The Electronic Frontier Foundation (EFF) wants Sony EMI to grant legal protections for computer security researchers examining the copy-protection technologies of the music giant.
In November, EMI — whose labels include Virgin Records, Capitol Records and Liberty Records — sparked a whirlwind of controversy and criticism for issuing music CDs containing a rootkit to cloak the scanning of customer PCs for music-ripping activities.
Although EMI eventually recalled the copyright-protected music and is facing civil lawsuits from both the EFF and Texas, the EFF also is concerned that EMI’s end user license agreement (EULA) forbids reverse engineering for any reason, including security testing.
In addition, the Digital Millennium Copyright Act (DMCA) prohibits the disabling of copy protection technologies.
“Music fans deserve to know whether EMI’s copy-protected CDs are exposing their computers to security risks,” Fred von Lohmann, senior staff attorney with EFF, said in a statement.
“When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won’t be sued for their trouble.”
In an open letter to Sony EMI Wednesday, the EFF asked the company to make a public statement that EMI would not bring legal action against researchers who bring security vulnerabilities to the attention of the public.
“Because some copy-protection vendors have leveled legal threats against security researchers in the past, researchers may be reluctant to examine EMI compact discs,” the letter states.
“While legal researchers may be put off by legal risks, criminals intent on exploiting security vulnerabilities, of course, will have no such legal compunctions.”