January 16, 2025

Posts Comments

Lame Copy Protection Doesn't Depress CD Sales Much

June 18, 2004 by

A CD “protected” by the SunnComm anti-copying technology is now topping the music charts. This technology, you may recall, was the subject of a paper by Alex Halderman. The technology presents absolutely no barrier to copying on some PCs; on the remaining PCs, it can be defeated by holding down the Shift key when inserting the CD.

SunnComm execs say that this demonstrates consumer acceptance of their technology. A quick look at the consumer reviews at Amazon tells the real story: the technology causes significant problems for some law-abiding customers, and many customers dislike it. Many customers find the technology bearable only because it is so easily defeated, thereby allowing customers who, say, want to download songs from the album onto their iPods a way to do so.

Alex Halderman reports receiving at least three unsolicited emails this week thanking him for explaining how consumers can stop the SunnComm technology from impeding their fair use of this album. Here’s one:

Hello,

Thanks for the great article on this topic. I just bought the new Velvet Revolver CD and was not able to listen to it on my computer or import it into my iTunes program. I did use their “Copy” option which saved the files as Windows Media Files but these couldn’t be converted by iTunes. Well this is not acceptable and within about 5 minutes I was able to find your article and disable the lame driver.

Keep up the great work!

Another, in addition to discussing the fair use issue, says this:

If I wasn’t such a fan of this band, I would have taken the CD back in protest. But alas, it’s the only way to be legal and I wish for the artist to reap their financial benefits.

Needless to say, the SunnComm technology has not kept the songs on this album off of the filesharing systems.

Filed Under: Uncategorized Tagged With:

Hatch to Introduce INDUCE Act

June 17, 2004 by

Fred von Lohmann at EFF Deep Links reports that Sen. Orrin Hatch is planning to introduce, possibly today, a bill to create a new form of indirect liability for copyright infringement. The full name of the bill is somewhat bizarre: the “Inducement Devolves into Unlawful Child Exploitation Act”.

Not being a lawyer, I can’t immediately say what impact this bill would have. But Fred von Lohmann, a very smart copyright lawyer, sees it as a threat to innovation, and Ernest Miller, who is also well versed in copyright law, uses me as an example of a person whose legitimate activities might be threatened by the bill. That’s definitely not the kind of thing I wanted to read over breakfast.

We’ll have to see how the Hatch bill is received. If it passes, it looks like computer security research may become even more of a legal minefield than it already is.

Filed Under: Uncategorized Tagged With:

FTC: Do-Not-Email List Won't Help

June 16, 2004 by

Yesterday the Federal Trade Commission released its recommendation to Congress regarding the proposed national Do Not Email list. They recommended against the creation of such a list at the present time, because the list would provide little or no reduction in spam, but would increase costs for legitimate emailers and might raise security risks.

Congress, in the CAN-SPAM Act, asked the FTC to study the feasibility of instituting a national Do Not Email list, akin to the popular Do Not Call list. Yesterday’s FTC recommendation is the result of the FTC’s study.

The FTC relied on interviews with many people, and it retained three security experts – Matt Bishop, Avi Rubin, and me – to provide separate reports on the technical issues regarding the Do Not Email list. My report supported the action that the FTC ultimately took, and I assume that the other two reports did too.

I understand that the three expert reports will be released by the FTC, but I haven’t found them on the FTC website yet. I’ll post a link to my report when I find one.

Filed Under: Uncategorized Tagged With:

Off the Grid?

June 8, 2004 by

I’ll be in a place with a possibly iffy Internet link until Monday evening. If you don’t hear from me in the next few days, I’m probably incommunicado; but please tune back in on Tuesday.

Filed Under: Uncategorized

Rubin and Rescorla on E-Voting

June 8, 2004 by

There are two interesting new posts on e-voting over on ATAC.

In one post, Avi Rubin suggests a “hacking challenge” for e-voting technology: let experts tweak an existing e-voting system to rig it for one candidate, and then inject the tweaked system quietly into the certification pipeline and see if it passes. (All of this would be done with official approval and oversight, of course.)

In the other post (also at Educated Guesswork, with better comments), Eric Rescorla responds to Clive Thompson’s New York Times Magazine piece calling for open e-voting software. Thompson invoked the many-eyeballs phenomenon, saying that open software gets the benefit of inspection by many people, so that opening e-voting software would help to find any security flaws in it.

Eric counters by making two points. First, opening software just creates the opportunity to audit, but it doesn’t actually motivate skilled people to spend a lot of their scarce time doing a disciplined audit. Second, bugs can lurk in software for a long time, even in code that experts look at routinely. So, Eric argues, instituting a formal audit process that has real teeth will do more good than opening the code.

While I agree with Eric that open source software isn’t automatically more secure than closed source, I suspect that voting software may be the exceptional case where smart people will volunteer their time, or philanthropists will volunteer their money, to see that a serious audit actually happens. It’s true, in principle, that the same audit can happen if the software stays closed. But I think it’s much less likely to happen in practice with closed software – in a closed-source world, too many people have to approve the auditors or the audit procedures, and not all of those people will want to see a truly fair and comprehensive audit.

Eric also notes, correctly, the main purpose of auditing, which is not to find all of the security flaws (a hopeless task) but to figure out how trustworthy the software is. To me, the main benefit of opening the code is that the trustworthiness of the code can become a matter of public debate; and the debate will be better if its participants can refer directly to the evidence.

Filed Under: Uncategorized Tagged With: