Monday, November 21, 2005

The Sony Fiasco: How Far Will the Copyright Holders Go?

Note: I heard that this spyware is on the new Ginuwine CD.

Digital Rights Management has been right smack in the middle of the news for the last several weeks, ever since Mark Russinovich ran across a rootkit on his computer and tracked it down to a Sony media player that he'd installed in order to play a Sony music CD. It was part of the XCP DRM software that's supposed to prevent users from making more than a set number of copies of the songs on the CD.

The story hit the mainstream media and the proverbial waste byproducts hit the oscillating instrument as consumers learned that a major record company was introducing a type of software generally regarded as malicious to their systems without their knowledge.

Even the U.S. government got into the act. Stewart Baker, of the Department of Homeland Security, had a statement to representatives of the Recording Industry Association of America (RIAA), one of the foremost defenders of DRM and the force behind all the lawsuits against alleged music pirates - including young children and grandparents who never even used their computers. Baker reminded them that "it's very important to remember that it's your intellectual property - it's not your computer."

You've got to wonder if that came as a shock to the RIAA. Although they are adamant about protecting their property, they seem to think they have every right to invade the privacy of computer users and use those people's property without permission in furtherance of their cause.

Some of our readers wrote to ask exactly what a rootkit is, how they can find out if they have it on their computers, and how to get rid of it if they do. Well, rootkits have traditionally been hacker tools, which can disguise the fact that a system has been compromised.

Luckily, Microsoft has included detection and cleanup of the Sony rootkit in their malicious software removal tool (MSRT), which is updated monthly to handle new threats. Sony has released a service pack to remove the cloaking technology, which you can download at:

However, Russinovich cautions that the patch itself can create problems and recommends that you uninstall the software manually. He provides instructions on how to do so in his blog at:

Experts say the rootkit has probably been installed on at least half a million computers.

Sony, perhaps recognizing what the bad PR can do to their sales, has now issued a recall of the CDs that contain the rootkit technology. This happened after several viruses were discovered that take advantage of the rootkit to hide their own activities. If you have one of the copy protected CDs, you can send it back to Sony and get a new one that doesn't have the rootkit. A list of the albums that contain the XCP technology and instructions on how to get the replacement CD are available here:

They've also placed a link on their frontpage providing information about the copy protection technology. And if you bought the CD from Amazon, that company is offering full refunds to customers who purchased the rootkitted CDs from them see:

Here's another thing about the whole thing that bothers me: No one else seems to have brought up the question of whether Sony could possibly be the only company doing this? I suspect it may be that they're just the only one who got caught. Of course, Sony is making sure to spread the blame to the British company that provided them with the DRM software, First 4 Internet. That company, along with Sony, argues that the rootkit doesn't pose a security vulnerability. We do know that Warner Music, Universal and EMI signed up with First 4 Internet for trials of their copy protection.

Some industry pundits have speculated that Sony's merger with BMG may have contributed to the whole fiasco. You can read more on that theory here:

Whatever the reasons, I hate to see this happen and I especially hate the way Sony has dragged their feet on taking responsibility and fixing the problem. I say that because, as a consumer, I have a long and good relationship with Sony. We own Sony big screen TVs, Sony home theater systems and Sony Vaio laptop computers. We've had good experiences with all of them.

However, we've heard horror stories about Sony's entertainment divisions before. Best-selling author Dean Koontz has repeatedly recounted his experiences in trying to get his name taken off a movie made by Sony Pictures (and recently got in hot water for the way he told the story). We know that in a company as big as Sony, it's very possible that one hand doesn't always know what the other is doing. We hope the rootkit disaster will be a wakeup call to all music companies and movie studios that all is not fair in love and war and copyright protection.

What do you think? Should Sony take most of the blame for the rootkit, or do you think they were duped by First 4 Internet? Are they unique, or do you think other record companies are doing similar things and just not getting caught? Should users who installed the rootkit be compensated (beyond the exchange for a new non-copy protected CD)? Do you support the lawsuits filed against Sony? Do you support a boycott of Sony products? Or is the whole story just much ado about nothing? Let us know your opinions at

1 comment:

  1. Anonymous6:29 AM

    I agree with the lawsuites, completely. The music industry has screwed it self for the past five years with the internet downloads. They are overreacting now because they were slow to react then. The same for the RIAA, these are old men that no longer have a grasp on the market. The make this far reaching attempts to copy protect their music, when it has been proven that music downloads didn't affect the profits of the industry the way they thought, and that people would by legal downloads, had the RIAA been willing to change with the times. Now anything the music companies get is well deserved karma.