SunnComm Says Pointing to Shift Key 'Possible Felony' 1217
The Importance of writes "A couple of weeks ago BMG released an audio CD with a new type of DRM. Earlier this week, a computer science graduate student at Princeton wrote a report showing the DRM was ineffective - it could easily be defeated by use of the 'shift' key. The stock of the DRM company (SunnComm) has since fallen by 20%. Now, SunnComm plans to sue the student under the DMCA and claim that SunnComm's reputation has been falsely damaged. According to SunnComm's CEO, 'No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property.'"
Why not sue Microsoft as well? (Score:3, Insightful)
Morons.
What total bullshit (Score:5, Insightful)
Stop the ride. I want off.
So I guess... (Score:5, Insightful)
Magic markers and shift keys asside, I guess using a "slim-jim" to gain access to one's own car is wrong too. The car door was certianly never designed to allow entry using this method. Where's the DMCA when you really need it??
They obviously have no case, but is there a way for Hamilton to effectively defend himself in case it's allowed to go to trial?
Just a guess... (Score:5, Insightful)
I mean, a judge would have to be wacky to find for the SunnComm if only because:
1) Microsoft published these directions to bypass the SunnComm protection years ago
2) The publishing of opinions is generally considered freedom of the press isn't it?
My first reaction is that this is an April Fool's joke, except its the wrong time of year.
Time to do something. (Score:5, Insightful)
yeah, yeah (Score:5, Insightful)
No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to deprive people of their rights.
No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to hide the fact that your product is shoddy, and very likely will not work as advertised.
No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to exagerate the dammage caused by saying 'hold the shift key.'
But who's counting?
Re:Suing the wrong person (Score:1, Insightful)
Re:Perfect test case... (Score:5, Insightful)
In a sensable world, they would have to prove beyond all doubt that the student made the report with full intention to facilitate piracy, and not simply "Hey guys, this software is crap and here's why"
I hope they don't expect their stocks to go back up after filing this lawsuit!
=Smidge=
what a fucked up country... (Score:1, Insightful)
Re:Or they could learn..... (Score:5, Insightful)
Mother nature cannot be appealed (with apologies to Feynman).
Re:Perfect test case... (Score:5, Insightful)
Countersue for tresspass (Score:5, Insightful)
Chilling effect (Score:5, Insightful)
Here is something that a judge will actually understand: a graduate student publishing a plain-English report of research into DRM being sued (and bankrupted) under the DMCA for pointing out a shift key.
So... (Score:5, Insightful)
This case will answer the question; if you uninstall something, or refuse to install something, does that constitute as a circumvention of the security of digital media (meaning, if you don't view it with a certain app), and hence, is it a felony? This could go as far as to say that by opening a Game cd with the explore function in windows that you are circunventing the copy protection schemes of the game by viewing the raw content, such as movies, without agreeing to the eula (generally, a 2nd time around thanks to package lisencing). Could Trillian be considered circumvention of MS's MSN messanger service? How rediculously far do they want to take this?
This case is different than skylov's case. Skylov went ahead and (I believe this is the one) broke Adobe's encryption schemes and published the weakness. This is a direct, purposful circumvention. Now we're extending the law to accidental and really nitpicky issues, and forcing the user to do certain things without even really telling them.
And just think of what corperations like microsoft will do with stuff like this. "Since they had linux installed and since linux ignores autorun, they circumvented the cd copy protection." Can we say "Fok me"? They're getting so far away from what people think is right and wrong. It's getting real ugly now, I'm curious if they'll set a precident for or against the people and how far they'll go with this before they start outright revoltes. Pretty soon cd's will have all kinds of protection schemes, and users won't buy them because they can't do what they want with them. They'll still go for the indie cd's and stuff their friends burn for em'. For those who aren't interent savvy, I hope they have internet savvy friends to teach them.
Remember this guys, help your buddies, get them setup with p2p apps and talk with them. Teach them how to use a computer.
