It’s been a long two weeks for Sony. In the latest development in the Digital Rights Management (DRM) software saga, the music giant’s applicationhas allegedly infringed on others’ copyrights.
Jon Lech Johansen, better known as DVD Jon, claims in his blog that the XCP software from First4Internet that Sony used to prevent unauthorized copying of its music CDs contains code that is “infringing the copyright of several open-source projects.”
Johansen said code he himself wrote for VLC, a free cross-platform media player, is among the projects that First4Internet has infringed upon. Making matters worse, Finnish software developer Matti Nikki also claims to have uncovered copyright violations in Sony’s DRM program.
Thomas Dullien from Sabre Security, a company that specializes in the analysis of complex software, told Reuters that he can confirm at least five functions in the XCP software are identical to functions in LAME, an application licensed under the lesser GNU General Public License (GPL).
The GPL includes requirements that require any developer that uses source code from LAME to “cause the whole of the work to be licensed at no charge to all third parties under the terms of the license.”
First4Internet and Sony BMG were not immediately available to comment.
Florian Mueller, founder of the NoSoftwarePatents.com campaign and voted among the “top 50 most influential people in intellectual property” by Managing Intellectual Property magazine, told TechNewsWorld that while he doesn’t claim to know the specifics of this case, there are some generalities to Sony’s quagmire.
“Ironically, it does happen that companies which aggressively enforce and lobby for intellectual property rights fail to understand that developers actually do reserve some rights under free and open-source software licenses or the Creative Commons license,” Mueller said.
Mueller points to the European software patent debate as an example. He said when a pro-patent lobbying entity translated an interview from Dutch to English, NoSoftwarePatents.com made them aware that they had committed an act of copyright infringement.
“Sometimes this may simply be attributable to oversights, but there’s also a fundamental misconception among traditional companies about those innovative approaches to intellectual property,” Mueller said. “Some tend to believe that those new types of licenses are complete expropriations of their authors, which most of them really aren’t.”
Reviewing the Saga
Sony’s trouble began about two weeks ago when SophosLabs detected a new Trojan horse that exploits a rootkit in the controversial software.
The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to e-mail addresses, posing as a message from a British business magazine, according to Sophos’ November 10 report.
Sony decided to stop making copy-protected CDs as a “precautionary measure.” But the debate over piracy versus privacy raged on despite Sony’s denial that its program presents a security risk.
Just days later, more bad news surfaced for Sony: It’s uninstall program makes the computer even more vulnerable to malware.
Princeton researcher J. Alex Halderman posted instructions for how to find out if your PC is infected at the Freedom Tinker blog, but recommends that consumers leave the Digital Rights Management (DRM) software on their computer until Sony works out all the kinks. Sony said it is working on a new uninstall program.
“This sort of thing brings negative attention to the record labels,” Inside Digital Media Senior Analyst Phil Leigh told TechNewsWorld. “If you are going to try to stop the way people put music onto their iPods — by downloading it into a computer and transferring it over — then you don’t understand changes that technology is inducing any better than a cow understands algebra.”
I think you are mistaken. Mark Russinovich discovered the original rootkit and reported it. Not Sophos.