By John Borland, 10 October 2003 09:07
NEWS SunnComm Technologies, a developer of CD antipiracy technology, said on Thursday that it will likely sue a Princeton student who early this week showed how to evade the company's copy protection by pushing a computer's Shift key. Princeton PhD student John Halderman published a paper on his website on Monday that gave detailed instructions on how to disarm the SunnComm technology, which aims to block unauthorised CD copying and MP3 ripping. The technology is included on an album by Anthony Hamilton that was recently distributed by BMG Music. On Thursday, SunnComm CEO Peter Jacobs said the company plans legal action and is considering both criminal and civil suits. He said it may charge the student with maligning the company's reputation and, possibly, with violating copyright law that bans the distribution of tools for breaking through digital piracy safeguards. "We feel we were the victim of an unannounced agenda and that the company has been wronged," Jacobs said. "I think the agenda is: 'Digital property should belong to everyone on the Internet.' I'm not sure that works in the marketplace." The cases are already being examined by some intellectual-property lawyers for their potential to test the extremes of a controversial copyright law that block the distribution of information or software that breaks or 'circumvents' copy-protection technologies. Several civil and criminal cases based on the Digital Millennium Copyright Act (DMCA) have been filed against people who distributed information or software aimed at breaking through antipiracy locks. In one, web publisher Eric Corley was banned by a federal judge from publishing software code that helped in the process of copying DVDs. In a criminal case, Russian company ElcomSoft was cleared of charges that it had distributed software that willfully broke through Adobe Systems' e-book copy protection. Both of those cases dealt with software or software code, however. The issue in Halderman's case is somewhat different. In his paper, published on the Princeton website on Monday, the student explained that the SunnComm technique relies on installing antipiracy software directly from the protected CD itself. However, this can be prevented by stopping Microsoft Windows' 'auto-run' feature. That can be done simply by pushing the Shift key as the CD loads. If the CD does load and installs the software, Halderman identified the driver file that can be disabled using standard Windows tools. Free-speech activists said the nature of Halderman's instructions - which appeared in an academic paper, used only functions built into every Windows computer and were not distributed for profit - meant they would not fall under DMCA scrutiny. "This is completely outrageous," said Fred von Lohmann, an attorney for the Electronic Frontier Foundation, a group that has previously represented computer academics concerned that copyright law would impair their ability to publish. "This is not black hat [hackers'] exploits he's revealing. This is Windows 101...It is relatively hard to imagine any better example of how the DMCA has been misused since it was passed five years ago." Jacobs said SunnComm's attorneys would refer the case to local federal authorities, who could make the decision on how to proceed on the DMCA issue. He said the company was also exploring a civil suit based on damage to the company's reputation, since Halderman concluded that the technology was ineffective without knowing about future enhancements. Future versions of the SunnComm software would include ways that the copy-protecting files would change their name on different computers, making them harder to find, Jacobs said. Moreover, the company will distribute the technology along with third-party software, so that it doesn't always come off a protected CD, he added. The damage to SunnComm's reputation, while not necessarily permanent, was quickly seen in a drop in its market value, totaling close to $10m over several days, Jacobs said. No final decisions about legal action have been made, he added. Halderman said he's not overly worried about the legal threat. The EFF represented his advisor, Princeton professor Edward Felten, in a lawsuit dealing with academic freedom to publish computer security information, and Princeton University supported Felten in that case. "I expect I will be well-represented in the case of a lawsuit," Halderman said. "If pressing the Shift key is a violation of the DMCA, then the law needs to be changed." John Borland writes for CNET News.com
Comments
There are 3 comments. Join the discussion
1. Gary Boardman
Surely the other question that needs to be answered is "Can someone place executable software on your computer without your knowledge or consent?"
2. Brian Bolton
Disturbing that we now face dubious code being sneaked onto or PCs via CDs' - I would hope that virus protection would track and block this, otherwise what kind of damage to our PCs might occur if this mechanism is used indiscrimately.
3. Peter Page
So, they are thinking of suing this guy for revealing a secret. And that secret is that their protection scheme has a major flaw.
If this were anything other than software the guy would be praised.
The company reputedly lost 10Million in value over this revalation. Thats the companies fault for releasing software that had this flaw, not the fault of the person who pointed it out!