Page 26

We thank the readers of Freedom to Tinker for their comments on partial drafts that we posted there;

thanks especially to C. Scott Ananian, Randall Chertkow, Tim Howland, Edward Kuns, Jim Lyon, Tobias
Robison, Adam Shostack, Ned Ulbricht, and several pseudonymous commenters. Shirley Gaw, Janek Klawe,
and Harlan Yu provided helpful last-minute suggestions. Thanks to Claire Felten for help with copy-editing.

This material is based upon work supported under a National Science Foundation Graduate Research

Fellowship. Any opinions, findings, conclusions or recommendations expressed in this publication are those
of the authors and do not necessarily reflect the views of the National Science Foundation.

References

[1] Class action complaint. In Hull et al. v. Sony BMG et al., 2005. http://www.eff.org/IP/DRM/Sony-BMG/sony

complaint.pdf.

[2] Consolidated amended class action complaint. In Michaelson et al. v. Sony BMG et al., 2005. http://sonysuit.

com/classactions/michaelson/15.pdf.

[3] Original plantiff's petition. In State of Texas v. Sony BMG Music Entertainment, 2005. http://www.oag.state.tx.

us/newspubs/releases/2005/112105sony pop.pdf.

[4] Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman. The Darknet and the future of content distri-

bution. In ACM Workshop on Digital Rights Management, November 2002.

[5] Jesse Burns and Alex Stamos. Media Max access control vulnerability, November 2005. http://www.eff.org/IP/

DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf.

[6] Computer Associates. Disabling autorun. http://www3.ca.com/securityadvisor/pest/collateral.aspx?cid=76351.

[7] Ingemar Cox, Joe Kilian, Tom Leighton, and Talal Shamoon. Secure spread spectrum watermarking for multi-

media. IEEE Transactions on Image Processing, 6(12):16731687, 1997.

[8] Scott A. Craver, Min Wu, Bede Liu, Adam Stubblefield, Ben Swartzlander, Dan S. Wallach, Drew Dean, and

Edward W. Felten. Reading between the lines: Lessons from the SDMI challenge. In Proc. 10th USENIX
Security Symposium, August 2001.

[9] Steven Davis. New RealPlayer avoids Apple DRM license. eWeek, January 2004. http://www.eweek.com/

article2/0,1895,1523392,00.asp.

[10] Edward W. Felten and J. Alex Halderman. Digital rights management, spyware, and security. IEEE Security and

Privacy, January/February 2006.

[11] Allan Friedman, Roshan Baliga, Deb Dasgupta, and Anna Dreyer. Underlying motivations in the broadcast flag

debate. In Proc. Telecommunications Policy Research Conference, September 2003.

[12] J. Alex Halderman. Evaluating new copy-prevention techniques for audio CDs. In Proc. ACM Workshop on

Digital Rights Management (DRM), Washington, D.C., November 2002.

[13] J. Alex Halderman. Analysis of the MediaMax CD3 copy-prevention system. Technical Report TR-679-03,

Princeton University Computer Science Department, Princeton, New Jersey, 2003.

[14] Sam Hocevar. Suspicious activity? Indeed, November 2005. http://sam.zoy.org/blog/2005-11-21-suspicious-

activity-indeed.

[15] Greg Hoglund. 4.5 million copies of EULA-compliant spyware, October 2005. http://www.rootkit.com/blog.

php?newsid=358.

[16] Greg Hoglund and James Butler. Rootkits: Subverting the Windows Kernel. Addison-Wesley, 2005.

[17] Kazumasa Itabashi. Trojan.Welomoch technical description, December 2005. http://securityresponse.symantec.

com/avcenter/venc/data/trojan.welomoch.html.

[18] Jon Lech Johansen and Sam Hocevar. DRMS source code. http://trac.videolan.org/vlc/file/trunk/modules/demux/

mp4/drms.c.