Skip to main content

EFFector - Volume 18, Issue 42 - Tell California to Investigate Sony's DRM


EFFector - Volume 18, Issue 42 - Tell California to Investigate Sony's DRM

EFFector       Vol. 18, No. 42       Dec 2, 2005

A Publication of the Electronic Frontier Foundation     ISSN 1062-9424

In the 355thIssue of EFFector:

Action Alert: Tell California to Investigate Sony's DRM

The discovery of dangerous software installed on Sony BMG CDs in the name of digital rights management (DRM) has sparked global outrage. Numerous lawsuits have been filed, including one by EFF.

But Sony BMG is not only in trouble with customers and artists over its DRM scandal. Sony BMG has also run afoul of various state consumer protection laws. In Texas, the Attorney General is pursuing a case against the company under that state's anti-spyware legislation. New York's Elliot Spitzer is said to be considering action after uncovering that Sony did not do an adequate job of recalling infected CDs from that state, calling Sony's dithering "unacceptable."

Here in California, our Attorney General has not yet taken action against Sony BMG. The Attorney General's Office says that they've not heard many complaints from disgruntled California citizens.

Hmm. Are any of you out there? Are any of you mad about what Sony BMG is doing to your computers? We thought so.

California's Attorney General takes complaints from members of the public online. You don't need to have bought an infected Sony BMG CD. Just let the Attorney General's office know that you're upset with what Sony BMG did, that you think what they did harmed Californian consumers, and that you think the company's practices should be investigated.

Be sure to let the Attorney General's office know if:

* You bought an XCP CD, and you're angry it installed a rootkit on your machine and made it vulnerable to compromise by other malicious software.

* You bought a SunComm MediaMax CD, and you're mad that it breaches your privacy by calling home and that it installs files without your permission, before you even click on an agreement.

* You bought either type of CD and want to complain that Sony BMG's EULA tricked you into agreeing to outrageous conditions to which no reasonable person would agree (such as the requirement to give up ownership of your music in the event of bankruptcy).

* You're a music fan who has noticed that weeks after Sony first heard of the problems with its software, its dangerous CDs are still on the shelves--even after the company publicly announced a mass recall.

After you've filled in the consumer complaints form, mail us at and let us know what you told the AG. We'd like to know how you feel about Sony BMG's actions--and the company's continuing inaction.

The California Attorney Generals' Consumer Complaint Form:

State anti-spyware laws:

Sony BMG litigation and rootkit info:

North Carolina Illegally Certifies Diebold E-voting System

Board of Elections Ignores Rules to Escrow Code, Identify Programmers

Raleigh, North Carolina - The North Carolina Board of Elections certified Diebold Election Systems to sell electronic voting equipment in the state Thursday, despite Diebold's repeated admission that it could not comply with North Carolina's tough election law. The Electronic Frontier Foundation (EFF) believes that this raises important questions about the Board of Elections'procedures as well as the integrity of Diebold's bid for certification.

In all, three companies were certified for e-voting in North Carolina: Diebold, Sequoia Voting Systems, and Election Systems & Software. However, Keith Long, an advisor to the Board of Elections who was formerly employed by both Diebold and Sequoia, has said that "none of them" could meet the statutory requirement to place their system code in escrow. Instead of rejecting all applications and issuing a new call for bids as required by law, the Board chose to approve all of the applicants.

"The Board of Elections has simply flouted the law," said EFF Staff Attorney Matt Zimmerman. "In August, the state passed tough new rules designed to ensure transparency in the election process, and the Board simply decided to take it upon itself to overrule the legislature. The Board's job is to protect voters, not corporations who want to obtain multi- million dollar contracts with the state."

Last month, Diebold obtained a broad temporary restraining order that allowed it to evade key transparency requirements without criminal or civil liability. The law requires escrow of the source code for all voting systems to be certified in the state and identification of programmers. Diebold claimed that it could not comply because of its reliance on third- party software.

Monday, responding to EFF's arguments, a judge dismissed Diebold's request for broad exemptions to the law and told Diebold that if it wanted to continue in its certification bid, it must follow the law or face liability. Diebold had told the court that it would likely withdraw from the bidding process if it was not granted liability protection. But instead, Diebold went forward with the certification bid.

Diebold's certification now means it is permitted to sell e- voting equipment in North Carolina. But Zimmerman says that any county that buys from Diebold is taking a risk.

"If Diebold's certification is revoked, counties using its equipment could be left holding a very expensive bag," Zimmerman said.

Despite Long's assertion, at least one Diebold competitor-- Nebraska-based Election Systems & Software--has publicly stated that it is capable of meeting the escrow requirement for the code used it its system.

