June 15, 2024

Halderman Dissects New CD Copy Protection

Alex Halderman has published an interesting technical report analyzing the newest CD “copy protection” technology. Alex, who is a graduate student here in Princeton’s computer science department, also wrote the definitive paper on the previous generation of CD copy protection.

Alex’s paper explains how the SunnComm technology works and why it won’t help the record labels fight copyright infringement. Despite the usual claims by the vendor (SunnComm) that the technology provides “an incredible level of security for the music”, Alex found that it is quite weak.

This technology is going to end up in the hall of fame beside the previous Sony technology that was famously defeated by drawing on the CD with a felt-tipped pen. This time, the technology can be defeated completely by holding down the computer’s Shift key while inserting the CD.

Is this the end of the road for CD copy protection? It ought to be. At the very least, I hope people in the industry will learn to ask for proof before they believe the next DRM vendor peddling “an incredible level of security”.


  1. very few read the EULA. so the software companies have started relying on it. they get jerked out of comfort when people start reading it.

    but i agree that, if digital media was cheaper, i’d buy a lot of originals. the manual, the box, the original jewel case…. well worth atleast 4-5 times the cost of a pirate. but definetily not worth 50 times. many people can’t even afford the originals, and they wouldn’t even buy it if pirated copies were not available. all that hell raised over “cutting into the market” etc is not as justified as the companies claim. who would pay fifty dollars for a new game, when he can buy 7 or eight pirated. especially since he gets only a eighty dollars a month. you can’t play a game for a month(not me anyway:). what if you don’t like the product? too bad, eh?
    what about music. people do buy original cd’s after listening to mp3s. the quality is better, and if you like the music enough, sometimes you buy the original, even if out of appreciation for the artist. but if it was cheaper, more people would buy more orginals despite rampant piracy. besides, the biggest cut goes to the record labels, and the artists get the small chips.

    these people are mostly driven by greed, and my hope is that they get buried with thier gold, to twist and rot in thier graves. Amen

  2. can you send me compect disk right protection

  3. I enjoyed reading all the comments so far. I especially like the part when Mike Sanches described SunnComm’s user disclosure as gobbledy-gook. 😀 That was funny and true. SunnComm is relying on DMCA to protect them when that very same law is against the Copyright Act and the first amendment. Academia has nothing to do with Halderman’s success. It is common sense. Finally people are waking up. I hope this lawsuit of theirs get more media attention because it will only create negative opinions of SunnComm and DMCA.

  4. Mike Sanches says

    “In addition, SunnComm believes that Halderman has violated the Digital Millennium Copyright Act (DMCA) by disclosing unpublished MediaMax management files placed on a user’s computer after user approval is granted.”

    This is such a stupid arguement. How can someone sue someone for disclosing that when you agree to the user’s agreement to put files on your computer, that they actually do put the files on the computer???

    There is a reason. The disclosure that software will be installed on your computer is tiny. In another article, Jacobs says that SunnComm was hurt because people have been told that the files will be installed.

    In effect, users are being told to make sure and read the disclosure and SunnComm is sueing because they are relying on people to not read the disclosure because it is so small and mostly gobbledy-gook.

    This proves that they are trying to inhibit informed consent and confuse legitimate consumers, even at the risk of crashing computers.

    Jacobs and SunnComm feel they can screw anyone to make a buck.


  5. Mike Sanches says

    The President of the company, Mr. Jacobs of SunnComm, who invented this copy-protection scheme said,:

    “Concluded Jacobs, “This cat-and-mouse game that hackers and others like to play with owners of digital property is over. No matter what their credentials or rationale, it is wrong to use one’s knowledge and the cover of academia to facilitate piracy and theft of digital property. SunnComm is taking a stand here because we believe that those who own property, whether physical or digital, have the ultimate authority over how their property is used”

    Now, after declaring that we have “ultimate authority” over our hard drives (a physical property), he declares the right to SNEAK a program onto that hard drive. He admits that he believes that he has the right to STEAL space on our hard drive.

    His music better have large warning labels on it. Otherwise, he is a common THIEF.

    Why does the music Industry believe they can get people to stop stealing music by saying that they, themselves, have the right to steal whatever they want (The end justifies the means)?

