EFFector Vol. 18, No. 39 November 11, 2005

A Publication of the Electronic Frontier Foundation
ISSN 1062-9424

In the 355th Issue of EFFector:

* Are You Infected with Sony-BMG's Rootkit?
* Sony-BMG Rootkit: EFF Collecting Stories, Considering
* News Website Can Keep Domain Name After Trademark Fight
* PATRIOT Alert: A Battle Won, but Urgent Action Still
* Passing the Buck: or, the Printer as a Fine French Wine
* Anti-Cell Phone Tracking Judicial Revolution Spreads to
* Non-Profit Coalition Wins Challenge to Federal Watch-List
* miniLinks (9): DRM This, Sony!
* Administrivia

For more information on EFF activities & alerts:

Make a donation and become an EFF member today!

Tell a friend about EFF:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Are You Infected with Sony-BMG's Rootkit?

EFF Confirms Secret Software on 19 CDs

San Francisco - News that some Sony-BMG music CDs install
secret rootkit software on their owners' computers has
shocked and angered thousands of music fans in recent days.
Among the cause for concern is Sony's refusal to publicly
list which CDs contain the infectious software and to
provide a way for music fans to remove it. Now, the
Electronic Frontier Foundation (EFF) has confirmed that the
stealth program is deployed on at least 19 CDs in a variety
of genres.

The software, created by First 4 Internet and known as
XCP2, ostensibly "protects" the music from illegal copying.
But in fact, it blocks a number of legal uses--like
listening to songs on your iPod. The software also
reportedly slows down your computer and makes it more
susceptible to crashes and third-party attacks. And since
the program is designed to hide itself, users may have
trouble diagnosing the problem.

"Entertainment companies often complain that fans refuse to
respect their intellectual property rights. Yet tools like
this refuse to respect our own personal property rights,"
said EFF staff attorney Jason Schultz. "Sony's tactics here
are hypocritical, in addition to being a security threat."

If you listened to a CD with the XCP software on your
Windows PC, your computer is likely already infected. An
EFF investigation confirmed XCP software on 19 titles, but
it's far from a complete list. Sony-BMG continues to refuse
to make such a list available to consumers.

Consumers can spot CDs with XCP by inspecting a CD closely,
checking the left transparent spine on the front of the
case for a label that says "CONTENT PROTECTED." The back of
these CDs also mention XCP in fine print. You can find
pictures of these and other telltale labeling at

"Music fans should protect themselves from this stealth
attack on their computer system," said EFF Senior Staff
Attorney Fred von Lohmann.

For EFF's list of CDs with XCP:

The "legalese rootkit" - Sony-BMG's EULA:

For this release:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Sony-BMG Rootkit: EFF Collecting Stories, Considering

EFF is collecting stories from EFF members and supporters who
have purchased Sony-BMG CDs that contained the rootkit copy
protection software. We're considering whether the effect on
the public, or on EFF members, is sufficiently serious to
merit EFF filing a lawsuit.

If you satisfy the following criteria, we would like to hear
from you:

1. You have a Windows computer;
2. First 4 Internet's XCP copy protection has been installed
on your computer from a Sony CD (for more details, see our
blog post referenced above or the SysInternals blog,
3. You reside in either California or New York; and
4. You are willing to participate in litigation.

We have not made a final decision about filing any legal
action, but we would like to hear from music fans who have
been harmed by the Sony-BMG rootkit copy protection
technology. Please contact for more

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* News Website Can Keep Domain Name After Trademark Fight Settles Fair Use Dispute with Drug

San Francisco - A medical news website, with the assistance
of the Electronic Frontier Foundation (EFF), settled a
dispute with a French pharmaceutical giant over using the
name of a trademarked medication, Acomplia.

The settlement came after EFF filed suit on behalf of the, an independent online newsletter
devoted to reporting about a drug called Acomplia.
Acomplia may help consumers lose weight and quit smoking,
but is not yet approved by the US Food and Drug
Administration (FDA). Since March 2004,
has published original news and commentary about Acomplia's
clinical trials, the drug approval process, and
anti-obesity drugs in general--all aimed at helping
consumers make more informed decisions about their health.

