SunnComm Reconsiders Lawsuit Threat

The Importance of writes "SunnComm, which yesterday had threatened to sue Alex Halderman for writing a report critical of SunnComm's MediaMax CD3 DRM technology, has now backed off that threat. 'I don't want to be the guy that creates any kind of chilling effect on research,' SunnComm's CEO Peter Jacobs said."

Chilling Effect on Research?

[Ever+Dubious]

Give me a freaking break? Holding down the shift key? These guys are on crack.

Re:Chilling Effect on Research?

Dumbass. He meant that the lawsuit would have a chilling effect on research. If everytime someone criticized a security method they got sued then we would have a lot of people avoiding security research.

Re:Chilling Effect on Research?

[KDan]

More like he doesn't want to be the idiot who has to pay for the legal fees after the lawsuit is thrown out on grounds of complete idiocy of the complaint!

Daniel

Re:Chilling Effect on Research?

[luwain]

This situation once again illustrates why the DMCA is flawed legislation. The DMCA actually encourages litigation that borders on extortion, and comes very, very close to supporting the inhibition of Freedom of speech.
Also, it seems to me that developing a product to combat casual copying doesn't make a lot of sense. I don't think casual copying is costing the industry a lot of money. And if someone really wants a copy of something, they can always find a geek friend in the neighborhood who can figure out "how to hold down the shift key". The fact is, the majority of consumers are honest customers who pay for product and support. It doesn't make sense to cripple products with DRM for everyone, to prevent supposed losses from people who probably hardly buy music at all. I can more sympathsize with the RIAA getting upset with P2P, where a person can distribute thousands of copies of a track throughout the world in a few minutes -- rather than SunComm trying to prevent a Mom from distributing 12 custom music CDs at her kid's birthday party.
Another point -- from personal experience -- I hardly bought any music at all in the decade before Napster; since technology has been making it possible to rip tracks, play music on my PC, mix video and sound, create custom media , I've actually gotten to the point where I buy 4 to 10 CDs a month -- which is 4 to 10 times more music than I ever bought in the 80s or 90s. I think that there are more geeks like me, than those whose music collection consists entirely of "free" music.

Re:Chilling Effect on Research?

[Weaselmancer]

I agree completely. How much research is needed to find out that autoplay is a feature which you can disable? And what kind of clusterfuck pile of dumbasses bases a security feature off of something you can disable with a keystroke in the first place???

Research. It only took me 5 seconds to find the above link. Well - thank God I'm still allowed to.

Weaselmancer

Re:Chilling Effect on Research?

[geoffspear]

Research. It only took me 5 seconds to find the above link. Well - thank God I'm still allowed to.

Actually, even searching for the above link is a felony.

Having a shift key on your Windows keyboard may also be a felony. Let's just hope the government decides to go after the manufacturer instead of all of the end users.

Re:Chilling Effect on Research?

[macdaddy357]

He doesn't give a damn about a chillng effect on research. The case was unwinnable. His lawyers may have also pointed out that this case, if it proceeded, could get their beloved DMCA overturned, and then hacking their crappy copy protection would be perfectly legal. That would definately put Sunncomm out of business.

DMCA or not, Sunncomm and companies like it are a flash in the pan. They won't be around very long.

Haha, nice save!

[2nd+Post!]

By coincidence he also didn't figure out he didn't have much chance of winning *anything*, financial or otherwise, did he?

Re:Haha, nice save!

[zamokzam]

What he's figured out is that it is defamatory to accuse someone of a felony if he hasn't committed one.

Even with his half-hearted retraction, the damage is done. The student should sue him for his net worth.

Z

Re:Haha, nice save!

>> By coincidence he also didn't figure out he didn't have much chance of winning *anything*, financial or otherwise, did he?

He should have know that from the start - he was suing a *grad student* fer pete's sake... Hell, we can barely afford beer and pizza on our stipends, forget paying damages.

Re:Haha, nice save!

Oh yeah, and that's tons better than what SunnComm did to him.

geez, really, give an inch, take a mile.

Re:Haha, nice save!

[aborchers]

Even with his half-hearted retraction, the damage is done. The student should sue him for his net worth.

He better do it fast, as that quantity is fast approaching zero...

Re:Haha, nice save!

[morgajel]

I'd guess it has more to do with the 300,000 emails saying "I AM BREAKING YOUR ENCRYPTION RIGHT NOW> HAHA< I R)X)R!"

Re:Haha, nice save!

[WNight]

It's completely different that what SunnComm did to him. SC threatened him for exposing vulnerabilities in a product to the people who were paying for that product. You know, full disclosure, the truth is always acceptable and all.

He'd be suing SC for trying to use the civil courts as a form of censorship, bankrupting anyone who dares speak out against a corporation.

What you said is basically "We shouldn't jail kidnappers, we'd sink to their level." I call BS. They attack innocents, you protect innocents.

I eat dinner, Stalin ate dinner, does that mean I sink to his level every day?

Re:Haha, nice save!

[solman]

If you read the article, you'll see that he honestly gave this as the reason for droping the lawsuit.

Re:Haha, nice save!

[2nd+Post!]

If you mean

Jacobs said in an interview late last night that a successful lawsuit would do little to reverse the damage done by the paper Halderman published Monday about his research, and any suit would likely hurt the research community by making computer scientists think twice about researching copy-protection technology.

from the article?

He's acknowledged that he couldn't reverse the damage, but he ever said that Halderman wasn't worth it, financially. He can't recover $10m in damages (especially punitive) from a grad student, and he couldn't really hold the school liable for the student's research. So it was left unsaid that there was little fiscal or tactical gain in winning a lawsuit, only bad press and egg on their face by drawing attention to their MediaMax software.

The real question: What 'idiot' at BMG *paid* for SunnCom to develop, and then again to use, MediaMax?

Re:Haha, nice save!

[barfomar]

SunnComm's stock lost $11 million over this fiasco, even though is just a little backwater Bulletin Board stock.

That probably had more to do with changing his mind than anything else.

Fear vs greed.

It's amazing

What everyone laughing at you will make you do. I'm surprised SCO hasn't given up faster.

In other words....

[michrech]

Reminds me of something Eddy Izzard once said. I'm going to change the words to fit here, obviously.. Lets see how many recognize where it came from..

"We're gunna sue, we're gunna sue... If we did, we'd be just as bad as the RIAA... run away, run away, run away..."

(Ok, so I had to change it alot, but I still thought it was funny.. )

Re:In other words....

"I'm gonna kill, I'm gonna kill, Oh it's a bit cold, it's a bit cold! Okay, bad idea!"

Re:In other words....

[RoBaer]

Ahh... Russia in the winter. About as appealing to invade as the RIAA Legal offices.

I don't know what's scarier:

[GMFTatsujin]

The fact that he could bring the lawsuit up at all, or the fact that he thought he could WIN.

"I don't want to be the guy that creates any kind of chilling effect on research," Jacobs said.

If I may submit an idea, sir, if you really want to avoid chilling effects on research through this law, perhaps you could bring the challenge to court anyway, and then lose. That would set a precident.

Hell, you wouldn't even have to get a good lawyer. In fact the worse a lawyer you get, the more benficial it'll be in the long run. Think it over?
GMFTatsujin

Re:I don't know what's scarier:

[WCMI92]

Do you expect any less out of a company that makes a product that requires NO technical expertise to defeat?

Could mismanagement (ie: wasting millions on crap DRM like this) be as much or more to blame for the RIAA's woes as P2P?

Re:I don't know what's scarier:

[Jedi1USA]

"In fact the worse a lawyer you get, the more benficial it'll be in the long run. Think it over?"

How about that David Boise guy? He hasn't won a case yet and should be available after SCO implodes shortly. ;^)

Re:I don't know what's scarier:

[Inebrius]

To me, this new software sounds almost like a virus. While it does lack the automatic proliferation features which widely distribute typical viruses, it does install unwanted software without the consent of the user which cripples the functionality of the machine. There is nothing wrong with autorun. However, most programs are polite enough to ask your permission to proceed prior to installing/infecting your system. It also seems ridiculous that a company actually might have a case based on the DMCA for suing someone for telling people how to stop an unwanted feature. If "trusted computing" makes it way into our computers, we will reall have no control. Can someone explain to me more details on how this DRM software works? Does it only need to be installed once or does it only load into memory when the particular CD is in? Does it affect other CDs that do not have the DRM installed? The real answer here is to return the CD to the retailer as a defective CD and not buy from that label/distributer again. Anything with the Compact Disc badge should be compatible in all players.

Re:I don't know what's scarier:

[hawkbug]

Yeah, I definitely think anytime a company wastes money on an inheritenly defective product such as this - it can't be a good thing for their bottom line. Funny how you don't hear about that stuff though when they talk about their decreasing profits all the time...

Re:I don't know what's scarier:

[Faluzeer]

" it does install unwanted software without the consent of the user"

Incorrect, it was clearly pointed out in the original article that the user is provided with a EULA authorising the installation of the software, if cancel was selected it did not copy the software but it also did not allow you access to the music. The author did not choose to accept the EULA so could not comment on what happens if the EULA is accepted and the software is installed.

So technically, if you accept the EULA, you authorise them to install the software...

It would be interesting to know if the CD's with this type of copy protection on them clearly state that they are protected by a system that requires installation of their software before you can gain access to its content (provided you don't know about disabling autorun, or playing the cd's on a mac or *nix system).

Re:I don't know what's scarier:

[Geek+of+Tech]

I'm no psychology major (but I'm sure that those of you who are can back me up. Or flame me.)

Harsh DRM is destined to fail. Not for the fact that it's badly engineered, but for the fact that people don't like to be told what to do.

Telling people to not to do something makes them want to. Trying to take away their ability to makes them mad, and try even harder.

The reason harsh (as opposed to all DRM) will fail, is that the harder companies try and destroy consumer rights (and yes, I do believe that the right to make an archival copy and the right to listen to music on the device of my choice is a consumer right), the harder people are going to try to find a way to circumvent it.

Before someone says, so why don't people kill since their are told not to, or why don't they steal, consumers believe it is their right to do with the media, whatever they please. Trying to take what someone considers a right from them, only ends up angering the consumer.

Re:I don't know what's scarier:

[Inebrius]

I guess I don't understand how it can control your access to the music. The music is contained in files, which are on the CD. I have had many CDs with autorun, where they try to install software, I cancel the install, however I can still access the files by using explorer on the CD drive. I'm not talking about access to the proprietary music format files, I am talking about the ones that any ordinary CD player recognizes. As such, any music player or CD ripper should still function normally. How do they disable access to the music files?

Re:I don't know what's scarier:

[Geek+of+Tech]

How can stop you from using the CD if you say no?

If you say no, and they still won't let you access the CD, couldn't you sue them, because they didn't have authorization to do that to your PC?

Re:I don't know what's scarier:

[Feztaa]

Do you expect any less out of a company that makes a product that requires NO technical expertise to defeat?

I felt kinda bad for SunnComm when I heard about this. They tried so hard to develop an undefeatable DRM system, and the company that tested it for them verified that it was impervious to any sort of attack.

When it got released into the wild, half the world would never notice that the DRM ever existed, and the other half can disable it by holding down one key.

Re:I don't know what's scarier:

[Faluzeer]

Hmmm

From what I remember of the original article, if you hit cancel on the EULA it automatically ejects the CD, hence without disabling autorun or using it on a non windows computer you would never be able to gain to access to cd's contents.

Re:I don't know what's scarier:

[Faluzeer]

"How can stop you from using the CD if you say no?"

From what I remember of the original article, if you hit cancel on the EULA it automatically ejects the CD, hence without disabling autorun or using it on a non windows computer you would never be able to gain to access to the cd's contents.

"If you say no, and they still won't let you access the CD, couldn't you sue them, because they didn't have authorization to do that to your PC?"

Good question, which I why I asked if the cd's were clearly labeled that you needed to install the software before you could gain access to the contents.

IANAL, so I will leave it to the lawyers to answer the legal questions :-)

Re:I don't know what's scarier:

[morgue-ann]

if you hit cancel on the EULA it automatically ejects the CD

I was confused by the article on whether or not he'd accepted the EULA and how he knew about the DLL installation if he hadn't.

What he says is that the .exe runs when you put in the CD. It installs the DLL right away. While the EULA agreement dialog is visible you can switch to other programs. The CD is still in the drive and the DLL is active. That's how he produced a sample of garbled (by the DLL) music without agreeing to the EULA. That's also how he discovered where the DLL was.

It sounds (this part is really not clear) that once you say NO and the CD ejects, the DLL is disabled, but not uninstalled. That sound like unauthorized modifiction of a computing system to me.

It also sounds like you might be able to uninstall the DLL with the EULA dialog still up and rip the disk. This is what SunComm was complaining about in the news article breaking the suit story. They weren't bitching about him telling people to hold down the shift key, because that would have sounded INCREDIBLY stupid.

I wish they had sued him and won. I don't wish H. any harm, but judges (see the garage door opener case) have to stop figuring out ways to not enforce the DMCA so it can be repealed. I think if SunnComm had won, Princeton would have let the student stay in school though bankrupt and an act of Congress have not only overturned the DMCA, but given a grant to Princeton for MORE security research which would fund the rest of the students education. Probably a bit optimistic, but I prefer to call it hope.

Re:I don't know what's scarier:

[Fallen+Kell]

I agree with this. There goes our perfect test case for proving the DMCA is have chilling effects on free speach rights.

Re:I don't know what's scarier:

"By reading this sentance you agree to give me power of attorney over your financial affairs, and transfer ownership of your house, car, wife and children to me forthwith"

Too late you read it!
Unfair?
You may disagree, but you have already accessed the 'content' of this post. Too bad.

HELLO! WAKE UP AMERICA!

Re:I don't know what's scarier:

Umm, what about just ignoring the dialog and using some cdplayer software to play the disc?

Re:I don't know what's scarier:

[Pharmboy]

I wish they had sued him and won. I don't wish H. any harm, but judges (see the garage door opener case) have to stop figuring out ways to not enforce the DMCA so it can be repealed. I think if SunnComm had won, Princeton would have let the student stay in school though bankrupt and an act of Congress have not only overturned the DMCA, but given a grant to Princeton for MORE security research which would fund the rest of the students education. Probably a bit optimistic, but I prefer to call it hope.

You put that well, and I would agree for the most part. It is sad, but until some innocent person is hurt (unfortunately) we are not likely to see action. Politicians need motivation and an constituent that is injured by this type of obvious abuse is often the most effective means to initiate change.

Politicans do not like to correct their own errors, fast or otherwise. Many in office are the same that voted for the DMCA, and are either convinced the courts can deal with it, or think it really was, and is, a good law. Until both misconceptions are proven false with by an innocent user being injured, it is not likely to even be reviewed, no less changed. I can't think of any other circumstance that would generate enough interest within Congress to change the DMCA.

That being said, I am not sure if he was willing to take the proverbial bullet for us all. Since I would rather not the individual being sued, I can not blame anyone else who feels the same way.

Re:I don't know what's scarier:

I don't think Sunncomm would drop the issue by themselves. At this point they are holding an empty bag and have nothing left to lose. Ordinarily, the RIAA would take it and run with it regardless of having little or no legal basis. So what happened?

I believe that BMG and the RIAA encouraged them to drop the issue because 1) it would likely lead to an undesirable precedent and 2) increased visibility could bring their use of a trojan horse to greater public and legal scrutiny.

Oddly...

[Osrin]

... not everybody is laughing at SCO though, only half of the arguement seems to be.

I bet he was told not to

This type of litigation would be bad for the DMCA, because it's quite frivilous (at least the description of using the Shift key, now his addressing the "virus" device driver is another story).

Say it goes to court and the court sided with the researcher, then the question as to where to draw the line in breaking "protection" schemes is opened. Best not to sue and leave everything apparently illegal.

Re:I bet he was told not to

I don't want to sound like a broken record here on Slashdot, but this is more reason for open-source device drivers. You never know what the companies are going to pull.

Re:I bet he was told not to

[inteller]

Heck yeah, someone from RIAA called him and said don't threaten to kill our flimsy law! It points out a chink in their armor. We should start doing frivilous things like shift keys to actually get someone without sense to sue under DMCA. We NEED to get the law challenged....so far they just use it as a threat.

Haste makes waste...

[questionlp]

Maybe the CEO and Sunncomm's legal team should have considered that before he opened his mouth. Too bad they are reconsidering since the case would have shown nice cracks and stupid restrictions that the DMCA has.

Re:Haste makes waste...

[Bonker]

Which may well have been one of the reasons why the CEO realized that he was screwing himself with broken glass and vaseline by threatening legal action.

The DMCA has, on its face, very little credibilty. It's vague, overly broad, and ridiculous in the scope of the punishments it imposes for minor offenses. It has very little chance of standing up to intense court scrutiny, especially at the Supreme Court level.

Right now, however, the DMCA stands. It's useful as an itimidation tool. It can be used to terrorize those who can't afford to fight it. It's a weapon of terror, if you will.

If it becomes accepted through repeated court cases using it against those who are flagrantly in violation of other laws-- fraud, embezzlement, etc... then it will be a little more palatable. Its defenses will become tighter and it has more of a chance of becoming enforceable.

I like to think of the DMCA like the Death Star. It's a huge white elephant. Sure, it can blow up a planet, but it's so big and makes such a huge target that it's nigh undefensable. It only has terror value and no real offense value for those who bought and paid for it. Just like the Death Star, the DMCA can and probably will succumb to an attack by a small force who know one its many weaknesses.

Threatening To Sue: +1, Patriotic

Anyone can call a liar and get a letter threatening to sue.

However, that doesn't mean they have a basis to sue.

Relax.

Cheers,
W00t

Vigilante Justice Works...

Dave Barry vs. Telemarketers
The public vs. Suncomm
The public vs. Intuit Quicktax & their DRM

Soon to be seen:

The public vs. The music industry

Public Suicide

[blunte]

You gotta wonder if their latest decision had anything to do with the 50,000 (guess) emails they received from people like me warning them what public suicide it would be to do that...

Re:Public Suicide

Maybe the entertainment cartel (**AA) called them and told them to back off. Otherwise the house of cards called the DMCA would be exposed for what it is. That "law" was paid for with a lot of money you know.

Translation

[fallen1]

I don't want to be the guy going to jail for being fscking stupid. And I don't want to pay this kid more than I'll make in my lifetime when he countersues - I read /. too.

Re:Translation

[Boogaroo]

Alternate Translation: "I don't want to fight keyboard manufacturers for creating copyright circumvention devices second only to console mod chips."

Re:Translation

[Zed2K]

That is one of the points I made to him when I wrote the other day. I mentioned that he is yet another CEO of a technology company that really doesn't have a clue as to how anything works. I told him to stop wasting investors money on something that they will never be able to protect. As long as it can be heard it can be copied.

shift

I am sure we all welcome the in attitude

I think his quote read more like...

[Sebby]

"I don't want to be beaten to a bloody pulp by students, researchers, and geeks!!"

Still, would've been fun to see a judge laugh their case out the courtroom.

Re:I think his quote read more like...

Could we ask him to show us the "Any" key also? You know -- "Press any key".

Re:I think his quote read more like...

[raehl]

"I don't want to be beaten to a bloody pulp by students, researchers, and geeks!!"

Students, researchers, geeks and what army?

Read between the lines:

[grub]

"Our value dropped 1/3 virtually overnight. I'm going to dump my remaining shares and leave the lawsuits to the suckers that buy up the remains!"

Re:Read between the lines:

[grasshoppa]

"Our value dropped 1/3 virtually overnight. I'm going to dump my remaining shares and leave the lawsuits to the suckers that buy up the remains!"

Can't we leave SCO out of this for at least ONE topic?!

Re:Read between the lines:

Bahahahaha!!! Best SCO joke all week :)

Re:Read between the lines:

[Glonoinha]

Umm it only dropped by three cents a share overnight.

The bad news of course is that THAT was dropping by 1/3rd. HAH!

I'm disappointed.. .sorta

[Whammy666]

I would have liked to see this go to trial with the aid of the EFF. It would have made an excellent test case challenging the stupidity contained in the DMCA.

On the other hand, I'm glad the kid isn't going to get shafted by this.

Re:I'm disappointed.. .sorta

[Cheeko]

Not just the EFF. According to this from CNN, the students advisor is Ed Felten. This could bring serious clout and backing from a number of organizations to his aid. It also lends a good deal of legitimacy in the public eye, with regard to his motives in conducting this research.

Re:I'm disappointed.. .sorta

[southpolesammy]

It seems plausible to me that SunnComm's CEO had a sit-down with the DMCA proponents where they informed him to cease any pursuit of legal action involving the DMCA, since they're afraid that putting a weak case against it could result in a court throwing out the entire Act, and thereby jeopardize their ability to contnue to threaten others/hide behind/abuse it to their benefit.

Re:I'm disappointed.. .sorta

[TaraByte]

On the other hand, I'm glad the kid isn't going to get shafted by this.

in this case he may have gotten shifted.

Translation

[madMingusMax]

"I didn't want to be known as the idiot who sued people for using the Shift Key"

Well then...

[kotj.mf]

I'm still waiting on those fucks who bought Emusic to change their minds about running it in to the ground.

One 180 by music industry idiots deserves another...

Check out the shifty guy's advisor..

[ericspinder]

From the article: "I don't want to be the guy that creates any kind of chilling effect on research," Jacobs [CEO SunnComm]said.

"Halderman's graduate advisor at Princeton is Ed Felten, a computer science professor who once sued the Recording Industry Association of America in a challenge to the constitutionality of the DMCA. The RIAA had threatened action under the DMCA against Felten and colleagues after they said they would publish a paper disclosing flaws in an industry security initiative. That suit was eventually dismissed. " from the CNN article on the threatened lawsuit.
I wonder how forgiving he would be if Halderman was just a regular guy posting on his web page or if his advisor was not already experienced in defending a DCMA lawsuit.

What a joke

[felonious]

If you design a drm that easily bipassed by hitting the shift key then you don't deserve to be in business.

Heh

[Kaa]

I am guessing his lawyers explained to him in simple words his chances of winning that lawsuit...

Re:Heh

[dboyles]

I am guessing his lawyers explained to him in simple words his chances of winning that lawsuit...

If by "simple words" you mean "vociferous laughter", you're probably right.

Lawyer: Wait, let me get this straight... you want to sue him for WHAT?

Bullshit-to-English Translation

[Steve+B]

I don't want to be the guy that creates any kind of chilling effect on research

"I don't want to be the guy that gets blamed for getting the DMCA either thrown out in court or repealed."

Re:Bullshit-to-English Translation

[doodleboy]

Which is why I *really* want some stupid corporation to plough ahead with one of these bullshit legal threats. The DMCA is a disaster, a blunt instrument whose real purpose is to intimidate into silence the great majority of people who do not have access to unlimited legal help. What kind of justice is that?

Truly disappointing

[lurker412]

Too bad they're backing off. This was so patently absurd that it provided terrific support to the anti-DCMA forces.

I'm not gonna hit ya

[Dark+Paladin]

Start sarcasm here.

Oh, hey, look at that - you're doing something I don't like.

You know, I could hit you with this baseball bat. You deserve it, you know, for saying that my security of the plant doesn't work too well since I leave the backdoor unlocked and unprotected.

But I won't. No, I'm just walking here in front of you, slappin' this bat against my palm - but I'm not really going to hit you with it for saying that people could just walk into the back of the store because my level of "protection" really just involves scaring away the local kids.

You did a study on my security system so people could make an informed choice about either using me, or saving the money by not having me walk up and down the sidewalk glaring at people? You know, you intellectual types are the reason why people steal things in the first place, and why my security techniques don't work on folks.

I should hit you with this bat. I still might - but I'm not.

-- SunComm

Stop sarcasm here.

