Feeds

SunnComm to sue ‘Shift key’ student for $10m

Alleges DMCA violation, damage to its reputation

  • alert
  • submit to reddit

Security for virtualized datacentres

SunnComm has threatened Princeton PhD student Alex Halderman with the Digital Millennium Copyright Act (DMCA) for exposing a key weakness in the company's latest CD copy protection technology, MediaMax CD3.

The company said today it will take legal action against Halderman for revealing how MediaMax CD3 can be bypassed by holding down a Windows PC's Shift key when a protected disc is inserted.

Doing so temporarily disables Windows' Autorun facility - which many Reg readers have turned off anyway, they tell us - which prevents a small installation app from being launched off the CD. That software installs a device driver which detects the presence of a copy-protected disc and prevents attempts to copy such CDs.

The installer apparently asks for the users permission to install the file, and does not do so unless the user clicks on the equivalent of an OK button. If the UK rejects the 1800-word End User Licence Agreement (EULA), the disc is automatically ejected.

The EULA says: "This audio compact disc utilizes MediaMax technology by SunnComm to deliver enhanced features to your computer. In order to properly utilize this CD on your computer, it is necessary to install a small software program on your computer hard drive."

It's worth noting that the BMG distributed CD Halderman tested lacks the familiar CD logo. Thanks to the inclusion of SunnComm's technology the disc can no longer be described as a CD - an item that has a very specific description as detailed in the standards documentation written by the format's creators, Sony and Philips. A disc that doesn't follow the standard to the letter can't be described by its supplier as a CD.

Odd, then, that the EULA, as quoted above, claims it is a CD - and is arguably in violation of the CD licensing regulations. Just a thought...

Bypassing Autorun allows full access to the CD's songs.

As revealed by The Register yesterday, Halderman detailed his discovery in an online paper published after he analysed a CD - Anthony Hamilton's Comin' From Where I'm From - which incorporates the technology.

SunnComm today said the paper was "erroneous" and contains "false conclusions". On the back of said, "Halderman and Princeton University have significantly damaged SunnComm's reputation and caused the market value of SunnComm to drop by more than $10 million," the company alleges.

And then there's the DMCA angle. SunnComm claims Halderman broke the law by revealing the name of the driver the app installs.

In a statement released today, SunnComm said: "SunnComm intends to refer this possible felony to authorities having jurisdiction over these matters because: 1. The author admits that he disabled the driver in order to make an unprotected copy of the disc's contents, and 2. SunnComm believes that the author's report was 'disseminated in a manner which facilitates infringement' in violation of the DMCA or other applicable law".

SunnComm's statement is, of course, a tacit admission that Halderman's information is correct: "Once the file is found and deleted according to the instructions given in the Princeton grad student's report, the MediaMax copy management system can be bypassed resulting in the copyright protected music being converted or misappropriated for potentially unauthorized and/or illegal use," it says.

If Halderman is incorrect, then the outcome described above can't happen, and the DMCA hasn't been violated. Yet SunnComm claims the law has been broken - ergo Halderman's conclusion is correct.

In which case, SunnComm's technology is indeed flawed, and the company can't argue the student has damaged its reputation. We'd say it did that itself by relying on a technology that any user - and indeed many already do - can circumvent perfectly legally. Bypassing Autorun by holding down the Shift key is a documented feature, after all.

"Critical reviews written in part as an attempt to pressure the record industry into abandoning further development of technically protected audio CDs are ethically suspect when based on inaccurate assumptions," says SunnComm - without stating what those assumptions are or in what way they are inaccurate.

Of course, legal action was a possibility Halderman was well aware of when he published his paper. "I hardly think that telling people to push shift constitutes trafficking in a (copy-protection technology) circumvention device," Halderman yesterday told US newswires. "I'm not very worried." ®

Related Story

Shift key breaks latest CD anti-rip tech - grad student

Beginner's guide to SSL certificates

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.