Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The Sony CD DRM Debacle A case study of digital rights management.

Published byMaryam Thrower Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The Sony CD DRM Debacle A case study of digital rights management."— Presentation transcript:

1 1 The Sony CD DRM Debacle A case study of digital rights management

2 2 Overview: DRM Goals DRM Goals XCP XCP MediaMax MediaMax Defeating Defeating Software Engineering Code of Ethics and the principles that were broken Software Engineering Code of Ethics and the principles that were broken Lawsuit Lawsuit

3 3 Goals of DRM The primary goals of a DRM system is to protect and enable the business models of the record label and the DRM vendor. Lessons from the Sony CD DRM Episode (pg 2)

4 4 Record label Goals Overall purpose is to increase profit. Overall purpose is to increase profit. Increase sales Increase sales Limit disc-to-disc copying Limit disc-to-disc copying Limit local copying Limit local copying Get software onto users computers Get software onto users computers Sell advertising Sell advertising Gather and sell information about users Gather and sell information about users Lessons from the Sony CD DRM Episode (pg 2, 3)

5 5 DRM Vendor Goals Maximize price for DRM software by creating value for the record label Maximize price for DRM software by creating value for the record label Survive Survive Smaller companies need to take more risk Smaller companies need to take more risk Maximize installed base Maximize installed base Need to get major recording labels on board Need to get major recording labels on board Become THE DRM used, beat out other vendors Become THE DRM used, beat out other vendors Lessons from the Sony CD DRM Episode (pg 3)

6 6 CD DRM Systems Must play on ordinary CD players Must play on ordinary CD players Limited readability by computers Limited readability by computers Must prevent copying on computer without permission Must prevent copying on computer without permission DRM’s software must give access to music DRM’s software must give access to music DRM software must be installed somehow DRM software must be installed somehow Autorun on windows computers Autorun on windows computers Must be intentionally run by user on Mac Must be intentionally run by user on Mac DRM software must recognize the DRM discs DRM software must recognize the DRM discs Lessons from the Sony CD DRM Episode (pg 4)

7 7 XCP Relies on the autorun feature of windows Relies on the autorun feature of windows Commands in autorun.inf on cd executed Commands in autorun.inf on cd executed Auturun commonly used to display splash screens and initiate installation of programs Auturun commonly used to display splash screens and initiate installation of programs MacOS does not use autorun, user must manually run installer MacOS does not use autorun, user must manually run installer XCP protected discs contain two sessions XCP protected discs contain two sessions Music session Music session DRM content session DRM content session Lessons from the Sony CD DRM Episode (pg 5)

8 8 Two Session Disc http://www.fadden.com/cdrpics/data-surface-3.jpg

9 9 XCP (continued) Unprotected time between disc insertion and protection software installed Unprotected time between disc insertion and protection software installed User required to agree to End User License Agreement (EULA) User required to agree to End User License Agreement (EULA) Software is then installed Software is then installed CD can now be played CD can now be played If user declines, CD immediately ejected If user declines, CD immediately ejected Lessons from the Sony CD DRM Episode (pg 6,7)

10 10 XCP (continued) Temporary protection auto-loaded on cd insertion – not installed Temporary protection auto-loaded on cd insertion – not installed Uses blacklist of applications known for burning/ripping Uses blacklist of applications known for burning/ripping Loads window displaying any blacklisted applications running Loads window displaying any blacklisted applications running Will not continue until blacklisted apps are closed Will not continue until blacklisted apps are closed Lessons from the Sony CD DRM Episode (pg 7)

11 11 XCP (continued) Lessons from the Sony CD DRM Episode (pg 6)

12 12 MediaMax Also uses autorun Also uses autorun Also utilizes multi session discs Also utilizes multi session discs Temporary protection more invasive Temporary protection more invasive Immediately installs protection software Immediately installs protection software Temporarily activates protection software Temporarily activates protection software This happens even if EULA is declined This happens even if EULA is declined Lessons from the Sony CD DRM Episode (pg 5,7)

13 13 Defeating The Copy Protection Marker the Data Marker the Data Hold shift-key while inserting Hold shift-key while inserting Disable auto-run Disable auto-run Use alternative Operating System Use alternative Operating System Linux Linux Mac Mac Lessons from the Sony CD DRM Episode (pg 5)

