The Electronic Frontier Foundation (EFF) wants Sony EMI to grant legal
protections for computer security researchers examining the copy-protection
technologies of the music giant.
In November, EMI — whose labels include Virgin Records, Capitol Records and
Liberty Records — sparked a whirlwind of controversy and criticism for
issuing music CDs containing a rootkit to
cloak the scanning of customer PCs for music-ripping activities.
Although EMI eventually recalled the copyright-protected music and is facing
civil lawsuits from both the EFF and Texas, the EFF also is
concerned that EMI’s end user license agreement (EULA) forbids reverse
engineering for any reason, including security testing.
In addition, the Digital Millennium Copyright Act (DMCA) prohibits the
disabling of copy protection technologies.
“Music fans deserve to know whether EMI’s copy-protected CDs are exposing
their computers to security risks,” Fred von Lohmann, senior staff attorney
with EFF, said in a statement.
“When it comes to computer security, it pays
to have as many independent experts kick the tires as possible, and that can
only happen if EMI assures those experts that they won’t be sued for their
In an open letter to Sony EMI
Wednesday, the EFF asked the company to make a public statement that EMI
would not bring legal action against researchers who bring security
vulnerabilities to the attention of the public.
“Because some copy-protection vendors have leveled legal threats against
security researchers in the past, researchers may be reluctant to examine
EMI compact discs,” the letter states.
“While legal researchers may be put
off by legal risks, criminals intent on exploiting security vulnerabilities,
of course, will have no such legal compunctions.”