To emphasize the newsletter's impartiality, every page has
always included the subheading "your independent source of
news and reviews about the new diet drug Acomplia."
Nevertheless, drug maker Sanofi-Aventis claimed that the
use of the term "Acomplia" in the AcompliaReport domain
name created a "risk of confusion." Sanofi asked an
international arbitrator to order the domain name
transferred, alleging that the publisher of the
AcompliaReport, Milton R. Benjamin, was a cybersquatter.
Benjamin promptly sought a declaration from a U.S. district
court protecting his right to the domain name, claiming
both fair use and First Amendment rights to the name as an
online publisher.

"Sanofi's tactics threatened to quash free and accurate
speech," said EFF staff attorney Corynne McSherry. "The
website uses the Acomplia mark solely to refer to Sanofi's
product. That use is a textbook fair use. And basic First
Amendment principles barred Sanofi from using trademark law
to shut down an independent news site."

Under terms of Tuesday's settlement,
keeps its domain name, as long as there is a disclaimer
stating that the website is not associated with

"We are happy to have this absurd dispute behind us,
enabling us to focus on independent coverage of the
regulatory process and further development of a novel drug
that appears to have the potential to be of considerable
benefit to many people," said Benjamin. "A news site needs
to be able to use a trademarked name in order to report on
a trademarked product."

For this release:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* PATRIOT Alert: A Battle Won, but Urgent Action Still Needed

Over the next few days, select members of the US House and
Senate will be haggling in conference over the wording of a
new bill to renew the USA PATRIOT Act.

Thanks in part to your calls and lobbying, the House of
Representatives has already instructed its conferees to
attach shorter four year "sunset" provisions to some of the
act's more outrageous surveillance powers. But there are
plenty more checks and balances that still need to be added.

That's why we're asking everyone to call your Representative
and Senators and urge them to tell the conference members to
support the Senate version of the bill, which contains new
safeguards lacking in the House version.

Now is your last best chance to influence the debate over
PATRIOT before the renewal bill reaches the President's desk.
Find out the phone numbers of your Representative and
Senators by clicking below. You'll find more information on
the PATRIOT bill and a suggested phone script for you to use.

Don't hesitate -- call today!

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Passing the Buck: or, the Printer as a Fine French Wine

Xerox responded to our research on how printers made by Xerox
and other companies track the origin of documents you print.
Its new "Xerox Statement on Counterfeit Detection" contains
some bizarre suggestions. The most prominent of these is that
Xerox's invasions of privacy are OK because other privacy
invasions are worse.

"Unlike much of the computer spy-ware prevalent on the
internet today, the yellow dots do not 'contact' Xerox or the
government and send user content or location," the statement
reads. "In a world where your cell phone gives your
location, all your phone calls are logged and available on
the net, your credit card transactions compiled and your
network browsing stored, the 'yellow dots' are innocuous and
they give considerable protection against specific criminal
behavior, such as counterfeiting."

That's right: Xerox defends its decision because it's not as
big an intrusion as spyware, wiretapping, or spying on you
through your cell phone. It's the everybody-else-is-doing-it
excuse. The company seems to be channelling Sun CEO Scott
McNealy, who told a group of journalists in 1999 that "[y]ou
have zero privacy anyway. Get over it."

EFF and other privacy advocates have been fighting for years
to reverse the trends Xerox mentions, or to enhance the tools
available to the public for defending themselves. This month,
we won major victories as courts, agreeing with our legal
arguments, restricted the government's ability to use cell
phones to track individuals' movements. We also fought for
the public's right to use encryption to send private e-mail
and make private telephone calls, and we supported the
development of Tor to help users browse the Internet without
identifying themselves. We argued for computer users' rights
to remove spyware from their own computers and to teach
others how to do so. EFF fought and won court cases
protecting the anonymity of on-line critics. Through these
cases, we helped extend the U.S. tradition of legal
protection for anonymous pamphleteers firmly into the on-line

Xerox goes on to say that we should actually be reassured by
the tracking, since it's for our own protection. "Many
products--cars, food, medicines, computers, toys and many
more, have such features for the protection of customers.
French wines put this proudly on their label."

While it's comforting to know that our office equipment has
something in common with a fine wine, our privacy is
threatened in a particular way by tracking systems embedded
in our communication technologies, in a way that it is
typically not threatened by toys or beverages.

