« Articles on PLoS Biology in Nature | Main | Using Primary Sources on the Web »

DCMA Run Amok

John Alex Halderman, a graduate computer science student at Princeton University, is being sued by SunnComm Technologies Inc. under a provision of the Digital Millennium Copyright Act that makes it illegal to bypass a technology designed to limit the copying of electronic material. His action: to publish on his website details of how to disable the company's MediaMax protection software that prevents copying of music tracks.

http://www.cs.princeton.edu/~jhalderm/cd3/
http://www.cnn.com/2003/TECH/ptech/10/08/bmg.protection.reut/
http://chronicle.com/daily/2003/10/2003101001t.htm

Mr Haldeman says he discovered the security weakness by testing SunnComm's MediaMax CD-3 technology on a music disk, "Comin' From Where I'm From," by the R&B artist Anthony Hamilton. His instructions are nothing more than a description of how to configure a Windows machine to not run the encryption software when the disk is inserted. He went on to say that even when these procedures are not followed, that the encryption software often fails to boot and may never boot on some machines. Lastly, he noted that consumers can defeat the technology simply by holding down the shift key for a few seconds after inserting a CD to disable the Windows "autorun" feature, which starts up SunnComm's encryption software.

A news release issued by SunnComm says that Mr. Halderman made "erroneous assumptions" in reviewing MediaMax, which led to "false conclusions concerning the robustness and efficacy" of MediaMax. "Halderman and Princeton University have significantly damaged SunnComm's reputation and caused the market value of SunnComm to drop by more than $10-million," the release says. It continues with a comment from Peter Jacobs, chief executive officer of SunnComm. "This cat-and-mouse game that hackers and others like to play with owners of digital property is over," he says. "No matter what their credentials or rationale, it is wrong to use one's knowledge and the cover of academia to facilitate piracy and theft of digital property."

Princeton University is also named because the report was issued as Princeton University Computer Science Technical Report TR-679-03.

Posted by Tom on October 10, 2003