Italian police asked to probe Sony copy protection code

IDG News Service - The fallout continues over Sony BMG Music Entertainment's controversial XCP copy protection software, with an Italian digital rights organization now taking the first step toward possible criminal charges in the matter.

Separately, security vendor Computer Associates International Inc. said yesterday that it is now classifying Sony's software as spyware and will begin searching for and removing XCP with its antispyware software beginning later this week.

On Friday, the Milan-based ALCEI-EFI (Association for Freedom in Electronic Interactive Communications - Electronic Frontiers Italy) filed a complaint about Sony's software with the head of Italy's cybercrime investigation unit, Col. Umberto Rapetto of the Guardia di Finanza.

The complaint alleges that XCP violates a number of Italy's computer security laws by causing damage to users' systems and by acting in the same way as malicious software, according to Andrea Monti, chairman of the ALCEI-EFI. "What Sony did qualifies as a criminal offense under Italian law," he said in an e-mail interview.

Should police determine that a crime has been committed, prosecutors will be required to begin criminal proceedings against Sony, Monti said.

Sony declined to comment on the situation. XCP, used on about 20 of the company's music titles, according to Sony, prohibits Windows users from making more than three copies of any XCP-protected CD. The software does not run on non-Windows operating systems such as Mac OS or Linux.

Within the next seven days, ALCEI-EFI also plans to ask the European Union to investigate the matter, Monti said. "The irony of the case is that pressure from industry lobbies ... [has] led to weird legislation in Italy that treats copying as a criminal offense," he said. "By spreading a viruslike anticopy device, [entertainment companies such as Sony] become the criminals under another, more reasonable law."

Sony's use of XCP has been widely criticized over the past week, since it was first revealed that the software uses many of the same techniques as spyware and computer viruses to disguise its existence. XCP's developer, a U.K. company called First 4 Internet Ltd., has said these techniques were necessary in order to prevent illegal copiers from circumventing the digital rights management software, but critics say First 4 has gone too far and the product may be a security risk.


In fact, CA has now classified the product as spyware and will soon direct its eTrust PestPatrol product to remove XCP from customers' computers, according to Sam Curry, vice president of eTrust security management at CA. "We have a scorecard, and there are 22 points that we