You know, I understand the need to protect one’s intellectual property assets. I do. And I understand the frustration of those companies in the entertainment business that put out a product electronically only to have it instantly copied and distributed.
But I think it’s going a little far for a recording label to load a piece of software onto a user’s computer that is supposedly only for controlling and playing a protected music CD, but actually hijacks parts of the computer itself. We prosecute hackers for this. But that’s what Sony/BMG did, apparently thinking no one would notice. Someone did. In its attempt to keep its intellectual property safe, Sony has compromised its own customers and created a nightmare PR problem for itself.
I have to admit I’m nearly numb with amazement about this case. I’m usually rather circumspect about the companies I mention here. I’m eyebrow-deep in technology myself, so I know how many unanticipated riptides it has. When I first heard about Sony’s little hacker package, I immediately thought the bloggers and technology reporters were plumping up the case. But the reverse is true. Every week brings some fresh shocker about Sony’s mixture of arrogance, greed and colossal stupidity.
It all begins with music CDs and computers. Music CDs can be played on computers, and indeed their contents can be copied and stored electronically on computers. After that, there’s theoretically nothing to stop anyone from copying the music ad infinitum and shooting the copies all over the globe, with no further payment to the recording labels or artists. This has driven the labels nuts, and understandably they have been engaged in a furious and expensive research program to create CDs that couldn’t be copied.
One of the first attempts was a CD that wouldn’t play in a computer. That didn’t fly on the market. People like to play music at work, on their computers. Then another scheme was tried that would play the CD, but not allow copying. That one was found to be vulnerable to circumvention by nothing more complicated than a felt-tip pen. Other copy protection devices have been tried with mixed success. Any protection scheme has to restrict copying, but permit both play and limited copying, so customers can make backups.
Sony apparently decided to go to the heart of the matter. Some of its newest CDs could be played on a computer, but only through Sony’s own media player software, which had to be loaded onto the customer’s computer. The CDs could be copied, but only three times.
How to enforce this limit? Well, Sony opted to plant secret software on the customer’s computer to control the situation. Sony did not reveal this to the customer. If the customer found out and tried to delete the Sony media player, the customer’s computer would quit working properly, thanks to poor programming.
The secret software was protected by a cloaking device, something computer professionals call a “rootkit.” Now, hackers use rootkits a lot, as you might expect. They conceal the fact that other software is at work. A security researcher named Mark Russinovich found the Sony rootkit in October and announced it on his blog, whereupon Sony began a frantic round of denials (www.sysinternals.com; click on Mark’s Blog).
Worse was to come. Rumors sprang up that part of what Sony was cloaking was “phone home” software, which would send information from a customer’s machine to the mothership at Sony. Sony denied this
Sony reluctantly released an “uninstaller” for its rootkit, but it was hard to get and didn’t work properly. Then it was revealed that Sony’s rootkit was making a dandy tool for hackers who wanted to jump-start their own surreptitious theft. Sony seems oblivious to what it has done, and seems aghast that anyone would care about a rootkit, despite the fact that it posed serious security and privacy issues, all under a veil of secrecy. Class-action lawsuits are being planned. Sony has withdrawn the product now, but that likely won’t help Sony’s nowhumongous PR problem.
What’s even more astounding is that Sony is a technology innovator, famous worldwide for many of its breakthrough products, such as the revolutionary Walkman. These people should have known better. Surely someone within Sony knew what might happen.
Once again, in the intellectual-property battle between multinational corporations and techies, the guys with the keyboards have publicly body-slammed the guys with the money. Even with governmental support around the world, the entertainment industry corporate types have been humiliatingly bested. It may be time for them to rethink strategy, before more executives get hurt running with hightech scissors.
Altom is a senior business consultant for Perficient Consulting. His column appears every other week. He can be reached at firstname.lastname@example.org.