In the wake of the scandals regarding the XCP and MediaMax CD copy protection mechanisms used by Sony-BMG and several independent labels, EFF asked EMI if it would allow security researchers to examine the Macrovision copy protection technologies that it uses. The goal would be to verify that Macrovision's CD copy protection software does not create security vulnerabilities for music fans. Although EMI and Macrovision claim confidence in the security of the technology, there's nothing like independent testing to verify such claims. And unless EMI and Macrovision waive their DMCA and EULA claims, researchers could face legal action for certain kinds of security testing.

Responding to our open letter, EMI has invited security researchers interested in doing security testing on its CD copy protection technologies to come forward:

However, without knowing more details about - among other things - the type of research intended, by whom and for what purpose, we cannot accept your invitation to give a public, blanket declaration in the manner you suggest. Again, we are happy to assist in advancing legitimate, focused research, but we cannot provide protection to unnamed and uncounted "security researchers."

We at EFF would like to take EMI up on its offer "to assist in legitimate, focused research." If you are a researcher interested in doing security testing on Macrovision's CD copy protection software, please contact fred@eff.org.

Related Issues