Italian Police Asked to Investigate Sony DRM Code

SAN FRANCISCO -- The fallout continues over Sony BMG Music Entertainment's controversial XCP copy protection software, with an Italian digital rights organization now taking the first step toward possible criminal charges in the matter.

Separately, security vendor Computer Associates International said today it is now classifying Sony's software as spyware and will begin searching for and removing XCP with its antispyware software, starting on November 12.

A group based in Milan called the ALCEI-EFI (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) filed a complaint Friday about Sony's software with the head of Italy's cyber-crime investigation unit, Colonel Umberto Rapetto of the Guardia di Finanza.

Complaint Details

Should police determine that a crime has been committed, prosecutors will be required to begin criminal proceedings against Sony, Monti said.

Sony declined to comment on the story. XCP, used on about 20 of the company's music titles, according to Sony, prohibits Windows users from making more than three copies of any XCP-protected CD. The software does not run on non-Windows operating systems such as Mac OS or Linux.

Within the next seven days, ALCEI-EFI also plans to ask the European Union to investigate the matter, Monti said. "The irony of the case is that pressure from industry lobbies ... have led to weird legislation in Italy that treats copying as a criminal offense," he said. "By spreading a virus-like anticopy device (entertainment companies such as Sony) become the criminals under another, more reasonable, law."

Awash in Criticism

Sony's use of XCP has been widely criticized over the past week, since it was first revealed that the software uses many of the same techniques as spyware and computer viruses to disguise its existence. XCP's developer, a U.K. company called First 4 Internet, has said these techniques were necessary in order to prevent illegal copiers from circumventing the digital rights management (DRM) software, but critics say First 4 has gone too far and that the product may be a security risk.

Sam Curry, vice president of eTrust security management with Computer Associates, said the company will direct its eTrust PestPatrol product to remove XCP from customers' PCs. "We have a scorecard, and there are 22 points that we go through examining how the software behaves," he said. "In this case, XCP is falling down."

Search and Remove

XCP installs itself without adequately notifying users of what it will do to their computers, it is too difficult to uninstall, and it also appears to be in secret communication with Sony servers, Curry said.

Even a software patch released by Sony last week to decloak the hidden digital rights management software counts as spyware, Curry added. "Unfortunately the patch also fails our scorecard," he said. "It fails to notify you about what it's doing, and it can cause the system to crash."

Though XCP uses sophisticated tricks to hide itself from system tools, it can actually be circumvented by disabling the Windows Autorun feature, which launches XCP as soon as the CD is placed into a drive, Curry said.

Autorun can be turned off using Windows system tools, but Curry also suggested a much simpler technique to temporarily disable the feature: Holding down the left shift key when installing an XCP-protected CD.

However, CA has instructions on how to disable the Autorun function here.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
  
Shop Tech Products at Amazon