Note this part.. (Score:2, Insightful)
Translated: we will call our driver by the same name as legitimate drivers, or whatever name we want; and we will sign shady under-the-table deals with other ISVs to sneak our DRM crippleware onto your computers without you ever realising.
"I can't rip this CD to make a backup!"
"Ah, have you ever installed [famous-brand antivirus software / famous-brand office suite by Redmond-based company / Microsoft QFE patch# Q666666]? That means you've now got Suncomm's software on your system.."
Jeez, it really makes my blood boil. How can these people get away with this?
If you or I were to write a program that claims to "enhance your computer experience", but which actually cripples the PC in some way, we'd (rightly, IMHO) get the book thrown at us for being malware/virus writers. But companies like this do it, and it's considered so acceptable that anyone criticising it can be sued into oblivion?
AAAARGH! [hits head repeatedly on keyboard]
SunnComm in the wrong (Score:3, Insightful)
This doesn't mean, however, that they won't abuse the court system in the usual ways and come out on top -- but at least we know that cheating is the only way they can win.
Re:Perfect test case... (Score:5, Insightful)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom
Set the Autorun key to 0. Done. One of the first things I do on any machine I install or have to use. I absolutely hate Autorun and find it one of the most useless "innovations" of the last decade.
Re:What total bullshit (Score:3, Insightful)
Every few years we get an opportunity to completely overhaul the whole thing from the top down, and you know what happens? Every time, "we" choose the status quo.
I think for all the ranting and raving on the fringe, the government of the US actually does operate under the informed consent of its constituents. To me, that is a scarier thing to ponder than the "rogue state" theory.
Read a Whitepaper? WTF? (Score:5, Insightful)
It's as if someone said you can secure your house by tying the door shut with a piece of twine in a bowknot. When people happen to notice you can bypass this fortification by tugging on the knot, the "knot idea" man tells you you'd see that conclusion is erroneous if you read the knots section of the Boy Scout Handbook.
What really boggles the mind is this:
Concluded Jacobs, "This cat-and-mouse game that hackers and others like to play with owners of digital property is over..."
Holding down SHIFT is HACKING? You can't even point out an obvious flaw anymore? "We want to make lame-ass, shitty software, and don't you DARE point that out!"
Re:Ever get that (Score:5, Insightful)
credentials
I just want to copy the CD I BOUGHT.
one's knowledge and the cover of academia
So becasue some grad student discovered this in "academica" it should have been kept as a secret?
cover of academia to facilitate piracy
Yes, we all belive that what he really wanted was to commit "piracy" not to expose some stupid non-working restrictions technology.
theft of digital property. For the umteenth time: Copyright infringement is not theft.
This must be The Most Erroneous and Counterfactual statement of the year.
Darl McBride had some nice rants but this is a masterpiece.
Re:So I guess... (Score:5, Insightful)
I wonder if the fact that so many companies are making their living selling digital snake oil could be part of the problem -- sue one of 'em, and the whole house of cards could come down around all their ears.
Re:Just a guess... (Score:4, Insightful)
Tell that to Dmitry and his employer!
I think this might be just the case to take to the congress and point too as something that "chills free speech" Those are 1st Amendment fighting words that MAYBE they'll pay attention too!
But then I believe in the easter bunny too.
Stupid Question Time (Score:5, Insightful)
If it does interefere with other programs that use the CD-ROM drive, can't the government prosecute them for terrorist activity now that hacking has been declared a terrorist activity? After all, they've created a program that tricks users into executing it and is designed to damage the computer's normal functions.
Re:What total bullshit (Score:5, Insightful)
Good analogy. I'm not sure if your Emperor and tailor are the same as mine though. My Emperor is all of the music studios, and the tailor is all the companies peddling this useless DRM crap to them. What amazes me is that the studios don't (or won't) see the way that they are being duped in the same way as the Emperor of the fable.
