Deflecting Morons' Clueless Assaults


Princeton student John Halderman noticed that Suncomm's foolproof new CD copy protection scheme could be circumvented by… holding down the shift key on your computer. When he published this rather elementary observation, Suncomm did not issue an embarassed apology for trying to sell record companies on such a manifestly brain-dead, useless technology. No, they threatened to sue Halderman under the DMCA. The potential for a massive PR backlash dissuaded them.


NEXT: Nobel Peace Prize Winner

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Taking dragoon’s point out further, the crux of this case is not that Halderman circumvented an original and potent piece of copyright protection, but rather that Suncomm’s claims of that protection as being robust and/or effective were patently false. As such I don’t see how an effective DMCA lawsuit could be made. Suncomm is making a response to salvage their stock price, but it is Suncomm’s fault in the first place for offering such a flimsy architecture as “copy protection”. Had Halderman not published his findings in such a timely fashion, it is likely that the industry would have lost more revenue by trusting in the technology, the average dumb housewife or college student disabling it wholesale in seconds. The real crime here is that Suncomm released such a pathetic and obviously untested offering and expected its woeful shortcomings to be protected by the DMCA.

  2. I read the student’s report. Nothing against him, but it doesn’t take a lot of work to document holding down the shift key or disabling autoplay.

    The best zinger in the report was when he checked Kazaa about 4 days after the release of the CD and – yup – it was out there, getting copied for free. That’s the acid test.

    In all seriousness, I think the reason SomeCon decided against suing that student is that they had to prepare their defense against the lawsuit BMG is certainly about to launch against THEM.

    So – for those keeping score at home – the RIAA’s two best defenses against illegal file swapping have been slayed by Sharpie markers and the shift key. Imagine – somebody, somewhere, is getting paid for coming up for this stuff.

  3. “In the increasingly bitter wars between those advocating stronger anti-piracy protections and those who favor less stringent copyright enforcement”

    This article misses a key point. It reflects society’s paranoid view of hackers as techno-anarchists who want to tear down the world’s technological infrastructure, missing the key fact that there are many of us who support copyright protection but don’t support companies putting out half-assed, untested software that doesn’t live up to its claims, giving businesses and individuals alike that “false sense of security.”

  4. Anon – Nice to hear you say so. I also strongly support copyright law. I have serious concerns about its application, and the enforcement rights our lapdog Congress has granted to media companies.

    I’m not anti-anti-piracy, but I’m anti-crap and I’m anti-getting ripped off. I actually sort of admire SunnComm for at least attempting to preserve some semblance of fair use. I respect them for that much. However, threatening to sue college students for writing essays on Autoplay and the shift key was absurd (at least they quickly relented), and the copy protection scheme was, apparently, laughably inadequate. So they deserve what they get.

  5. Chthus:
    It’s not so much that the RIAA and company are getting bad coders, it’s that the model RIAA is trying to enforce is a joke.

    As long as joe user can play his CD’s on comodity hardware, there will be a way for joe user to copy that CD.

    The only real way to enforce a copy protection on a CD would be to encrypt each track of the CD and require the CD only to be played on a specific device. Even then, you have lots of problems. Key management is damn hard ( DeCSS ) and, even with all that, it’s still possible to hold up a speaker playing the CD to the microphone of a recording device.

    RIAA’s model of scarcity does not work in a digital environment. Does. Not. Work.

    They might have more comercial success if they endorced an itunes – like distribution model.

  6. Rus:

    Forget holding a speaker up to a microphone. That’d give you crappy quality for the most part. Simply run the line out from your soundcard to a line in on any recording device of your choosing. Better quality and arguably easier.

    They can encrypt the audio stream from the CD all the way to the speakers, but its gotta run down some stretch of wire free-and-clear at some point, which is why all this “copy protection” crap will always be totally useless.

  7. I usually use the line in on the same soundcard.

  8. If I were him, I would have just told the company. There was really no reason to go public with his amazing discovery (AutoRun anyone?) except to get his fifteen minutes in the limelight.

  9. Why wouldn’t you post about something that obvious? It’s not like he’d be giving away a big secret–anyone who even slightly knew their way around a computer would figure out the same thing almost immediately. And it’s not like telling the company would’ve done them any good… are we supposed to believe that programmers are unaware that one can disable Autorun?

  10. They might have more comercial success if they endorced an itunes – like distribution model.

    Of course, even with iTunes available, the vast majority of file-sharers continue violate copyright law take songs for free. The idea that a new business model will solve this without any kind of protection and enforcement mechanisms has been tested and disproved.

  11. I hold this as kind of a rule of thumb – any law that is nearly impossible to enforce is probably not a good law. Private companies have found ways around the free-rider problem in every industry where the government didn’t intervene. Why not in intellectual property?

  12. Why would you give the customer what they want, when you have a legal monolpoly for over 90 years and collusive practices with the vast majority of your competitors to keep the prices high?


  13. First the RIAA comes out boasting it’s new, improved, hack proof website; which gets hacked to bits in a matter of hours after the announcement. Now their maginot line copy protection can be bypassed by a 3-year-old.

    Maybe it’s my imagination, but I’m starting to get the feeling that no one worth their salt in the computer industry wants to do business with these guys, and they are left with the dregs that know just enough to wow the execs at the meetings.

    As Fat Mike says: “The dinosaurs will slowly die, and i do believe no one will cry.”

  14. i get a nice buzz from watching the RIAA continually fuck itself over.

  15. Holding down the Shift key isn’t the only way to avoid this; anyone who disabled AutoRun on Windows would never be bothered. I’ve always done so, a lot of technically proficient users do so as well, and many administrators do so as well.

  16. In my office it’s security policy to turn off autoplay, since leaving it on lets you run all sorts of malicious code without the average user realizing it.

  17. I turned Autoplay off on my 8-year-old PC about…8 years ago. And I can barely work my VCR. What a bunch of clowns.

Please to post comments

Comments are closed.