Look, SunComm, you're solution you peddled to the music folks is just not secure. You know it, we know it - you're just pissed that your customers, who you thought were a bunch of luddite rubes, now know it. Granted, your customers should realize that there are other ways to ensure profit (lowering prices, giving less restrictive online purchasing options like those seen by the iTunes store, the MusicMatch store, and growing others) - but as far as your business is concerned, it's a wash.

Now we can all get on with our lives.

Re:I'm not gonna hit ya

[Anonym0us+Cow+Herd]

....your customers, who you thought were a bunch of luddite rubes....

SunnComm's customers are a bunch of luddite rubes. I believe so. Nothing you said in your post disproves this.

You can in fact be a luddite rube and still discover after it is too late that the magic snake oil you bought doesn't perform as promised. The snake oil vendor can indeed be pissed, as you say, when customer find's out. But all of this can apply to a luddite customer. In fact, I would say that finding out after it is too late that the snake oil doesn't work is evidence that supports the theory of the customer being a luddite.

Whether or not SunnComm's customers (the RIAA) are luddites is an open question. I believe they are. Nothing you said disproves that.

What a boner

[nate+nice]

seriously, that's all I can really say about their CEO.

Computer media nerds are sociopaths

[plinius]

I wish I could say that I respect all media people equally, but computer media people are pretty low on my scale of respectability.

It's like Fox suing Al Franken. I don't care for either but Fox was 100% wrong.

Same with that SunComm idiot.

I take it back...

[Bull999999]

I hereby withdraw my nomination of Jacobs for the annual McBride Award for Excellence in Stupid Lawsuits.

Re:I take it back...

[bludstone]

How about you nominate him for the first annual montgomery burns award for outstanding achievement in the field of excellence?

Re:I take it back...

[rbird76]

Isn't "excellence" the wrong terminology for the award - kind of like giving an award for competence in accidentally shooting oneself in the foot?

Re:I take it back...

[scrote-ma-hote]

Purple Heart?

unlikely

[Number13]

CEO grows a brain, news at 11.

Why are they backing off?

[egg+troll]

I know it seems petty: Just a shift key. But the student did make it a goal to circumvent the copy protection on this device. This makes him guilty under the DMCA. Simply because it was trivially implemented is no reason to back off: someone who steals a candybar is prosecuted with as much vigor as someone who steals a car.

Re:Why are they backing off?

[Sxooter]

Actually, the DMCA does explicitly state it's illegal to bypass an "effective means" of copy protection. Not even the most tech-clueless judge would consider suncomm's protection effective. It doesn't work on windows machines that just happen to have auto-run disabled, it doesn't work on machines where the user is properly running his machine under a non-administrative account that doesn't have permission to install software, it doesn't work on Linux or, for the most part the MAC, making this method particularly ineffective.

Re:Why are they backing off?

[dougmc]

someone who steals a candybar is prosecuted with as much vigor as someone who steals a car.

Cute analogy, but false. At least in Texas, `grand theft auto' is a good deal more serious crime than a theft of a candy bar, aka a `class C misdemeanor'. If you're arrested shoplifting something small (under $20 or $50 I think) the cop often (usually?) won't even take you to jail -- he'll let you sit in the car for a while while he writes up a ticket, then lets you go.

And then once you go to court, if your record is clean, they may (usually? always?) offer to let you take a `don't shoplist!' class (very similar to defensive driving) and if you keep out of trouble for 6 months or so, the case is dismissed.

If you steal a car, they're not quite so friendly. (But if you then take it and have it repainted, they'll all forget about you!)

Re:Why are they backing off?

someone who steals a candybar is prosecuted with as much vigor as someone who steals a car.
Umm, no they are not. Stealing a car is a felony and stealing a candy bar is not. As well as no cop is going to chase somebody for posessing a stolen candy bar, but they end up chasing people in stolen cars all the time.

Re:Why are they backing off?

One reason that they may want to back off is to avoid a constitutional challenge to the DCMA. The law appears to conflict with the freedom of speech amendment to the US Constitution. The law could easily be tossed out, and Princeton has the resources to fight the case at this level.

Re:Why are they backing off?

[eggoeater]

But the student did make it a goal to circumvent the copy protection on this device.

The goal of any student is not to find (illegal or not) ways to circumvent a copy protection scheme, but to STUDY the protection mechanism and determine it's robustness. This has both academic and industry advantages. e.g.If someone comes up with a new encryption algorithm that gains attention/use, you better believe the academic community will analyze the hell out of it. And if they were to come up with a weakness of that algorithm, everyone would benifit.
That's what academic people do...analyze things and report on it. This is exactly why DMCA is so immoral... it hinders knowledge (as you can see in the report...he didn't accept the EULA...) which hurts everyone. If I were this grad student, I'd send SunnComm a bill for the research.
-STeve

Re:Why are they backing off?

Using your own analogy, this student was breaking into his own car. If I lock my keys in my car, I'm damn well going to intentionaly circumvent the built-in protection system to gain entry.

The problem with the DMCA is that it promotes security through obscurity. Can't we even be allowed to examine a product to see if it has a security flaws? These same schemes could become popular for securing personal data. Then where would we be?

Re:Why are they backing off?

Simply because it was trivially implemented is no reason to back off: someone who steals a candybar is prosecuted with as much vigor as someone who steals a car.

well then we need this to be in line with other computer crime....

used the shift key? 300 years in prison and 22 million in damages.

only a complete fucktwit thinks like you.... oh wait.... nevermind, I forgot who I was replying to.

Re:Why are they backing off?

[JimFromJersey]

> And then once you go to court, if your record is clean, they may (usually? always?) offer to let you take a `don't shoplist!' class

I am very interested in this `don't shoplist!' class, I often find that the only way to remember to buy some obscure item like chicken bullion is to write it down. I would really like to be able to remember everything I need to buy at the store without relying on a shop(ping) list. Do you know if they use rote memorization or a more elaborative encoding scheme?

Re:Why are they backing off?

It will be interesting to see how copy-prevention schemes such as this affect users of operating systems like BSD, which has DRM technologies built directly into the BIOS.

Re:Why are they backing off?

When you write "Mac" as "MAC", you prove you are retarded.

Re:Why are they backing off?

[tvsjr]

I'm probably burning karma, but...

At least in Texas, `grand theft auto' is a good deal more serious crime

In Texas, "Grand Theft Auto" isn't a crime. Just because they use it on TV and it sounds good, doesn't mean it's accurate. In Texas, the charge is "Unauthorized Use of a Motor Vehicle," or, in police circles, UUMV (a state-jail felony, for those interested.)
As far as theft goes, it's a Class C misdemeanor for items valued less than $50, or less than $20 if the theft involved the passing of a hot check. An officer can choose to write a ticket or give you the ol' cuff-and-stuff, just like a traffic ticket.
One must be careful about aggregation rules - if you steal a computer, printer, and monitor from your local CompUSA, it's one offense, which, of course, can quickly increase the offense class.

Re:Why are they backing off?

[st0rmshad0w]

"Actually, the DMCA does explicitly state it's illegal to bypass an "effective means" of copy protection."

This is something that has puzzled me since the DMCA was passed. What is considered an "effective means"? Isn't the very fact that the copy protection scheme was able to be bypassed render it ineffective? The very wording of the law would seem to state that the act of violating it would exonerate the one who broke it. You could simply not bypass an effective protection scheme.

Re:Why are they backing off?

And yet, somehow, I'm still smarter than you.

Re:Why are they backing off?

[OWJones]

Actually, the DMCA does explicitly state it's illegal to bypass an "effective means" of copy protection. Not even the most tech-clueless judge would consider suncomm's protection effective.

Unfortunately, you're using what you think is the standard definition of "effective". The legal definition of "effective" in the DMCA is this (17 USC 1201(3)(B))

a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

Knowing "you have to press the Shift key when inserting the disc" -- the application of information -- could fall under this definition of "effective".

And that's Reason #701 the DMCA is a Bad Idea(tm).

-jdm

Re:Why are they backing off?

[Canadian_Daemon]

Correct me if im wrong (just dont flame me)
but doesnt this mean that nobody can make a security patch, cause you cant examine the product to see if there is a bug. If microsoft looks at it's own code for windows, and finds a hole( suprise!), then informs people, won't they get sued under the DMCA?

Re:Why are they backing off?

[LightSail]

The key words are requires the application of information, or a process or a treatment, with the authority of the copyright owner

Duh, you can access without authority of owner. Neither effective or required or any extra process.

This copy protection is not up DMCA standard.

Re:Why are they backing off?

now you're *really* showing... just admit it, you don't know the difference between a MAC, a Mac, and a Big Mac.

Re:Why are they backing off?

Acutally, MAC is the code your NIC uses to show it's unique in the whole universe, a pretty snowflake unlike all the others.

Macs are deriviatve machines engineered to look and act like their superiour cousins, the Xerox Parcs.

Big Macs are what you serve, at lunch time, to the tech people who work near you and drop in for lunch.

Now, am I forgetting anything? Nope, I'm sure if I've missed any salient points in making you look like the dumbass you are, you'll fill in for me.

Too late

[Rick+the+Red]

"I don't want to be the people my parents warned me to stay away from," said Jacobs of his decision.

Too late. You're in the DRM business, so you're already the scum your parents warned you about.

Chilling effect on share price

[chmilar]

The bigger worry for SunnComm would be the "chilling effect on share price" when they lose the lawsuit.

No wonder they are backing down.

Sue them under DCMA

Since SUNNCOMM is loading software onto our systems without permission, perhaps we should sue them for DCMA and privacy violations of our PC's. When I play a Music CD, I do not expect it to load software onto my PC.

Re:Sue them under DCMA

[oni]

are you a copyright owner? Then I don't think the DMCA applies.

Translation

[Dinglenuts]

Translation of this guy's soundbite after being run through the BS machine: "I don't actually know anything about computers, but I thought I knew how to be a belligerent mercantilist. Now I realize I don't have a chance in hell of winning anything, especially since this kid is a college student with no money, so instead I'm going to try to spin it so me and my stupid company don't look like total asses. I'll be going back to my job now as a slave for the RIAA and their associated goons. Have a nice day!"

Gotta love the cluelessness. New CEO anyone?

[fname]

The last line in the article, a quote from CEO Jacobs, says it all:

"It's 10 million bucks, but maybe I can make it back, and maybe [Halderman] can learn a little bit more about our technology so as not to call it brain dead."

Or, you could design a system that isn't braindead.

The saddest part is that they acknowledge this will only deter casual copying, i.e., fair-use. The real CD pirates (the ones selling pirated CDs) will just laugh, and no matter what system they use, it will get uploaded to Kazaa (people ripped their old 45s and put them up on Napster for crying out loud). So we have a system which prevents "honest" customers from listening to their music on their iPod, does nada to prevent uploading to Kazaa, and less than nothing to stop CD pirates.

Will somebody please give these guys a giant dope-slap to the back of their heads?

Re:Gotta love the cluelessness. New CEO anyone?

It's really sad to see these MBA types treating market cap as if it were real money. That's what pissed this guy off so much, his stock price fell. I'm sure some of that $10M was his. I think he only stopped when he reallized a law suit would drop the price to near zero. It's not like some grad student is going to pay them big bucks. The suit would make sure everyone knows how lame there protection is.

Re:Gotta love the cluelessness. New CEO anyone?

[nytmare]

"...maybe [Halderman] can learn a little bit more about our technology so as not to call it brain dead."

The researcher didn't "call it brain dead", he wrote a well-documented factual-as-possible paper.

But wait a minute, is this CEO actually encouraging the researcher to learn more about their technology? Isn't that one of the reasons the CEO threatened to sue in the first place?

Re:Gotta love the cluelessness. New CEO anyone?

[leighklotz]

I'm starting a company to sell pieces of sticy tape to put on jewel cases.
If anybody removes the tape to open the jewel case with the intent to copy the CD, I'll sue them.

And don't reply to me with any confounded ideas about how to remove sticky tape from jewel cases or I'll sue you too.

That ought to be worth at least -- one million dollars.

Re:Gotta love the cluelessness. New CEO anyone?