Let's face it, a CD with DRM must still work on an audio CD player, no matter what, or there point is no point in producing the CD in the first place, although for some of the pap being pushed at present that would not be a bad thing, but I digress... That means that the raw CD audio data must be accessible to a CD audio drive. If it's accessible to a CD audio drive, then it must *also* be readable as raw data by a CD ROM drive (which is often the same thing anyway), even if you have to resort to a raw sector read. If you can read the CD audio data, then you can create a copy, and guess what? It's just raw audio data! Open it your favorite audio editor as 16bit, 44.1KHz stereo raw audio and you can MP3/OGG it, save it as WAV and burn to CDR, whatever.
Then again, this is the same industry that's allowing its trade association to sue its own customers. As was pointed out [slashdot.org] earlier today, this tactic didn't work too well against Henry Ford either. Hopefully this latest debacle might encourage them to see the light, but somehow I doubt it very much indeed.
Re:Or they could learn..... (Score:5, Insightful)
"We'll fix it later" != security (Score:4, Insightful)
"He said the company was also exploring a civil suit based on damage to the company's reputation, since Halderman concluded that the technology was ineffective without knowing about future enhancements."
So 'future enhancements' make current technology effective? What kind of bullshit is that? That's like saying Windows is secure because it'll eventually be fixed, and there are millions of people whose computers got hit recently who know that's about as effective a security measure as the rhythm method.
Cannot use stock market as evidence (Score:5, Insightful)
What's really insane is that they are actually using the stock market to justify the damages they supposedly endured. Any judge with any ounce of sense will reject this as bullshit. The market is so damn volatile these days that you cannot use it as evidence unless it could be proven that the accused performed actions specifically to manipulate the market.
If the market did go down because of his actions, it was only because investors saw the company had a crappy product to begin with and it was only a matter of time anyway.
Re:Metaphor - more accurate (Score:4, Insightful)
Re:SunnComm == ZomboCom ? (Score:5, Insightful)
But they can't have it both ways -- either pressing the shift key doesn't do a damn thing, in which case the student "falsely damaged" their reputation but did not violate the DMCA, or pressing the shift key breaks their 'copy protection' scheme, in which case he may have violated the DMCA but he did not damage their reputation, their lame product did. But not both.
Re:P.S. (Score:2, Insightful)
SunnComm is truly pathetic (Score:5, Insightful)
If anything should be illegal, it should be their shoddy technology. First, they create a CD that is obtensibly a music compact disc, but is in reality a CD-ROM that surreptitiously installs programs onto a user's computer without the computer owner's attempt, in a deliberate attempt to sabotage the functionality of the computer. This is what is known as a "virus"*.
Then they present this ill-concieved technology to their clients and shareholders as some sort of panacea, knowing all the while that it is utterly ineffective. This is what is known as "fraud".
To top off their audacity, they then threaten a lawsuit against the researcher who alerted the public to this fraud. This is completely ridiculous. What next, a medical researcher's tests prove that Quack Corp.'s Snake Oil does not really enlarge your penis, so the researcher is sent to prison?
This is a technology that is dependent on an unrealistic number of constraints. If the user of the CD is running Windows AND has autorun turned on AND doesn't press the shift key while putting the disc in AND allows the SunnComm virus to infect their computer AND leaves it running AND tries to copy the music, it won't work, otherwise it will. Oops I just pointed out how flawed their scheme is too, I guess that's a "possible felony"
.* To be pedantic it's more of a trojan than a virus because the malicious code does not self-replicate beyond installing from the disc, but you get the idea.
Did Jacobs just say something really stupid? (Score:3, Insightful)
Is it just be or did he just accidently take a stand for the rights of consumers to do what they please with the products they buy?
Re:Just a guess... (Score:5, Insightful)
I know it sucks for the kid who felt all smart about writing his paper, but that's how f*cked our market is right now. If you do anything to hurt any business entity, no matter how silly the issue, expect it to spend resources on trying to make an example out of you.
By the wording of the DMCA, yes, even suggesting how to defeat that pitiful copy protection is illegal. 'Circumvention' doesn't have to be complex lines of code. It can be and is something this simple. This law has got to go. I am amazed at how little mass media coverage it's gotten. It's one of those issues that isn't just 'geek', it's a serious rights issue that can impact people in ludicrous situations like this one.
Now, I would just like to be able to legally remove the CD check from my Battlefield 1942 installation. I've got a $450 DVD burner and wasting it's spin-life while the damned game makes sure I'm not stealing every MP game launch and every level change. Have a little respect for me for a change, why don't ya?
Re:What total bullshit (Score:4, Insightful)
If the stock market and their customers don't react to this, but instead accept this as "normal business practise" they could continue to sell their products. Over time this would lead to a sustainable environment for companies that in a "normal" society would have been put out of business.
If on apply some normal sense of economic theory competition should have lead them to bankruptcy but with the music industry they might be able to coexist. For a while.
Re:Perfect test case... (Score:3, Insightful)
Too bad the circumvention came before the protection scheme.
Re:Perfect test case... (Score:1, Insightful)
the standard for cd's have become common to most people that it just contains music. in most circles (harmless or not)this behavior is considered viri in nature.
even though the cd contains a message that it was enhanced by this companies software doesn't mean it will install it (even if it is just until the computer is rebooted.)the enhance message seems to indecate better adio or a process done durring the manufacturing of the cd, not that it will install a parasite onto a normaly working computer that would interfere with normal legal uses of that computer.
i say lets nip this in the but and start sueing for damages in diagnostic time for the machine not functioning properly and research time that was taken to remove the parasite. it is our computer and it is completly legel to rip music on it (for our personal use) without thier hidden virus scambling the sound and making us loose hours of valuable time and resources trying to get to the bottom of it.
this action is completly alien to the normal operation of a music cd in any normal cercumstance. i smell class action here.
i also believe the acticle wasn't writen to get around the priacy prevention but to aid us in our pursuit to rid our computer of this parasite and help us save diagnostic time and resources.
Re:Did Jacobs just say something really stupid? (Score:5, Insightful)
When you boil it all down, Sunncomm is dancing, but the RIAA are calling the tune. It is the RIAA and affiliated labels who need to be boycotted until they reform, or perish. [dontbuycds.org] Sunncomm will die on their own. Sunncomm alredy lost Sound Choice Karaoke as a customer. Using the previous DRM scheme, Mediacloq, caused a backlash that really hurt them, and karaoke is a niche market.
Re:So I guess... (Score:5, Insightful)
Clearly this DRM was not tested with the single most common user behaviour (negating autorun with the shift key) -- demonstrating that the designer was less than fully competent.
Check this [cnn.com] out:
Not only did they test. They *knew* it could be done and *still* released. They have no room to talk.
Re:Read a Whitepaper? WTF? (Score:2, Insightful)
You can't even point out an obvious flaw anymore? "We want to make lame-ass, shitty software, and don't you DARE point that out!"
Seriously, If Jacobs loses, he should sue MS. They told him how to do it, its in the help files. Just get your money back for the lawsuit plus 5 or 6 hundred thousand for the go of it. While your at it, make it a class action suit . LOL
Ownership, again (Score:4, Insightful)
I agree. The problem here is that the idea of ownership is simply not defined properly in modern american law. It has suddenly become legal, in the last few years, for companies to sell me products to which they retain ownership. If this problem is corrected, and consumers are given rights to the products they buy, a large portion of this DMCA nonsense would evaporate.
Re:Mod Parent Down (Score:3, Insightful)
Re:Executive dumping? (Score:5, Insightful)
Re:divergent paths in a yellow wood (Score:2, Insightful)
I think this graduate student has a chance of making it through this. Not a great chance, but a chance. I was browsing his webpage (briefly) and noted that in addition to his CS courses, he's taken one or two law courses. I know that "one or two law courses" does not even remotely equal "lawyer", but right now we're only at the initial yelling stage.
If he's lucky, he may know the right people, or the right things to say to prevent this from going any further.
Also, I suspect that with his background in computer security he may have already been prepared for a situation like this. Perhaps he even expected it.
Re:divergent paths in a yellow wood (Score:3, Insightful)
Of course, somehow in the past 50 years, the almighty corporation has become more important than scientific advancement/academia. This is very scary. Ironically, this thinking will eventually (if it hasn't already) severely hurt the very businesses who are trying to bury research.
