Such risks include losing access to digital content if systems are discontinued or devices fail or if players are replaced by systems from a different manufacturer, according to the All Party Parliamentary Internet Group (APIG) which released its report on Digital Rights Management yesterday.
APIG exists to provide a discussion forum between new media industries and parliamentarians. Its inquiry received over 80 written submissions from consumers, think tanks, libraries, print media publishers, the film and music industries and lawyers
It also asked that the OFT makes it "crystal clear" to consumers what they will and will not be able to do with digital content that they purchase. APIG acknowledged that British consumers generally do not know that when they buy a CD, they infringe copyright by recording it to their computer or portable music player.
APIG also recommended that communications watchdog OFCOM publish guidance to make it clear that companies distributing Technical Protection Measures (TPMs) in the UK would, if they have features such as those in Sony-BMG's MediaMax and XCP systems, "run a significant risk of being prosecuted for criminal actions."
Sony-BMG caused an outcry when it shipped CDs in the US with these TPMs last year. Designed to prevent unlawful copying, people trying to play the CD on their computer unwittingly installed the MediaMax software even when they refused permission. The device driver was hidden from standard tools. Similarly, XCP contained what was known as a 'rootkit' – a method of hiding programs so that they did not appear in directory listings. Both systems also contacted a website whenever the user inserted the protected disc – described by APIG as "a gross invasion of privacy."
Consumers and rights-holders told APIG during its consultation that these tools could breach the Computer Misuse Act and the Data Protection Act.
APIG wrote that it was "shocked that a reputable company could mislead purchasers in this blatant manner by ignoring a user's request not to install; altering operating systems without permission so as to hide their programs; and surreptitiously collecting personal data."