Sony Spyware Leads to DRM Backlash
David Shamah, The Jerusalem Post November 8, 2005
In certain movies and TV shows, the musical background track is almost as important as the actual show itself. Music plants itself in the mind and memory as no visual can – so a movie or TV show about life in the 60s will, as a matter of course, have background tunes playing to evoke memories of the era. It's amazing how long forgotten songs can bring back powerful memories – and, of course, sell more tickets. Proving that, in the final analysis, what we really get when we buy a CD is an “experience” - a memory and a feeling that can last a lifetime.
And that's all we need, as far as Sony Music (know corporatively nowadays as Sony BMG) is concerned. In what can only be termed a “scandal,” it was revealed last week that the Sony people took extreme steps, to the point of jeopardizing customer's computers, to ensure that the only thing you'll be able to retain when playing one of their artists' CDs is the memory of the music – and not, heaven forfend, a copy of it.
This sordid tale of DRM (Digital Rights Management) gone wild began several weeks ago, when a computer literate fellow was giving his system a routine exam for virus-type software and “rootkits,” which are usually programs that are surreptitiously installed on a computer to hijack its processes for some nefarious purpose. After discovering a hidden directory, several hidden device drivers, and a hidden application, the fellow put two and two together and linked the presence of the hidden files to a CD he had purchased and played in his computer's CD drive.
The software is part of a copy protection scheme Sony BMG includes with some of its CDs (in this case, Van Zant's “Get Right With the Man”) to prevent “excessive” copying or ripping (converting to MP3 format) of CDs; after you've ripped or copied the CD three times, the copy protection scheme (developed by a company called First4Internet) prevents further copying.
While not in the best of taste, Sony BMG is certainly within its rights to implement any copy protection scheme it wants on the music it sells – just as consumers have a right to boycott that product. And Web sites that sell the CD, like Amazon, prominently advertise the fact that the CD Is copy protected. No problem there either. But what Amazong doesn't tell you – nor Sony, for that matter – is that the company included a little “insurance” to make sure the user complied. The rootkit that started the chain of events revealing the issue was there in order to hide the existence of the software that was automatically installed when you played the CD (and it is only playable on a computer with a special player included on the disc; the CD is playable on any non-computer CD player).
There was apparently no way to uninstall the rootkit using the usual Windows uninstall control panel, and of course no uninstallation utility itself. Remember, the copy protection software itself was invisible, and meant to stay that way. And uninstalling the program or the rootkit using “unconventional” methods – meaning removing them physically – resulted in damaging the device driver for the CD, rendering it inoperable altogether! Now it was no longer a matter of protecting digital files from being copied. Instead, customers' computers were now at risk, because inadvertent or intentional removal of the software – which, remember, had surreptitiously installed itself into the listener's system in the first place – could cause significant damage to a computer's ability to use its CD!
In fact, the company was actually misleading customers, according to some customers who checked out the secret software's activities. Although the Sony EULA (End User License Agreement, available on-line at http://www.sysinternals.com/blog/sony-eula.htm) does say that customers, by playing the CD on a computer, are agreeing to the installation of “a small proprietary software program,” the EULA does not mention it cannot be uninstalled. It also doesn't reveal that the software “phones home” - i.e., it contacts a Sony Web site and records information about the use of the product on your computer!
The story was first revealed on a blog (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) and was quickly picked up by tech Web sites and the mainstream media, making its way in a matter of days to the BBC, Washington Post, and other publications. The viral-like manner in which the story spread is, in and of itself, a testimony to the newfound influence of blogs, and their growing importance. But that's a different story.
Meanwhile, as the Sony copy protection scheme itself gained circulation, Sony BMG was put under pressure to respond. At first the company tried to pooh-pooh the whole issue – perhaps hoping it would go away – saying that there was “nothing new” in such schemes, and that they were actually standard fare for DRM, the concerns expressed by many users on dozens of tech Web sites prompted the company to issue a “fix” to what was being called Sony's “spyware” (http://blogs.zdnet.com/Spyware/index.php?p=696) by some anti-virus experts.
And so, the company developed an uninstaller for the whole setup, accessible from the Sony FAQ page (http://cp.sonybmg.com/xcp/english/faq.html). However, even this concession was apparently done begrudgingly, and again raised the hackles of customers who had become alarmed over the whole story. Instead of supplying a public download or You can only get the uninstall directions by giving Sony information about who you are and where you purchased the CD in question – and the uninstaller has to be downloaded onto the computer you want to uninstall the copy protection software from. Which would be bad enough – but apparently, the uninstaller itself can put your system at risk of crashing! (http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html).
Meanwhile, as one commentator pointed out, the entire Van Zant album (as well as others put out by Sony that have the same scheme built in) are freely available on file sharing sites, clean of any copy protection software or spyware. The bottom line: People who try to do the “right thing” and purchase their music are penalized, while the ostensible criminals who violate EULAs and purchase agreements get off scot-free. It sounds like the kind of justice you'd find in the Bizarro universe – which, unfortunately, the advocates of DRM at Sony seem to be trying to import to our own universe.
Ds@newzgeek.com