Transaction Processing
No
money-related transaction takes place since content is free to SpiralFrog users.
The user will obtain the license for the downloaded content upon the successful
confirmation of the download.
8.4
Retail Authentication
SpiralFrog
does not maintain a separate retail and sales system from license serving and
download systems.
8.5
LTRL Generation & Protection
Each
licensed song has a unique download URL derived from track specific data. This
URL is stored in the database as the way to access the file. When the user
wants
to download a song, a hash is added to this URL and then passed from the server
to the client, which then uses it to start the downloading process.
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
The
protected file could therefore not be downloaded directly by knowing the URL,
and to obtain its necessary DRM license requires going through the SpiralFrog
client interface.
8.6
PC Identification or License Count
The
SpiralFrog client supports only Microsoft Windows based computers/devices and
relies on Microsoft Windows Media DRM technology to identify a specific computer
or device. Windows Media DRM makes each media player unique by linking the
player to a host computer. SpiralFrog content files will only play on the
single, original computer to which they are directly downloaded by the
SpiralFrog client application, or approved MSDRM compliant ("Plays For Sure")
portable devices.
8.7
Portable Device Count
SpiralFrog
requires that synchronization with the portable device happens through the
windows media player. The DRM copycount parameter is used to limit the number
of
devices that a track may be put on. When a track is put on a portable device
the
copy count is decremented limiting the number of devices a track may be placed
on. Spiralfrog permits users to have 2 portable devices that can be synchronized
with the PC.
8.8
License Generation & Download
The
DRM
license download is initiated by the SpiralFrog client, Known as the Download
Manager, after the digital media download completes. The SpiralFrog server
process generates a session ID for each download and the user's Download Manager
is tied to that session ID, thus it cannot be used by other users.
The
DRM
license used on all SpiralFrog content is a conditional license that expires
after a pre-determined period. These licenses are renewed regularly, typically
every two months. Each SpiralFrog user is required to go through a regular
membership renewal process where they complete surveys, typically branded and
sold to advertisers. Once the user has completed the renewal process the tracks
and/or videos for which the licenses are being renewed are updated to be
playable for an additional period. The sequence of steps is as
follows:
|
1.
|
Before
the first download, the client sends a Visual Verification request
to
SpiralFrog server.
|
2.
|
The
server responds with a random Visual Verification challenge, the
challenge
text and the challenge request time is stored at the server and tied
to
the end-user's session ID.
3. The
SpiralFrog client presents the Visual Verification challenge to the
user.
4. The
user
enters the Visual Verification response.
|
|
5.
The SpiralFrog client sends the Visual Verification response and
the
license request to the SpiralFrog server
.
|
SpiralFrog
Security White Paper.DOC of
10
SpiralFrog
Confidential – Do Not
Distribute
Externally
|
6.
|
The
SpiralFrog server validates the Visual Verification response and
the
download will start only if the response matches the Visual Verification
request.
|
7.
|
After
each download, the client calls the Microsoft DRM component to generate
a
"License Request" and then sends it to SpiralFrog server. The SpiralFrog
server verifies that the user has just downloaded the song and then
responds with the license that matches the key ID of the downloaded
song.
|
|
8.
The SpiralFrog client saves the license on the client computer/device
through the Microsoft DRM
component.
8.9
Auditing
SpiralFrog
relies on the Windows Media Rights Manager (WMRM) to keep track of play counts
on the user's computer, and associated portable music players. The SpiralFrog
client background process (which is active at all times) contacts the WMRM
to
obtain play count information at intervals required for reporting licenses.
The
information is then sent by the SpiralFrog client to the SpiralFrog database
servers for storage, auditing and reporting purposes.
8.10
Super-distribution
If
a
downloaded file is emailed to someone else, the DRM restrictions will prevent
it
from being played on another computer.
9.
Launch Preparation and Status
SpiralFrog
is currently operating a password-protected site live on the interne, hosted
at
the Adhost collocation facility in Seattle. All major system components are
in
place for the service. SpiralFrog can demonstrate the present functionality,
including DRM protection to content providers if required.
SpiralFrog
has developed comprehensive 3-tier server architecture to allow the system
to
scale as the user load increases. The key development personnel are former
Microsoft employees who were responsible for the design and development of
one
of Microsoft's server applications. SpiralFrog is using Microsoft server
technologies and has already consulted key Microsoft development personnel
to
help validate the design and to assist in further planning of the performance
aspects of the system. SpiralFrog intends to deploy new multi-server monitoring
tools, available from 3rd
parties,
to help in monitoring the system performance.
|
SpiralFrog
Security White Paper.DOC of
10
Exhibit
B
Licensed
Content List
Exhibit
C Contacts
Licensor
contacts:
1. Technical
2. Marketing/Standards
and Practices
3. Publicity
4. Financial
5. Content Licensee contacts:
1. Technical:
|
|
Mr.
Vesa Suomalainen, CTO, vesa(aspiralfrog.com,
206-605-8201
|
|
Jim
Campbell, CIO, iim(aspiralfrog.com,
516-319-3780
2. Marketing/Standards
and Publicity:
Matthew
Stern, Marketing Officer, Matthew.SternThspiralfrog.com, 718 578
3019
3.
Content and Financial:
Orville
Hagler, VP, Entertainment Programming orville(aspiralfrog.com,
718-839-0941