Slashdot Mirror

← Back to Stories (view on slashdot.org)

SunnComm Says Pointing to Shift Key 'Possible Felony'

Posted by CowboyNeal on from the same-shift-not-different-dmca dept.

The Importance of writes "A couple of weeks ago BMG released an audio CD with a new type of DRM. Earlier this week, a computer science graduate student at Princeton wrote a report showing the DRM was ineffective - it could easily be defeated by use of the 'shift' key. The stock of the DRM company (SunnComm) has since fallen by 20%. Now, SunnComm plans to sue the student under the DMCA and claim that SunnComm's reputation has been falsely damaged. According to SunnComm's CEO, 'No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property.'"

35 of 1,217 comments (clear)

  1. Why not sue Microsoft as well? by Lieutenant_Dan · · Score: 3, Insightful

    After all they built in the ability to bypass the Autorun feature.

    Morons.

    --
    Wearing pants should always be optional.
  2. What total bullshit by 1010011010 · · Score: 5, Insightful

    They're just mad they were found out to be dummies with a broken product, and that their share price dropped 20% when Wall Streeties discovered they were dummies. Solution: sue the guy who said, "the Emperor has no clothes!"

    Stop the ride. I want off.

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
    1. Re:What total bullshit by Zocalo · · Score: 4, Insightful
      They're just mad they were found out to be dummies with a broken product, and that their share price dropped 20% when Wall Streeties discovered they were dummies. Solution: sue the guy who said, "the Emperor has no clothes!"

      Good analogy. I'm not sure if your Emperor and tailor are the same as mine though. My Emperor is all of the music studios, and the tailor is all the companies peddling this useless DRM crap to them. What amazes me is that the studios don't (or won't) see the way that they are being duped in the same way as the Emperor of the fable.

      Let's face it, a CD with DRM must still work on an audio CD player, no matter what, or there point is no point in producing the CD in the first place, although for some of the pap being pushed at present that would not be a bad thing, but I digress... That means that the raw CD audio data must be accessible to a CD audio drive. If it's accessible to a CD audio drive, then it must *also* be readable as raw data by a CD ROM drive (which is often the same thing anyway), even if you have to resort to a raw sector read. If you can read the CD audio data, then you can create a copy, and guess what? It's just raw audio data! Open it your favorite audio editor as 16bit, 44.1KHz stereo raw audio and you can MP3/OGG it, save it as WAV and burn to CDR, whatever.

      Then again, this is the same industry that's allowing its trade association to sue its own customers. As was pointed out earlier today, this tactic didn't work too well against Henry Ford either. Hopefully this latest debacle might encourage them to see the light, but somehow I doubt it very much indeed.

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:What total bullshit by EinarH · · Score: 3, Insightful
      It will be very interesting to see if the DCMA can protect the company from this (and future) disclosure(s). That could indicate that a company with a degraded product can be protected from accusation and disclosure if that hurts them financially.

      If the stock market and their customers don't react to this, but instead accept this as "normal business practise" they could continue to sell their products. Over time this would lead to a sustainable environment for companies that in a "normal" society would have been put out of business.

      If on apply some normal sense of economic theory competition should have lead them to bankruptcy but with the music industry they might be able to coexist. For a while.

      --

      Melius mori in libertate quam vivere in servitute.

  3. So I guess... by inertia187 · · Score: 5, Insightful

    No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property.

    Magic markers and shift keys asside, I guess using a "slim-jim" to gain access to one's own car is wrong too. The car door was certianly never designed to allow entry using this method. Where's the DMCA when you really need it??

    They obviously have no case, but is there a way for Hamilton to effectively defend himself in case it's allowed to go to trial?

    --
    A programmer is a machine for converting coffee into code.
    1. Re:So I guess... by Reziac · · Score: 4, Insightful

      Clearly this DRM was not tested with the single most common user behaviour (negating autorun with the shift key) -- demonstrating that the designer was less than fully competent. With this in mind, I shall point out that it *used* to be considered good citizenship to expose such frauds, at any level. We used to call it "whistleblowing", but now it's a felony?!! What's worng with this picture??!

      I wonder if the fact that so many companies are making their living selling digital snake oil could be part of the problem -- sue one of 'em, and the whole house of cards could come down around all their ears.

      --
      ~REZ~ #43301. Who'd fake being me anyway?
    2. Re:So I guess... by El+Cubano · · Score: 4, Insightful

      Clearly this DRM was not tested with the single most common user behaviour (negating autorun with the shift key) -- demonstrating that the designer was less than fully competent.