For more on the judge's decision Monday:

For this release:

DMCA Triennial Rulemaking: Failing Consumers Completely

EFF Bows Out of Broken Process

San Francisco - The Electronic Frontier Foundation (EFF) released a report entitled "DMCA Triennial Rulemaking: Failing the Digital Consumer," describing why the third triennial DMCA rulemaking, currently underway before the U.S. Copyright Office, does not effectively address the concerns of American digital media consumers. In light of the shortcomings of the DMCA rulemaking procedure, EFF did not propose any DMCA exemptions for the 2006-2009 triennial rulemaking period.

Digital media consumers are finding themselves increasingly hemmed in by "digital rights management" (DRM) restrictions on digital music, movies, video games, and software. The Digital Millennium Copyright Act of 1998 (DMCA) generally prohibits consumers from circumventing DRM mechanisms that control access to DVDs, CDs, and other digital media products. In an effort to ensure that these DRM mechanisms would not impede lawful uses of copyrighted works, however, Congress included what it described as a "fail-safe" mechanism in the DMCA rulemaking proceeding to be held every three years by the Copyright Office. The law delegates to the Copyright Office and Librarian of Congress the power to grant three-year exemptions to the DMCA's prohibition on circumventing DRM restrictions where the restrictions would otherwise encroach on lawful uses of copyrighted works.

EFF has participated in each of the two prior rulemakings in 2000 and 2003, each time asking the Copyright Office to create exemptions for perfectly lawful consumer uses for digital media that are encumbered by DRM. The Copyright Office has rejected all of EFF's previous proposals.

Based on its prior experience with the rulemaking procedure, as well as the increasing pervasiveness of DRM restrictions on digital media products, EFF has concluded that the triennial rulemaking does not effectively address the concerns of digital media consumers. Instead, EFF's report calls on Congress to take legislative action to reform and repair the DMCA rulemaking process.

"When the Copyright Office is unwilling to grant a DMCA exemption that would allow consumers to play copy-protected CDs on their computers, you know the rulemaking process is failing digital media consumers," said Fred von Lohmann, Senior Staff Attorney with EFF. "In the wake of the Sony BMG DRM debacle, it's time for Congress get involved on behalf of American consumers."

"DMCA Triennial Rulemaking: Failing Consumers Completely"

For more on why EFF won't participate:

For more on DMCA rulemaking:

For this release:

Smart Card Research Threatened in DirecTV Case

EFF Fights Heavy-Handed Tactics From Satellite TV Giant

San Francisco - The Electronic Frontier Foundation (EFF) and the Center for Internet and Society Cyberlaw Clinic at Stanford University Law School filed an amicus brief in the Ninth Circuit Court of Appeals Wednesday, asking judges to protect legitimate researchers from the heavy-handed tactics of the DirecTV Group, Inc., a worldwide provider of digital television entertainment, broadband satellite networks and services, and global video and data broadcasting.

Federal law makes it illegal to intercept satellite TV signals without authorization and also bans modifying or assembling interception tools for sale or distribution. In the case before the Ninth Circuit, DirecTV claims that it can sue individuals for both interception of its signal as well as modification of receiving equipment in cases where altered smart cards are simply inserted into standard television equipment. DirecTV claims that inserting a smart card into preexisting television equipment constitutes "assembling" a pirate device. The amicus brief claims that DirecTV is overreaching and also points out that legitimate security researchers would be threatened under the proposed misreading of the law. A lower court has already ruled that DirecTV cannot sue on this theory and dismissed DirecTV's attempt to "double-dip" by punishing individuals twice for a single offense.

"Researchers are constantly assembling, modifying, and building smart card components in furtherance of scientific knowledge and innovation," said EFF Staff Attorney Jason Schultz. "Congress clearly meant to exclude these beneficial activities from any legal liability. The court below understood this, and we hope the Appeals Court agrees."

Over the past few years, DirecTV has orchestrated a nationwide legal campaign against hundreds of thousands of individuals, claiming that they were illegally intercepting its satellite TV signal. The company began its crusade by raiding smart card device distributors to obtain their customer lists, then sent over 170,000 demand letters to customers and eventually filed more than 24,000 federal lawsuits against them. Because DirecTV made little effort to distinguish legal uses of smart card technology from illegal ones, EFF and the Cyberlaw Clinic received hundreds of calls and emails from panicked device purchasers. We worked with DirecTV to get them to limit their lawsuits to only those people they could prove were illegally receiving their signal. The two groups co-sponsor a website at to help people defend themselves.

For the full brief filed in the case:

For this release:

Location Privacy: 3, Warrantless Cell Phone Tracking: 0

When we recently reported that the DOJ had chosen not to appeal two court decisions that forcefully rejected its secret requests to track cell phones without probable cause, we expressed our fear that the government would keep trying to secretly convince other judges to grant these illegal orders while avoiding appellate review.

