SunnComm says it will ensure that future versions of MediaMax will not install when the user declines the end user license agreement (EULA) that appears when a CD is first inserted in a computer CD or DVD drive. SunnComm has also agreed to include uninstallers in all versions of MediaMax software, to submit all future versions to an independent security-testing firm for review, and to release to the public the results of the independent security testing. SunnComm and EFF are discussing how to ensure that legitimate security researchers who have been, are, or will be working to identify security problems with MediaMax will not be accused of copyright violations under the Digital Millennium Copyright Act (DMCA).
In January, SunnComm published a complete list of all music CDs that employ the MediaMax technology and sent a letter to the independent labels using MediaMax with information about a security vulnerability in MediaMax version 5. Music label Sony BMG has separately committed to addressing security concerns arising from CDs using MediaMax.
EFF wrote the open letter to SunnComm because of its concerns about the MediaMax software, which is included with a wide variety of music from independent labels, such as Cuban Link's "Chain Reaction" by Men of Business Records, Peter Cetera's "You Just Gotta Love Christmas" by Viastar Records, and several releases on KOCH Records.
The problems with MediaMax came to light in November and December 2005, after independent security analysts discovered problems on Sony BMG CDs that included MediaMax. EFF and others subsequently brought legal actions against Sony BMG based on its distribution of the MediaMax titles, and a settlement in that case provided a remedy for music fans who bought Sony BMG MediaMax CDs.
EFF's open letter to SunnComm:
List of CDs with SunnComm MediaMax 5:
List of CDs with SunnComm MediaMax 3: