Student uses Shift key, gets sued

Yet another prime example of this lovely New World Order: an American PhD student called Alex Halderman is being sued by copy-protection company SunnComm.

SunnComm and BMG released the first major copy-protected audio CD in the U.S. recently and Mr Halderman was studying the CD to find out how the copy-protection actually works. The disc can't be copied in Windows by normal means, SunnComm's press releases stated before the launch, and before Halderman's findings.



SunnComm's "advanced copy protection mechanism", called MediaMax CD3, actually simply had the autorun.ini added to the audio CD. This auto-ran then a small installer that installed a driver which claimed in its EULA text to be necessary in order to use the CD under Windows operating system. In reality, the driver itself was the entire copy protection.

So, Halderman's big finding was that the copy protection can be "bypassed" by holding down the shift-key when inserting the CD in a CD-ROM -drive. As most Windows-users already know, the shift-key instructs Windows to ignore the AutoRun feature found on the disc. When the autorun-feature is skipped, the driver installer never runs.

Now, SunnComm claims that Halderman's findings and the fact that he published his findings, have damaged SunnComm's market value by at least $10M and that he has violated against the DMCA law that makes it illegal to distribute instructions and tools that would allow circumventing copy-protection mechanism (as Linux doesn't launch autorun.ini anyway, does it mean that Linux is a tool that allows breaking the law as well?).

SunnComm stated: "SunnComm intends to refer this possible felony to authorities having jurisdiction over these matters because: 1. The author admits that he disabled the driver in order to make an unprotected copy of the disc's contents, and 2. SunnComm believes that the author's report was 'disseminated in a manner which facilitates infringement' in violation of the DMCA or other applicable law".

More information:

CBC
The Register


Written by: Petteri Pyyny @ 9 Oct 2003 15:42
Advertisement - News comments available below the ad
  • 40 comments
  • Powa

    lol. what a load of crap. Any person could of figured this out, no point in hammering him just cos he found it first.

    ->E§F<-

    9.10.2003 16:16 #1

  • Dela

    Oh for fuxk sake, o dont even know what to say now. In all fairness, its common sense that the shift key bypasses autorun so now are they going to sue micrsoft because of that too?

    http://www.BillLonero.com - Check out a true artists music!

    aD channel on IRC: rod.liquidirc.com #ad_buddies
    Newbie IRC Guide- http://forums.afterdawn.com/thread_view.cfm/47221

    9.10.2003 17:59 #2

  • wonderboy

    Cant you make a backup of a CD you own. its not like he made it with the Intent to distribute. If thats all it took to get pass there cd copy protection then they need to make a better copy protection. I think we should sue them what if I want to back up my cd , I already paid 14 bucks for it why shouldnt I be able to back it up.

    10.10.2003 00:10 #3

  • sithlordx

    totally idiotic....I'll copy any CD I damn well please....

    10.10.2003 00:26 #4

  • sithlordx

    totally idiotic....I'll copy any CD I damn well please....

    10.10.2003 00:26 #5

  • Shegax

    Word sithlord!

    Shega
    (adrenaline Is the closest Total freedom)

    10.10.2003 00:38 #6

  • Praetor

    Stupidity in a box.

    ASUS A7V8X-X, AMD2500+
    Samsung 1024MB, PC2700
    360GB [3x120GB, 7200, 8MB]
    MSI Starforce, GeForce4 Ti4400 128MB

    AFTERDAWN IRC: irc.emule-project.net, #ad_buddies
    COME SAY HI!

    10.10.2003 02:36 #7

  • symon

    Looks as tho using the shift key is illegal, It's going to be a pain in the butt in the office then! Sue me too I used the shift key 6 times in this statement!

    10.10.2003 04:28 #8

  • nik99

    next..they'll probably sue all the keyboard makers..for putting the shift key ian keyboard ..in the 1st place..what f..kin shite..


    When I was born, I got a choice- A big dick or a good memory. uhhhh..I am not able to remember, what did I choose

    aD Channel on IRC: Server: rod.liquidirc.com channel: #ad_buddies

    10.10.2003 05:23 #9

  • Ghostdog

    Advanced indeed... what a joke.

    10.10.2003 05:41 #10

  • Oopsla

    Gee? 10 million in sales lost? Somehow I think the artists that created the music wouldn't ever see a cent even if Mr. Halderman didn't pass on to the computer illiterate how WinOS works. They rape the artists and now us for their greed. Lucky for us the record industry will go the way of the dodo.

    10.10.2003 05:52 #11

  • Dela

    See the problem is their mentality, they think they are experts. And not only that but record labels think they are experts too just cause they have a stupid name! They dont realise there is people better then them out there, they think they are all that! its time for the record labels to wake up and realise they arent fighting dumbasses!

    http://www.BillLonero.com - Check out a true artists music!

    aD channel on IRC: rod.liquidirc.com #ad_buddies
    Newbie IRC Guide- http://forums.afterdawn.com/thread_view.cfm/47221

    10.10.2003 08:58 #12

  • Jarpo


    Shit. Stupid RIAA and IFPI.

    10.10.2003 09:31 #13

  • Ghostdog

    Right. Another user who has a problem with reading the article he is posting comments about.

    10.10.2003 10:12 #14

  • amrik

    These people need to get their heads outta their asses. I mean, autorun.ini doesn't even _run_ on Linux. So what, Linux users are circumventing the copy-protection too? Damn jackasses.

    10.10.2003 10:50 #15

  • Ghostdog

    Yes. All Linux users are infact evil pirates!

    I would love to see SunnComm sue Linux-users, the countersuits would kill the company.

    10.10.2003 11:23 #16

  • knife

    So they install stuff on my pc without me wanting it - can I sue them?

    10.10.2003 11:58 #17

  • Oriphus

    Oh crap - has anyone seen my bollocks. I think i just laughed them off after reading about this dosey company.....My girls gonnna kill me if it dont find them....

    10.10.2003 14:44 #18

  • Dela

    Oriphus, no problem man, ill sort her out till you find em ;-) hehe, j/k man

    Anyways, i dunno why people are dissing the RIAA here, the RIAA couldnt come up with a good copy protection if the entire planet depended on it, its not their job, they just represent major labels, you should be laughing at the dumbass security company, $10,000,000 over the shift key? well seriously guys, are so fucken dumb that you thought no-one would say it sooner or later?

    http://www.BillLonero.com - Check out a true artists music!

    aD channel on IRC: rod.liquidirc.com #ad_buddies
    Newbie IRC Guide- http://forums.afterdawn.com/thread_view.cfm/47221

    10.10.2003 17:39 #19

  • Jarpo

    What I mean is: Those dmca-laws were lobbed by RIAA.

    10.10.2003 22:46 #20

  • jimmyjojo

    I just recently invented a new "house protectant device" that shields the ones you love from the evil and terrors of the outside world. It's roughly 6 1/2 feet tall, and 2 1/2 feet wide. It's propped up by "hinges" and can be made from various materials, such as wood, metal and sometimes even plastic. I am going to name it, "A Door". However, it can be easily bypassed by this built in feature called, "A Door Knob". You don't think it's common knowledge, let alone common sense, that Door Knob opens Door, do you? Well I sure as hell don't! But you see, I have an ace up my sleeve! Whomever discovers this secret method of bypassing my ingenius security device by-way of Door Knob, I am going to sue! SUE! SUEEEEE!!!

    11.10.2003 12:26 #21

  • Praetor

    Awwww crap. *Praetor denies ever turning the door-knob*

    ASUS A7V8X-X, AMD2500+
    Samsung 1024MB, PC2700
    360GB [3x120GB, 7200, 8MB]
    MSI Starforce, GeForce4 Ti4400 128MB

    AFTERDAWN IRC: irc.emule-project.net, #ad_buddies
    COME SAY HI!

