DHS critical of Sony's anti-piracy software, urges ban of DRM rootkit

Published 21 February 2006

DHS officials took Sony BMG to task over the company’s controversial use of rootkit-style copy protection. If the technology proves harmful to consumers, tougher laws and regulations might be proposed, a senior DHS officer warned. DHS was incensed with Sony BMG’s approach to Digital Rights Management (DRM) technology. Sony’s move was exposed after security researchers discovered XCP anti-piracy software, which shipped with some of Sony BMG’s music CDs, masked its presence and introduced a vulnerability that hackers and virus writers began to target. Under pressure, Sony was forced to recall discs loaded with the technology and create an exchange program for consumers. Sony came in for yet more criticism after it emerged that SunComm’s MediaMax anti-piracy software, used as an alternative to First4Internet’s XCP program on Sony BMG CDs shipped in the United States and Canada, also created a security risk. The first version of the patch released to address the SunnComm MediaMax version 5 software had a flaw of its own. Security researchers are currently reviewing a second patch.

DHS met with Sony BMG representatives to let the company know exactly what DHS thought. “The message was certainly delivered in forceful terms that this was certainly not a useful thing,” said director of law enforcement policy with the DHS’s Border and Transportation Security Directorate Jonathan Frenkel.

Government officials are concerned that the rootkit tactic, if repeated, could leave consumers’ systems open to hacker attack. The DHS lacks the power to push through laws itself, but it does have the ears of legislators, if not all the elements of the entertainment industry.

-read more in this repor