The Christina Aguilera virus, and how the RIAA can prevent McAfee from mentioning it

Great Debates
1

Let’s say that a new CD by Christina Aguilera has an extra ‘feature’ that prevents the coputer from running if the CD is being copied, by Musicmatch jukebox or CD Creator or such programs say. Let’s say further that this feature is buggy, and it prevents any CDA from being copied, without you knowing it, even your own. You check for viruses, but there aren’t any, then you checked for added programs in your Windows folder, ad you found the source of your problems.
You complain to McAfee or Dr. Solomon about it, and sure enough, they discovered this little program, and determined it to be a trojan horse that they decided to call ChristinaAguilera.A. They were about to make a fix and publish it online, until the RIAA call them to cease all mention of the ‘feature’, under the DMCA.

That’s right, a record company can insert a virus/bug in your computer via a CD you are playing, and prevent anybody from mentioning about it and make fixes against it, under this act.

2

Cite?

3

Excuse my ignorance, but what’s the DMCA?

4

>> a record company can insert a virus/bug in your computer via a CD you are playing, and prevent anybody from mentioning about it and make fixes against it, under this act

I find that extremely hard to believe. Can you show us some supporting evidence?

5

Perhaps you’re referring to Charlie Pride’s new CD? If so, it doesn’t use a virus to achieve copy-protection.

6

Virus schmirus. They’re putting Christina Aguilera songs on those CDs.

7

So they have to go through all the trouble of pulling all the files off the cd, deleting that program, then burning all the rest of the files to disk.

8

What if they declare that program I mentioned to be protected under the DMCA, like SDMI or CSS is supposed to be, in that no one can mention about its algorithm, nor send codes to deactivate it or while the CD is playing, nor send fixes to without their permission? A judge ruled that essentially, they can do that, in the cases vs 2600.org and the Scandinavian inventor of DeCSS.

9

Capacitor, what you are saying just makes no sense to me. An audio CD has no “programs”, just audio data. The CD-audio format can only hold audio files and only in a very specific format (no compression, etc). What you are saying just makes no sense to me. Can you explain this and where you got the information?

10

A CD-ROM can have both audio tracks and a data segment. CD players will see only the audio tracks, while computers will be able to see both regions. Windows computers will, upon the insertion of a CD, look for a file called “autorun.bat” in the root directory of the data region, and run it.

So, while I doubt capacitor’s supposition is based upon a real virus-infected audio CD, a real virus could, theoretically, be on a CD that plays just fine on a CD player. Of course, the above would have no effect on someone not running a Microsoft operating system.

11

>> Windows computers will, upon the insertion of a CD, look for a file called “autorun.bat” in the root directory of the data region, and run it

Only if you have the “autorun” ON, which I don’t, and it would run whether you are copying the audio, or just listening or nothing at all. It makes no difference.

So what would be the purpose of doing such a thing? I find it very difficult to believe any reputable recording company would put a virus in their audio CDs and I find it impossible to believe it would be illegal to publish this information if it were discovered to be true. It just makes no sense and sounds more like one of those internet rumors. I’d like to see some solid information on this.

12

http://www.salon.com/tech/log/2001/04/26/felten/

Depressingly, Capacitor’s line of enquiry is very valid.

13

Oh, good grief.

Capacitor, I would humbly suggest that you read the DCMA (the Digital Millenium Copyright Act, 17 U.S.C § 1201 et. seq.) rather than relying on the information you receive from groups whose views are perhaps not fairly described as neutral towards this issue.

The DCMA criminalizes circumventing “a technological measure” that controls access to a copyrighted work, as well as distributing such a measure to others.

If there were a virus that used encoding similar to CSS, then the virus protection makers would, in fighting it, not be distributing a measure that controlled access to a copyrighted work. They would be fighting a virus that controlled access to works that are owned or licensed, legitimately, by the user. The mere fact that this work might also apply to breaking CSS does not automatically make it illegal.

In the same vein, it might be illegal in your jurisdiction to sell drug paraphenelia, and if I have a store that sells rolling paper, pipes, glass tubes, metal screens, and the like, I could probably be prosecuted for it. But if I own a hardware store, I can sell pipes and screens and glass tubes quite legally.