For the full Xerox statement:

For more analysis:

* Anti-Cell Phone Tracking Judicial Revolution Spreads to NYC

One more magistrate judge refused to allow the government's
practice of secretly using cell phones to track people
without probable cause--this time in the Southern District of
New York (Manhattan). The magistrate judge declined to grant
the government's request "without further briefing from the
Government concerning the propriety of issuing these orders."

The SDNY judge sought further briefing due to an August
decision from a magistrate judge in the Eastern District of
New York (Long Island) denying a similar government request.
The government provided a letter brief in support, and, upon
the court's request, the SDNY Federal Defender's Office
responded last week with an amicus brief in opposition.

The US Attorney for the SDNY faces an uphill battle: Two
courts (the EDNY and the Southern District of Texas)
considered the government's arguments so far, and both found
them completely unpersuasive. Recognizing the importance of
this decision, both magistrate judges urged an appeal in
order to allow a Circuit Court to rule on this pernicious

Nevertheless, the US Attorney's Offices in those
jurisdictions elected not to appeal the adverse decisions.
This has not prevented the SDNY US Attorney from moving
forward here, however. Distressingly, the government's brief
reveals that US Attorneys offices all over the country have
"routinely applied for and obtained court orders [compelling]
cellular telephone companies to report...cell site data, for a
particular cell phone on a prospective basis."

EFF applauds those judges and magistrates who care enough
about your rights to challenge the government when it makes
these unsubstantiated requests for cell site data.

For more on government cell phone tracking:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Nonprofit Coalition Wins Challenge to Federal Watch-List

EFF and 12 other national nonprofit organizations won their
battle against a government fundraising policy that required
checking employees against terrorist government watch-lists.
It's a big victory for free speech and privacy--not to
mention the nonprofits and the federal employees who want to
support them through the Combined Federal Campaign, or CFC.

CFC allows federal workers to donate to charities with
automatic payroll deductions, and it raises hundreds of
millions of dollars every year for thousands of
organizations. But CFC rules put in place last year would
have forced us to check all of our employees and expenditures
against several anti-terrorism "black lists" of people and
organizations that the government suspects are linked to

EFF withdrew from the program in protest. We knew that those
watch-lists are created by the government with secret
information that is notoriously unreliable and we refused to
violate the privacy of our clients and employees. But now
that the federal government dropped the list-checking
requirements, EFF will join the CFC again. We hope that our
members will support us and the new policy by donating to EFF
through the CFC.

Press release from the ACLU:

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
miniLinks features noteworthy news items from around the

~ DRM This, Sony!
CNET's Molly Wood lays the smack down on Sony and their
deceptive DRM.

~ Forrester Grieves for the Music Industry
Suggests they're passing through denial, anger, bargaining,
depression--and hopefully, one day, acceptance.

~ DRM Crippled CD: A Bizarre Tale
Market strategist Barry Ritholtz fumes at the idiocy of copy-
restricted CDs.

~ DRM and Universities
A sad, first-hand account of academics demanding DRM for
their own lectures.

~ Computer HDTV tuners down to $150
In a market that would have been eliminated by the broadcast
flag, competition works its magic.

~ The Hole Truth From Wendy Seltzer
Brooklyn Law prof and EFF alumni deconstructs last Thursday's
broadcast flag hearing.

~ Microsoft Reverse-Engineers iPod
Wants to provide iPod to Xbox 360 compatibility.

~ Orphaned Works in our Neighborhood
Bookfinder's founder discovers even his local pasta shop is
affected by copyright's problems.

~ Loose Lips Infringe Trademarks
The New York Metro is attempting to trademark the security
warning "See Something, Say Something."

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)

Rebecca Jeschke, Media Coordinator

Membership & donation queries:

General EFF, legal, policy, or online resources queries:

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the Web


dao bravery


reba and seven in the garden

One willing to take his own life into his hands
Will not hesitate to take the lives of others.

There were once two friends hiking in the mountains. One was a poet, the other was a statesman. They came to a deep ravine, and at the bottom were roaring rapids with a narrow plank bridge spanning the gap.