Well, that fear has now been confirmed by a newly-issued third court decision denying a DOJ request for a cell- tracking order, a request that was made after the DOJ chose not to challenge the other two decisions. This time, a federal magistrate judge in Maryland has followed the lead of judges in New York and Texas by refusing to allow the feds to track people's movement via a cell phone unless the government can at least meet the requirements for a search warrant.

Even though there are now three published decisions rejecting the government's arguments and none supporting them, we're aware of at least one other case where the DOJ is still pushing for authorization to track a cell phone without a search warrant. At this point, one has to wonder: how many public trips to the woodshed is it going to take before the DOJ either stops seeking these orders, or is willing to subject its claims to appellate court scrutiny? We may find out soon enough--at this rate, we'll have a dozen new denials by the spring!

Maryland cell tracking decision:

Blogging WIPO: The New Internet Treaty

The UN's World Intellectual Property Organization (WIPO) has just finished another round of deliberations on a new treaty. Although the draft treaty is nominally about broadcasters' rights, most of the discussion focused on proposals to create new rights over Internet transmissions: the US's proposal to extend the treaty to "webcasting", and the European Union's pitch for "simulcasting" rights, covering retransmission of broadcasts and cablecasts over the Internet.

These proposals would give webcasters, broadcasters and cablecasters the right to control Internet transmissions irrespective of the copyright status of the transmitted material. EFF believes that this is likely to stifle technological innovation on the Internet, restrict the public's access to knowledge, and change the nature of the Internet as a medium of communication.

The meeting ended in a deadlock with no real agreement on the scope of the treaty or the rights it should grant. The Chair recommended convening two further meetings in April and June 2006, to consider new exceptions proposals put forward by Brazil and Chile before the WIPO General Assembly votes on moving the treaty to a 2007 Diplomatic Conference.

Read more on WIPO:

Help Us Bust the Patent

As many of you know, EFF has gone into the Patent Busting business. Our next target is the patent for Internet test-taking, but we need your help tracking down the evidence we need.

Visit the link below for a description of the prior art we are looking for, and send it around to any friends or colleagues who might know about Internet test-taking technology before February of 1999.

We're particularly interested in systems where the revenue for the testing is shared between the host system and the test maker, but any information about online test-taking before February 11, 1999 can help.

Prior art description:

Prior art submission form:

Blog of the Month - Ed Foster's GripeLog

As part of our Bloggers' Rights Campaign, EFF is highlighting a blog each month that supports our campaign and strikes our fancy. Our first featured blog is Ed Foster's popular GripeLog. We watched with increasing glee as new members told us they joined because "GripeLog sent me."

On GripeLog, technology product consumers can air their beefs with vendors and read about the problems and issues other customers are raising. Written by Ed Foster, long-time author of InfoWorld's Gripe Line column, GripeLog combines a weekly e-mail column with a format that allows readers to air their concerns and views. Ed has been a particularly strong and clear voice about the problems with EULAs (End User License Agreements) in software, an issue that is near and dear to our hearts here at EFF. We appreciate Ed's work at GripeLog and his support of EFF and bloggers' rights.

Ed Foster's GripeLog:

EFF's Bloggers' Rights Campaign:

Staff Calendar

For a complete listing of EFF speaking engagements (with locations and times), please visit the full calendar:

December 9
Kevin Bankston speaks at LISA, San Diego, CA


miniLinks features noteworthy news items from around the Internet.

Sony BMG's Costly Silence
BusinessWeek discovers that Sony knew about their rootkit problem for at least a month before it was publicly uncovered.

Security Flaw Allows Wiretaps Evasion, Study Finds
Matt Blaze discovers that a tone box can turn off wiretapping equipment.

TSA Would Allow Sharp Objects on Airliners
Note that internal studies show half of the Department of Security Theater staff's screening time is spent searching for cigarette lighters.

One Man Against One Click
Plucky blogger decides to challenge Amazon's one-click patent alone.

Persecuted Iranian Blogger Escapes to Turkey
Seyyed Ahmad Seyyed Seraji Tabrizi is seeking assistance in the city of Van.

Fixing the Cybercrime Treaty
Declan McCullagh on the single amendment that would fix the cybercrime treaty currently before the Senate.

I Have A Little List (of Bloggers)
A historical and growing database of legal action taken against bloggers.

Trademarks vs Free Speech, Again
Local Ohio Republican party asks the court to shut down an opposing site on trademark grounds: motion denied.


EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)

Rebecca Jeschke, Media Coordinator

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. Press releases and EFF announcements & articles may be reproduced individually at will.

Current and back issues of EFFector are available via the Web at:

Back to top

JavaScript license information