The server could pick say 5 random offsets in the song, and ask the client to upload the decoded data from one second of music starting at each of those offsets. The server can then compare that to what it has and see if it is close enough.

Or simpler still - the iTunes application will generate fingerprint of the whole audio in each file and send it along with whatever metadata is available. Then serverside the fingerprint and metadata are analyzed and if a certain criteria for a match are not met, iTunes is prompted to upload the file.

Yeah, I'm sure the people working at Apple couldn't ever find a way to verify the identity of a song. They'd probably just write something that looked at the tags. Then when someone pointed out how easy it is to fake that, they'd just say, "Oh well, fuck it. Tell Jobs it can't be done! They'll just have to upload everything."

Sure people can make iPhone and Android apps that can identity a song from you humming it into a crappy speaker in a crowded bar, but Apple doesn't have that kind of programmer talent working for them.