Digital rights body calls for Sony to recall XCP CDs
By Matt Whipp
Posted on 15 Nov 2005 at 11:31
The Electronic Frontier Foundation (EFF) has published an open letter, urging Sony to consider a product recall of CDs shipped with the controversial XCP copyright protection software which secretly installs a cloaking utility on computers.
Since the revelation that any file using a filename including '$sys$' would be hidden from view both from within Windows and from programs using Windows - including security software - a string of Trojan viruses have been launched across the Net with the goal of infecting computers with the Sony software installed.
Sony has since stalled production of CDS using the softwarwe, but stands by its right to use Digital Rights Management (DRM) software to protect its property.
Although the CDs using the software are few - around 20 titles - the EFF says that 2.1m of them have already been sold and that 2.6m remain in the inventory of retailers.
It says a temporary halt in production is not enough, and wants a recall of all XCP and SunnComm MediaMax-infected CDs, from both consumers and store shelves; a guarantee to repair, replace, or refund the purchase price of the CDs to anyone who bought the merchandise; and a major publicity campaign warning about the security risks of XCP and SunnComm MediaMax. It also wants Sony to reimburse consumers for the money and time spent on verifying the presence of the technology and any problems caused by it.
'Sony BMG must have spent a great deal of money advertising these infected CDs to an unsuspecting public,' said EFF Staff Attorney Jason Schultz. 'We think that it's only fair that an equal amount of money is spent educating the public on the damage that the product could cause to consumers around the world.'
Sony is unlikely to meet many of these demands - its decision to halt production marks the only capitulation of the company to massive pressure from consumers, the media and the security industry. Even Microsoft has said it categorises the software and spyware.
EFF Staff Attorney Corynne McSherry, said: 'Halting production is not enough. Sony needs to take steps to fix that damage it has already caused and ensure that nothing like this happens again in the future.'
Damage from the viruses being spammed out hoping to take advantage of the issue is as yet unclear. Finnish security experts F-Secure, one of two to discover the issue, has since run analysis on the virus variants they have found and discovered that the patch issued to update the XCP software is the only version that successfully hides these viruses.
Researchers wrote in the company blog: 'One of the variants we have so far analyzed are successful in installing on a machine that has an unpatched Sony DRM running... at the moment the malware is not really successful in exploiting the presence of the Sony DRM. Obviously this situation might change very soon.'
The aspect to the potential damage of this DRM episode is to the artists themselves. User reviews of CDs using the software are tainting the rating of the music itself with the negative reaction to the DRM protection. Van Zant's 'Get Right with the Man' had a one and a half star rating because of the reaction to the copy-protection technology. We have yet to see the reaction of the artists themselves, and whether they will add to the pressure on Sony to act.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
