SunnComm Agrees to Terms of EFF Open Letter

San Francisco - In response to an open letter written by the Electronic Frontier Foundation (EFF), SunnComm Technologies, Inc., has outlined what it has done and will do to address potential security problems caused by its MediaMax CD copy-protection software and to help protect against future vulnerabilities. Use of the software on CDs released by Sony BMG has received significant media attention, but many consumers are unaware that the software was also used by several independent music labels.

SunnComm says it will ensure that future versions of MediaMax will not install when the user declines the end user license agreement (EULA) that appears when a CD is first inserted in a computer CD or DVD drive. SunnComm has also agreed to include uninstallers in all versions of MediaMax software, to submit all future versions to an independent security-testing firm for review, and to release to the public the results of the independent security testing. SunnComm and EFF are discussing how to ensure that legitimate security researchers who have been, are, or will be working to identify security problems with MediaMax will not be accused of copyright violations under the Digital Millennium Copyright Act (DMCA).

In January, SunnComm published a complete list of all music CDs that employ the MediaMax technology and sent a letter to the independent labels using MediaMax with information about a security vulnerability in MediaMax version 5. Music label Sony BMG has separately committed to addressing security concerns arising from CDs using MediaMax.

"We are pleased to be working with EFF to ensure that consumers are notified of this potential vulnerability and our update," said acting SunnComm President and Chief Executive Officer Kevin Clement. "As a software company, we are committed to developing high-quality products and promptly addressing any potential vulnerability, and we appreciate this opportunity to help lead the industry in the development of best practices for both quality and security."

"EFF applauds SunnComm's commitments to better security and privacy practices," said EFF Staff Attorney Kurt Opsahl. "While we continue to disagree with SunnComm on the wisdom of CD copy protection in general, we are pleased that it has taken important steps to notify consumers of the security vulnerability and help resolve the security and privacy issues raised by the MediaMax software."

EFF wrote the open letter to SunnComm because of its concerns about the MediaMax software, which is included with a wide variety of music from independent labels, such as Cuban Link's "Chain Reaction" by Men of Business Records, Peter Cetera's "You Just Gotta Love Christmas" by Viastar Records, and several releases on KOCH Records.

The problems with MediaMax came to light in November and December 2005, after independent security analysts discovered problems on Sony BMG CDs that included MediaMax. EFF and others subsequently brought legal actions against Sony BMG based on its distribution of the MediaMax titles, and a settlement in that case provided a remedy for music fans who bought Sony BMG MediaMax CDs. SunnComm's response to EFF's open letter commits the company to addressing the potential vulnerability for fans who bought such CDs on independent labels and to a continuing process that should help protect fans against future vulnerabilities.

EFF's open letter to SunnComm:

SunnComm's response:

List of CDs with SunnComm MediaMax 5:

List of CDs with SunnComm MediaMax 3:


Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation

Related Issues