Sony DRM Rootkit Violates Open Source License

Sony’s infamous rootkit based DRM software has been at the center of much attention for the last few week. That are facing a class action lawsuit. In the face of serious consumer backlash they recently decided to withdraw their copy-protected cd’s which compromises the security of users. Now it appears Sony is headed for more troubled waters on multiple fronts.

The XCP software from UK company First4Internet that Sony used to prevent unauthorised copying of its music CDs contains code “infringing the copyright of several open source projects”, DVD Jon (Jon Lech Johansen) notes in his blog.

The code was originally uncovered by Finnish software developer Matti Nikki, who also discovered other copyright violations - “Multiple software components on the CD have references to the LAME open source MP3 code”.

“We can confirm that at least 5 functions in the XCP software are identical to functions in LAME,” said Thomas Dullien security software firm Saber Security, which specialises in analysis of complex software.

Code in the LAME application is licensed under the lessser GNU General Public Licence (LGPL). While not as strict as GPL it requires attribution for the original authors.
Link

LGPL also has some of the viral attributes of GPL like: ” if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.”

As far as I can see Sony violated all of them.

PS. I created a prototype search interface for searching for only non-copy-protected CD’s in Amazon. Let me know if you like it.