Skip to main content
How to Fix the Internet: Don't Be Afraid to Poke the Tigers

EFFector - Volume 18, Issue 39 - Are You Infected with Sony-BMG's Rootkit?


EFFector - Volume 18, Issue 39 - Are You Infected with Sony-BMG's Rootkit?

EFFector       Vol. 18, No. 39       November 11, 2005

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 355th Issue of EFFector:

Are You Infected with Sony-BMG's Rootkit?

EFF Confirms Secret Software on 19 CDs

San Francisco - News that some Sony-BMG music CDs install secret rootkit software on their owners' computers has shocked and angered thousands of music fans in recent days. Among the cause for concern is Sony's refusal to publicly list which CDs contain the infectious software and to provide a way for music fans to remove it. Now, the Electronic Frontier Foundation (EFF) has confirmed that the stealth program is deployed on at least 19 CDs in a variety of genres.

The software, created by First 4 Internet and known as XCP2, ostensibly "protects" the music from illegal copying. But in fact, it blocks a number of legal uses--like listening to songs on your iPod. The software also reportedly slows down your computer and makes it more susceptible to crashes and third-party attacks. And since the program is designed to hide itself, users may have trouble diagnosing the problem.

"Entertainment companies often complain that fans refuse to respect their intellectual property rights. Yet tools like this refuse to respect our own personal property rights," said EFF staff attorney Jason Schultz. "Sony's tactics here are hypocritical, in addition to being a security threat."

If you listened to a CD with the XCP software on your Windows PC, your computer is likely already infected. An EFF investigation confirmed XCP software on 19 titles, but it's far from a complete list. Sony-BMG continues to refuse to make such a list available to consumers.

Consumers can spot CDs with XCP by inspecting a CD closely, checking the left transparent spine on the front of the case for a label that says "CONTENT PROTECTED." The back of these CDs also mention XCP in fine print. You can find pictures of these and other telltale labeling at

"Music fans should protect themselves from this stealth attack on their computer system," said EFF Senior Staff Attorney Fred von Lohmann.

For EFF's list of CDs with XCP:

The "legalese rootkit" - Sony-BMG's EULA:

For this release:

Sony-BMG Rootkit: EFF Collecting Stories, Considering Litigation

EFF is collecting stories from EFF members and supporters who have purchased Sony-BMG CDs that contained the rootkit copy protection software. We're considering whether the effect on the public, or on EFF members, is sufficiently serious to merit EFF filing a lawsuit.

If you satisfy the following criteria, we would like to hear from you:

  1. You have a Windows computer;
  2. First 4 Internet's XCP copy protection has been installed on your computer from a Sony CD (for more details, see our blog post referenced above or the SysInternals blog,;
  3. You reside in either California or New York; and
  4. You are willing to participate in litigation.

We have not made a final decision about filing any legal action, but we would like to hear from music fans who have been harmed by the Sony-BMG rootkit copy protection technology. Please contact for more information.

News Website Can Keep Domain Name After Trademark Fight Settles Fair Use Dispute with Drug Company

San Francisco - A medical news website, with the assistance of the Electronic Frontier Foundation (EFF), settled a dispute with a French pharmaceutical giant over using the name of a trademarked medication, Acomplia.

The settlement came after EFF filed suit on behalf of the, an independent online newsletter devoted to reporting about a drug called Acomplia. Acomplia may help consumers lose weight and quit smoking, but is not yet approved by the US Food and Drug Administration (FDA). Since March 2004, has published original news and commentary about Acomplia's clinical trials, the drug approval process, and anti-obesity drugs in general--all aimed at helping consumers make more informed decisions about their health.

To emphasize the newsletter's impartiality, every page has always included the subheading "your independent source of news and reviews about the new diet drug Acomplia." Nevertheless, drug maker Sanofi-Aventis claimed that the use of the term "Acomplia" in the AcompliaReport domain name created a "risk of confusion." Sanofi asked an international arbitrator to order the domain name transferred, alleging that the publisher of the AcompliaReport, Milton R. Benjamin, was a cybersquatter. Benjamin promptly sought a declaration from a U.S. district court protecting his right to the domain name, claiming both fair use and First Amendment rights to the name as an online publisher.

"Sanofi's tactics threatened to quash free and accurate speech," said EFF staff attorney Corynne McSherry. "The website uses the Acomplia mark solely to refer to Sanofi's product. That use is a textbook fair use. And basic First Amendment principles barred Sanofi from using trademark law to shut down an independent news site."

Under terms of Tuesday's settlement, keeps its domain name, as long as there is a disclaimer stating that the website is not associated with Sanofi-Aventis.

"We are happy to have this absurd dispute behind us, enabling us to focus on independent coverage of the regulatory process and further development of a novel drug that appears to have the potential to be of considerable benefit to many people," said Benjamin. "A news site needs to be able to use a trademarked name in order to report on a trademarked product."

For this release:

PATRIOT Alert: A Battle Won, but Urgent Action Still Needed

Over the next few days, select members of the US House and Senate will be haggling in conference over the wording of a new bill to renew the USA PATRIOT Act.

Thanks in part to your calls and lobbying, the House of Representatives has already instructed its conferees to attach shorter four year "sunset" provisions to some of the act's more outrageous surveillance powers. But there are plenty more checks and balances that still need to be added.

That's why we're asking everyone to call your Representative and Senators and urge them to tell the conference members to support the Senate version of the bill, which contains new safeguards lacking in the House version.

Now is your last best chance to influence the debate over PATRIOT before the renewal bill reaches the President's desk. Find out the phone numbers of your Representative and Senators by clicking below. You'll find more information on the PATRIOT bill and a suggested phone script for you to use.

Don't hesitate -- call today!