      Check this out:

      "We were fully aware that if someone held down the Shift key the first and every subsequent time [they played the disc] that the technology could be circumvented," BMG spokesman Nathaniel Brown told Reuters, adding the company "erred on the side of playability and flexibility."

      Not only did they test. They *knew* it could be done and *still* released. They have no room to talk.

  4. Just a guess... by tkrotchko · · Score: 5, Insightful

    But don't you think this is an attempt at intimidation rather than a real lawsuit? In otherwords, SunnComm knows they can't win, but it looks like they're defending themselves, plus it will prevent other people from even discussing SunnComm for fear of being sued.

    I mean, a judge would have to be wacky to find for the SunnComm if only because:

    1) Microsoft published these directions to bypass the SunnComm protection years ago
    2) The publishing of opinions is generally considered freedom of the press isn't it?

    My first reaction is that this is an April Fool's joke, except its the wrong time of year.

    --
    You were mistaken. Which is odd, since memory shouldn't be a problem for you
    1. Re:Just a guess... by stevew · · Score: 3, Insightful

      That is a BIG assumption saying they can't win!

      Tell that to Dmitry and his employer!

      I think this might be just the case to take to the congress and point too as something that "chills free speech" Those are 1st Amendment fighting words that MAYBE they'll pay attention too!

      But then I believe in the easter bunny too.

      --
      Have you compiled your kernel today??
    2. Re:Just a guess... by Awptimus+Prime · · Score: 4, Insightful

      I agree with the parent on this. They would be stupid not to file some kind of litigation on this kid. The insiders have to put the brakes on that stock slide ASAP or they will be looking for new jobs in a month or two.

      I know it sucks for the kid who felt all smart about writing his paper, but that's how f*cked our market is right now. If you do anything to hurt any business entity, no matter how silly the issue, expect it to spend resources on trying to make an example out of you.

      By the wording of the DMCA, yes, even suggesting how to defeat that pitiful copy protection is illegal. 'Circumvention' doesn't have to be complex lines of code. It can be and is something this simple. This law has got to go. I am amazed at how little mass media coverage it's gotten. It's one of those issues that isn't just 'geek', it's a serious rights issue that can impact people in ludicrous situations like this one.

      Now, I would just like to be able to legally remove the CD check from my Battlefield 1942 installation. I've got a $450 DVD burner and wasting it's spin-life while the damned game makes sure I'm not stealing every MP game launch and every level change. Have a little respect for me for a change, why don't ya?

  5. Time to do something. by badasscat · · Score: 4, Insightful

    Welp, my letter to Hillary Clinton has already been fired off. Not that my letter alone will do anything, but it's time for people to at least do something, anything at all to try to put a stop to crap like this under the guise of the DMCA. Write to your congress-people, donate to the EFF and ACLU, vote for candidates based on their stances on technology issues rather than their standing in Hollywood... I mean whatever. Get the movement started, for god's sake. This is getting completely out of hand at this point. The USSR is alive and kicking when it's a "felony" to talk about using the shift key on your keyboard. (No Soviet Russia jokes please - I am being totally serious.)

  6. yeah, yeah by thomas.galvin · · Score: 4, Insightful

    No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property."

    No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to deprive people of their rights.

    No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to hide the fact that your product is shoddy, and very likely will not work as advertised.

    No matter the organization or rationale, it is wrong to use purchased legislation and the cover of law to exagerate the dammage caused by saying 'hold the shift key.'

    But who's counting?

    --
    Thomas Galvin
  7. Re:Perfect test case... by Smidge204 · · Score: 4, Insightful

    No, I can believe it... 'Rediculous' would be a better word. Why don't they sue Microsoft for making the Shift key circumvent the auto-run feature to begin with?

    In a sensable world, they would have to prove beyond all doubt that the student made the report with full intention to facilitate piracy, and not simply "Hey guys, this software is crap and here's why"

    I hope they don't expect their stocks to go back up after filing this lawsuit!
    =Smidge=

  8. Re:Or they could learn..... by s20451 · · Score: 4, Insightful

    The moral of this bedtime story is that companies should spend as much on their research department as they do on their legal department.

    Mother nature cannot be appealed (with apologies to Feynman).

