|
The 2005 Sony CD copy protection controversy is a public controversy relating to copy protection software known as Extended Copy Protection (XCP), created by First 4 Internet and used by the media company Sony BMG Music Entertainment (frequently referred to as "Sony") on audio CDs. Copy prevention, also known as copy protection, is any technical measure designed to prevent duplication of information. ...
XCP-Aurora Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for compact discs. ...
First 4 Internet is a British company which develops copy protection software used on compact discs, including ones released by Sony. ...
The Sony BMG Music Entertainment logo. ...
CD may stand for: Compact Disc Canadian Forces Decoration Cash Dispenser (at least used in Japan) CD LPMud Driver Centrum-Demokraterne (Centre Democrats of Denmark) Certificate of Deposit České Dráhy (Czech Railways) Chad (NATO country code) Chalmers Datorförening (computer club of the Chalmers University of Technology) a 1960s...
History & Technical Information
Security holes presented by Sony BMG software On October 31, 2005, Mark Russinovich posted to his blog a detailed description and technical analysis of the characteristics of the software contained on Sony BMG music CDs. Called Sony, Rootkits and Digital Rights Management Gone Too Far, the article asserts vocally that the software is illegitimate and that digital rights management had "gone too far." He stated that there were shortcomings in the software design that manifest themselves as security holes that can be exploited by malicious software such as worms or viruses. He also mentioned that the XCP software installed silently before the EULA appeared, that the EULA does not mention the XCP software, and that there was no uninstaller, all of which are illegal in various ways in various jurisdictions.[citation needed] Several comments to the entry recommended a lawsuit against Sony BMG. October 31 is the 304th day of the year (305th in leap years) in the Gregorian Calendar, with 61 days remaining, as the final day of October. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
Wikinews has news related to this article: Sony faces class action lawsuits for DRM Mark Russinovich is a software engineer and writer. ...
A blog (or weblog) is a website that is used in the manner of an online journal. ...
Digital rights management (DRM) is the umbrella term referring to any of several technologies used to enforce pre-defined policies controlling access to software, music, movies, or other digital data and hardware. ...
A computer worm is a self-replicating computer program, similar to a computer virus. ...
In computer security technology, a virus is a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents. ...
A software license is a type of proprietary or gratiuitious license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ...
Freedom To Tinker had an article on November 12, 2005 discussing the SunnComm DRM found on some Sony BMG CDs, which is very similar to the F4I software in that it installs without authorization or notification, and does not have an uninstaller. November 12 is the 316th day of the year (317th in leap years) in the Gregorian Calendar, with 49 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
Rootkit removal program Sony BMG released a software utility [1] to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers, but this removal utility was soon analyzed by Russinovich again in his blog article More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home, and revealed as only exacerbating the privacy and security concerns. [2] In fact, the Sony BMG program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. In addition, this program was reported to install additional software that cannot be uninstalled. In order to download the uninstaller, it is necessary to provide an e-mail address (which the Sony BMG Privacy Policy implies to be added to various bulk e-mail lists), and to install an ActiveX control containing backdoor methods (marked as "safe for scripting", and thus prone to exploits). [3] XCP-Aurora Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for compact discs. ...
In programming, the Component Object Model (COM), also known as ActiveX, is a Microsoft technology for software components. ...
On November 18, 2005, Sony BMG provided a "new and improved" removal tool to remove the rootkit component of Extended Copy Protection from affected Microsoft Windows computers. [4] November 18 is the 322nd day of the year (323rd in leap years), with 43 remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
XCP-Aurora Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for compact discs. ...
Opponents of Sony BMG's actions, especially Slashdot and Digg users, later accused Sony BMG of violating the privacy of its customers to create a backdoor onto their machine using code that even violates an Open-source license. They claimed that this DRM program, designed to give Sony BMG control over the customer's machine in the name of copyright protection, is itself infringing copyright by including code from the LAME MP3 library. [5] It appears that, since LAME is under the LGPL, this situation could be rectified by SONY BMG offering a copy of the LAME source code, as well as adding a notice that it was using code from the library (though this would not be a defense against past damages). Slashdot (frequently abbreviated online as /.) is a popular website, primarily consisting of short summaries of stories on other websites with links to the stories, and provisions for readers to comment on the story. ...
This page is a candidate for speedy deletion, because: previously deleted - see Wikipedia:Votes for deletion/Digg If you disagree with its speedy deletion, please explain why on its talk page or at Wikipedia:Speedy deletions. ...