Passing the Buck: or, the Printer as a Fine French Wine

Xerox responded to our research on how printers made by Xerox and other companies track the origin of documents you print. Its new "Xerox Statement on Counterfeit Detection" contains some bizarre suggestions. The most prominent of these is that Xerox's invasions of privacy are OK because other privacy invasions are worse.

"Unlike much of the computer spy-ware prevalent on the internet today, the yellow dots do not 'contact' Xerox or the government and send user content or location," the statement reads. "In a world where your cell phone gives your location, all your phone calls are logged and available on the net, your credit card transactions compiled and your network browsing stored, the 'yellow dots' are innocuous and they give considerable protection against specific criminal behavior, such as counterfeiting."

That's right: Xerox defends its decision because it's not as big an intrusion as spyware, wiretapping, or spying on you through your cell phone. It's the everybody-else-is-doing-it excuse. The company seems to be channelling Sun CEO Scott McNealy, who told a group of journalists in 1999 that "[y]ou have zero privacy anyway. Get over it."

EFF and other privacy advocates have been fighting for years to reverse the trends Xerox mentions, or to enhance the tools available to the public for defending themselves. This month, we won major victories as courts, agreeing with our legal arguments, restricted the government's ability to use cell phones to track individuals' movements. We also fought for the public's right to use encryption to send private e-mail and make private telephone calls, and we supported the development of Tor to help users browse the Internet without identifying themselves. We argued for computer users' rights to remove spyware from their own computers and to teach others how to do so. EFF fought and won court cases protecting the anonymity of on-line critics. Through these cases, we helped extend the U.S. tradition of legal protection for anonymous pamphleteers firmly into the on-line world.

Xerox goes on to say that we should actually be reassured by the tracking, since it's for our own protection. "Many products--cars, food, medicines, computers, toys and many more, have such features for the protection of customers. French wines put this proudly on their label."

While it's comforting to know that our office equipment has something in common with a fine wine, our privacy is threatened in a particular way by tracking systems embedded in our communication technologies, in a way that it is typically not threatened by toys or beverages.

For the full Xerox statement:

For more analysis:

Anti-Cell Phone Tracking Judicial Revolution Spreads to NYC

One more magistrate judge refused to allow the government's practice of secretly using cell phones to track people without probable cause--this time in the Southern District of New York (Manhattan). The magistrate judge declined to grant the government's request "without further briefing from the Government concerning the propriety of issuing these orders."

The SDNY judge sought further briefing due to an August decision from a magistrate judge in the Eastern District of New York (Long Island) denying a similar government request. The government provided a letter brief in support, and, upon the court's request, the SDNY Federal Defender's Office responded last week with an amicus brief in opposition.

The US Attorney for the SDNY faces an uphill battle: Two courts (the EDNY and the Southern District of Texas) considered the government's arguments so far, and both found them completely unpersuasive. Recognizing the importance of this decision, both magistrate judges urged an appeal in order to allow a Circuit Court to rule on this pernicious practice.

Nevertheless, the US Attorney's Offices in those jurisdictions elected not to appeal the adverse decisions. This has not prevented the SDNY US Attorney from moving forward here, however. Distressingly, the government's brief reveals that US Attorneys offices all over the country have "routinely applied for and obtained court orders [compelling] cellular telephone companies to report...cell site data, for a particular cell phone on a prospective basis."

EFF applauds those judges and magistrates who care enough about your rights to challenge the government when it makes these unsubstantiated requests for cell site data.

For more on government cell phone tracking:

Nonprofit Coalition Wins Challenge to Federal Watch-List Policy

EFF and 12 other national nonprofit organizations won their battle against a government fundraising policy that required checking employees against terrorist government watch-lists. It's a big victory for free speech and privacy--not to mention the nonprofits and the federal employees who want to support them through the Combined Federal Campaign, or CFC.

CFC allows federal workers to donate to charities with automatic payroll deductions, and it raises hundreds of millions of dollars every year for thousands of organizations. But CFC rules put in place last year would have forced us to check all of our employees and expenditures against several anti-terrorism "black lists" of people and organizations that the government suspects are linked to terrorism.

EFF withdrew from the program in protest. We knew that those watch-lists are created by the government with secret information that is notoriously unreliable and we refused to violate the privacy of our clients and employees. But now that the federal government dropped the list-checking requirements, EFF will join the CFC again. We hope that our members will support us and the new policy by donating to EFF through the CFC.

Press release from the ACLU:


miniLinks features noteworthy news items from around the Internet.

DRM This, Sony!
CNET's Molly Wood lays the smack down on Sony and their deceptive DRM.

Forrester Grieves for the Music Industry
Suggests they're passing through denial, anger, bargaining, depression--and hopefully, one day, acceptance.,7211,36036,00.html

DRM Crippled CD: A Bizarre Tale
Market strategist Barry Ritholtz fumes at the idiocy of copy- restricted CDs.

DRM and Universities
A sad, first-hand account of academics demanding DRM for their own lectures.

Computer HDTV tuners down to $150
In a market that would have been eliminated by the broadcast flag, competition works its magic.

The Hole Truth From Wendy Seltzer
Brooklyn Law prof and EFF alumni deconstructs last Thursday's broadcast flag hearing.

Microsoft Reverse-Engineers iPod
Wants to provide iPod to Xbox 360 compatibility.

Orphaned Works in our Neighborhood
Bookfinder's founder discovers even his local pasta shop is affected by copyright's problems.

Loose Lips Infringe Trademarks
The New York Metro is attempting to trademark the security warning "See Something, Say Something."

Staff Calendar

No entries this week.


EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)

Rebecca Jeschke, Media Coordinator

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will.

Current and back issues of EFFector are available via the Web at:

Back to top

JavaScript license information