    --
    Toronto-area transit rider? Rate your ride.
  9. Re:Perfect test case... by egburr · · Score: 4, Insightful

    I have auto-run turned off. I did it with tweakui which microsoft provided. I assume this means the CD will always be easily copyable on my computer with the extra effort of holding down the shift key. It sure was nice of microsoft to provide me with this nifty circumvention.

    --

    Edward Burr
    Having a smoking section in a restaurant is like having a peeing section in a swimming pool.
  10. Countersue for tresspass by SuperKendall · · Score: 4, Insightful

    The CD that you buy is a music CD. Yet the protected CD actually installs a driver on the target computer without the user knowing - there is another type of program that behaves in this way. It's called a virus (ok, really a trojan) and generally the authors get jail terms. Let's try and do the same for these SunnComm people.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  11. Chilling effect by overshoot · · Score: 5, Insightful
    There was much rejoicing in civil liberties circles.

    Here is something that a judge will actually understand: a graduate student publishing a plain-English report of research into DRM being sued (and bankrupted) under the DMCA for pointing out a shift key.

    • No Eeeeeeevil "hackers" at 2600
    • No that-can't-be-speech "code"
    • No funny Commie (Russian) names
    • Nothing for sale, even speculatively
    This is the test case we've been waiting for.
    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  12. So... by TyrranzzX · · Score: 4, Insightful

    Since by pressing the shift key you keep autorun from installing an application, by NOT installing a piece of software on my computer, I am breaking the law?

    This case will answer the question; if you uninstall something, or refuse to install something, does that constitute as a circumvention of the security of digital media (meaning, if you don't view it with a certain app), and hence, is it a felony? This could go as far as to say that by opening a Game cd with the explore function in windows that you are circunventing the copy protection schemes of the game by viewing the raw content, such as movies, without agreeing to the eula (generally, a 2nd time around thanks to package lisencing). Could Trillian be considered circumvention of MS's MSN messanger service? How rediculously far do they want to take this?

    This case is different than skylov's case. Skylov went ahead and (I believe this is the one) broke Adobe's encryption schemes and published the weakness. This is a direct, purposful circumvention. Now we're extending the law to accidental and really nitpicky issues, and forcing the user to do certain things without even really telling them.

    And just think of what corperations like microsoft will do with stuff like this. "Since they had linux installed and since linux ignores autorun, they circumvented the cd copy protection." Can we say "Fok me"? They're getting so far away from what people think is right and wrong. It's getting real ugly now, I'm curious if they'll set a precident for or against the people and how far they'll go with this before they start outright revoltes. Pretty soon cd's will have all kinds of protection schemes, and users won't buy them because they can't do what they want with them. They'll still go for the indie cd's and stuff their friends burn for em'. For those who aren't interent savvy, I hope they have internet savvy friends to teach them.

    Remember this guys, help your buddies, get them setup with p2p apps and talk with them. Teach them how to use a computer.

    --


    Candy-Coated Knowledge

  13. Re:Perfect test case... by jawtheshark · · Score: 5, Insightful
    I don't need TweakUI for that. Using regedit just does fine:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom

    Set the Autorun key to 0. Done. One of the first things I do on any machine I install or have to use. I absolutely hate Autorun and find it one of the most useless "innovations" of the last decade.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
  14. Read a Whitepaper? WTF? by ChuckleBug · · Score: 4, Insightful

    They're saying that if he had read their stupid Whitepaper he would see that the incredibly obvious shift key workaround wouldn't really have been one? What are they smoking?

    It's as if someone said you can secure your house by tying the door shut with a piece of twine in a bowknot. When people happen to notice you can bypass this fortification by tugging on the knot, the "knot idea" man tells you you'd see that conclusion is erroneous if you read the knots section of the Boy Scout Handbook.

    What really boggles the mind is this:

    Concluded Jacobs, "This cat-and-mouse game that hackers and others like to play with owners of digital property is over..."

    Holding down SHIFT is HACKING? You can't even point out an obvious flaw anymore? "We want to make lame-ass, shitty software, and don't you DARE point that out!"

  15. Re:Ever get that by EinarH · · Score: 5, Insightful
    The worst part is this:
    No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property.'
    credentials
    I just want to copy the CD I BOUGHT.

    one's knowledge and the cover of academia
    So becasue some grad student discovered this in "academica" it should have been kept as a secret?

    cover of academia to facilitate piracy
    Yes, we all belive that what he really wanted was to commit "piracy" not to expose some stupid non-working restrictions technology.

    theft of digital property. For the umteenth time: Copyright infringement is not theft.

