January 20, 2006 7:44 AM PST
EMI considers opening its DRM to inspection
- Related Stories
Sony rootkit victims in every state, researcher saysJanuary 17, 2006
Anti-spyware guidelines get final versionJanuary 12, 2006
Symantec closes off hiding place for hackersJanuary 11, 2006
Sony settles 'rootkit' class action lawsuitDecember 29, 2005
The EFF, a digital rights group, sent an open letter to EMI earlier this month asking the company to publicly declare that it would not take any legal action against independent computer security researchers who investigate copy-restriction technologies used on EMI CDs.
A spokesman for EMI told ZDNet UK that the company had received the letter and was reviewing the matter. The spokesman would not comment about how long the review process would take.
The EFF is concerned that the copy-restriction licensing agreements included in EMI CDs forbid computer researchers from reverse-engineering the DRM to test it. The EFF also claimed that "some copy-protection vendors have leveled legal threats against security researchers in the past."
Security researchers are keen to investigate EMI's DRM technologies to check they do not use the same rootkit technologies that were used by Sony BMG.
"Music fans deserve to know whether EMI's copy-restricted CDs are exposing their computers to security risks," said Fred von Lohmann, senior staff attorney with EFF, earlier this month. "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble."
The EMI spokesman told ZDNet UK said that it was "clearly labeled" on EMI Group CDs that they were content-protected and that EMI had "no rootkit issues." The spokesman added that the software on the CDs "never loads DRM onto a user's hard drive without the user's permission."
The rootkit technology used by Sony was exploited by virus writers to try and make their own malicious code undetectable. Some IT departments were forced to consider banning employees from bringing their own CDs into the workplace, in an attempt to avoid infection.
EMI's copy-restriction software is supplied by Macrovision, a U.S.-based firm that develops DRM software. Macrovision had not returned calls seeking comment at the time of writing.
Tom Espiner of ZDNet UK reported from London.
4 commentsJoin the conversation! Add your comment