November 11, 2005
Sony Suspends XCP Copy Protection for CDs
Sony announced that it would suspend manufacturing CDs using XCP copy protection. The company said it would continue using copy protection from SunnComm for other CDs.
Read it in USA Today here.
DOJ Wants Criminal Penalties for Attempted Copyright Infringement
News reports on a speech made by Attorney General Alberto Gonzalez indicate that the DOJ is looking to congress to pass more laws protecting intellectual property. The proposed Intellectual Property Protection Act draft would, among other things, criminalize activity that attempts copyright infringement; seize and destroy prirated goods, including the instrumentalities that made them possible; and any goods purchased with the proceeds from the pirating activity.
The law would also allow prosecutors to go after infringers when the work is not registered with the U.S. Copyright Office. Current law limits criminal actions to registered works. Business and trade associations with heavy investments in intellectual property applauded the move, while consumer rights organizations came out against it.
Read more about it here.
FTC Shuts Down Spywate Site
The FTC has successfully sued a spyware operation that offered free music, ring tones, and other lures and included unannounced spyware along with the downloads.
From the FTC press release:
Defendants named in the FTC complaint are Enternet Media, Inc.; Conspy & Co., Inc., Lida Rohbani, also known as Linda Rohhani and Lida Hakimi; Nima Hakimi; Baback (Babak) Hakimi, also known as Bobby Rohbani and Bobby Hakimi, individually and doing business as Networld One, all based in California which used exploitative code called: “Search Miracle,” “Miracle Search,” “EM Toolbar,” “EliteBar,” and “Elite Toolbar.” The defendants do business as “Enternet Media, Inc.,” “Enternet,” “www.searchmiracle.com,” “www.c4tdownload.com,” and “www.cash4toolbar.com”. The affiliate, also charged in the complaint, is Nicholas C. Albert, doing business as Iwebtunes and www.iwebtunes.com, based in Ohio.
The agency’s complaint alleges that the defendants’ software code tracks consumers’ Internet comings and goings; changes consumers’ preferred home page settings; inserts new toolbars onto consumers’ browsers; inserts a large side “frame”or “window” onto consumers’ browser windows that in turn displays ads; and displays pop-up ads on consumers’ computer screens, even when consumers’ Internet browsers are not activated. In addition, the agency alleges that once the spyware is loaded on consumers’ computers, it interferes with the functioning of the computer and is difficult for consumers to uninstall or remove.
The full press release and links to court documents are here.
November 10, 2005
Sony Gets Sued Over DRM and More
Lawyers filed 3 suits in California November 1 against Sony for violating state anti-fraud laws and laws against spyware. The California's Consumer Protection Against Spyware Actforbids "the taking control of a consumer's computer, modifying computer settings, and the prevention of a user's efforts to block or disable software," according to papers filed in court. Another suit may be filed in New York soon.
The Electronic Frontier Foundation noted that it was also considering a class action lawsuit, and identified 20 CDs that use copy protection. Staff attorney Fred von Lohmann also published a somewhat sarcastic but accurate analysis of the EULA Sony BMG gave to consumers. Some examples:
- If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.
- You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.
- The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.
- Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.
- If you file for bankruptcy, you have to delete all the music on your computer. Seriously
Earlier reports on this story also indicated the virus writers could piggy back onto the Sony rootkit. That was described as theoretical by representatives of First 4 Internet, the company that created the software. News reports indicate that theory has becomes reality. A number of trojans appeared circulating via email that exploit the Sony rootkit to take over machines. They come in the form of an email that purports to be British magazine asking recipients to verify a photo to be used in a coming article. Clicking on the link installs the virus.
Good thing for Sony that their EULA disclaims any damages for this sort of occurrence. My own feeling is no music is worth this hassle.
Read the Information Week story here.
Read the ZDNET article on the trojan exploits here.
Federal Judge Enjoins Michigan Video Game Law
U.S. District Court Judge George C. Steeh granted a preliminary injunction to the Electronic Software Association prohibiting Michigan from enforcing of its ban of selling violent video games to minors. Judge Steeh is quoted as writing "(Michigan) has been unable to demonstrate the perceived harm it seeks to protect against." The judge also noted that free speech harmed if the law went into effect on December 1st. Suits against a similar California law are pending. So far, judges have struck down similar laws in St. Louis, Washington State, and Indianapolis.
November 9, 2005
Sony DRM: Even More Revelations
Apparently the horse is far from dead on this. Computer Associates has more to say on the security risks posed by the Sony DRM software at the center of uproar over its techniques for protecting CD Audio. First there was the cloaking of the DRM files, then the patch uncloaking them, then the potential security risk from virus writers piggy-backing the software, then and the difficulty in removing the software without express instructions from Sony customer service.