    This must be The Most Erroneous and Counterfactual statement of the year.
    Darl McBride had some nice rants but this is a masterpiece.

    --

    Melius mori in libertate quam vivere in servitute.

  16. Stupid Question Time by ShawnDoc · · Score: 4, Insightful
    After reading all of this, I have another one of my stupid questions. The "copy protection" software is a .dll that autoplays when one of their "protected" cd's is inserted. This .dll I'm assuming continues to run, even after you have removed their "protected" CD. So will this .dll prevent you from copying/ripping CDs that are not "protected" or does it somehow know which CDs to "protect"? Will this .dll interfere with other software that uses your CD-ROM drive?

    If it does interefere with other programs that use the CD-ROM drive, can't the government prosecute them for terrorist activity now that hacking has been declared a terrorist activity? After all, they've created a program that tricks users into executing it and is designed to damage the computer's normal functions.

  17. Re:Or they could learn..... by cgenman · · Score: 4, Insightful

    Sadly, research departments don't seem to be bringing in as much money as legal departments these days.

    --
    The ______ Agenda
  18. "We'll fix it later" != security by ottffssent · · Score: 3, Insightful

    From the article:
    "He said the company was also exploring a civil suit based on damage to the company's reputation, since Halderman concluded that the technology was ineffective without knowing about future enhancements."

    So 'future enhancements' make current technology effective? What kind of bullshit is that? That's like saying Windows is secure because it'll eventually be fixed, and there are millions of people whose computers got hit recently who know that's about as effective a security measure as the rhythm method.

    --
    High-speed Road Trip (18.000KPH)
  19. Cannot use stock market as evidence by stwrtpj · · Score: 4, Insightful
    to see if DMCA really has merit in the courts. This is so nutty its unbelievable.

    What's really insane is that they are actually using the stock market to justify the damages they supposedly endured. Any judge with any ounce of sense will reject this as bullshit. The market is so damn volatile these days that you cannot use it as evidence unless it could be proven that the accused performed actions specifically to manipulate the market.

    If the market did go down because of his actions, it was only because investors saw the company had a crappy product to begin with and it was only a matter of time anyway.

    --
    Karma: Frotzed (mostly due to the Frobozz Magic Karma Company)
  20. Re:Metaphor - more accurate by calebb · · Score: 3, Insightful

    Actually, a closer analogy would be finding that putting the antenna down on a Ford Ranger caused the doors to unlock & the engine to start. Think of how many trucks would be stolen if you published that information!!!

  21. Re:SunnComm == ZomboCom ? by Rick+the+Red · · Score: 4, Insightful
    Pressing the shift key is not a violation of the DMCA. Telling someone to press the shift key is a violation of the DMCA.

    But they can't have it both ways -- either pressing the shift key doesn't do a damn thing, in which case the student "falsely damaged" their reputation but did not violate the DMCA, or pressing the shift key breaks their 'copy protection' scheme, in which case he may have violated the DMCA but he did not damage their reputation, their lame product did. But not both.

    --
    If all this should have a reason, we would be the last to know.
  22. SunnComm is truly pathetic by Experiment+626 · · Score: 4, Insightful

    If anything should be illegal, it should be their shoddy technology. First, they create a CD that is obtensibly a music compact disc, but is in reality a CD-ROM that surreptitiously installs programs onto a user's computer without the computer owner's attempt, in a deliberate attempt to sabotage the functionality of the computer. This is what is known as a "virus"*.

    Then they present this ill-concieved technology to their clients and shareholders as some sort of panacea, knowing all the while that it is utterly ineffective. This is what is known as "fraud".

    To top off their audacity, they then threaten a lawsuit against the researcher who alerted the public to this fraud. This is completely ridiculous. What next, a medical researcher's tests prove that Quack Corp.'s Snake Oil does not really enlarge your penis, so the researcher is sent to prison?

    This is a technology that is dependent on an unrealistic number of constraints. If the user of the CD is running Windows AND has autorun turned on AND doesn't press the shift key while putting the disc in AND allows the SunnComm virus to infect their computer AND leaves it running AND tries to copy the music, it won't work, otherwise it will. Oops I just pointed out how flawed their scheme is too, I guess that's a "possible felony"

    .

    * To be pedantic it's more of a trojan than a virus because the malicious code does not self-replicate beyond installing from the disc, but you get the idea.