An open-source license is a copyright license for computer software that makes the source code available under terms that allow for modification and redistribution without having to pay the original author. ...
LAME is an open source MP3 (that is, MPEG-1 audio layer 3) audio compression application. ...
GNU logo The GNU Lesser General Public License (formerly the GNU Library General Public License) is an FSF approved Free Software license designed as a compromise between the GNU General Public License and simple permissive licenses such as the BSD license and the MIT License. ...
Prevention The XCP software can be prevented from installing in several ways. First of all, a user can refuse to purchase such copy-protected CDs, perhaps downloading the music from a digital music distributor. Second, it is possible to disable autorun so that the software will not run automatically (this can be done, temporarily, by holding the SHIFT key while inserting the CD). Putting a piece of tape on the outside of the CD will also prevent the DRM from running [6]. An alternative is to use an operating system which the software does not automatically install itself on, such as Linux or Mac OS X, or running Windows under a restricted account instead of an administrator account, in which case the installation program will not have the sufficient rights to install the rootkit. Autorun or autoplay (sometimes spelled in CamelCase as AutoRun or AutoPlay) is the ability of many modern computer operating systems to automatically take some action upon the inserting of an optical disc such as a CD or DVD. Microsoft Windows In Microsoft Windows, autorun can be temporarily disabled by holding...
Tux the penguin, based on an image created by Larry Ewing in 1996, is the logo and mascot of Linux. ...
This article or section does not cite its references or sources. ...
Legal and Financial Problems
Product recall On November 15, 2005, vnunet.com announced [7] that Sony BMG is backing out its copy-protection software, recalling unsold CDs from all stores, and offering consumers to exchange their CDs with versions lacking the software. The Electronic Frontier Foundation compiled a partial list [8] of CDs with XCP. Sony BMG is quoted as maintaining that "there were no security risks associated with the anti-piracy technology", despite numerous virus and malware reports. On November 16, 2005, US-CERT, part of the United States Department of Homeland Security, issued an advisory on XCP DRM. They said that XCP uses rootkit technology to hide certain files from the computer user, and that this technique is a security threat to computer users. They also said one of the uninstallation options provided by Sony BMG introduces further vulnerabilities to a system. US-CERT advised, "Do not install software from sources that you do not expect to contain software, such as an audio CD." [9] November 15 is the 319th day of the year (320th in leap years) in the Gregorian Calendar, with 46 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
The EFF uses the blue ribbon as symbolism for their Free Speech defense. ...
November 16 is the 320th day of the year (321st in leap years) in the Gregorian Calendar, with 45 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
The United States Computer Emergency Readiness Team (US-CERT) is part of the National Cyber Security Division of the United Statess Department of Homeland Security. ...
The United States Department of Homeland Security (DHS) is a Cabinet department of the Federal Government of the United States with the responsibility of protecting the territory of the United States from terrorist attack and responding to natural disasters. ...
Sony BMG announced that it has instructed retailers to remove any unsold music discs containing the software from their shelves. [10] It is estimated by internet expert Dan Kaminsky that XCP is in use on more than 500,000 networks. [11]
CDs with XCP technology can be identified by the letters "XCP" printed on the back cover of the jewel case for the CD.
On November 18, 2005, Reuters reported that music publisher Sony BMG would swap affected unsecure CDs for new unprotected disks as well as unprotected MP3 files. [12] November 18 is the 322nd day of the year (323rd in leap years), with 43 remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
Reuters Group plc LSE: RTR NASDAQ: RTRSY is best known as a news service that provides reports from around the world to newspapers and broadcasters. ...
Bertelsmann is a transnational media corporation founded in 1835, based in G tersloh, Germany. ...
Information about the swap can be found at the Sony BMG swap program website [13]. As a part of the swap program, consumers can mail their XCP-protected CDs to Sony BMG and would be sent an unprotected disc via return mail.
On November 29, 2005 the New York Attorney General Eliot Spitzer found through his investigators that despite the recall of November 15 Sony BMG CDs with XCP were still for sale in New York City music retail outlets. Spitzer said "It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year," "I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."[14] On November 30, 2005 Massachusetts Attorney General Tom Reilly issued a statement saying that Sony BMG CDs with XCP were still available in Boston despite the Sony BMG recall of November 15. Attorney General Reilly advised consumers not to purchase the Sony BMG CDs with XCP and said that he was conducting an investigation of Sony BMG.[15] Eliot Spitzer Eliot Laurence Spitzer (born June 10, 1959) is the current Attorney General for New York State and a candidate for the 2006 Democratic nomination for Governor of New York. ...