    11.10.2003 13:31 #22

  • CdMnky

    just out of complete curiosity, do you guys *really* think that the shift key/autorun issue was what the problem was about?

    did anyone here bother to read past the first paragraph of any of the press releases/news articles? or for that matter does everyone here *really* believe everything they read/hear/see from the media?

    did anyone here do a little research and find out a *few* more facts about this whole thing *before* clicking the post button?

    do you guys *really* believe..and i mean **really** believe that the shift key 'escaped' notice, going thru the various dev cycles, testing 3rd party testing etc etc??? *especially* if the autorun feature was going to be used???

    just a little FYI for all..the issue was about disclosing file names, locations and circumvention directions, which, if i read the DMCA correctly could be construed as a possible violation..

    also:
    if the tech is indeed as bad as all that, then why aren't the record companies jumping ship? simple answer: they knew about it (shift key) before ever even signing a contract and releasing anything with the tech...correct?

    ok, now i have a question:
    how do you ensure everyone's rights at the same time? from the artist, to the ppl that typeset the liner notes etc, to the record companies to the users?

    simple answer:
    compromise.

    11.10.2003 14:57 #23

  • Praetor

    Hehe they withdrew any suit against the dude. A PR minefield.

    ASUS A7V8X-X, AMD2500+
    Samsung 1024MB, PC2700
    360GB [3x120GB, 7200, 8MB]
    MSI Starforce, GeForce4 Ti4400 128MB

    AFTERDAWN IRC: irc.emule-project.net, #ad_buddies
    COME SAY HI!

    11.10.2003 17:09 #24

  • jimmyjojo

    CdMnky,

    Question, then. If we are to "read past the first paragraph of any of the press releases/news articles" we would in essence "believe everything [we] read/hear/see from the media". So which is it? On the one hand, you want us to read deeper into the media, then on the other, it seems you don't want us to read so much into the media.

    11.10.2003 21:37 #25

  • Ghostdog

    Quote:just out of complete curiosity, do you guys *really* think that the shift key/autorun issue was what the problem was about?

    did anyone here bother to read past the first paragraph of any of the press releases/news articles? or for that matter does everyone here *really* believe everything they read/hear/see from the media?

    did anyone here do a little research and find out a *few* more facts about this whole thing *before* clicking the post button?

    do you guys *really* believe..and i mean **really** believe that the shift key 'escaped' notice, going thru the various dev cycles, testing 3rd party testing etc etc??? *especially* if the autorun feature was going to be used???

    just a little FYI for all..the issue was about disclosing file names, locations and circumvention directions, which, if i read the DMCA correctly could be construed as a possible violation..
    What?

    12.10.2003 00:22 #26

  • Oriphus

    A valid point indeed lol.

    Dela - i found them - i wont need to call upon your services lol ;-)

    12.10.2003 04:51 #27

  • Shegax

    Cheeck and chung

    Shega
    (adrenaline Is the closest Total freedom)

    12.10.2003 06:54 #28

  • CdMnky

    @Praetor..yes, it's a PR minefield, however, it was goin to be anyway..

    @jimmyjojo..i was also intending on including a reference to the 'report' by halderman, but i forgot to mention it in my post.. ok, so what you're saying is that any facts or additional info really doesn't matter..right? i was just wondering if it really matters for ppl to have an 'informed' opinion vs just jumping on the bandwagon and flaming just because everyone else is..

    @ghostdog..what...what? what part shall i explain?

    12.10.2003 09:50 #29

  • Ghostdog

    Well, I kinda didnīt understand what you were trying to say.

    12.10.2003 11:38 #30

  • CdMnky

    @ghostdog..np ;)

    i'll lay it out..basically, we (as musicians/artists etc ourselves) didn't want to impede playability one iota, by crapping out the TOC on the cd, which many companies have spent millions & millions developing, just to have it defeated by things like a felt-tip pen, and which offered *no* user rights to even back it up...

    we even went down that road in our first iteration of software, 'MediaCloq', but in the end it just wasn't a viable solution.

    so *unlike* a lot of other companies, we looked at other alternatives..one of which was to give the users choices, using a software solution..granted the current rights might seem a bit limited, but there has to be a compromise on all sides...right? at least there are options now..

    i mean seiously, how many 'backup' copies does anyone *really* need? 20? 30? that's where the users' compromise comes in.

    the record companies' compromise comes in by allowing the content to be duped, and how many times etc..

    our 'compromise', if-you-will comes in the form of allowing as much playability and portability as absolutely possible (not just wma, but mp3 & other formats as well, SDMI devices etc etc), while staying within the guidelines of the 2 other 'compromises'..

    so in the end, our huge 'corporation' (less than 20 ppl) is being attacked for sticking up for the users' rights as well as the industries' rights, not to mention that we're a smaller company trying to do some good, so that everyone might be able to pay a little less for a cd, or show etc..

    see, every time a cd is ripped and uploaded, the record companies lose money, which means the artist loses money, as well as the engineers and grips, and covers artists and and..so how can they make that money back, so that they can still discover and promote new talent?
    one way might be to raise the money with inflated cd prices, or higher ticket prices at shows..i mean, if this was happening to your company, how much would you have to lose before you did something about it? what would you do?

    did you know that currently, without even our attempt to curtail rampant ripping, that a new cd has a life of about 1 week or so?

    in many cases the songs are ripped and up on kazaa etc, even *before* the album even hits the stores. what do you think thats gonna do to the prices? i mean they have to make that money up somewhere, right?

    anyway, i'm digressing..back to what i was talking about..

    were we *ever* gonna sue over the shift key? jeez..are you guys serious? that makes us laugh every time we see it, in big bold headline stories, such as at the top of this one..

    btw, he didn't get sued, we decided not to go after him, and not because of the shift key, but because ultimately, the media's 'spin' would eventually become bigger (and badder) than the actual inital problem. just as it *has* become, thus not only making *our* efforts to help reign in an out-of-control situation, but other companies' efforts as well..

    are we idiots? did we 'forget' about the shift key? is it a great big bug in our software? again..jeez..let's get serious a minute..it has *nothing* to do with the .ini file, nor the shift key..we also know about linux, unix, mac, etc etc etc, so before the next 'story' comes out saying 'suncomm's been *hacked* again' you guys might know a bit better..at least that's why i'm even writing this..

    was halderman in any way bias? could he have been? could he have had his own agenda? since the references to our tech contain *nothing* about the workings of the actual driver? why not? i thought 'research' was supposed to be non-biased and complete? right? why didn't we get a 'courtesy' copy of the released 'research' paper *before* it hit a zillion new agencies and websites, *all* with their own spin on it? why didn't halderman even call us to ask questions?

    and as a side note..we've been told we're 'un-american', 'a$$holes' etc etc and ppl even went so far as to take the picture of one of our employees (a female) and then proceed to post that right beside their spin of the storys' headline mentioning her by name. they even went so far as to then open up a topic on their board to talk about her in a sexual way etc which is low even if you don't like us..she saw it and it freaked her out, badly..

    she has nothing to do with the actual code..she is the SQL admin and DRM admin..thats' it..that's all she does.. so if anyone here knows anyone involved in that, let em know from me..*totally uncool*..

    we're just like you guys, real ppl behind these typed words..

    anyway, i've ranted etc long enuff..i appreciate you guys allowing me access here to voice my opinion etc..

    btw, if you guys have any questions at all about *any* of this..by all means, *please* call us or shoot us an email and ask. Don’t just blindly read a headline and assume it's the truth, because in this case...it's not..