Now CA says that the software also inserts psuedo-random noise in an mp3 file even if the file is ripped from a non-copy protected CD. Sony had no comment at this time. The issue that disturbs CA, and presumably others, is consent a control. In the meantime, Symantec has also announced that its antivirus software will identify but not remove Sony's code, pointing users to Sony for removal instructions.
Read more here.
Federal Judge Indicates No Stay in Blackberry Patent Case
Federal Judge James Spenser told parties yesterday that he would consider whether the settlement reached between Research In Motion, maker of the Blackberry, and NTP, Inc., a patent holding company, was enforceable. NPT successfully sued RIM for patent violation and sought an injunction against further infringement. In the meantime, the U.S. Patent and Trademark Office began to independently review the patent claims. The settlement fell apart over intreprentation of its terms. The Judge said, however, that it is unlikely that he would stay the case pending the outcome of the USPTO investigation. "Frankly it's highly unlikely that I'm going to stay these proceedings ... I don't run (patent office) business and they don't run mine," Spencer said.
Read more in the Reuters story via the Washington Post.
November 8, 2005
Supreme Court Will Not Hear Programmer's Appeal in Infringement Case
The Supreme Court declined to hear a programmer's appeal over alleged copyright infringement of computer code. William Krause alleged that Titleserv, a title insurance firm, had infringed on his copyrights when it changed code that he developed over years of work for the company. Krause left the software on the Titleserv servers and placed locks on the code and said Titleserv can run the software but not edit.
Titleserv broke the software locks and did edit the code and was sued by Krause. Both a federal trial court and court of appeals held for Titleserv. The Supreme Court declined further appeal. The courts reasoned that it was legal for Titleserv to manipulate the software provided they owned a physical copy of the program, the changes constituted an essential step in utilization, and the software was used in no other manner.
Grokster Goes Away (For Now)
Grokster has agreed to shut down as part of a settlement with the RIAAand the MPAA. The file sharing company agreed to stop participating in the theft of copyrighted files, to stop giving away its software, and to pay $50 million in cash. The Supreme Court ruled against Grokster in June of this year.
This will not be the end for the brand name, however. There are plans to launch a legal version of Grokster that would charge for legal downloads.
More on this from the Associated Press via the San Jose Mercury News.
November 7, 2005
SCO Demands Non-Existent Linux Code from IBM
Speaking of stories that never seem to go away, SCO has demanded that IBM turn over documents relating to IBM's contributions to the Linux 2.7 kernel. The problem is that it doesn't exist. In fact, there are no plans for a 2.7 kernel. The protocol for discovery is that SCO is supposed to tell IBM what code in Linux to which they have the rights and how IBM misused it, and IBM is supposed to provide discovery on the infringing code. It is hard to believe that David Boies, who prosecuted the Microsoft antitrust trial on behalf of the government, is part of SCO's legal team.
Read the details here on Groklaw.
Sony DRM Controversy Continues
Will this story ever go away? That's what Sony executives must be asking themselves daily. Apparently the more Sony's heavy-handed DRM gets publicized, more stuff happens. Latest developments are that an Italian digital rights group has filed a complaint about the software with the head of the Italian investigative cyber-crime unit, the Guardia di Finanza. This could lead to criminal charges.
Computer Associates International now plans to classify Sony's software as spyware and will include removal tools in its November 12th release of its anti-spyware software. Computer Associates advises disabling autoplay when installing an XCP based CDs, or holding down the shift key, which does the same thing on a one time basis. The company also has instructions on how to remove the software.
Read all about it and get the links to the CAI removal strategy in this PC World article.
November 6, 2005
MIT Network Tracks Users as a Feature
Sometimes when I search the Microsoft Knowledge Base I find articles that tell me the behavior I'm trying to remove is a design feature and not a program defect. Similar is the design of the MIT Campus wireless network, that not only maps connected users, but can identify them by name and track their movements from building to building. Some shudder that they can be so identified even as a blip on the screen. The advantage to this identification is the ability for users to see where the crowds may be working and either join them or go somewhere else. The disadvantage is the apparent lack of privacy. Information is updated on electronic campus maps about every 15 minutes or so. The design is sophisticated enough that 3D renditions can distinguish between floors in a building. Those who want to be identified by name on maps must opt into the system, otherwise the system identifies connections anonymously. CNN has the report here.
Contrast this to a nifty report in the Washington Post on how the FBI is using national security letters and other techniques to track movements of ordinary citizens who may be peripherally involved with a terrorist investigation. In the past, those rules involving data collection required data on innocent citizens to be destroyed once there was a determination of innocence. No more, says the story. Now the information is retained in government databases and may be freely shared with other government agencies. The FBI apparently collected data on well over 300,000 visitors to Las Vegas at the end of 2003 because of a possible terrorist plot aimed at the city. The plot obviously never reached fruition, if it existed at all. Imagine what the government could do with a wireless network tracking individual movements. With cell phones, laptops, cameras, RFID tags all spewing out information, who knows what controls will need to be in place to ultimately protect privacy?