Re:Perfect test case... (Score:5, Insightful)
You've latched onto something important. Everybody is focusing on how idiotic suing someone over the shift key is, but they haven't read the original paper. The paper is chock full of an explanations about how to defeat the copy protection scheme. Prime fodder for trial by DMCA. However, since the copy-protection scheme relies on a mechanism within windows that has historically been frequently disabled by many users, the history of such may be used in defense of the author. The author did not actually do anything to disable the copy protection. He merely pointed out that protection method wouldn't work on a significant number of machines right out of the box.
Re:Perfect test case... (Score:4, Insightful)
Because when I put in a CD, *I* plan on making the fucker do what *I* want it to do, run, or not run whatever's on it that *I* decide, and do all that precisely whenever *I* so choose, as opposed to rolling over and playing dead for the Mighty Gods of Software, who must surely know what's best for me, my family, and my nation.
Re:Now, I must be that devils advocate. (Score:3, Insightful)
Additionally, the analogy is a little off. What he's really doing is more like telling everyone how to keep an unknown third party out of their own lockers, because he's seen them breaking into lockers and how they're doing it.
If I use Linux/Mac/DOS/etc... (Score:2, Insightful)
Re:Perfect test case... (Score:3, Insightful)
If you worked at Dell or Gateway for tech support you would love autorun, you can just tell your client "Ok stick in the CD and wait for this dialog to pop up." And you know it will pop up because the computer came with auto run. And if it doesn't pop up the user knows enough to load their own CDs, either way it makes your job easier having it their instead of having no option at all.
Besides, being a moron would be to say that every user can handle a "OK/Cancel" screen, we all know that most users will be to stupid to hit OK because they think "Hey it's installed I should hit cancel so it doesn't install again." Then they sit and wait for it to pop up with the Play dialog (usually after you install a game or something like that it'll switch from Install to Play making it incredibly easy on the user.) Besides having two dialogs like that would be a bad UI design.
And if this was such a great idea, why don't hardware CD players have "autorun"? I have three of these and all of them require me to hit play before they play the disk I inserted (granted some have autorun, but at least 3 dont).
Dude right their you say "Well hardware CD players don't have autorun because it's a dumb idea" and right after that "Well some do have it but mine don't." Every CD player I've ever used had auto run. I've had at least 4 stereos, and 6 car stereos (purchased 4 cars with CD players, bought 2 new head units with CD players.) So from that logic (my 10 stereos to your 3 and I didn't even include my DVD player or VCRs which all have autplay) autorun is a very good idea.
Sunncomm makes Linux a DMCA violation? (Score:1, Insightful)
Jesus Tapdancing Christ (Score:5, Insightful)
Why don't you just sue Microsoft? They created Windows with this "don't load custom drivers" hole! Also, let's sue manual writers! I'm sure there has to be a manual somewhere which desctibes (IN DETAIL NO LESS) this method for circumventing CD security. And why don't we sue keyboard manufacturers, they're the ones who give users that fscking shift key IN THE FIRST PLACE!
This company is just pissed that their half-assed solution to a problem that cannot be fixed by means of a technological barrier was so easily defeated. One keystroke...jesus...and they actually went ahead and spent the money on the R&D for this? Is ANYONE awake over there?
They deserve what they got, and the RIAA should be pissed at them for pawning off this assinine scheme to them as a reasonable solution.
PS: This makes me realize exactly how bad a law the DMCA is; It is an attempt to, by law, enforce security through obscurity. If answers are outlawed, then only outlaws will have answers.
Re:divergent paths in a yellow wood (Score:3, Insightful)
I think it is because all of the students in college that could not go into science/engineering ended up going on to get JDs and MBAs. They naturally derive an ego (we all do actually) that dictates that the graduate program that they are from is far more important in the world. So in this case, we have a nice blend of MBAs and JDs pushing the legal system away from scientific academia and toward corporate interests.
Either that or I just got up way too early today...