[TheLink]

The real CD pirates just make exact copies. There is no need to reverse engineer if you are making an exact copy. Only need to if you are making changes or adding functionality.

As for Jacobs, maybe he should learn a bit more about his technology so that he can realize it's brain dead. Most of my windows systems have autorun disabled for security reasons. Automatically trying to run stuff on ANY inserted CD is not always a good idea.

Re:Gotta love the cluelessness. New CEO anyone?

[elmegil]

Reminds me of the pirates laughing at the FBI warning....what movie was that? Ages ago...

Re:Gotta love the cluelessness. New CEO anyone?

[YetAnotherGeekGuy]

>> Will somebody please give these guys a giant dope-slap to the back of their heads? Actually, the location of the reset button on CEO-2003 is on the forehead. You often see them slapping it with their hand and then remember something that eluded them before the reset.

Better than the RIAA

[buck09]

Peter Jacobs:


"I don't want to be the guy that creates any kind of chilling effect on research"


RIAA: Well, you may be a 65 year old grandmother using a Mac, but that doesn't mean we won't sue you in the future.

Just because a company produces software that furthers the goals of the RIAA evil empire doesn't mean that the company is 100% on board with the Empire. (i.e. the Return of the Jedi argument from the movie Clerks)

SCO might be onto something

[Eric+Ass+Raymond]

Don't laugh at SCO quite yet.

Here is their rebuttal of the revocability of the license and it sounds like they mean business...

The problem with this whole mess

[GreenCrackBaby]

I don't understand why companies keep putting DRM on CDs and DVDs. Is it just ignorance, or do they honestly believe there's value there? I forget how much Macrovision protection on DVDs costs, but it's a significant piece of the total cost of the DVD -- I'm sure that SunnComm charges a similar price for each CD shipped with its "DRM" (I use quotes because this really is the most pathetic DRM I've heard of).

Where is the value for the producers of those DVDs and CDs? All it takes is a single MP3 to be leaked and all the copy protection on the CDs out there is useless. Back in the Napster days I ripped a fairly obscure song and made it available. Even today I can search DC Hubs or Kazaa and find my MP3 all over the place. Copy protection will only ever work if it prevents 100% of copying...which it never will.

My advice to RIAA and MPAA member companies: just drop the whole notion of DRM on your products. Trust your customers, give them what they want, treat them with respect. Most of us won't screw you...honest!

All DRM does is punish the honest user, spawn bizarre laws like the DMCA, and make a fun target for the release groups to crack.

Re:The problem with this whole mess

[pavera]

There is no value. I worked with Westwood studios before EA bought them, on the game Red Alert 2 they spent about 20% of the budget on the game on the copy protection they tried to incorporate. The protection was still broken within 2 hours of the games release. On their next game (BladeRunner) they dropped all copy protection because they found that they had sold nearly $1 million in Red Alert 2 because people got the warez copy, liked it and went and bought the real game. Basically they had spent around $10 million to try to prevent themselves from getting $1 million in revenue. Obviously this doesn't take into account the people that played the warez copy and didn't buy the game, but those people wouldn't have bought the game anyway I dont think (and either did they). There is no value in copy protection whatsoever, when will the RIAA and MPAA realize this?

Re:The problem with this whole mess

At some point MS could make a dll very much like this a part of Windows and code the OS to break if you modfy or delete the dll. Then license out the technology to the RIAA. That would stop directly ripping protected CDs or DVD's on Windows. Of course anything you can play you can ultimately copy if you want to bad enough.

Re:The problem with this whole mess

[telstar]

"The protection was still broken within 2 hours of the games release."

• Crackers must've been distracted with something else for the first 100 minutes, huh?

Re:The problem with this whole mess

[Grishnakh]

There is no value in copy protection whatsoever, when will the RIAA and MPAA realize this?

When hell freezes over.

Re:The problem with this whole mess

[orthogonal]

At some point MS could make a dll very much like this a part of Windows and code the OS to break if you modfy or delete the dll. Then license out the technology to the RIAA. That would stop directly ripping protected CDs or DVD's on Windows

Yes, and Microsoft probably will. That's what Palladium (or whatever Microsoft is calling it this week) is all about.

I don't know what Microsoft will name that .dll, but I know what my name for it will be: the linux killer app.

Seriously, the more Microsoft talks about DRM, the more I move toward linux. I'm moving slowly; right now I'm trying to rely only on Windows apps that have a version in linux as well, so that when I transition I'll be able to use apps I'm used to.

As Microsoft moves faster toward DRM, I'll move faster to linux. And I won't be the only one to switch.

Re:The problem with this whole mess

[TheLink]

Yah, they were playing the game :).

If they didn't play it for long it might not be worth cracking ;).

Re:The problem with this whole mess

[spectasaurus]

This reminds me of a statement made by former Corel boss Michael Cowpland. He basically said that he would rather have people using pirated versions of his software, rather than using pirated copies of his competitors.

Eventually, even the pirates are going to have to buy software sometime.

Re:The problem with this whole mess

[Juanvaldes]

I've saved and spent quite a bit of cash on warze copies. Loved UT enough I picked it up and got a taste of SC4K to know to save my cash. It is also the case that when you have a goog mix of warze & legal copies of a game at a LAN the warze side will start to lose out and if they want to get into the game they need to pony up the cash (because of the hastle of hacking/patching/etc to the same version).
just my two cents...

Re:The problem with this whole mess

[jfengel]

Actually, I believe that Macrovision costs only around US$.05 per DVD, or thereabouts, hardly a signficant contribution to the purchase price, and not a vast amount of the production price. Source: San Jose Mercury News.

Re:The problem with this whole mess

[cyberformer]

The perceived value to the RIAA member is that users who doesn't disable autorun will be unable to transfer the files to an MP3 player. If they're hardcore fans, they might buy a player that supports DRM-restricted content and then go to to a site such as i-tunes or the new Napster and pay for a download. The fans have paid twice for the same song, meaning more money for the RIAA. Some fans may even buy the same CD twice, if they want to listen to it in two different places without actually carrying it around all the time.

This ignores the fact that many more people will just be so disgusted by the inability to make an MP3 that they'll stop buying CDs altogether. But the record industry isn't rational, just greedy.

He realized

[deaton]

... that he could use the shift key to shift is attitude.

Don't sue someone bigger than you

[ttyp0]

SunnComm probably realized this isn't just some kid trying to burn CDs but rather a research student at a large and well respected institution. Not only would the lawsuit get lots of bad press for SunnComm but the University might choose to aid his defense.

SCO Sucks T-shirt. Shirts donate to the Open Source Now Fund.

You can thank me for this : )

[AstroDrabb]

I think this is because of the "nasty-gram" I sent them yesterday. Seriously though, I don't see anyway they can save thier product. There is no way they can disable the shift key to make it not by-pass the auto-run "feature". After the first run, they may be able to coerce the user into installing some app that does not allow the auto-run feature to be disabled, however it doesn't seem like a good "anti-piracy" method to me. The first time someone puts one of their disks in, the shift key will still be able to stop the auto-run. I guess it is back to the drawing board for them. Unless they can get MS to force an "upgrade" that stops the shift key from disabling the auto-run "feature".

Re:You can thank me for this : )

[Qrlx]

There is no way they can disable the shift key to make it not by-pass the auto-run "feature".
Microsoft can make it so you can't turn off Autorun in future editions of Windows, though.

Re:You can thank me for this : )

Unless they can get MS to force an "upgrade" that stops the shift key from disabling the auto-run "feature".

"Bill, would you please force auto-run in Longhorn?" - "Sure! We'll just call it a 'feature'. 9 out of 10 users can't tell the difference!"

Re:You can thank me for this : )

[Faluzeer]

'There is no way they can disable the shift key to make it not by-pass the auto-run "feature"'

Why? Autorun (in both its states) is a feature of the windows operating system, therefore the behavior of autorun can be altered at any time by Microsoft through an OS patch.

How I would see this happening :

The RIAA and other DRM interested parties would agree to use a standard data block to indicate that the media was protected by DRM.

The DRM datablock would be wrote to the media at a consistent place (somewhere on the tracks that would not break usage on non computer music systems).

MS would patch the operating system to change the functionality of Autorun, after the patch all media inserted into a drive would would be scanned for the presence of the DRM Datablock, if the DRM Datablock was found the DRM software would be autorun. If no DRM Datablock was on the media then loading of the media contents would proceed according to the autorun state (ie if shift held down, or autorun disabled don't autorun, if autorun enabled then autorun...

So IMO, it can be done, however I don't believe it should be done..

Re:You can thank me for this : )

[mesach]

The first virus that gets transmitted using that feature will surely get a security update to fix it back to normal though

Re:You can thank me for this : )

[someguy42]

Not so loud!! The DRM implementers will hear your ideas and actually put them into practice!

Re:You can thank me for this : )

[AstroDrabb]

That was my point. The "security" features these guys came up with would not work with out MS making changes. Also, there "security" product does not take other OSes into account such as Linux, *BSD, OS/2, etc. The whole point in this silly DRM crap is to stop "un-authorized" copying. With P2P, it only needs one copy of the file/song and it can propagate all over the web. This is why DRM just wont work. You only need one guy/girl/geek in some country to get past the DRM and it can be all over the net in a few hours. The best approach for the RIAA/MPAA would be to lower prices and to add value to their products, similar to what the MPAA is doing by adding extra "goodies" to DVD's.

Re:You can thank me for this : )

[Faluzeer]

"This is why DRM just wont work. You only need one guy/girl/geek in some country to get past the DRM and it can be all over the net in a few hours."

Totally agree with you, I tend to think of it as co-operative content management, by this I mean that it takes *everyone* to co-operate and not try to bypass the security mechanisms for it to work, and how likely is that?

Of course the RIAA and friends could up the ante, they could use their bought representatives to force laws making it illegal to *not* have DRM software in an OS.

Re:You can thank me for this : )

[AstroDrabb]

Of course the RIAA and friends could up the ante, they could use their bought representatives to force laws making it illegal to *not* have DRM software in an OS.

True, however that will only work in the USA. I don't see any other Nation going for that. So basically all the other Nations will become the "Speak-easy" of the internet.

Lesson

[malignatus]

Looks like SunnComm learned their lesson from the RIAA, MPAA and SCO: Filing lawsuits because your organization sucks just makes more people realize that your organization sucks.

More Likely...

[Greyfox]

The crack wore off.

See, if they just said "Yeah, we were high on crack at the time" then the public could just go "Oohhh," nod knowingly and get on with things. I notice that there's a lot of crack flowing in corporate America these days...

Re:More Likely...

[Blue+Eagle+26]

Yeah, being either a lawyer or a crack dealer is the only sure way to make good money in corporate america these days.

If this is any sign of their intelligence...

[HotNeedleOfInquiry]

I, for one, welcome our new DCMA overlords.

Re:If this is any sign of their intelligence...

That joke is too overused.

Or are you trying to further it's unfunnyness by using it to an extreme so that one day we can welcome Natalie Portman, our hot-grits-down-pants overlord, to Soviet Russia where all of us are belong to your base?

Besides, it's DMCA!

Re:If this is any sign of their intelligence...

[the_mad_poster]

How ironic that you just welcomed our new Defense Contract Management Agency overlords... weirdo.

It ain't about research...

[kitzilla]

I'm guessing his lawyers told him he was an idiot, and losing the case would make enforcing future (read: "more profitable") lawsuits more difficult.

I read it like this...

[WIAKywbfatw]

"I don't want to be the guy that gets laughed out of court for trying to stop users from hitting the SHIFT key".

Seriously, it doesn't take a genius to work out that:

a) the "protection" mechanism was going to be easy to circumvent; and
b) once the circumvention was common knowledge, the "protection" mechanism was going to be useless.

Now if the circumvention method involved something a little more difficult than pressing one single key (or disabling autorun) then he might have something to go to court about. As it stands, their "protection" is useless vs anyone who knows the first thing about how to use a PC - and that subset includes the very people who are most likely to rip a CD and upload it to P2P networks.

second half of quote

[LuxFX]

"I don't want to be the guy that creates any kind of chilling effect on research," Jacobs said.