As of January 26, 2006, Sony BMG's website offered consumers no reference to this issue and no way to locate Sony BMG's explanation or list of affected CD's. (The link below, however, will bring up the explanation and list.) [16]
Legal situation Class action suits have been filed against Sony BMG in New York and California. [17] On November 21, 2005 The Texas Attorney General Greg Abbott sued Sony BMG. Texas is the first state in the nation to bring legal action against Sony BMG for illegal “spyware.” The suit is also the first filed under the state’s spyware law of 2005. It alleges the company surreptitiously installed the spyware on millions of compact music discs (CDs) that consumers inserted into their computers when they play the CDs, which can compromise the systems. [18] [19]. On December 21, 2005 Greg Abbott added new allegations to his lawsuit against Sony-BMG. Abbott says the MediaMax copy protection technology violates the state's spyware and deceptive trade practices laws. He says Sony-BMG offered consumers a licensing agreement when they bought CDs and played them on their computers. But, Abbott alleges in the lawsuit that even if consumers reject that agreement, files -- known as spyware -- are secretly installed on their computers, which pose security risks for music buyers. Abbott said "We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music," and "Thousands of Texans are now potential victims of this deceptive game Sony played with consumers for its own purposes." In addition to violations of the Consumer Protection Against Computer Spyware Act of 2005, which allows for civil penalties of $100,000 for each violation of the law, the alleged violations added in the updated lawsuit, on December 21, 2005, carry maximum penalties of $20,000 per violation.[20] [21] It was reported on December 24, 2005 that Florida Attorney General Charlie Crist is investigating Sony BMG spyware.[22] In law, a class action is an equitable procedural device used in litigation for determining the rights of and remedies, if any, for large numbers of people whose cases involve common questions of law and fact. ...
November 21 is the 325th day of the year (326th in leap years) in the Gregorian Calendar. ...
Template:Infobox Attorney General Greg Abbott in front of the Ten Commandments display he argued for in front of the U.S. Supreme Court. ...
Threats of legal action in Italy have also been reported. [23] On November 21, EFF announced that they were also pursuing a lawsuit over both XCP and the SunnComm MediaMax DRM technology. [24]. On December 6, 2005 Sony-BMG said that 5.7 million of its CDs were shipped with SunnComm MediaMax that requires a new software patch to prevent a potential security breach in consumers' computers. The security vulnerability was discovered by EFF and brought to the attention of Sony BMG. [25][26] The MediaMax Version 5 software was loaded on 27 Sony BMG titles.[27] All these suits are regarding security threats and other damage to customer computers, not copyright issues in the code. The EFF lawsuit also involves issues concerning the Sony BMG end user license agreement. November 21 is the 325th day of the year (326th in leap years) in the Gregorian Calendar. ...
XCP - the XML Control Protocol - is a drop-in replacement for traditional Transmission Control Protocol, or TCP. External links XCP Consortium Categories: Internet protocols | XML | TLAs ...
SunnComm International Inc. ...
MediaMax CD-3 is a software package created by SunnComm and sold as a form of copy protection for compact discs. ...
A software license is a type of proprietary or gratiuitious license as well as a memorandum of contract between a producer and a user of computer software — sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user. ...
Despite the numerous civil lawsuits that were spawned or threatened, the US Department of Justice (DOJ) refused to make any comment on whether it would take any criminal action against Sony. This despite the fact that the company seems to have violated several sections of Federal cybersecurity law. Instead, the DOJ initiated a new bill to Congress called The Intellectual Property Protection Act of 2005 that would formally criminalize the act of file sharing, thus showing support for Sony's efforts to protect its copyrights [28].
A Slashdot story noted [29] that the rootkit includes code and comments (such as "copyright (c) Apple Computer, Inc. All Rights Reserved." [30]) illegally copied from sections of the program VLC written by Jon Lech Johansen and Sam Hocevar, the former best known for being prosecuted in connection with DeCSS (which circumvents the digital rights management mechanism used on movie DVDs). VLC media player (initially VideoLAN Client) is a highly portable media player for various audio and video codecs and file formats as well as DVDs, VCDs, and various streaming protocols. ...
Engineer Jon Lech Johansen Jon Lech Johansen (born November 18, 1983), also known as DVD Jon, is a Norwegian who is famous for his work on reverse engineering data formats. ...
DeCSS is a computer program capable of decrypting content on a DVD video disc encrypted using the Content-Scrambling System (CSS). ...
