Seems the news item I mentioned the other day about the Beastie Boys’ new CD, To the Five Boroughs, installing DRM software without your consent or knowledge has touched off quite a response on the Net. I’ve been following the thread at the BugTraq entry where I first read this and it appears that this issue may only affect CDs in regions other than the US and UK. One message in the thread pointed to an entry on Boing Boing.net which has been updated to include a comment from someone with contact with the band:
Update: Ian sez, “Hi, I’m not sure who posted re: Beastie Boys copy protection, but I just spoke with Mike D and their management and they wanted me to pass along that a) This is all territories except the US and UK—US and UK discs do not have this protection on them; b) All EMI CDs are treated this way, theirs isn’t receiving special treatment; c) They would have preferred not to have the copy protection, but weren’t allowed to differ from EMI policy.”
So, if you’ve got yourself a copy of the US or UK release then it’s quite possible this isn’t an issue for you, though it should still be of some concern as the folks at The Register point out:
But assuming that the unconfirmed reports are accurate, we have here a media company infecting users’ machines silently with a file that affects a computer’s functionality, without first obtaining informed consent: a likely violation of pretty much every jurisdiction’s anti-hacking laws. It’s possible to foresee criminal charges being brought at some point: after all, having a good reason for spreading malware has never been much of a defence in court. And a file that alters a computer’s functioning without the owner’s informed consent is the very definition of malware. Because this malware can be transferred from machine to machine on a removable disk, and requires user interaction to spread, it is, quite simply, a computer virus. (A worm, on the other hand, is distinguished by its ability to spread without user interaction.)
I’d probably debate trying to define this as a computer virus, but it certainly qualifies as a form of malware. I’m guessing there’s probably some fine print someplace on the packaging for discs that have this software on it that makes the statement that by placing the CD in your drive you are consenting to the installation of the software. This would be more than easy to put into place as a cover-your-ass provision should someone try to sue as they can always fall back on the it’s-not-our-fault-these-dumbasses-didn’t-read-the-EULA argument. The Register article goes on to discuss various ways you can bypass the installation of the DRM software if you have a suspected disk such as holding down the SHIFT key as you load the CD into the drive on your Windows PC to temporarily disable the autorun feature and they also discuss how to go about removing the DRM software on your PC if it’s been installed already.
OK, so the main thing I wanted to get across was that if you’re here in the US or over in the UK and bought the new BB CD you probably don’t have to worry about this issue after all. If you’re anywhere else then you may want to import the CD from the US or the UK.