  6. Copy Protection ousted by grad student with malicious shifty key

    In a story only rivalled by the “marker pen” event, the Shift Key is now a DMCA violation as it can prevent a so-called copy protection scheme (badly named because it doesn’t protect anything, it only infringes your right to make copies for your own pe…

  7. SunnComm Says It Won’t Sue Halderman

    SunnComm, which had previously said it planned to sue Alex Halderman for publishing a critique of SunnComm’s CD anti-copying technology, has now backed off. According to Josh Brodie’s story in today’s Daily Princetonian, SunnComm president Peter Jacobs…

  8. Where are we going to end up with this?

    This is just crazy. SunComm, an American company, released a new copy-protection mechanism for audio CDs effectively garbling the sound of the CD while trying to rip it to, say, MP3. A few days later, a study titled

  9. Good for Halderman, and to hell with any software company out there who engages in false advertising for a profit.

  10. Corran Horn says

    I was curious if section 1201(f)(1) could apply to actual study of the program they install.

  11. Whatever the significance:

    SunnComm Technologies Inc. (OTC: STEH – News), a leader in digital content security and enhancement for optical media, announced today that it intends to take legal action against the writer of a critical report titled: “Analysis of the MediaMax CD3 Copy-Prevention System.” According to Peter Jacobs, SunnComm’s CEO, “The conclusions contained in the Princeton University grad student’s report issued last Monday were derived from incorrect assumptions by its author. The author did not ask for, or receive, SunnComm’s MediaMax ‘white paper’ documentation available on the technology prior to concluding that ‘MediaMax and similar copy-prevention systems are irreparably flawed …'”


  12. Break trivial copy protection. Get sued.

    Princeton University Computer Science Technical Report TR 679-03 (discussion at Ed Felten’s Freedom To Tinker) dissects a CD copy protection scheme that is based on Windows’ and MacOS X’s autorun features: When you insert a protected CD into a computer…

  13. Also look at 17 USC sec. 1201(c)(4) which says “nothing in this section will … diminish any rights of free speech”.

    Mr. Halderman’s article falls squarely within traditional free speech protections. Sure his analysis might arguably cause a few companies to suffer an economic loss, but if we as a society felt that companies should have a legal remedy against people who report the truth simply because it hurts them economically, news organizations would have never reported on Enron.

  14. Guys, you are focusing on the wrong language. “effective” doesn’t really have any significance, but in this case “access” does.

    17 USC sec. 1201(a)(3)(B)

    Copy protection is different from an access control, because the user is free to access/view/listen to the underlying work. CSS is an access control because you need information (the decryption key) to access the underlying work. Here, the MediaMax software does not prevent users from accessing the music on the CD at all, it merely attempts to ruin copies with its driver.

    The DRM portion of the software would be considered an access control if you needed a ‘key’ from the Mediamax software to unlock the WMA files. Mr. Halderman did not discuss how to circumvent the DRM portion of MediaMax, though, and any user attempting to use Mr. Halderman’s methods to defeat Mediamax would be unable to access the WMA content on the CD if MediaMax actually is an access control.

    If you could simply open the WMA files on your own without MediaMax’s help, then even the DRM portion of MediaMax is not an access control.

  15. you know, I was just looking at the DMCA safe harbor provisions for ISPs (section 512)… there it defines what a notice (for takedown) needs to have to be “effective”…

  16. sharkdodge says

    First up, well done to Alex on exposing and publishing this hole in the anti-copy protection. Not that it would have worked on my Linux box, anyway. Unless I gave the RIAA a root account 😉

    Watermarking… I can’t help but chuckle at this one. Take a look at the copyright “protection” that was put into WMA files – in no time there was an app (FreeMe) available on the net that could remove it.

    Watermarking audio streams isn’t going to fix the problem and will, in all probability, be easily removed – besides how could they possibly trace the ripper? You would have to uniquely identify the individual – a time/IP address combo would be the best, but what if you run on a private IP? Spyware on your box reporting home? A firewall or simply killing the program would solve this. So it would have to be tied to a hardware address, but they’d only nail you if they get their hands on your box. Some kind of serial number on the CD? Pay cash. It’s unworkable when you get down to the practical implementation.

    There isn’t a chance that they’ll come up with a perfect protection system. They may as well give up now. You put up a sign, people will ignore it; put up a fence, people will jump it; you put up a wall, people will try to climb it; you put someone in a box, they will try to get out. Human nature is just too strong, devious and ingenious.

    Historically, the music companies have been able to apportion value to their content as they have owned the sole distribution channel. They have extorted billions from us doing it. Since a new digital distribution medium has evolved, over which they have no control, they are in a very weak position that they are trying to secure by the legal posturing we have seen of late.

    Should they try to compete with the internet by matching the content’s worth to the monetary value that their cartel apportion to it, they may be able to claw back some lost sales and revenue – if the price of the CD were reasonable more people would be persuaded to purchase the original. This is the cause of their problems – fix the casue and the P2P symptoms will disappear.