On December 30, 2005, the New York Times reported that Sony BMG has reached a tentative settlement of the lawsuits, proposing two ways of compensating consumers who have purchased the affected recordings. [31] According to the proposed settlement, those who purchased an XCP CD will be paid $7.50 per purchased recording and given the opportunity to download a free album, or be able to download three additional albums from a limited list of recordings if they give up their cash incentive. District Judge Naomi Reice Buchwald entered an order tentatively approving the settlement on January 6, 2006. [32] The New York Times is an internationally known daily newspaper published in New York City and distributed in the United States and many other nations worldwide. ...
Bertelsmann is a transnational media corporation founded in 1835, based in G tersloh, Germany. ...
The settlement is designed to compensate those whose computers were infected, but not otherwise damaged. Those who have damages that are not addressed in the class action are able to opt out of the settlement and pursue their own litigation. [33]
A fairness hearing will be held May 22, 2006 at 9:15 am at the Daniel Patrick Moynihan United States Courthouse for the Southern District of New York at 500 Pearl Street, Room 2270, New York, NY.
Claims must be submitted by December 31, 2006. Class members who wish to be excluded from the settlement must file before May 1, 2006. Those who remain in the settlement can attend the fairness hearing at their own expense and speak on their own behalf or be represented by an attorney.
Company & press reports In a November 7, 2005 article, vnunet.com summarised [34] Russinovich's finding in a less technically detailed way, and urged consumers to avoid buying Sony BMG music CDs for the time being. The following day, The Boston Globe (boston.com) [35] classified the software as spyware and confirmed that it communicates personal information from consumers' computers to Sony BMG. The methods used by the software to avoid detection were likened to those used by data thieves. November 7 is the 311th day of the year (312th in leap years) in the Gregorian Calendar, with 54 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
The Boston Globe is the most widely circulated daily newspaper in Boston, Massachusetts and in the greater New England region. ...
Malicious websites may attempt to install spyware on readers computers. ...
After the first virus which made use of Sony BMG's stealth technology to make their malicious files invisible to both the user and anti-virus programs surfaced on November 10, 2005 [36], Yahoo! News announced on November 11, 2005 [37] that Sony BMG has suspended further distribution of the controversial technology. November 10 is the 314th day of the year (315th in leap years) in the Gregorian Calendar, with 51 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
...
November 11 is the 315th day of the year (316th in leap years) in the Gregorian Calendar, with 50 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
According to ZDNet News: "The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases." The uninstall program obeys commands sent to it allowing others "to take control of PCs where the uninstaller has been used." [38] SunnComm International Inc. ...
According to BBC News on November 14, 2005 [39], Microsoft has decided to classify Sony BMG's software as "spyware" and provide tools for its removal. In both this and the previous Yahoo! News announcement, Mark Russinovich is quoted as saying, "This is a step they should have taken immediately." The current BBC News logo BBC News and Current Affairs (sometimes abbreviated BBC NCA) is a major arm of the BBC responsible for the corporations newsgathering and production of news programmes on BBC television, radio and online. ...
November 14 is the 318th day of the year (319th in leap years) in the Gregorian Calendar, with 47 days remaining. ...
2005 (MMV) was a common year starting on Saturday of the Gregorian calendar. ...
Microsoft AntiSpyware, also known as Windows AntiSpyware, is a piece of software designed to remove, quarantine or prevent a spyware presence on Microsoft Windows 2000, Windows XP and Windows Server 2003 operating systems. ...
Malicious websites may attempt to install spyware on readers computers. ...
Yahoo! Inc. ...
Wikinews has news related to this article: Sony faces class action lawsuits for DRM Mark Russinovich is a software engineer and writer. ...
See also XCP-Aurora Extended Copy Protection (XCP) is a software package developed by the British company First 4 Internet and sold as a copy protection or digital rights management (DRM) scheme for compact discs. ...
Digital rights management (DRM) is the umbrella term referring to any of several technologies used to enforce pre-defined policies controlling access to software, music, movies, or other digital data and hardware. ...
OpenMG is a SDMI-compliant digital rights management scheme by Sony. ...
SonicStage is the name for Sony software that is used for managing portable devices when they are plugged into a computer running Windows. ...
Sony Connect The Connect Music Store is Sonys music store built within the SonicStage music management application for Microsoft Windows-based personal computers. ...
A rootkit is a set of software tools frequently used by a third party (usually an intruder) after gaining access to a computer system. ...
References - Bergstein, Brian (Nov. 18, 2005). "Copy protection an experiment in progress". Seattlepi.com.
External links |
Feeds |
Contact