Don’t get your hopes up – you can’t distribute a DeCSS-like system and make some half-assed claim that you’re fighting a virus. One section of the DMCA says that there are factors to be considered in determining the good faith of someone claiming to be working on encryption, for instance (another legal exception to DCMA’s rules):
*(A) whether the information derived from the encryption research was disseminated, and if so, whether it was disseminated in a manner reasonably calculated to advance the state of knowledge or development of encryption technology, versus whether it was disseminated in a manner that facilitates infringement under this title or a violation of applicable law other than this section, including a violation of privacy or breach of security;

(B) whether the person is engaged in a legitimate course of study, is employed, or is appropriately trained or experienced, in the field of encryption technology; and

© whether the person provides the copyright owner of the work to which the technological measure is applied with notice of the findings and documentation of the research, and the time when such notice is provided.*

From this we see that an inquiry into the real purpose of the decryption is not only encouraged but mandated.

In short, the OP’s scenario is not realistic at all. Not only would no prosecutor ever proceed under the facts mentioned, the plain meaning of the statute protects a virus antidote company from any liability under the law.

  • Rick
14

Please compare your claim that “inquiry into the real purpose of the decryption is not only encouraged but mandated” with this letter from the RIAA to Professor Felten of Princeton Uni, threatening legal action if he held a seminar on how his team had cracked the SDMI challenge.

15

Gary,

My only familiarity comes from reviewing the link you provide. Based on it, I would cautiously opine that the RIAA doesn’t have much of a leg to stand on here. The actions taken in pursuit of completing the Challenge seem to fall squarely within the authorized exceptions to the DCMA.

But I never said that the RIAA wouldn’t threaten meritless action. I said that “…an inquiry into the real purpose of the decryption is not only encouraged but mandated,” and “Not only would no prosecutor ever proceed under the facts mentioned, the plain meaning of the statute protects a virus antidote company from any liability under the law.” Nowhere did I say that an antivirus company - or any enemy of the RIAA - would be protected from the mere threat of a lawsuit.

I don’t mean to diminish the “mere threat.” As Professor Felten indicates, litigation is expensive and time-consuming, regardless of the merits of the case. But in this case I would say they were on solid enough grounds that any legal action should ultimately be fruitless. Of course, this judgement is based only on what Felton’s link says; I have no idea what claims the other side may ultimately make.

  • Rick
16

In the OP, however, the “virus” does have a legitimate purpose under the DMCA: that of preventing access to copyrighted works. It just so happens that the program that performs this function has an unfortunate side effect.

Maybe true, but beside the point. If the fix had as a side effect the property that applying it to CSS-encoded material allowed the encoded material to be accessed, then the fix would run afoul of the DMCA (regardless of whether the person had a legitimate right to access said materials or not). This is exactly the position the DeCSS code is in. It was originally written to give a particular person access to copyrighted material that person had a legitimate right to access.

Arguments from incredulity are weak.

17

>> Depressingly, Capacitor’s line of enquiry is very valid.

No it is not. It is a total misrepresentation of the facts as I read them in those links. There is no virus whatsoever and the issue is whether the professor gave up his right to publish his findings when he signed up for the RIAA challenge.

The way i understand it is: (1)The RIAA has developed an encryption scheme, (2) the RIAA invited people to participate in a contest to break the encryption scheeme (3) I suppose when they signed up they agreed to certain conditions one of which was not to divulge their findings(4) this professor, after signing, decided to bail out and publish his findings (5) the RIAA is suing him for this.

Now, I have no position on who is right here, the courts will decide that. But one thing is clear to me, the OP

is an absolute misrepresentation of the facts.

18

Putting aside the particular case of the professor, the OP is pretty much on the money.

One might find the idea that a company would sell a product that would forbid you to do something you have every right to do a bit strange, but it’s coming down the pike. For an example of this happening in hardware, see http://www.theregister.co.uk/content/2/15684.html and associated links. Sure, you might have copyrighted material that you’re legally allowed to access, but if your hard drive says no, you can’t have it. And fixing the drive to get it to work would be illegal. Most likely, describing a method by which to fix it would also be illegal. It wouldn’t surprise me if the hardware companies attempted to make the very existence of such “functionality” a trade secret, forbidding anybody from even discussing its existenc

19

Ok, I admit that my situation seems partly on the hysterical side, but let’s take a more realistic hypothetical situation. MPAA finally develops a CSS decoder for Linux; however, it contains a ‘feature’ that takes advantage of Linux’s open policy, and this feature broadcasts information about every media file the user played and copied, in that computer, to the movie company’s site, bypassing all opt-outs and firewalls. Let’s say that a venerable researcher such as Thomas Gibson figures out what happened and, of course, wishes to publish what he discovered, upgrading his anti-spyware application. The MPAA responds by suing him, claiming the feature is covered under the DMCA. After all, they are compiling evidence of copyright violation, and he is obstructing justice.

20

Let me ask you this: Is the DMCA, as currently implemented, so flawless a piece of legislation that you are reduced to inventing stories from whole cloth in order to attack it?

If so, I have changed my mind. I now support it.