Jacobs continued by adding, "I'll settle for just creating chilling effects on the concepts of fair use and privacy."

I wouldn't call it forgiving...

[FatSean]

I would call it..."Spoke to his lawyers AFTER he made the threat." hahaha..

One would hope that SunnComm would be...

[mlf4]

... sooooo embarrassed by this whole thing that they will close up shop and just go away. Unbelievable.

Reverse Haiku Yoda responds

'I don't want to be the guy that creates any kind of chilling effect on research,'

Dark side you are now.

Threaten you have; fall stock will.

Bankrupt you shall be.

Yeah, well I'm still sueing Compaq

[skintigh2]

for violating the DMCA on giving away this secret

Steve's Law Tips

[acomj]

I'm parafrasing here from an old bloom county cartoon.

Steve (Dallas)'s who to sue tips.

One of the tips was....
Even tough he clearly got the plantif into this mess, he is broke. Never Never sue poor people.

somebody should hit these people. really.

[Schwartzboy]

Yay for the parent post. Much more polite, many fewer expletives than I'd have used, but yeah, what he said.

Now, can someone explain just why SunComm thought it was a good idea to threaten litigation, but then back off, effectively publicizing the Shift thing even more for the two people who hadn't heard about it already? What kind of battle cry is "hey, we're taking you to court because you proved we're incompetent tools...oh, wait, we meant all of that except for the court thing!"? I don't care quite enough to check their stock price today or to find out if there are other money-makers for the SunComm people, but if this is the way they do business and this is a good example of the research & testing they do before deploying their products and strategies, I've got a $20 here that says I'll be able to line my hamster cage with SunComm stock before too long.

I couldn't comment on the original article yesterday evening because it made me almost physically ill. It's just a matter of time before something gives one way or the other, and to be honest I can't wait.

With this ClueBat, I dub thee Luser.

Re:somebody should hit these people. really.

[tsg]

Now, can someone explain just why SunComm thought it was a good idea to threaten litigation, but then back off

Because if it went to court, it could be damaging to the DMCA. The threat of litigation can be as, if not more, effective than actual litigation to get people to do what you want them to, especially with the provisions in the DMCA which make the penalties much worse if you don't stop doing it when asked to.

To use the parent comment's analogy, they don't have to swing the bat, just threaten to. If the DMCA gets overturned, they won't have their bat to threaten you with anymore.

effectively publicizing the Shift thing even more for the two people who hadn't heard about it already?

They weren't counting on Halderman yelling "Hey everyone! He's threatening to hit me with his bat if I don't stop pointing at this shift key!"

My favorite bit

From the Yahoo story: SunnComm alleged Halderman violated criminal provisions of the Digital Millennium Copyright Act in disclosing the existence of those driver files.

This is so ridiculous I can't even find something clever to say about it. SunnComm must have agreed, having seen it in print.

This is good:

[Thud457]

'I don't want to be the guy that creates any kind of chilling effect on research,'

That's good, because they need to do some fucking research to come up with an unbreakable copy protection scheme that can't be circumvented by my aunt Ida! By turning off a annoying "feature" of Windows.

There really needs to be some damn accountability for these snake-oil security / antispam / antivirus / antipron sleazbags. "Oh yeah, our magic beans are unbeatable!" Never mind that some of the basic tenets of information theory proves our claims are impossible! Our customers are ignorant rubes anyway!

you know, there should be a website for this

[ed.han]

i'd really love it if there was a site that translated press releases into candid & frank english.

ed

I was hoping they *would* sue

[Thumb-One]

When I first read the post about the shift key disabling the "copy protection", I said to myself "I bet that is technically a violation of the DMCA." Now, I know this is rude to the student who published it, but I was semi-hoping he would get sued, so that everyone could see the lunacy of the DMCA.

Hopefully, the fact they "almost sued", will have at least some of the same effect (as in people going, "that is crazy, I need to tell my congressperson/senator to get rid of that silly law right now!"), without the poor kid having to go about putting up a legal defense.

Did hell freeze over?

[KU_Fletch]

I'm confused. Did a CEO related to the music industry actually think with his head instead of his lawyers? Somebody call the RIAA and tell them that one of their associates understands the concept of public relations. I'm sure they won't stand for this monkey business.

Countersue?

[JaredOfEuropa]

Eeehm... but doesn't their DRM solution consist of a bit of software that installs itself on my computer through Autorun? Holding down shift while inserting a CD does nothing besides disabling Autorun, right?

So, they have written a piece of software that installs itself on my computer without my knowledge or consent, and impairs the normal operation of that computer. Such programs are called trojans and there is a law against knowingly distributing such software, or installing it without my prior consent. Hmmm... maybe it's time to countersue, maybe not these guys, but the record companies that make use of this software.

Even the radio DJs...

[ManVsRice]

I was on my way to work this morning and they were talking about this on the radio, and even the DJs started talking about how stupid people in the recording industry are.

TRICEPS: Guaranteed Copy Protection

[tuckerclerico]

It occurs to me that the DMCA may primarily be there to protect morons.

SunnComm, for example. They're morons to think that (a) CD content can be protected in the first place (audio-cable-as-a-last-resort is proof of this) and (b) they can place -- esentially -- millions of dollars of their company's value on the SHIFT key.

Of course, they knew the SHIFT key would defeat this on Win systems. Someone, somewhere must have realized this. But if I were an investor in SunnComm, I'd be ticked off that my money is going to morons -- and I'd be doubly ticked that any company funded by my dollars is threatening college students and unversities.

Enough with this. I'd like to see a company just get wise and say, look, the CDs can't be protected. Let's move on. Let's invest in a P2P legal infrastructure or whatever. But to implement moronic -- and obviously expensive -- copy protection under the guise of "cutting edge technology" is just insane. Enough, already.

Craig S. from the RIAA. Here's a tip: if you don't want stuff copied, DON'T RELEASE IT. Save yourself the money, save consumers the burden.

Ditto for Jack from the MPAA: if you're so concerned about your stuff leaking out -- the solution that is GUARANTEED to work is simple: don't realease anything you don't want copied.

If that means you fold up your chairs, take your toys, and go home: then go. Someone will always fill the vacuum. Odds are, we'll get more interesting content, too. (And I know you're running scared, Jack. Sony Classics and Miramax have you shittin' in yer Izod golf pants because they're taking the bite out of your precious West Coast operations. You know it, I know it, it's just a matter of time before the balance shifts.)

Anyway, this new form of copy protection will henceforth be called the 'TuckerClerico 100% Rock Solid Cutting Edge Copy Protection System' -- TC1RSCECPS, for short. 'Triceps' if you want to get rhetorically fancy about it.

TRICEPS will leverage your current intellectual properties in a unique and exciting way. Guaranteed 100% protection, cheap, and simple. You retain your property and consumers are spared any invasive copy protection schemes.

Jack, Craig, listen up: you can contect me a tuckerclerico@bite_me_you_geriatric_morons.com for a TRICEPS prospectus.

Harm?

[linuxislandsucks]

How can it be any more harmfull to publish a paper that shows the DRM technology was ineffective than to put that ineffective DRM technology out in the market place?

DRM on CDs and DVds will not be 100% secure and free from breakign the drm to be able to copy the files..

This have been proved numerous times in all quality CS journals.. myabe this cat shoudl read up on his CS research?

Some hope

[blugu64]

'"I just thought about it and decided it was more important not to be one of those people. The harm's been done . . . if I can't accomplish anything [with a lawsuit] I don't want to leave a wake," he said.'

I donno guys, it seems this guy is more sensible then most of the other DRM/Copyright fanatics out there. I'll at least give him the benefit of doubt. I doubt RIAA would every make this kind of retraction.

Disclosing security thru obscurity to shareholders

[uqbar]

Alright so SunnComm has seen their stock price devalued because their idea wasn't so swell, and was seemingly a great example of security through obscurity. Their stuff only works if you don't know how it works.

DMCA says the freedom of press doesn't apply - we can wait for that to sort itself but that could take years.

So the question now comes up, if the scheme is bad, whose job is it to let the shareholders know?

I would think that SunnComm and other peddlers of copy protection are legally obliged to disclose the limitations of their products - otherwise they are misleading shareholders into believing they have solved that problem that they frankly haven't. No one else can evaluate or disclose the laughable failers of their "protection", so if they don't it seems to be gross negligence or deception.

Shareholder lawsuits, anyone?

"These magic beans you sold me don't work!"

[Thud457]

The RIAA should sue Suncomm for fraud!

HAHAHA! You gotta love flimsy "technical" measures that are reliant upon the threat of legal violence.

Either hire technically competent people to build your security measures, or go back to enforcing your copyright through legal channels. Don't foist off these laughably inadequate technology upon your customers (RIAA/etc) and consumers and claim they're unbreakable.

Re:"These magic beans you sold me don't work!"

[fdiskne1]

Actually, this works out for the best. First, BMG wastes their money on Sunncomm's "security". Sunncomm makes an ass of itself and loses all of that said money and hopefully goes out of business. I think that's a nifty way to siphon cash from RIAA members. Come on! Let's see more of these los^H^H^H copy prevention companies!

Re:"These magic beans you sold me don't work!"

[Dwonis]

Either hire technically competent people to build your security measures...

That's all fine in theory, but in real life, it's tough to find technically competent people who are willing to pretend that there is any feasibility to restricting information-copying beyond the level of adding a minor inconvenience.

What that really means...

[hpa]

"We don't want to be the ones that give the EFF the perfect test case in court why the DMCA should be overturned."

So far, the only think that keeps the DMCA on the books is selective prosecution, and relying on its chilling effects to do most of the dirty work.

Re:What that really means...

[M.+Silver]

So why doesn't somebody *set up* a blatantly ridiculous DMCA lawsuit? You'd have to pay two sets of lawyers, sure, but you could pick your own example.

Uncommon knowledge

[SARSpatient]

They must have performed all their testing on Linux! Windows users have known the annoyances of AutoPlay long enough to know the Shift-key bypass.

This situation boils down to... Okay, I'm going to leave an unlocked box with all of my money in it on the street. But if you tell anyone "Hey, that box is unlocked!" THen I'm going to sue you. Hmmm... sounds like a first amendment case to me!

Re:Full Text of Article

[Big+Nasty]

"I think that's a horrible precedent, it's almost as bad as a negro dating my daughter." he said.

The article on the Princetonian doesn't have the part about a negro dating his daughter. That must have been added by the poster, or removed from the original. It seemed a strange enough thing to say that I went to the original and checked.

On the subject of Darl McBride

[Sea+Howitt+Fiehls]

Darl McBride sucks a monkeys ass.

Darl McBride sucks Bill Gates ass.

But then, I repeat myself


BTW does anybody post comments in extrans or code?

Chilling?

[cdf123]

'I don't want to be the guy that creates any kind of chilling effect on research'

s/chilling/laughing/

Why do companies think using autoplay for DRM is acceptable? Thats like encrypting all their content with XOR, it will work just as good.

No...the RIAA has much more to lose...

[FatSean]

The SunnComm guy can give up...he has other products to sell. If the RIAA gives up, their whole business fails.

Pow'full stench of Men-DAC-ity

[nanojath]

In the increasingly bitter wars between those advocating stronger anti-piracy protections and those who favor less stringent copyright enforcement, the decision against legal action represents one of a precious few instances of companies looking past their bottom line.

It's hard to stuff so many misconceptions and questionable assumptions into a single paragraph. This is hardly about the conflict betweeen "strong anti-piracy protections" and "less stringent copyright enforcement." More accurate would be to cite it as an example of the ongoing conflict between weak anti-piracy protections and the legitimate research of academics and professionals who expose it as such.

While we're at it, let's replace "anti-piracy protections" with "anti-duplication technology," just to highlight what this stuff really accomplishes - making it harder (and basically illegal) for individuals to exercise their fair-use rights in a vain attempt to keep copyrighted materials off P2P networks and (probably representing a much bigger impact on actual bottom lines) people from burning dupes of CDs for friends. I find it difficult to imagine anyone who doesn't have a vested interest in propping up the illusion of the efficacy of DRM technology advocating that any of the measures out there represent any real defense against file sharing.

And we can go on to replace "those who favor less stringent copyright enforcement" with "a broad cross-section of individuals, academics, professionals and politicians who question whether draconian legal attacks against individuals, questionable lawsuits against academics, and legislation that extends copyright terms far beyond their traditional boundaries and violates the principles of fair use, freedom of speech and prior restraint in service of protecting claimed technological fixes for copyright violations that have so far failed to materialize as effective methods of preventing the illegal distribution of copyrighted information." Hey, it's not so snappy. But sometimes the truth hurts prose.

And then there's "the decision against legal action represents one of a precious few instances of companies looking past their bottom line." Well, I guess it's nice to give them the benefit of the doubt, but I guess I'll make the cynical observation that this example of a DMCA lawsuit threat getting dropped doesn't seem to be all that unique, now does it? One is tempted to offer the alternative explanation - that after making a knee jerk response to getting hammered in the market (and really, this is the result of how the press reported this article - in and of itself the article would never have had this kind of effect), someone in their legal department noted that the suit was likely going to lose, that it was likely to have the opposite effect of increasing investor confidence and good will, and that DMCA suits threatening academics were a strategy likely to lead to what the industry absolutely doesn't want - a high profile case, illustrating the critical problems with the DMCA, against an individual with representation and back-up (Princeton has made it pretty clear it will stand up against attacks of this nature) likely to take it to the point where the viability of the DMCA itself might be threatened. So they cooked up the best way to spin it and had themselves a press conference.

Shenanigans

[Performer+Guy]

Hmmm..... sounds like he's spoken to his lawyers after shooting his mouth off and has a better appreciation of whether he could win.

Princeton Degrees

[SnowWolf2003]

I really hope this research paper had more to it than just finding out that pressing the shift key stops the copy protection software from loading on autorun. Because how long do you reckon it took him to work this out? A day. If all you need to do is put in a days research to submit a paper at Princeton, then I am off to try and get a degree there.

good security

While SunComm attempts to keep its security mechanisms a secret, a better example of security through open review can be found here.

I posted this on the previous article, but...

[Cap'n+Crax]

no one noticed, since it was so far down the page...

From an MSNBC article [msnbc.com]:

Future versions of the SunnComm software would include ways that the copy-protecting files would change their name on different computers, making them harder to find, Jacobs said. Moreover, the company will distribute the technology along with third-party software, so that it doesn't always come off a protected CD, he added.

So, they intend to get their DLL onto your system by having it installed by other unrelated programs... Sneaky.

Re:I posted this on the previous article, but...

Won't someone please please please give the parent some mod points??

False Sense Of Security: Not Necessarily Bad

[PRES_00]

From the article:
"The worst thing in the world is a false sense of security."

Almost every method of copyright protection can be bypassed. I say, if it gives some record companies enough confidence that you won't pirate their stuff (i.e. p2p it), then it's better for the non-pirates! This will keep them off our backs and from adding another nuisance to legitimate backup purposes.

Just to be on the safe side (and prevent a heart attack when they tell you you're responsible for 10 million bucks in losses), don't publish such stuff. Let the information crawl its way through usenets until the source is no longer tracable!

Covering his ass

SunnComm didn't back off this lawsuit because their CEO had a sudden Road-to-Damascus epiphany that he was doing wrong. They dropped the lawsuit only after CNN broadcast the shift-key "feature" to the world at large on Wednesday morning. They would have happily used the DMCA to squash an individual student with no salaried high-dollar lawyers at his beck and call, but taking on CNN/TimeWarnerAOL/whothehellever's legal department is a different matter. With the information irretrievably out of the bag, SunnComm dropped the lawsuit purely to avoid further PR embarrassment. If you don't have a major corporate legal staff on your side, the DMCA gives idiotic fuckwits like SunnComm the power to squash you without any effective hearing or consideration of your First Amendment rights whatsoever. Repeal it NOW.

Success!

[Shoten]

Ok, whoever it is, you can turn off the DDoS attack against SunnComm now :)

That's the problem with...

[idontgno]

projectile mental diarrhea. It's a horrible mess to clean up.

"We're gonna sue!" is becoming some type of corporate spinal reflex. The words fly out of the festering gobs of corporate mouthpieces and overpaid execs before the (alleged) brain even gets a chance at "Whoops, bad idea." SunnComm is damned lucky that investors are dimmer than they could be; otherwise, the company would have lost much more than 1/3 of its capitalization. (How much contrarian/bottom-feeder buying activity shored up the price? Ya gotta wonder.)

I thought that was an odd business model...

[StressGuy]

....devise an admittedly anemic copy protect scheme then sue the first person to publically point it out.

I can't see myself being terribly sympathetic to their position if I were on *that* jury.

Gotta love the cluelessness. JAILTIME for CEO?

[samjam]

BTW these aren't all my comments, they're based on the comments of a friend.

First SunnComm to sue 'Shift key' student for $10m and then they change their minds so as not to stifle research, but who is really the guilty party?

Has anyone determined whether it is in fact legal for SunnComm to install a device driver without asking or making the user aware that that is what will happen?

In the UK, this appears to be completely illegal:

(1) A person is guilty of an offence if--

(a) he does any act which causes an unauthorised modification of the contents of any computer; and

(b) at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing--

(a) to impair the operation of any computer;

(b) to prevent or hinder access to any program or data held in any computer; or

(c) to impair the operation of any such program or the reliability of any such data.

(3) The intent need not be directed at--

(a) any particular computer;

(b) any particular program or data or a program or data of any particular kind; or

(c) any particular modification or a modification of any particular kind.

(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.

(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

So if they install a device driver without asking, they must know it is unauthorised (satisfying 3.(1).(a)), and it will certainly do all of 3.(2).(a), 3.(2).(b) and 3.(2).(c), have they broken the law, and aren't computer users completely justified in informing each-other how to protected their systems against such unauthorized abuses?

Or is it the record label, or the vendor who is ultimately responsible for the unauthorised access?

Re:Gotta love the cluelessness. JAILTIME for CEO?

[Qrlx]

any act which causes an unauthorised modification of the contents of any computer

There will probably be some fine print somewhere on the CD stating that by playing this CD in your computer, you agree to the terms, which may include installing special software on your computer to protect your digital rights. So it's not unauthorized, because by using the contents of this software you agree to be bound by the terms of the license.

Part of the strategy is that most people won't bother to read the fine print. But that's not SunnComm's fault.

Re:Gotta love the cluelessness. JAILTIME for CEO?

[samjam]

The sad thing is the sort of people who can't comprehend the EULA and thus enter into an agreement, are the sort of people who won't be able to make a charge.

Sam

How is the software installed?

[lightspawn]

Does it display a EULA? Does it try to install itself without your knowledge?

Is that legal at all?

I wish I had a lot of time on my hands.. I'd go buy the CD (paying cash), open it, find out that it's not an audio cd as advertised and in fact tries to hack your machine, try to return it opened, and when refused would sue in a small claims court. Hopefully that would let more people be familiar with the issues. Buy music CDs? No way man, the RIAA just want to hack into your machine. Download the mp3 instead just to be on the safe side.

Really, how long before they'll try to install software that reports back with a list of all of your MP3s?

Can the RIAA still sue?

[OzPhIsH]

Thats pretty cool that SunComm isn't going to sue. In fact, I'm happy that they essentially screwed the record companies out of millions for this pathetic attempt at copy protection. My question is: Can the RIAA still use the DMCA to sue, since its their prodcut under this 'protection'? We might still not be safe...

Re:Can the RIAA still sue?

[idontgno]

In fact, I'm happy that they essentially screwed the record companies out of millions for this pathetic attempt at copy protection.

I notice that no one else has picked up on this. Who was the first customer for this "copy protection" product? BMG, I believe. Anyways, I wonder if maybe SunnComm will be too busy defending itself from the folks to whom they sold this product to pick on some grad student who had the temerity to point out that this awesome padlock was made out of styrofoam.

Cannot permanently enable autorun

After the first run, they may be able to coerce the user into installing some app that does not allow the auto-run feature to be disabled...

There's no way to prevent disabling autorun. Plenty of valid software (think vmware) strongly discourages, or requires disabling, this "feature". All such software would break. Administrators have been warned since autorun-day-1 to disable it to avoid trojans (such as this one).

No more than SunnComm deserve

[ajs318]

If SunnComm really believed that their ridiculous system worked, then they are to be pitied. MediaMax as described in the original paper is about as effective at preventing copying as a chalk line on the floor is at preventing break-ins. A Linux or old Mac user would never even know about the "protection" - the disc would play fine in their machine, and they probably would just rightly guess that the Windows / MacOSX files were irrelevant. But, my guess is that SunnComm knew that their MediaMax rated somewhere between ineffective and laughable on the scale, but were intending to make money on it nonetheless. That probably would constitute fraud {selling somebody something which you know or suspect doesn't work certainly sounds like fraud to me}.

A professional counterfeiter will not think twice about making an analogue copy. They don't particularly care about a little quality loss, and beside, they can afford decent equipment to minimise the effects. The really determined file sharers will always find a way of getting the music onto the networks in a digital form, whether by analogue means if necessary or by digital means if not.

And once the "protection" has been defeated, even by only just one person, it is ruined forever. Every penny that anyone ever spent on it has become wasted, as surely as if they had flushed a bunch of pound notes down the toilet.

Now, can anyone say how the price you pay for a CD gets distributed amongst the various players? How much goes to the performer? The writer of the song, if not the same person? How much goes in some fatcat's pocket? And how much is spent on flawed "copy protection" schemes that blatantly do not work and never will?

SunnComm realized...

[Delron+Da+Thugg]

that shift happens.

a matter of public safety

[leery]

"The worst thing in the world is a false sense of security." says Halderman in the article.

Hear, hear.

A flawed security device affects not only its immediate users (recording industry in this case) and their clients (artists), but everyone who might one day rely on it to prevent dissemination of personal, proprietary or otherwise sensitive or secret information, whether for themselves or their clients or dependents. I would think that the greater good of protecting the public from such a potential disaster far outweighs the short-term profits of a few, and exposing the defect is the only responsible thing to do. (I am not a lawyer).

Offtopic: sluggish Slashdot?

[leery]

Has anyone else had a problem with /. being sluggish or unresponsive the past few days? Is Slashdot being slashdotted?

Re:Offtopic: sluggish Slashdot?

[JLSigman]

I thought it was just the crap-tastic T1 here at work. But yeah, in the afternoons, especially, Slashdot gets slashdotted for me.

Re:Offtopic: sluggish Slashdot?

[M.+Silver]

It's not just sluggish, it just outright hands me an "Internal service error." Refresh fixes it.

Re:Offtopic: sluggish Slashdot?

[leery]

I'm on Verizon DSL. But I've never had /. be so consistently intermittent (if that makes any sense) until recently. Other sites fine. Changing browsers makes no diff. Overpopulation? Mass unemployment? Puzzled.

Re:Offtopic: sluggish Slashdot?

[kiddailey]

Not just you -- I'm having major problems with the site as well, getting timeout errors every nearly every time I try to go to a new page. And especially when trying to reply to posts (it took four attempts to get the reply page to come up for this message).

Maybe Slashdot is getting Slashdotted? ;)

Re:Offtopic: sluggish Slashdot?

[Cro+Magnon]

I haven't noticed any problem.

Posted October 09 03:00PM

Catholic Church to Sue SunnComm...

[Dave21212]

(Just wanted to reiterate in a more current thread)


In commenting on SunnComm's statement :

The goal of MediaMax was not to invent the "holy grail" (since one does not exist).
...They seem to born out of some Messiah complex hell-bent on saving the world from any technological attempt to protect artists and their property.

The Pope declared:

No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of Corporate America to facilitate disinformation regarding the existence, or not, of such a Holy artifact. Also, to suggest that Jesus would be "saving the world from any technological attempt to protect artists" is a misrepresentation. When I asked, What Would Jesus Do , it was His position that He is not against any particular technology, however the application of technology such as DRM to prevent consumers from exercising their rights may be, in fact, an Evil that Jesus would be prepared to deal with during the coming Apocalypse.

