More on Sony’s copyright infringement with their DRM Rootkit

“What a tangled web…” there is more today at freedom-to-tinker on the evidence that Sony (and or first4internet), have infringed on copyrighted code in their DRM software XCP which has been at the middle of quite a bit of controversy the last few weeks. Most of the coverage has been on some of the cloaking capabilities, the security vulnerabilities and the uninstaller vulnerabilities… but it looks fairly obvious that at least some GPL or LGPL code has been used without abiding by the terms of the GPL/LGPL

A couple of snips…

Matti Nikki (a.k.a. Muzzy) and Sebastian Porst have done great work unearthing evidence pointing to infringement. They claim that the code file ECDPlayerControl.ocx, which ships as part of XCP, contains code from several copyrighted programs, including LAME, id3lib, mpglib, mpg123, FAAC, and most amusingly, DVD-Jon’s DRMS.

If you copy and redistribute such a program, you’re a copyright infringer, unless you’re complying with the terms of the program’s license. The licenses in question are the Free Software Foundation’s GPL for mpg123 and DRMS, and the LGPL for the other programs. The terms of the GPL would require the companies to distribute the source code of XCP, which they’re certainly not doing. The LGPL requires less, but it still requires the companies to distribute things such as the object code of the relevant module without the LGPL-protected code, which the companies are not doing. So if they’re shipping code from these libraries, they’re infringing copyrights.


How strong is the evidence of infringement? For some of the allegedly copied programs, the evidence is very strong indeed. Consider this string of characters that appears in the XCP code:

FAAC – Freeware Advanced Audio Coder ( Copyright (C) 1999,2000,2001 Menno Bakker.

Porst also reports finding many blocks of code that appear to have come from FAAC. Porst claims equally strong evidence of copying from mpglib, LAME, and id3lib. This evidence looks very convincing.

Oops…. apparently the developers of LAME have written a letter to SONY, it’s not clear if there will be lawsuits pending on this matter, but I wouldn’t be surprised if at some point that comes into play.

Oh, and according to the RIAA Sony’s DRM was nothing new (using technology to protect IP), they just had a security vulnerability in it and did a fine job in dealing with it…

   Send article as PDF   

Similar Posts