    I love the feel, detail, artwork of the inlay and cover, the crack as the box opens for the first time. If I didn’t feel like I was getting ripped off, I may start buying again.

    It’s about time the music industry’s cartel had some healthy competition.


  17. Bored Huge Krill says

    Paul MacCartney wrote:

    “So you’re a giant shrimp? Is that the joke?”

    assuming you’re referring to me, “Bored Huge Krill” is an anagram of “Horrible Kludge”


  18. Sean Ellis says

    The audio data is available in many forms.

    …see Fritz’s Hit List on this very site for responses to a previous proposal to close the “analog hole”. The idea was that every device capable of converting audio to digital form must contain RIAA-mandated watermark detection technology. This is just daft, since you can quite happily make an analog-to-digital converter from a few resistors and transistors if you want to. How do you put DRM technology into a resistor?

    unencrypted digital data on the PCI bus between the motherboard and sound card {this could be well worth investigating, since the data format here is never going to be subject to security by obscurity.

    Oh no? Various people are looking at exactly this. An “approved” application will be given the keys to encrypt an audio stream, which is then sent to the sound card in that form. The chip on the card then decrypts it, adds a watermark, and outputs the sound.

    Of course, for all the previously stated reasons (and so many more) this approach just won’t work.

  19. Regarding the question about informed consent: Alex Halderman’s paper reports that there there is fine print on the back of the CD case saying that software will install automatically when you insert the disc into your PC. Also, the EULA presumably gives your consent to the installation and running of the software; but note that the software runs anyway, even if you don’t agree to the EULA.

  20. Paul MacCartney says

    So you’re a giant shrimp? Is that the joke?

  21. How in the name of all sanity did anyone expect this to work?! For crying out loud, it takes only ONE person to crack whatever copy-prevention technology is being used. From that moment on, there exists an inexhaustible supply of perfect copies. When I anonymously posted a copy of Shakira’s Laundry Service to Sony Music’s UK office last year {ripped using a Sony 40X play-only CD-ROM, I should add for irony; no modifications to the drive, disc or software, unless you count putting hdd=ide-scsi in lilo.conf in order for cdparanoi to be able to see the drive as a modification; successfully obtained a refund from HMV on grounds that disc was unplayable on my DVD player} I thought that would be ebough to put an end to the matter.
    The audio data is available in many forms. Tracing upstream from the listener’s eardrums, we find pressure waves from the speakers; low impedance analogue audio between the power amplifier and the speakers; high impedance analogue audio between the sound card and the power amplifier; unencrypted digital data on the PCI bus between the motherboard and sound card {this could be well worth investigating, since the data format here is never going to be subject to security by obscurity. The whole point of a sound card is that people have to be able to programme it in order to get a sound out of it. Imagine a card that pretended to be a common sound card, but with a large amount of onboard RAM which is used to store the digital audio data for later investigation}; encrypted digital data on the IDE bus between the CD-ROM drive and the motherboard.
    And anything that can be listened to can be copied. You will persuade me otherwise when I hear a sound with my own ears that cannot be transduced by a microphone.

  22. Bored Huge Krill says

    thanks for the illuminating reference. That certainly clears up a great deal of the interpretation that I was attempting to wrestle with. I must say, though, the conclusion is rather depressing. It seems to indicate that the DMCA is being interpreted as trumping the first amendment. That would be a very bad thing indeed. I sincerely hope that I don’t understand that correctly…


  23. Daniel and Mark make an interesting point. But, just for clarity, isn’t the legal point whether there can be a reasonable expectation of “informed consent”?

    Assuming the presence of advice that software is included which will install if the CD is played, then the overt action of playing the CD could be argued as acceptance/consent. However, in the absence of such a disclaimer…

  24. Yeah, how does the DRM software have a leg to stand on? They talk about the DMCA being invoked to stop the guy who exposed this, but what about the company who makes the software? They are using software to prevent the CD from being read correctly, via screwing the drivers. This software is loaded without consent, and interferes with normal operation of the computer. I think it’s time to invoke the Computer Fraud and Abuse Act.

  25. The question I’d like to ask, does the CD or the EULA state directly that it will install software onto your computer and that you agree to allow it to run every time you turn on your computer?

    If not, it might be interesting to say the least….

  26. Maybe I should write my “Programmer’s Guide To The DMCA” – if anyone
    can provide funding or an interested publisher, let me know!
    (O’Reilly already indicated it wasn’t interested)

    Look at what Judge Kaplan said about the
    “effectively controls access” argument, in the
    DeCSS case

    “Finally, the interpretation of the phrase “effectively controls
    access” offered by defendants at trial- viz., that the use of the
    word “effectively” means that the statute protects only successful
    or efficacious technological means of controlling access- would gut
    the statute if it were adopted. If a technological means of access
    control is circumvented, it is, in common parlance, ineffective.
    Yet defendants’ construction, if adopted, would limit the
    application of the statute to access control measures that thwart
    circumvention, but withhold protection for those measures that can
    be circumvented. In other words, defendants would have the Court
    construe the statute to offer protection where none is needed but
    to withhold protection precisely where protection is essential.”

  27. This post made slashdot… expect comments and hits to pick up.

  28. Grammatically speaking, if in “effectively controls access to a work” the legal meaning of effectively in this case is, as a previous poster claims, to have an effect, then its usage here is redundant. Consider the equivalent “controls access to a copyrighted work.” Or “My bike effectively transports me to work” and “My bike transports me to work.” According to the previous poster they have the same meaning. I say they don’t. On the other hand, unauthorized entry into a person’s house or car is a crime, even when left unlocked. A thief cannot claim that since the car was unlocked it was fair game. A thief certainly cannot claim that because the car was only protected by base model door locks, it was fair game. But, this is not about breaking and entering, it’s about lock picking. A conservative interpretation of the DMCA will disallow any intervention. The situation might be a bit less ambiguous if Halderman were accused and the case made it to trial.

  29. I hope that the RIAA isn’t spending a lot of money on this protection ‘research.’

    In the end, the only people who are going to suffer are the casual duplicators that probably don’t make a dent in piracy anyway.

    The ‘pro’ who wants to make 100,000 dupes will easily be able to defeat any protection they come up with.

    If you can listen to the music, it can be copied. Period. And the more that someone touts that it is undefeatable, the more that folks are going to put that maxium to point.

    Once you get into the analog domain, the signal can no longer be protected. At the very least, given absolutely perfect digital copy protection, if a pirate has the intention to duplicate, a set of decent speakers and a pair of condensor mics are all that are required to duplicate a sound recording. There is absolutely nothing that anybody can do to prevent that process. At all.

    Hell, it might even ’round out’ or ‘warm-up’ a recordingd if one were to use high quality mics and some nice tubey gear.

    Citing the movie piracy ‘market,’ average consumer doesn’t give a crap about even significant forms of generational loss, anyhow. People are tickled watching HAND-HELD VIDEO CAM RECORDINGS pirated movies for chrissake.

    Note to industry: Get a Clue. Re-think your process and industry. IT IS TOO LATE TO GET THE SHIT BACK INTO THE HORSE!

  30. Interesting replies about the meaning of “effectively” – thanks for the clarification.

    Next point – what does “controls” mean? It seems to me that the word “effectively” cannot be judged by itself in this context. Or am I engaging in wishful thinking again…?

  31. So, should Halderman expect to be served or receive a C&D letter?

  32. When the DMCA says ‘effective’ copy control mechanism, it means effective in the legal sense, not the technical sense. Legally, even ROT13 is an ‘effective’ encryption method.

  33. > I suppose not as he makes it rystal clear that this isn’t an “effective” control…

    IANAL, but I was chatting with a lawyer about the DMCA at one point, and he told me that “effective” in legal vocabulary doesn’t have anything to do with “effective” in the common sense way you are using it. In the case of the DMCA, “effectively controls access to a work” basically means that the “effect” is to control access… which means the law could apply even if the protection is not very effective.

  34. I certainly agree with the incredible level of effectivity of this scheme. The snake-oil level of incredibility (or effectivity) that is.

  35. What is remarkable about the described scheme is that anybody could possibly believe it might work. Was nobody asked to review the soundness of the technical solution before it was shipped? System bugs happen, but this concept is just utterly risible.

    As for DMCA restrictions, I would certainly agree that the method described could not be held by any reasonable person to “effectively control access to a copyrighted work” assuming any degree of diligence on their part to make such a determination.

  36. I suppose not as he makes it rystal clear that this isn’t an “effective” control…

  37. I suppose I’m going to ask the inevitable: Could this paper be considered “trafficking” re the DMCA? Halderman does include instructions for disabling the anti-copy software–however simple these instructions may be. Does the simplicity of disabling the anti-copy software bear on whether or not the software “effectively controls access to a work” as according to U.S.C. 1201(a)(2)?


    (What about the fair use stipulation in 1201(c)(1)?)