I don't know what is scarier...

[ZuperDee]

Look people, there is more than one possibility here--sure, maybe SunnComm realized there was no way they could win...

But the other possibility is that maybe they also realized this case WOULD be a precedent-setting case, and that the courts might possibly end up striking down (at least) parts of the DMCA as an unconstitutional violation of the 1st Amendment if this case were brought before the courts.

I see no difference between this and the fear some people have of the GPL being tested in court for the same reason. It makes no difference to me whether it comes from the "open source" crowd OR the "corporate" crowd... Which raises another point: why is it that some people have this warped idea that ANYTHING "corporate" is like a four-letter word? For heavens sake people, it is time to stop whining, and start REALLY innovating.

idiots

Yeah he thinks it's important that the owners of something decide how it's used...unless it's my computer that is then it's his company that decides how it should be used. Hopefully these guys will circle the drain quickly.

New Adjective

[t_allardyce]

The ironic thing (which SunnComm probably realises) is that if they did take it to court the press would obviously have to mention "the shift key" in their articles and news reports which itself would be a DMCA violation. Even if the American press were barred from saying it, you can bet your ass a foriegn press would have a feild-day with it, skylarov got quite abit of foreign coverage (over here in the UK atleast) and bashing American law and politics is a hot ticket right now! Its in SunnComms best interests to keep damn quiet about this, they should be bribing the student to keep quiet too.

Its one thing suing over DeCSS (don't get me wrong, im totally not on the DMCA's side) but its another thing when the "circumnavigation" can be described in the sentence "hold down the shift key".

The staff at SunnComm speak the most bull-shit ive ever heard from one place, even Bush and Blair are more credible. Its just not possible to express in words how useless their product is, i think the only thing i could use it for is a new adjective "to be sunncomm" to describe uselessness. - Thats completely sunncomm. He's sunncomm lets fire him. Its sunncomm, were stuck here.

What are the odds ....

[Aleatoric]

That someone (RIAA, etc.) told them to drop the idea of a lawsuit, because of the possibility that it would be too good of a test case against the DMCA, and might even make it all the way to getting it thrown out?

Translation for those who don't speak moron...

[dameron]

'I don't want to be the guy that creates any kind of chilling effect on research,' SunnComm's CEO Peter Jacobs said.">

This should read:

'I don't want to be the guy that fucks up this whole DMCA thing,' SunnComm's CEO Peter Jacobs said."

Actually, we need this kind of idiotic ligitation so the problems with the DMCA can become obvious to everyone, and so the courts can act to strike down this piece of shit legislation.

-dameron

Chilling effect

[zizzo]

"I don't want to be the guy that creates any kind of chilling effect on research," Jacobs said.

Too late! I already had to buy matching left and right Shift key cozies for my keyboard.

I'm glad....I do lots of "Research"

[NineNine]

I did research** 5 times just in the writing of the subject of this post!

**Research as Sunncomm defines it as pressing a shift key on my keyboard.

Misquote

[Featureless]

I think they missed the rest of his quote.

"I'd really rather be the guy who created a big chilling effect but then pretended I didn't."

From the earlier thread

[dlc3007]

In the earlier discussion about this case (yes, I'm too lazy to go look for it again) someone suggested a legal attack on SunnComm for illegally installing software on computers. Since I'm not rushing out to buy whatever CD this is, does anyone know if there's a warning on the CD? Anything that informs the user that software is being installed? Anyone at the EFF who'd be interested in this train of thought? I'd be willing to buy the CD and document that in installed software on my computer and appear as a witness if they want to go after SunnComm.

This is not a new discovery

[Atario]

At least not in the software field.

It has been known for a long time (mid-80s, probably) that copy protecting software is expensive, ineffective, and alienating. That's why there's hardly any of it around. Oh, sure, every now and then, someone gets a bee in their bonnet and decides they're going to try something new and stupid (XP/TurboTax/etc. Activation, anyone?) (or even old and stupid -- your story is a case in point), but all in all, the software industry's known this for a long time.

Too bad the music and movie people are so much slower on the uptake.

furthermore...

'I don't want to be the guy that creates any kind of chilling effect on research,' SunnComm's CEO Peter Jacobs said.

and the fact that we are total idiots and incompetent to produce copy-protection product has nothing to do with it!

"I don't be the guy who..."

[freeBill]

"...brings a lawsuit that points out to all our customers that that my company hasn't got a clue about security."

Re:gross exaggeration

I can more sympathsize with the RIAA getting upset with P2P, where a person can distribute thousands of copies of a track throughout the world in a few minutes

I don't know what kind of upstream bandwidth you have, but there is absolutely no way people can download 1000 copies of a 4MB song from me in 3 minutes. That would require an upload bandwidth of 178 Mb/sec.

What are you paying a month for those speeds and what kind of hardware do you have!

The keyboard shortcut is common knowledge

[timlewis_atlanta]

Would they have ever got anywhere with this in court ?

I doubt it, as it as the keyboard shortcut is common knowledge.

For example, it's been posted here for a long time
http://familyinternet.about.com/library/weekly/aa1 10902a.htm

Get over yourself Pete

[miu]

You are not going to "be the guy that creates any kind of chilling effect on research". The DMCA is doing that quite nicely without your help. If anything a ridiculous case like this would be more likely to make people aware of what a ridiculous fuck-up the DMCA really is.

Great news

[radsoft]

This is of course great news - for Halderman and everyone. Yes, one wonders how such a silly lawsuit would have went, and this can be the ultimate consideration of CEO Jacobs, as SunnComm gains little by playing hero.

But it doesn't really matter. If SunnComm stay out of this, then it is a victory, and maybe we will now see the end of all this foolish copy-prevention hype as Halderman predicted.

Isn't this software ILLEGAL?!?!?

[JumperCable]

OK. So this software automatically installs itself on your computer without your knowledge or permission. Isn't this HIGHLY ILLEGAL!?!?!

Somebody should start a class action lawsuit against this company before this type of activity becomes run of the mill.

Not Research; No Lawsuit = No News

[Josuah]

First of all, I hardly think figuring out that the CD autorun installs some software that bonks up your CD-ROM drive support in Windows is any sort of research. It's not like there's an award-winning publication in the works here.

But, since the record companies already knew about this workaround (and also admitted it on CNN), a lawsuit against John Halderman might feasibly open one against BMG. And it would make this workaround headline news.

By forgetting about the entire incident, lots of people are going to know how to get around this by holding down shift, but at the same time a lot of people aren't going to find out about it. Seems to me that since the industry already knew about the workaround, SunnComm might still be able to sell their solution despite some public knowledge of a workaround.

It also makes the average /.er start to forget about the entire incident. If you're mad, you're more likely to bad mouth a company or product. If it's old news, then you're more likely to forward the trailer for LotR.

What a pussy

[panic911]

Peter Jacobs you suck - if you're going to threaten somebody, then go through with it. I'd like to see this law suit go through just so the DMCA can be questioned in a court of law. I'd also like to see the kid counter-sue these fucks and put them out of business.

Autopsy of a stock going * on the pavement

Okay, was this the result of a script kiddy or a one-class moron? (pass an "Intro to COBOL" class, get a job) A company bets the farm on fooling everyone with something infantile and blames everyone else when they get caught.

There are few interesting things which go unhacked; most of the reasons behind doing it are sport, challenge, and deflating an ego bigger than a Macy's parade float in the Thanksgiving Day parade. We've all seen it: puzzles, challenges, etc. are jumped on by practically everyone, even if they aren't familiar with the working area (remember the Christmas Chess Puzzle from several years ago? Even people who didn't know anything about Chess were asking for quick lessons and jumping in to partake of the challenge). Many times, things are hacked or reverse-engineered to create tricks to add to our little bag of tricks for future challenges.

(The obvious exception is Microsoft's activation system but even that's been cracked) Let's face it. Were the most important shareholders (likely the BOD|VCs|angels) knowledgeable of the decisions being made WRT the finished product and how it was being protected, there'd be a lot of heads chopped off, put into the freezer, and used as croquet balls (think Alice) at the next company picnic - providing there will still be one and only if this is a one-time event for the company.

Jacobs said in an interview late last night that a successful lawsuit would do little to reverse the damage. What is it Dr. Phil says? "Well, DUH!" Anyone who didn't know the hack would know after the court trial. Since when does an Easter Egg become a crack? In the trial, it would take nothing more than finding an appliance which the judge (or jury) is familiar with and show them an Easter Egg which makes sense to them (and may already be known to them). In college, some of the vending machines had an interesting Easter Egg (this was in the early 80s): If you entered a dollar bill then hit the "Money Return" button, it would dispense change (usually four quarters) rather than the original dollar. One of the side effects of doing this is means there are not as many coins available to support customers who want to make purchases and did not have exact change Should those of us who discovered (and used) that feature be penalized? After all, we purchased four quarters with a dollar bill. If so, how should that have been discovered and how should we have been tracked down?

If they're going out into the marketplace and protect their "technology" with something stupid (in which case it would be cracked like a broken Rubik's cube but faster - snap the pieces out, twist them, and pop them back into the frame) and someone finds out about it, of course everyone will know about it. I think they're the most upset because they either thought could get away with it and got caught - especially with something stupid or they didn't realize they were going to get caught and looked like fools. It may not be too much for many to envision them doing something inane such as using a password like "XYZZY" or "you're in a maze of twisty little passages..." for test purposes and that would bypass a goodly sum of persons who didn't grow up with ADVENT. What they've done is the equivalent to "Please enter your UserID|Password:" using (Guest|Guest). Or simply, they tried to fart in church. They got caught and now think someone else should pay the price for their embarrassment.

Even the latest news says little for their perspective: "I just thought about it and decided it was more important not to be one of those people. The harm's been done... if I can't accomplish anything [with a lawsuit] I don't want to leave a wake," he said. Translate this to: "I don't want to have to stand before my BOD and explain why our stock has tanked, how all of the news stories which state holding a [SHIFT] key bypasses the autorun mechanism, and how we could possibly have: 1) this in our design, either intentionally or or accidentally - the former showing a lack of judgement, t

The value in copy protection

If there is any perceived value in copy protection, I would think they'd realize they should only put some "weak" attempt at protection in there that is easily circumvented.

Think of it as a simple lock on your luggage. These cheesy locks can be picked with a toothpick for cryin' out loud. So why do it at all? There is still a "message" behind the weakest of locks. It says, "Don't copy this." Of course a copyright notice does same thing but it requires an intentional action by the user to "crack" the software.

This makes the criminal act (if there is any) more definitely willful and less likely to be accidental. This improves the odds of success in civil and criminal suits.

In my opinion, that is ALL that copy protection should be good for and why additional research into more complex methods is a huge waste of money and resources. Crackers love to crack. Companies spend money and time grieving over what crackers do to get their jollies! Why fuel their fun unless that is the part of the "game" they are intending to entertain the crackers with in the first place?

This is actually getting really boring now

All this "A gonna sue B over threatening to not sue C who wants to sue D who claims they have a right to sue E who ate the spider that caught the fly that lived in the house that Jack built" shit is starting to really make me puke.

1) Get a life.
2) Round up all the weasel lawyers, put them in a field and bomb the bastards.
3) Start ACTUALLY CREATING SOMETHING - you remember that honest pursuit of ACTUALLY DOING SOMETHING of benifit to yourself or others.

I read /. hoping to find informative texts on technology and scientific advances, but every other story is this same whining crap. Its a symptom of a very, very sick society and we are in mortal danger of dissapearing right up our own ass. The legal system (specifically the American legal system it seems) is right out of control to the gross detriment of everyone.

What we need is a firmly prosecuted high profile case where a company is hauled over the coals and real jail time dispensed to CxOs as an example to prevent further frivolous actions that seek only to maximise profit, intimidate competitors or establish degenerate intellectual property ownership.

Once you randomly pick one of the bleating whiners and slam their head in the door a few times the rest all miraculousy shut up. Works every time.

