April 19, 2024

Sony CD DRM Paper Released

Today Alex and I released our paper about the Sony CD DRM episode. This is the full, extended version of the paper, with a bunch of new material that hasn’t been published or posted before.

As an experiment, we posted draft sections of the paper here and asked readers for comments and feedback. The experiment was a success, giving us lots of good comments and suggestions that helped us improve the paper. Several reader-commenters are thanked in the paper’s acknowledgments section.

We also asked readers to help suggest a title for the paper. That didn’t work out so well – some suggestions were entertaining, but none were really practical. Perhaps a title of the sort we wanted doesn’t exist.

Enjoy the paper, and thanks for your help.

[UPDATE (Feb. 21): If you don’t like PDFs, you can now read the paper in your browser, thanks to an HTML+images version created by Jesse Weinstein.]


  1. Consumer rights simply doesn’t make sense. If you want to listen the songs in portable device, then you are morally obliged to buy the same songs again in MP3/WMA format. Ripping your legally-purchased CD equals thievery, because by doing so, you infringes record labels’ profit by not buying the same songs again in different format.

    What is more ridiculous is the right to backup your legally-purchased Audio CD. Making backups equals thievery, because it denies record labels potential profit from selling the same CD again. As Hilary Rosen has said, “Even if CDs do become damaged, replacements are readily available at affordable prices.” You hear that? “Affordable prices”. If record labels are kind enough to provide affordable prices, then it is our moral obligation to NOT backing up the CD and buy the same CD again in case the CD gets damaged.

    As you understand, We The People have moral obligations to protect the interests of the Atlas. As a consumer, it is our duty to maximize the profit of big corporations. Monopoly is good for America. Unecessary spending is good for America. High prices is good for America. Internet advertising is good for America. Making backups is communist. Saving is communist. AMERICAAAAAAAAA!!!!

  2. OK, so Sony appear to have got off of this comparatively lightly.

    And, as they sold the defective CD’s, they have to carry the can back.

    But that was a case where a single defective product originated from one manufacturer.

    But what about the forthcoming AACS and HDCP farce. What if (as yet unforseen) bugs and problems start appearing in that set up, and people end up with expensive equipment that they have bought and cannot use. Who is the liable party if that happens?

    Or will that degenerate into one of those situations where the big corporations all point the finger at each other.

    Maybe the long term solution is where you buy a separate player with integrated screen for each movie, where the movie is built in, and where there are no external connections other than the power supply inlet cable.

  3. Following the link in this paragraph :
    [UPDATE (Feb. 21): If you don’t like PDFs, you can now read the paper in your browser, thanks to an HTML+images version created by Jesse Weinstein.]

    leads do http://www.cs.princeton.edu/~felten/sonydrm/sony-drm-ext.html which yields :


    Sorry, the URI “/~felten/sonydrm/sony-drm-ext.html” couldn’t be found.

    Can you fix that ? Thanks a lot !

    [It’s fixed. Sorry about that. — Ed]

  4. Hi Randall,

    What you need to do is have a web-site selling CDs (maybe via lulu?). And easily found by searching on the name that iTunes et al use for your tracks.

    Somebody likes your track, does a web-search, and discovers they can buy DRM-free CDs. The DRM guys give you leads and then you can sell direct 🙂


  5. Ed, Alex,

    Excellent job. I’m going to need some time to read and digest your paper in depth, but I wanted to post before this fell off the front page of the FTT site. This is an area that certainly needs more researchers doing some serious work, as you are. The music world in particular is changing so quickly, and it’s difficult to watch these trends as they are happening, rather than in retrospective. These papers help make sense of it.

    Also, thank you for the acknowledgement. It seems that more and more, people are turning to communities like these for research, but aren’t giving credit. Although I would have been just as happy to lend a hand without it, it’s much appreciated!


    P.S. For those who might not have seen the earlier posts, I am very interested in these topics from the point of view of an indie band. We talk about it on our website here:

    File Sharing, an Independent Band’s Perspective:


    It has a DRM section as well, since DRM affects indie bands even if we don’t put it on our CDs. Every time we sell a song through iTunes, Napster, or the other digital stores, our work is under the same DRM as the others. These are unfortunately not just discussions for the major labels.

    We’re happy to have comments about our own work if you have any.

    (rc-btg at beatnikturtle.com)

  6. Many thanks, both for the analytical work, and the contribution it has already made to a significant outcome.

    You point to possible further editing, and lament our collective inability to help with a title. Now that I have read the full paper, and if it’s not too late, could I suggest “Unweaving a tangled web: …”.

  7. the zapkitty says

    Anonymous Says:

    “SunnComm’s shares out
    standing is only 540M.”

    Ahh… Another great end-of-the-world conspiracy theory done in by facts 🙂

    Thanks for the link!

  8. SunnComm’s shares outstanding is only 540M. Search this link on SunnComm:


  9. @Jesse,

    I don’t think we can give permission for others to post the paper, due to copyright issues connected to the hoped-for publication. But we would be happy to post an HTMLized version (or versions in other media). If you’re willing to HTMLize it, we’ll post the resulting HTML on our site.

  10. the zapkitty says

    Correction… Sunncomm market cap derived from the reported overdilution is almost 900 billion, not almost 900 million.

    80264.35 b
    Market Cap
    882.91 b

    Gomen. Need more caffeine before posting 🙂

  11. the zapkitty says

    Simon Says:

    “Now that is good news! Lets hope that First 4 Internet are suffering just as badly.

    Actually, with the very untrustworthy Trusted Computing Group announcing plans to seize control of user’s hard drives from them, literally, and Microsoft banning from Vista the driver tricks that these retrofitted audio CD DRM schemes need to succeed, it’s not a very happy time for the smaller snake oil sales reps.


    “The interesting aspect to this is how a huge corporation would put such an important aspect into the hands of a Mom and Pop opperation.”

    Two words: plausible deniability 🙂

    As for what they will do now… F4I is hors de combat and apparently SuncMax has recently begun letting it be known that the Sunncomm side of the operation is massively overdiluted to the tune of over 80 trillion shares. If this number isn’t an error then it must have been let out to try to stabilize the sliding share prices through the illusion of sheer massiveness.

    After all, with an (imaginary) market cap of almost 900 million how could you go wrong?

    “Ignore those paltry million or two selloffs… we gots lots more toilet paper where that came from!”

    And THESE people were the ones declaiming moral supremacy over us all and calling anyone who dared to question their snake oil “thieves” and “pirates”… the irony… the irony…

  12. Edward Kuns says

    Another minor typo at the bottom of page 16 … “This call another subroutine…” where I think you mean “calls another subroutine…”.

    I’m honored at the acknowledgement and glad to have provided something useful.

  13. I wanted to post something about how the ‘little guys’ had got away scot free.. but apparently one of them has not. Now that is good news! Lets hope that First 4 Internet are suffering just as badly.

    The interesting aspect to this is how a huge corporation would put such an important aspect into the hands of a Mom and Pop opperation. An alalogy would be Ford buying engines from Sid and Moe’s chop shop!

  14. Scott, Ned:

    Thanks for spotting those typos. I updated the paper to fix them.

    — Alex

  15. Well, Anonymous, I for one am very, very please that you and your peers are out of work! If anyone is to blame, I’d suggest looking at your “customer”. Last time I checked, performing an illegal act even at the behest of a third party was illegal. Plus, with SunnComm out of business, maybe Mediamax will die a similar death. Sorry pal, I have no sympathy for you, your company, or it’s employee’s and feverently hope that when you submit your resumee to another employer, they see SunnComm listed as past emplyment and tell you “sorry, we don’t want your kind here.”

  16. I wonder how many, if any, of the software developers are members of the ACM and have read the General Moral Imperatives section of the ACM Code of Ethics which includes:

    Well-intended actions, including those that accomplish assigned duties, may lead to harm unexpectedly. In such an event the responsible person or persons are obligated to undo or mitigate the negative consequences as much as possible. One way to avoid unintentional harm is to carefully consider potential impacts on all those affected by decisions made during design and implementation.

  17. Anonymous,

    The biggest problem to your argument about putting people out of work is the link you, yourself provided. The action against you began 6/19/2002. This blog didn’t cause the action against you that apparently your company lost. There are applications for a writ of garnishment dating back to 12/2004. Again, the Sony/BMG fiasco didn’t have anything to do with that. Don’t blame the very detailed and informative work of Dr. Felton for clearly unrelated events.

  18. “You do understand that the record label is our customer.”

    In that case your customer has every right to be upset at you, and to dump you like a hot potato.

    1) You supplied a defective product.

    2) You supplied a product that upset their customers.

    If you don’t do the job right, don’t do it. Decline jobs that will put the company at risk. I work in sales. I’m our senior sales rep, and one of my jobs is checking out projects that the rest of the sales force are working on, and KILLING THE PROJECTS IF THEY WILL DAMAGE THE COMPANY.

    Of course you didn’t know this would have such a negative effect before the organic fertilizer hit the fan, but item 2 above should have been a clue that this product wasn’t a good idea.

  19. So SunnComm developed, marketed, and sold software designed to infiltrate peoples’ computers surreptitiously in an attempt to limit their Fair Use rights and when Ed and Alex point that out Suncomm AC’s come here looking for a shoulder to cry on? Oh, that’s rich. And quite telling that they go for the jobs argument and proffer that any endeavour is moral if there’s a paying customer. In a post-Enron world nobody is buying, especially anybody calculating cleanup costs of SunnComm’s mess vs. any purported economic benefits. At least asbestos kept our pipes warm and brakes braking!

    I am surprised they tried the strawman of protecting artists from theives on this thread since everybody here is bound to know that no software is installed on cd duplicators like the professional infringers use. Maybe it’s the marketing folks who are habituated to using that spin on the MSM.

  20. Ned Ulbricht says

    Hmmm… Possibly two more problems with [11]:

    (1) According to Allan Friedman, ” The final version of the paper was in Telecommunications Policy.” I haven’t diffed the two versions, but the preferred reference may be:

    Allan Friedman, Roshan Baliga, Deb Dasgupta, Anna Dreyer. Understanding the broadcast flag:a threat analysis model. Telecommunications Policy 28 503–521, 2004.

    (2) Searching the PDF indicates that this is an unused reference. Presumably [11] should have been attached somewhere in the body of the paper.

  21. Ned Ulbricht says

    First I’d better remember to say good job, and thanks for all your effort! But now that Scott’s started nitpicking typos ;-)…

    [11] Allan Friedman, Roshan Baliga, Deb Dasgupta, and Anna Dreyer. Unverlying motivations in the broadcast flag debate. In Proc. Telecommunications Policy Research Conference, September 2003.

    “Unverlying” should be “Underlying”. Underlying Motivations in the Broadcast Flag Debate.

  22. Anonymous, I do understand this, and I do believe that a company is responsible for what it produces, whether they sell it directly or indirectly to the consumer. If you’re telling me SunnComm did not write parts of the program that made it so vindictive, it becomes another issue. SunnComm knew what it was making, and it knew it would be used as a copy protection software for CD’s. The lock analogy does not apply at all, since locks are not intended to be used that way, even though it’s possible. If the purpose of DRM is not to prevent legitimate copying, then what is it?

    If you’re trying to tell me that Sony-BMG mislead you to believe your software would be used for a nonvindictive purpose, then please, say so. What exactly did you expect MediaMax to do? I’m curious, because given the circumstances, it’s hard for me to believe that SunnComm had no idea that their software would be put to this use.

  23. V

    “Speaking as a customer, last time I clicked “decline” to a EULA agreement, I didn’t want to install anything. So, I have some skeptism as to whether SunnComm really did what the customer wanted, rather than say…what the record label owners wanted.”

    You do understand that the record label is our customer. SunnComm did what IT wanted, so the consequences are at BMGs feet, not ours. Do you blame the lock manufacturer if someone is illegally locked out of their house by the person who bought the lock? Same here. We produced what we were asked to do and made a very good job of it (yes there were minor bugs). But we have had no control over its use.

  24. Oh, and thanks for the mention!

  25. A few typos on page 20:

    “First remove references to the $sys$cor filter driver…. Repeat this step to remove references to the $sys$cor filter driver”. Either one of these names is incorrect, or the editing has made a mash of these sentences. Maybe “first remove references to $sys$cor in registry entries named UpperFilters” then “repeat this step to remove references to $sys$core in devices’ LowerFilters lists”? It’s not clear. Wouldn’t the registry search turn up both cases at once?

    “References to this filter driver…keys; be sure to removed them all”

  26. Just out of curiosity, Ed, where did you submit it, and what sort of copyright policy do they have? Did you (have to) sign over your rights? Do you retain the right to post on a website? Etc?

    I’m curious because, as an academic myself and a nascent copyfighter, these issues concern me whenever I submit a paper to a journal, conference, symposium, or the like.

    I’d be curious to hear your thoughts on the subject.

  27. I’ve published a review of this paper here:


  28. Nice paper guys, shows a lot of thought & thorough research.

    Anyway a couple weeks ago I posed the question “Does anyone know of a rootkit-type mechanism in DVDs” (as opposed the CDs discussed so often recently). At the time, it seemed as though there weren’t…..

    Well, here we go…. a DVD using “rootkit-like technology” mentioned at F-Secure:


    Not to be an alarmist here, but I guess it was only a matter of time. Not sure if it’s a Sony release or a 20th Century Fox release.

  29. Ned Ulbricht says

    Ed, Alex,

    Thanks for the acknowledgement in your paper. I appreciate it.

  30. the zapkitty says

    Oh, by the way, nice paper.
    Could have used more references to anime-style catgirls, though.


  31. “I hope you sleep good tonight, because there are lots of others, and not even including investors, who will be sleepless because of an uncertain future.”

    Your comment seems to belay the fact that hundreds of small companies fail every year, but they don’t seem to be complaining as much as you act like you are. I seriously doubt your validity, mostly due to your hiding behind ‘anonymous’. Seems to me that any company that truly, and honestly, wanted to defend it’s stand would do so publicly; not covertly.

    I’d love to drone on about the future, but it is intrinsically uncertain.

    That, I thought, was intuitively obvious to the most casual observer…

  32. the zapkitty says

    V Says:
    “So, I have some skepticism as to whether SunnComm really did what the customer wanted…”

    As far as SuncMax is concerned the labels are their customers.

    If you read their commentary on their company forum (back before they ceased communicating with their investors altogether) you could read things that would curl your hair. As far as they were concerned the person who stuck this crap in their PC was a worthless pirate who deserved whatever they got and all was good as long as the share price didn’t drop.

    Only now, and in limited amounts, do you get investors commenting over there that “Y’know… covert installation really wasn’t a good idea…”

    And Sony BMG is not blameless. SuncMax was selling snake oil, but they boiled it up to Sony specifications… and it was Sony BMG that opened the CD drive door and ladled it in to the user PC’s.

  33. While I have a great deal of respect for Mr. Felton’s opinion, I strongly doubt that he, or any other single individual, has the power to destroy a “good honest company” or even a bad, dishonest company by writing about his opinion of its product. Your hyperbole and your paranoia are obvious.

  34. the zapkitty says

    Actually, what’s driven SuncMax to the brink is a misused and defective product, a vaporware replacement product that no one has said they want to use even if it’s eventually produced, and SuncMax’s own cupidity in not paying the BTEK court judgment… the court judgment that had nothing to do with the Sony/BGM fiasco or blog commentaries 🙂

    Readers should be prepared for yet even more SuncMax hysteria: Both Sunncomm and Mediamax (SuncMax) are teetering on the edge of sub-penny status on their stocks, Sunncomm has had their assets garnished for failure to pay a prior judgment against them, and investors are looking at the vast amounts of used toilet paper that used to be SuncMax stocks in their portfolios… hoping for a genuine Bast-granted miracle to somehow turn it into cash again.

    This was not according to the plan. The plan was for “Sunncomm” to take the fall and whisk away all the bad karma with it while “Mediamax” flew away scot-free. Instead SuncMax as a whole is going down in flames… just like the single creature that they are in reality.

    And they did it to themselves… which, as always, is the hardest responsibility to bear.

  35. “good honest company”
    What is honest about installing software on people’s computers without their consent? Forcing people to install software that degrades the functionality of their computer, in an underhanded and dishonest manner is not the kind of behavior that honest companies engage in. I feel bad for anyone who might lose their job, but if you work for a company that behaves that way you are going to get burned.

  36. Speaking as a customer, last time I clicked “decline” to a EULA agreement, I didn’t want to install anything. So, I have some skeptism as to whether SunnComm really did what the customer wanted, rather than say…what the record label owners wanted. But this would not have been the first time I’ve been accused of being out of the mainstream, so it may be possible that the customer really does like deception…

  37. “The experiment was a success, giving us lots of good comments and suggestions that helped us improve the paper.”

    A success all right. It has sent SunnComm broke, possibly. I hope you are happy that you may have put 20 people out of work. Based on your attacks on SunnComm, BTEK have placed a Writ Of Garnishment on our company, which means our assets will be locked if successful, stopping us from operating as a normal business.


    We are only a small company, so cannot operate if our appeal is unsuccessful.

    Again, congratulations on destroying a good honest company that only tried to protects artists from the thieves who only want everything for free. You may get accolades for your paper, but for all intensive purposes, you have destroyed another young American company whose only crime was to do what its customers wanted. I hope you sleep good tonight, because there are lots of others, and not even incuding investors, who will be sleepless because of an uncertain future.

  38. Very impressive. This will take a while to digest.

    I especially appreciate your fifth conclusion that includes the statement, “…the design of DRM systems is only weakly connected to the contours of copyright law.”

    How true! Companies like Sony give the concept of respect for intellectual property both bad press and a bad name, thereby undermining their own — and their artists’ — interests.

  39. thanks to you for the hard work! congratulations!