EMI considers opening its DRM to inspection

The EMI Group is reviewing a request by the Electronic Frontier Foundation to allow reverse engineering of its digital rights management software, EMI said on Friday.

The EFF, a digital rights group, sent an open letter to EMI earlier this month asking the company to publicly declare that it would not take any legal action against independent computer security researchers who investigate copy-restriction technologies used on EMI CDs.

A spokesman for EMI told ZDNet UK that the company had received the letter and was reviewing the matter. The spokesman would not comment about how long the review process would take.

The EFF is concerned that the copy-restriction licensing agreements included in EMI CDs forbid computer researchers from reverse-engineering the DRM to test it. The EFF also claimed that "some copy-protection vendors have leveled legal threats against security researchers in the past."

Security researchers are keen to investigate EMI's DRM technologies to check they do not use the same rootkit technologies that were used by Sony BMG.

"Music fans deserve to know whether EMI's copy-restricted CDs are exposing their computers to security risks," said Fred von Lohmann, senior staff attorney with EFF, earlier this month. "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble."

The EMI spokesman told ZDNet UK said that it was "clearly labeled" on EMI Group CDs that they were content-protected and that EMI had "no rootkit issues." The spokesman added that the software on the CDs "never loads DRM onto a user's hard drive without the user's permission."

The rootkit technology used by Sony was exploited by virus writers to try and make their own malicious code undetectable. Some IT departments were forced to consider banning employees from bringing their own CDs into the workplace, in an attempt to avoid infection.

EMI's copy-restriction software is supplied by Macrovision, a U.S.-based firm that develops DRM software. Macrovision had not returned calls seeking comment at the time of writing.

Tom Espiner of ZDNet UK reported from London.

[chhooks]

Save your money

In software during the early ninties, antipiracy features were incorporated into the installation programs. As fast as a new design was created a hacker found a way to defeat it. The cost of software today is based in larg part on the cost of both piracy and antipiracy. It would be much cheaper for the consumer to just save the money and leave it off. DRM is a way for the "haves" (music labels) to control the "have nots" (consumers) use of music they have generally already purchased. If I have (over) paid for a CD and then want to listen to it on a mp3 player why should I not be able to convert it, store it and listen to it when I wish? Or, why should I not be able to compile a playlist (again of music I paid for) of the best songs of several cd's and place them on a CDR or Minidisc and again, listen to them when I want on the player I choose... As long as there are restrictions placed on what I can do with property I have purchased I refuse to make the purchase at all! There will be NONE of my money go for any DRM encumbered music, operating system or hardware Period.

[chhooks]

Save your money

In software during the early ninties, antipiracy features were incorporated into the installation programs. As fast as a new design was created a hacker found a way to defeat it. The cost of software today is based in larg part on the cost of both piracy and antipiracy. It would be much cheaper for the consumer to just save the money and leave it off. DRM is a way for the "haves" (music labels) to control the "have nots" (consumers) use of music they have generally already purchased. If I have (over) paid for a CD and then want to listen to it on a mp3 player why should I not be able to convert it, store it and listen to it when I wish? Or, why should I not be able to compile a playlist (again of music I paid for) of the best songs of several cd's and place them on a CDR or Minidisc and again, listen to them when I want on the player I choose... As long as there are restrictions placed on what I can do with property I have purchased I refuse to make the purchase at all! There will be NONE of my money go for any DRM encumbered music, operating system or hardware Period.

[skeptik]

In other words...

... take our word for it and trust us. We would never be evil like Sony.

Thanks, but I'd rather have a 3rd party verify the safety of any product over trusting the vendor to assure me it's safe.
Sony screwed the pooch for all labels. Consumers doing legal things with their media are considered guilty until proven innocent and even then are denied fair use rights. The labels are going to have to expect a little flack and loss of trust at the least.

[skeptik]

In other words...

... take our word for it and trust us. We would never be evil like Sony.

Thanks, but I'd rather have a 3rd party verify the safety of any product over trusting the vendor to assure me it's safe.
Sony screwed the pooch for all labels. Consumers doing legal things with their media are considered guilty until proven innocent and even then are denied fair use rights. The labels are going to have to expect a little flack and loss of trust at the least.