  23. Did Jacobs just say something really stupid? by sladelink · · Score: 3, Insightful

    Concluded Jacobs, "This cat-and-mouse game that hackers and others like to play with owners of digital property is over. No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property. SunnComm is taking a stand here because we believe that those who own property, whether physical or digital, have the ultimate authority over how their property is used."

    Is it just be or did he just accidently take a stand for the rights of consumers to do what they please with the products they buy?

    --
    sigs are dumb.
    1. Re:Did Jacobs just say something really stupid? by macdaddy357 · · Score: 4, Insightful
      He doesn't understand the implications of what he said at all. If I purchase a CD, it is my personal property. I have the absolute right to do with it as I see fit. Alex Halderman of Princeton University is only showing us how to take back our rights as property owners. Jacobs, and all the a-holes at Sunncomm are the ones trying to deny us our rights. They are the crooks here. They claim that they are protecting "intellectual property." That term is a highly offensive misnomer. Copyright is a temporary loan from the public domain, not property.

      When you boil it all down, Sunncomm is dancing, but the RIAA are calling the tune. It is the RIAA and affiliated labels who need to be boycotted until they reform, or perish. Sunncomm will die on their own. Sunncomm alredy lost Sound Choice Karaoke as a customer. Using the previous DRM scheme, Mediacloq, caused a backlash that really hurt them, and karaoke is a niche market.

      --
      How ya like dat?
  24. Ownership, again by gornar · · Score: 3, Insightful

    Directly after the quoted text in the submission, the article reads, "SunnComm is taking a stand here because we believe that those who own property, whether physical or digital, have the ultimate authority over how their property is used."
    I agree. The problem here is that the idea of ownership is simply not defined properly in modern american law. It has suddenly become legal, in the last few years, for companies to sell me products to which they retain ownership. If this problem is corrected, and consumers are given rights to the products they buy, a large portion of this DMCA nonsense would evaporate.

  25. Re:Executive dumping? by litewoheat · · Score: 4, Insightful

    Its a clerical mistake. It happens all the time. The person who recorded the trade put the decimal in the wrong place, or ommited it entirely. Any time you see a spike like that on a pink sheet (OTC) chart its clerical error.

  26. Re:Perfect test case... by GreyPoopon · · Score: 5, Insightful
    Too bad the circumvention came before the protection scheme.

    You've latched onto something important. Everybody is focusing on how idiotic suing someone over the shift key is, but they haven't read the original paper. The paper is chock full of an explanations about how to defeat the copy protection scheme. Prime fodder for trial by DMCA. However, since the copy-protection scheme relies on a mechanism within windows that has historically been frequently disabled by many users, the history of such may be used in defense of the author. The author did not actually do anything to disable the copy protection. He merely pointed out that protection method wouldn't work on a significant number of machines right out of the box.

    --

    GreyPoopon
    --
    Why is it I can write insightful comments but can't come up with a clever signature?

  27. Re:Perfect test case... by DoraLives · · Score: 3, Insightful
    Because when you put in a CD, you usually don't want to do anything with it?

    Because when I put in a CD, *I* plan on making the fucker do what *I* want it to do, run, or not run whatever's on it that *I* decide, and do all that precisely whenever *I* so choose, as opposed to rolling over and playing dead for the Mighty Gods of Software, who must surely know what's best for me, my family, and my nation.

    --
    Is it fascism yet?
  28. Jesus Tapdancing Christ by Tokerat · · Score: 5, Insightful


    Why don't you just sue Microsoft? They created Windows with this "don't load custom drivers" hole! Also, let's sue manual writers! I'm sure there has to be a manual somewhere which desctibes (IN DETAIL NO LESS) this method for circumventing CD security. And why don't we sue keyboard manufacturers, they're the ones who give users that fscking shift key IN THE FIRST PLACE!

    This company is just pissed that their half-assed solution to a problem that cannot be fixed by means of a technological barrier was so easily defeated. One keystroke...jesus...and they actually went ahead and spent the money on the R&D for this? Is ANYONE awake over there?

    They deserve what they got, and the RIAA should be pissed at them for pawning off this assinine scheme to them as a reasonable solution.

    PS: This makes me realize exactly how bad a law the DMCA is; It is an attempt to, by law, enforce security through obscurity. If answers are outlawed, then only outlaws will have answers.

    --
    CAn'T CompreHend SARcaSm?