Objet : Informatique déloyale (liste à inscription publique)
Archives de la liste
Article "The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident"
Chronologique Discussions
- From: Benoît Sibaud <bsibaud AT april.org>
- To: informatique-deloyale AT april.org
- Subject: Article "The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident"
- Date: Wed, 19 Dec 2007 14:22:36 +0100
Retour sur le rootkit Sony BMG sur les CD audio en 2005
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1072229
«
DEIRDRE MULLIGAN
Affiliation Unknown
AARON K. PERZANOWSKI
Berkeley Center for Law & Technology
Berkeley Technology Law Journal, Vol. 22, p. 1157, 2007
Abstract:
Late in 2005, Sony BMG released millions of Compact Discs containing
digital rights management technologies that threatened the security of
its customers' computers and the integrity of the information
infrastructure more broadly. This Article aims to identify the market,
technological, and legal factors that appear to have led a presumably
rational actor toward a strategy that in retrospect appears obviously
and fundamentally misguided.
The Article first addresses the market-based rationales that likely
influenced Sony BMG's deployment of these DRM systems and reveals that
even the most charitable interpretation of Sony BMG's internal
strategizing demonstrates a failure to adequately value security and
privacy. After taking stock of the then-existing technological
environment that both encouraged and enabled the distribution of these
protection measures, the Article examines law, the third vector of
influence on Sony BMG's decision to release flawed protection measures
into the wild, and argues that existing doctrine in the fields of
contract, intellectual property, and consumer protection law fails to
adequately counter the technological and market forces that allowed a
self-interested actor to inflict these harms on the public.
The Article concludes with two recommendations aimed at reducing the
likelihood of companies deploying protection measures with known
security vulnerabilities in the consumer marketplace. First, Congress
should alter the Digital Millennium Copyright Act (DMCA) by creating
permanent exemptions from its anti-circumvention and antitrafficking
provisions that enable security research and the dissemination of tools
to remove harmful protection measures. Second, the Federal Trade
Commission should leverage insights from the field of human computer
interaction security (HCI-Sec) to develop a stronger framework for user
control over the security and privacy aspects of computers.
Keywords: DRM, TPM, copy protection, HCI-Sec, rootkit, copyright, DMCA,
security
»
--
Benoît Sibaud
- Article "The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident", Benoît Sibaud, 19/12/2007
Archives gérées par MHonArc 2.6.16.