« When In Paris ... What Should Algerians And Moroccans Do? | Main | Sprint Brings Music Direct to Cellphones, But Price Is Too High »
November 18, 2005
Sony's DRM woes expand to include copyright infringement
by Simon Aughton
from PC Pro: News
If Sony BMG was hoping that the controversy surrounding its copy-protected CDs was going to die away, it was reckoning without infamous hacker Jon Lech Johansen, better known as DVD Jon.
It seems that the XCP software from UK company First4Internet that Sony had been using to prevent unauthorised copying of its music CDs, until it agreed to recall some 4.7 million discs, contains code 'infringing the copyright of several open source projects', Johansen notes in his blog. This includes code that he himself wrote for VLC, a free cross-platform media player.
The code was uncovered by Finnish software developer Matti Nikki, who also discovered other copyright violations.
'Multiple software components on the CD have references to the LAME open source MP3 code,' he wrote in an email. His findings have been substantiated by others.
'We can confirm that at least five functions in the XCP software are identical to functions in LAME,' Thomas Dullien from Sabre Security, a company that specialises in the analysis of complex software, told Reuters.
Although open source software can be freely used, it must be credited as such. No mention of it was made in the XCP code.
Code in the LAME application is licensed under the lessser GNU General Public Licence (LGPL) that, while not as ascetic as the GPL, still places obligations on the use of that code. This includes terms such as 'You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License'.
First4Internet and Sony BMG declined to comment.
Sony
ADVERTISEMENT
BMG's problems began two weeks ago when it was discovered that the DRM software puts hidden 'rootkit' code on a PC when the CD is inserted. This code can be used by to conceal any kind of file without restriction making it an ideal hiding place for viruses and other malicious code. Needless to say several Trojan horses quickly appeared.
Sony quickly offered a fix and declared the story 'old news' but despite assurances that a new version of XCP would make the rootkit code visible, pressure from Sony artists and the threat of legal action meant the issue would not go away.
Microsoft's announcement that it would provide software to remove the code appears to have been the last straw for Sony, which said that it was suspending production of the CDs. It then offered to replace the 2.1 million discs that had been sold and withdraw a further 2.6 million from the shop shelves.
The problem that now faces Sony BMG, as well as the other three major record companies EMI, Universal and Warner, is convincing consumers that they can safely buy copy-protected CDs. In many peoples' eyes, the letters DRM will now be associated with spyware and viruses.
DRM Watch's Bill Rosenblatt says that consumers will rebel and that the labels must react.
'Do record companies intentionally sanction the use of such intrusive technology, or did they just not understand what the vendors of that technology were showing them?' he asks.
'It is time for record companies to get serious about technology, to understand it well enough so that they can foresee the impact of DRM technology without, as we suspect, being blindsided. Now we know that such technology can negatively affect consumers in ways that go beyond anyone's definition of "fair use".'
Outspoken pro-file sharing website p2pnet is rather more damning.
'The Sony BMG DRM spyware farce has become a full-scale, full-blown disaster not only for Sony, but also for its brethren in the movie and music industries.'
Posted by andrewanissi at November 18, 2005 08:12 AM