    12.10.2003 12:23 #31

  • Praetor

    *Whats with the *asterisks*?* :-P

    ASUS A7V8X-X, AMD2500+
    Samsung 1024MB, PC2700
    360GB [3x120GB, 7200, 8MB]
    MSI Starforce, GeForce4 Ti4400 128MB

    AFTERDAWN IRC: irc.emule-project.net, #ad_buddies
    COME SAY HI!

    12.10.2003 19:07 #32

  • CdMnky

    heheh nuttin, i just got a lil passionate about stuff and got carried away lol ;)

    12.10.2003 19:21 #33

  • Praetor

    Fair enough :P

    ASUS A7V8X-X, AMD2500+
    Samsung 1024MB, PC2700
    360GB [3x120GB, 7200, 8MB]
    MSI Starforce, GeForce4 Ti4400 128MB

    AFTERDAWN IRC: irc.emule-project.net, #ad_buddies
    COME SAY HI!

    12.10.2003 19:37 #34

  • Ghostdog

    Wow, I didnīt even realize you worked at SunnComm. Thanks for giving someinsite to what you guys are trying to do.

    But I have to ask about this, your software doesnīt really work, does it?
    If itīs trying to please both the record labels and the users (a nice idea - to not just side with the big suits) by not totally controling the usage of the music but implementing some kind of restrictions and it still allows content to be ripped and distributed in any way - well it doesnīt really please the labels, does it?

    13.10.2003 04:58 #35

  • CdMnky

    the software does work, and works excellent..

    it works exactly to the spec presented to the labels before anything was ever signed..including the shift key/autorun issue

    the labels are actually ecstatic about the fact that they can provide a bit more 'user experience' to their products..believe it or not, the labels aren't the big bad corps that they've been given the rep for..

    btw, if ppl use the shift key they miss out on additional stuff, like videos, our promoplay stuff, secureburn (soon) and other swag, possibly reduced tickets, backstage passes etc etc.. (btw don't quote me on what kind of swag might be there, i'm simply suggesting what could be there)

    we're trying to give an incentive not to rip it..

    if ppl will give us a chance, i personally promise to make sure it's as right as we can make it..no spyware (i hate that crap), ability to backup, share, SDMI devices, additional formats (soon) etc..

    13.10.2003 09:05 #36

  • Ghostdog

    Quote:btw, if ppl use the shift key they miss out on additional stuff, like videos, our promoplay stuff, secureburn (soon) and other swag, possibly reduced tickets, backstage passes etc etc.. (btw don't quote me on what kind of swag might be there, i'm simply suggesting what could be there)Sounds cool, but you didnīt really answer my question.
    If the softwareīs partial task is to restrict unlawful duplication (IE mass-production of copies for distribution to whoever) it doesnīt really fulfill that task.

    14.10.2003 05:23 #37

  • CdMnky

    it fullfills the task as much as possible at the current stage that it's in [the software], but you have to remember, being a software solution instead of a hardware solution we can always easily update it..so if it does get 'hacked' (which we're under no illusions that it could and/or probably will be) we can adjust accordingly..

    btw, there was already a new version for our next major release that addressed all of the issues (except for the shift key for now) that halderman so elloquently researched..

    my suggestion? buy an anthony hamilton cd and try it for yourself (without the shift key) ;)
    proof's in the pudding, right?

    the main point is that we trying to help provide a framework with which the music industry can change it's strategies..it might take a bit, but at least we've got something out there that might help..

    14.10.2003 07:32 #38

  • Ghostdog

    OK CdMnky.

    I think/hope that the industry could really use a digital content management company that manages to think a bit differently than all the other ones, because the current cd-protection schemes arenīt that good in my opinion.

    Example: The new album by Blur was supposedly copy controlled. In practice this meant that I couldnīt record the album to minidisc until I had copied the CD with Nero. Recording the backup to minidisc worked fine.

    15.10.2003 05:11 #39

  • Shegax

    The blur album Was supposed to be protected, I had the exact same experiance, Worked after i had copied it.

    Shega
    (adrenaline Is the closest Total freedom)

    15.10.2003 23:24 #40

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud