A maker of software to manage music CD copying has agreed to make its protection scheme less vulnerable to computer crackers. After the San Francisco-based Electronic Frontier Foundation (EFF) released an open letter raising security concerns about the MediaMax application, its Phoenix, Ariz.-based developer, SunnComm Technologies, announced it would take several remedial steps:
- Bar installation of MediaMaX on a CD owner’s computer when the owner rejects the program’s End User Licensing Agreement (EULA);
- Package uninstallers with all future versions of the application; and
- Submit future releases of MediaMax to review by independent security researchers, and release the results of those reviews to the public.
Happy to Cooperate
“We are pleased to be working with the EFF to ensure that consumers are notified of this potential vulnerability and our update,” said Acting President and CEO Kevin Clement in a statement released last week. “As a software company, we are committed to developing high quality products and promptly addressing any potential vulnerability, and we appreciate this opportunity to help the industry in the development of best practices for both quality and security.”
Attempts by TechNewsWorld to reach SunnComm for comment on this story were unavailing.
There is skepticism over the company’s response in the digital rights management (DRM) scene.
“SunnComm’s behavior is a very thinly veiled media ploy to make the company appear more favorable in the market, and a blatant attempt to avoid the class action lawsuits that are plaguing Sony BMG as a result of compromising the security of personal computers around the world,” Jarad Carleton, an IT consulting analyst with Frost & Sullivan, told TechNewsWorld.
“It appears that SunnComm sees the writing on the wall and realizes that it cannot install software on someone’s machine with impunity,” he said. “It’s about time that some of these companies with Draconian views of the consumer and lack of respect for the fair use provision under U.S. copyright laws are finally brought back in line.
“I hope that SunnComm will work to better balance the rights of intellectual property owners as well as consumers in the future,” he added. “Unfortunately, the history of this company doesn’t indicate that it really gives a damn about consumers or the fair use provision in U.S. copyright law, so I am not holding my breath that SunnComm will significantly change how it protects music.”
Inherent Security Flaws
There may be some insurmountable security issues inherent to any scheme for controlling the copying of digital media, according to EFF Staff Attorney Kurt Opsahl, but he applauded SunnComm’s efforts.
“By its very nature, DRM software has to have more rights over a computer than the user has,” Opsahl told TechNewsWorld. “It has to prevent the user from having full control over the computer.
“When you do that,” he continued, “there’s always the possibility that someone will take advantage of that situation, co-opt the program, and be able to exercise rights to which they are not entitled.”
Vulnerable to the Unscrupulous
“It’s a positive step,” said Edward W. Felten, a professor of computer science at Princeton University, referring to SunnComm’s efforts. However, “they’re doing things that should have been done in the first place and that responsible software companies have been doing all along,” he told TechNewsWorld.
Felton, who is also director of the Center of Information Technology Policy at Princeton, played a major role in exposing XCP, the DRM rootkit that Sony BMG used last year with disastrous results.
User Frustration to Continue
The coercive aspects of copy protection schemes make them vulnerable to the unscrupulous.”In order to get their software onto a user’s systems and keep it there, the DRM vendors have an incentive to undermine a user’s ability to control their own computers. When they do that, they are harming security,” Felton explained.
Whether systems are secure or not, Felton doesn’t see content makers backing off their DRM obsession any time soon.
“We can expect the status quo to continue,” he maintained. “DRM systems will be largely ineffective at preventing copying but will continue to cause frustration for users.”