14 14 Marking the CD http://www.fadden.com/cdrpics/data-surface-3.jpg

15 15 Hold down shift-key while inserting disk

16 16 Disabling Auto-Run

17 17 Alternative Operating Systems Apple image from: http://en.wikipedia.org/wiki/Image:Apple-logo.png Tux image from: http://www.sjbaker.org/tux/Penguin.png

18 18 XCP Rootkit XCP detected as rootkit XCP detected as rootkit Hidden from detection Hidden from detection Files Files Network access Network access Processes Processes Registry keys Registry keys Potentially allows root access to system Potentially allows root access to system Lessons from the Sony CD DRM Episode (pg 18,19)

19 19 XCP Detection as rootkit http://www.f-secure.com/weblog/archives/updated_xcp.gif

20 20 XCP Vulnerabilities Installed and ran invisibly Installed and ran invisibly Undetectable by even virus software Undetectable by even virus software Hides itself and its processes Hides itself and its processes Hides anything starting with $sys$ Hides anything starting with $sys$ Any malicious code can be hidden by $sys$ Any malicious code can be hidden by $sys$ Exploited by at least two malicious programs Exploited by at least two malicious programs Also allows random crashing of system via updated system files Also allows random crashing of system via updated system files Lessons from the Sony CD DRM Episode (pg 19)

21 21 MediaMax Vulnerabilities Automatically installs on CD insertion Automatically installs on CD insertion Permissions set so any user can modify Permissions set so any user can modify Allows malicious code to easily be installed Allows malicious code to easily be installed Next time MediaMax protected cd inserted, malicious code executed Next time MediaMax protected cd inserted, malicious code executed Lessons from the Sony CD DRM Episode (pg 17,19)

22 22 Vulnerabilities (continued) Requires Power User privileges to run Requires Power User privileges to run Allows attacker’s code to have complete control Allows attacker’s code to have complete control Aggressively updates installed code with each protected CD Aggressively updates installed code with each protected CD Patch to rectify attack initiated attack code Patch to rectify attack initiated attack code Lessons from the Sony CD DRM Episode (pg 17,19)

23 23 Spyware-like Activities Report user activities to label/vendor Report user activities to label/vendor Vendors said it did not, it infact does Vendors said it did not, it infact does Retrieve images or adds to display from web Retrieve images or adds to display from web Log user’s info Log user’s info IP address IP address Date and time Date and time Identity of album Identity of album Lessons from the Sony CD DRM Episode (pg 14)

24 24 Software Engineering Code of Ethics (ACM/IEEE-CS Joint – shortened version) Software engineers shall commit themselves to making the analysis, specification, design, development, testing and maintenance of software a beneficial and respected profession. In accordance with their commitment to the health, safety and welfare of the public, software engineers shall adhere to the following Eight Principles: Info from: http://www.acm.org/serving/se/code.htm

25 25 1. PUBLIC - Software engineers shall act consistently with the public interest. 1. PUBLIC - Software engineers shall act consistently with the public interest. 2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer and consistent with the public interest. 2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer and consistent with the public interest. 3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible. 3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible. 4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment. 4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment. Software Engineering Code of Ethics (continued) Info from: http://www.acm.org/serving/se/code.htm

26 26 Software Engineering Code of Ethics (Continued) 5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance. 5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance. 6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. 6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. 7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues. 7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues. 8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession. 8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession. Info from: http://www.acm.org/serving/se/code.htm

27 27 Ethical Issues Install without user permission Install without user permission Users left vulnerable to malware Users left vulnerable to malware After uninstall, user still vulnerable After uninstall, user still vulnerable Spyware tactics used Spyware tactics used Prevents fair use Prevents fair use Damages the reputation of software manufacturers Damages the reputation of software manufacturers Sony refused to deny wrong-doing Sony refused to deny wrong-doing

28 28 Class Action against Sony Requests from Electronic Frontier Foundation (EFF) Requests from Electronic Frontier Foundation (EFF) Stop production of CDs with bad DRM Stop production of CDs with bad DRM Get people non-DRM’d versions of music Get people non-DRM’d versions of music Do this quickly Do this quickly Get people free music or money in case of XCP Get people free music or money in case of XCP Ensure independent security testing pre-launch of any new DRM Ensure independent security testing pre-launch of any new DRM Agree to quick response by Sony BMG in future security flaws of DRM Agree to quick response by Sony BMG in future security flaws of DRM http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php

29 29 Settlement Sony agreed to EFF’s requests Sony agreed to EFF’s requests Never admitted to wrong doing Never admitted to wrong doing No reparations for crashed systems No reparations for crashed systems At present no criminal cases At present no criminal cases Sony still left open to future law suits, but EFF’s case over Sony still left open to future law suits, but EFF’s case over http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php

30 30 Sources: 1. http://www.acm.org/serving/se/code.htm 1. http://www.acm.org/serving/se/code.htmhttp://www.acm.org/serving/se/code.htm 2. Lessons from the Sony CD DRM Episode, Authors: J. Alex Halderman and Edward W. Felten Center for Information Technology Policy,Department of Computer Science, Princeton University, Extended Version. February 14, 2006 3. http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php http://www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php 4. http://www.eff.org/IP/DRM/Sony-BMG/ http://www.eff.org/IP/DRM/Sony-BMG/ 5. http://www.f-secure.com/weblog/archives/updated_xcp.gif http://www.f-secure.com/weblog/archives/updated_xcp.gif 6. http://www.sjbaker.org/tux/Penguin.pnghttp://www.sjbaker.org/tux/Penguin.png 7. http://en.wikipedia.org/wiki/Image:Apple-logo.png http://en.wikipedia.org/wiki/Image:Apple-logo.png 8. http://www.fadden.com/cdrpics/data-surface-3.jpg http://www.fadden.com/cdrpics/data-surface-3.jpg

Download ppt "1 The Sony CD DRM Debacle A case study of digital rights management."

Similar presentations

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
EECS 690 February 26. Professions Just to clear up some word confusion: In common usage, a professional is generally anyone who gets paid to do something.

EECS 690 February 26. Professions Just to clear up some word confusion: In common usage, a professional is generally anyone who gets paid to do something.
In the name of God Sharif University of Technology, International Branch, Kish Island Dr. Mohsen Sadighi Moshkenani www.sadighim.ir Chapter 24.

In the name of God Sharif University of Technology, International Branch, Kish Island Dr. Mohsen Sadighi Moshkenani Chapter 24.
Professionalism Professionalism takes more than knowledge

Professionalism Professionalism takes more than knowledge
PROJECT MANAGEMENT ETHICS

PROJECT MANAGEMENT ETHICS
Chapter 1- Ethics Lecture 2.

Chapter 1- Ethics Lecture 2.
CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006.

CD DRM & SONY-BMG: a case study Muhammed Afzal Hussain Digital Rights Management Seminar 17 th May, 2006.
1 J. Alex Halderman Dangerous Tunes Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy.

1 J. Alex Halderman Dangerous Tunes Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy.
1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of.

1 J. Alex Halderman Lessons from the Sony CD-DRM Episode J. Alex Halderman and Edward W. Felten Center for Information Technology Policy Department of.
The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.

The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
Rootkits: Sneaky, Stealthy Toolboxes

Rootkits: Sneaky, Stealthy Toolboxes
These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.

These courseware materials are to be used in conjunction with Software Engineering: A Practitioner’s Approach, 6/e and are provided with permission by.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
Software Engineering Code Of Ethics And Professional Practice

Software Engineering Code Of Ethics And Professional Practice
Ethics CS 415, Software Engineering II Mark Ardis, Rose-Hulman Institute April 15, 2003.

Ethics CS 415, Software Engineering II Mark Ardis, Rose-Hulman Institute April 15, 2003.
1 Software Testing and Quality Assurance Lecture 35 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.

1 Software Testing and Quality Assurance Lecture 35 – SWE 205 Course Objective: Basics of Programming Languages & Software Construction Techniques.
February 28, 2005 1 The Sony BMG DRM Debacle Corynne McSherry, Staff Attorney.

February 28, The Sony BMG DRM Debacle Corynne McSherry, Staff Attorney.

Similar presentations

Ads by Google