RIAA take note

[555-5555]

This is what the RIAA has been doing for months sue first think later
This is a pointless lawsuit they are better off sitting there banging the bat against there hand then trying to hit him the industry seems to have turned against White Hat Hackers Adrian LAmo a premiere " security expert" was arrested because he hacked the NY times then told them AND NO BODY ELSE what was wrong this is close to the same thing although he shouldn't have gone public with this first but if they aren't going to do anything about it ( like microsoft) then you have to go public se they fix it or lose some of their customer base

Their protection is useless anyway it drives up the price of already over priced CD's and only stops the common user from listening to the CD they bought on their IPOD so they go to kazaa where a true pirate with the intent to defraud the "music industry" THen they download the file and get sued by the RIAA all because the RIAA makes pointless attempts at protection on CD's where all you have to do to get past it is to hold down the shift key it is cycle that starts with the RIAA's stupidity end ends with us and our friends pissed off at them and boycotting their CD's a hopefully cause them to end up losing money

Damn the RIAA full speed ahead

Not DMCA if not effective

[LightSail]

But this protection is not covered by DMCA.
Read the ACT:
`Sec. 1201. Circumvention of copyright protection systems
`(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

Define effectively:

`(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

No, you can gain access to work without any of the above. The DMCA covers processes that are required to access the copyrighted work. SunnComm's process is not required to access the copyrighted material. SunnComm's process is optional. Therefore it is ineffective and not protected by DMCA.

Investors

[elgaard]

So investers pour 30 million dollar into a company without checking out the products of the company.

Of course for all we know maybe some potential investor could have hired a graduate student who told them that at least this product was almost worthless. And maybe that investor decided to just not buy the stocks and keep quiet so they would not get sued for violating the DMCA.

Sunncomm thought they had it easy. If anyone fouln out that their product didn't work the customers and shareholders could not be told.

At least it would be difficult to talk about it without revealing too much.
"We fould that the DRM only worked on two operating systems and that it could be defeated permanently by disabling a feature related to CD's or by doing someting very simple when a CD is inserted"
does not really wordk.

http://finance.yahoo.com/q/bc?s=STEH.PK&t=6m&l=o n& z=m&q=l&c=

Jacobs seems likeable

[instanto]

After reading his comments, and from the web page (how many web pages lets you communicate directly with the ceo?) it seems like Sunncomm atleast is "honestly" trying to suit both the music industry (RIAA crapz!) and the users.

Although their technology is flawed, atleast those working on it seemed to not be zombie-bastards-from-RIAA-hell.

Be Vewwy Vewwy Quiet

[Seiya235]

My guess is that they just want to keep this out of the press so that the RIAA doesn't find out that their product is utterly useless.

After all, it's not like they read Slashdot.

They don't want the attention.

[rhizome]

Better to keep all the "facts" in press releases rather than the courtrooms if these developments cause the labels they deal with to come after them for fraud. They would probably prefer not to have to talk to the SEC any more, either:

http://www.sec.gov/litigation/complaints/complr1 74 62.htm

Since they are a pinksheet business and don't report any financials as a public company, nobody but them knows whether they'd even be able to mount a case like this.

Re:They don't want the attention.

[rhizome]

Fixed URL

Re:gross exaggeration

[fishbowl]

Well, in a best-case scenario, the propagation rate would grow exponentially. Consider the situation where every downstream node also distributes the item. Even if each node only distributes to one other node, you have quadratic growth.

Of course that's not what actually happens, but when you have your panties in a bunch and you're asking a court for damages, you want aim high when stating your case.

On the other hand, damages should only ever be framed in terms of what did happen, not what could happen.

No Case to begin with

The shift key dosn't circumvent the DRM,
the fact that it dosn't work without software being installed just shows how worthless it is.

Every consumer has the right to prevent any piece of software from being installed.

sig.rant

I've said it before and I'll say it again: those people who quote themselves in their own sig are so pretentious it makes my head spin.

incredible

[phriedom]

I'd like to point out the unintended humor of SunComm's claim that MediaMax provides "an incredible amount of security." Yep, it is incredible allright. It is also unbelievable, unreal, fantastic, unimaginable, unprecedented, absurd, and outrageous. It might even be the penultimate security product.

But if I were one of their customers, I would prefer some credible security instead.

You'd think marketing people would at least know what the words really meant wouldn't you, since using words is their job.

Any lawyers in the house?

[Veramocor]

Assuming either an RIAA or another entity sues you for millions of dollars. They win in court, but you don't have a million dollars. How much per year can they garnish from your wages? Can they take your house? Or you car?

Uhhuh.. right..

[The+Kow]

I don't want to be the guy that creates any kind of chilling effect on research,' SunnComm's CEO Peter Jacobs said."

Am I the only one thinking "Don't flatter yourself." here?

Here's what might have happened

Here's my take on what might have happened in this chain of events.

BMG bought SunnComm's software for the CD.

Haldeman published his paper, and the news hit the Net.

BMG went ballistic because they realized they'd been sold a pile of crap by SunnComm. You can bet there was at least one phone call from a royally pissed off BMG exec to Jacobs demanding to know what the hell was going on.

The stock price began its slide.

Jacobs gets rattled. He's got a stock that's tanking and a very large customer who just found out that SunnComm sold them a piece of shit DRM system. So, attempting to do some damage control, he shoots off his mouth about filing lawsuits and criminal charges.

SunnComm's lawyers get hold of this and get nervous. They know that a pivotal point in such a case would be whether defeating MediaMax is a trivial matter. If they lose the case on that point, then that means that a court agrees that their DRM system is a piece of shit.

Then comes the lawsuit from BMG. BMG's lawyers will use the Haldeman case as evidence that MediaMax wasn't as secure as SunnComm said it was and that SunnComm defrauded BMG. At that point, one of BMG's lawyers will pull out a large pair of pliers and yank off the balls of every SunnComm exec he can find, with Jacobs being first on the list.

But that's just my opinion.

Dang.

[dw5000]

And I was all set to mail them my DMCA-violating keyboard.

Favorite quotable quote

[neoThoth]

From: full-disclosure-admin@lists.netsys.com
[mailto:fu ll-disclosure-admin@lists.netsys.com] On Behalf Of Jonathan A.
Zdziarski
Sent: Friday, October 10, 2003 11:04 AM
To: Schmehl, Paul L
Cc: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Student faces suit over key to CD locks

Does this mean they're going to attempt to sue Microsoft also, for publishing this feature in their Windows documentation? Or perhaps
they'll take the RIAA's approach and sue anyone who uses the SHIFT key.

Why Don't They Sue Microsoft?

[NeuroManson]

After all, the autoplay disable feature used in Windows since 1995 (or earlier) retroactively breaks the copy protection scheme.

All they have is billions of dollars and 800 lb gorilla lawyers and...

Oh... Right.

Who this is designed for

[Obfuscant]

I won't say anything but quote Mr. Peter Jacobs as reported here, in a 2001 interview, and again here, in a 2003 interview:

"From our standpoint, we are designing the software for the 99 percent of the people who don't want to steal the music but instead (want to) use it for whatever means--for whatever personal use that's allowed by the artist and the record label. The software was designed for those people, not for the 1 percent who are going to take the lock cutters and cut the lock off and steal music in an unauthorized way."

Oh, okay, I'll say something. In other words, his copy protection is designed to keep people who have no intention of trying to copy the music from copying the music they never intended on copying. It isn't intended on keeping those people who want to copy the music from copying the music, which they can and already are doing.

IANAL, but Mr. Peter Jacobs published remarks about the motives of the grad student involved sound very much like slander (or is it libel?)

Why Is This....

funny?

"Fair Use" is...

[jbottero]

what I say it is, *IF* you want my product. Read the EULA. Don't like it? Don't agree to it.

The movie you remember...

...was Amazon Women on The Moon

What happened?

[Snaller]

Because ever since they've had copy protection on their games? (All units blow up if some hardware key doesn't match...)

Re:What happened?

[Briareos]

Electronic Arts bought 'em. That's what happened.

And I can't remember ever seeing an EA game without copy protection.

np: Plaid - Yak (Trainer)

Re:What happened?

[Snaller]

Ah... silly buggers - haven't they realised it only hurts the honest buyer. Oh well.

Why they did this

[tuxlove]

There is only one reason I can imagine SunComm made this statement, other than bad PR avoidance (which can't be a huge part of the reason or they wouldn't be producing such an ugly product). Simply put, what they are doing breaks the DMCA just as much, if not more than, the "shift key whistle blower" did. To produce their copy protection technology, they have to do a lot of research into CD ROM hardware/software produced by other companies. That involves finding ways to break those products under certain circumstances through both experimentation and reverse engineering. In other words, they clearly violate the DMCA on a regular basis, especially under their own standards. I'm sure they don't want to be held to those standards themselves, so they can't try and hold others to them. If they have half a brain, they will steer clear of any DMCA issues lest the limelight be shone on them. Seems like they may have had an epiphany recenly.

Any excuse in a pinch

[El]

Looks to me like SunnComm stock started plummeting at the beginning of September, and lost more than half it's value long before anybody pointed out that the Emporer had no clothes. But let's blame this student anyway! He must be the cause of all our troubles! Yeah... that's the ticket!

He's No Financial Genius Either

Halderman's paper hit SunnComm hard. Since Monday its stock value has dropped $10 million -- one-third of the company's total worth.

"I don't want to be the people my parents warned me to stay away from," said Jacobs of his decision. "It's 10 million bucks, but maybe I can make it back, and maybe [Halderman] can learn a little bit more about our technology so as not to call it brain dead."

The one who's brain dead is Jacobs. This dipwad has about as much of a clue of finance as he does of "security".

Let me 'splain this Pete:

When the total stock market value of the stock goes down $10 million, the CEO doesn't "lose" that money. Individual stock holders who bought higher than the current price "lost" the differential ONLY if they sell. You were probably optioned out - hence didn't "buy" the stock at the pre-drop price and didn't lose anything.

This guy (Jacobs) is obviously a snake oil salesman, ticked off that someone lifted the flap of the tent. Take a look at his web site disclaimer:

Statement: Our 3-year old company . . . .
Fact: Company has been listed on the exchange since late 1996

Statement: the investor or interest-holder, will not be afforded public access to regular company audits and therefore you must solely rely on the company's press releases, news stories, or other publicly available information.
Fact: Only an idiot would "invest" (if you can call it that) in this ruse.

Quit blaming Halderman for your problems - SunnComm is down 95% since the bubble. Besides, you imply you lost the $10 mil personally - DUH, did you own ALL the shares? Then it wouldn't be a public company.

If any "Other OTC" stock can even be called that - they're typically a joke. Why do you think you get 10 "pump-and-dump" emails about such stocks every week?

Can this be used as example for later suits?

[Quizo69]

You state that this may have proceeded if the circumvention had been tougher to implement than holding down the "Shift" key.

My question is this - if they decide not to sue because it's too obvious how to cirumvent a "protection", then where does a judge in a later case that DOES make it to court, draw the line on what is obvious and non-obvious?

Could this retraction of the threat of a suit later be pointed to as the plaintiffs picking and choosing whom to sue based on the likelihood of success? After all, one could point to this incident as an example of the industry not enforcing the DMCA when they by rights should have (the law's interpretation), and then use that as a basis for dismissing a future suit they try to file on some other poor ($$$ wise) sucker who can't afford to fight their suit.

Finally, I'd like to see the student take SunnComm to court for slander and claim damages. It should be illegal to threaten a lawsuit without proceeding. Same goes for the RIAA - it should be illegal to threaten 12 year olds with lawsuits, then decide after much negative PR that they wouldn't in fact sue.

Quizo69

Just pathetic

[coolmacdude]

From the CNet article:
"Jacobs refused to divulge the reasons for his change of heart, saying only that "when the original firestorm cleared and we had a chance to poll the different organizations (including customers, advisers and shareholders) I started to have a different picture on how to resolve the issue."

In other words, everyone told you how completely insane you were and you figured it would be better not to make a total ass of yourself for your supporters.