“Let’s climb down and write our names on the other side,” suggested the statesman. The poet refused. So the statesman went bravely down, crossed the bridge, and wrote their names in beautiful calligraphy. The he climbed back up.
“Someday you will murder a man,” predicted the poet.
“Why do you say that?” exclaimed his companion.
“Those who will take their own lives into their hands will not hesitate to take the lives of others.”

Beware the brave man. He may be a hero, willing to risk his very life, but he will also be willing to endanger the lives of others. After all, he is a risk taker and therefore does not see the wisdom in conservation, compassion, and carefulness. Such a person will threaten others, force his will upon others, and even murder others not out of passion but out of something much more deadly—rationale. He will justify his actions according to ideology, patriotism, religion, and principle.

When attacked, a brave man goes forth with strength, power, and confidence. In that boisterousness, there is little awareness of the subtle. Life is not simple, and it takes a great deal of time to master. Perhaps that is why the brave are youthful while the wise are old.

365 Tao
daily meditations
Deng Ming-Dao (author)
ISBN 0-06-250223-9

Reba and Seven in the Garden
the day after learning Reba has terminal cancer
©2005.10.11 lisbeth west

a lovely letter came to me the other day, and dao shows it to me again today
please enjoy the love shared here:
I enjoy your poetry, so, in the spirit of push-hands (nin so) I offer you a Haiku that came to me about 5 hours into a chi kung, meditation, tai chi workout. I was so tired and I just saw ocean water responding to chi and thus I was infused with more chi and a greater gentleness so that I could finish the difficult form. I still use it as a mantra: Water does no work… Water does no work...Water does no work...Water does no work...Water does no work...Water does no work…

It reminded me of your poetry. Thank you for your site.

Oh, by the way, I think you know my Sifu. His name is Bing Moon Lee. He teaches world-wide but mostly in Denver.

Chan Si Chen Haiku (for you)

Water does no work
Crushing rock to finest sand
Common. Miracle.

Warm regards,

archived at
a reading list of books and interpretations of the Daodejing is available at

Join the daily Taoist meditations mailing list

email to:
See new designs & be first to hear about special sales
duckdaotsu RT


dao smallness (thank you to gabi greve)


Buddha statue in stone garden

You may be capable of great things,
But life consists of small things.

Big things seldom come along. One should know the small as well as the big. We may all yearn to make lasting achievements and to be heroes, but life seldom affords us the opportunities to do so. Most of our days consist of small things—the uneventful meditations, the ordinary cooking of meals, the banal trips to work, the quiet scratching in the garden—and it is from these small things that the larger events of life are composed.

We rarely have the occasion to make grand gestures. The champion gymnast’s greatest moment is but an hour out of an entire lifetime. The works of great artists are viewed for very short times. The master musician’s best composition is but one work in a sea of musical tones. If we want to be successful, it is the small things that we should pay attention to.

We must not fall into the trap of waiting so long for the big things that we let numerous small chances slip right by us. People who do this are always waiting for life to be perfect. They complain that fate is against them, that the world does not recognize their greatness,. If they would lower their sights, they would see all the beautiful opportunities swirling at their feet. if they would humble themselves enough to bend down, they could scoop untold treasures up into their hands.

365 Tao
daily meditations
Deng Ming-Dao (author)
ISBN 0-06-250223-9

Amida Buddha
Amida Buddha

original photograph ©2005 gabi greve, from japan

The above statue is from the Stone Gallery, Sekiraku.

The above statue is from the Stone Gallery, Sekiraku.

Ms. Greve is not only a very talented artist, she is also an amazing woman whose talents reach into the world of Haiku. The link to her page on this subject is

“Here is my Stone Jizo haiku from the same Gallery.”

Amida Buddha comes down from the Paradise in the Westto welcome the souls of the dead and take them back his heaven.
Amida Buddha -
you smile at life
you smile at death
Amida Buddha -
you smile at a friend
who took her own life
(at age 20)

Amida Buddha -
you smile at a mother
who left too early
(at age 53, cancer)
Amida Buddha -
you smile at me
I smile at you

©2005 gabi greve

archived at
(better quality photograph—larger byte size — is located at the archived site)

a reading list of books and interpretations of the Daodejing is available at

Join the daily Taoist meditations mailing list

email to:
See new designs & be first to hear about special sales
duckdaotsu RT