Sony spyware leads to DRM backlash

While not in the best of taste, Sony BMG is certainly within its rights to implement any copy protection scheme it wants on the music it sells.

By DAVID SHAMAH
cracked cd 88 (photo credit: )
cracked cd 88
(photo credit: )
In certain movies and TV shows, the background music is almost as important as the show itself. Music plants itself in the mind and memory as no visual image can, so a movie or TV show about life in the Sixties will, as a matter of course, have background tunes to evoke memories of the era. It's amazing how long-forgotten songs can bring back powerful memories - and, of course, sell more tickets. Proving that, in the final analysis, what we really get when we buy a CD is an "experience" - a memory and a feeling that can last a lifetime. And that's all we need, as far as Sony Music (known nowadays as Sony BMG) is concerned. In what can only be termed a "scandal," it was revealed last week that the Sony people took extreme steps, to the point of jeopardizing customer's computers, to ensure that the only thing you'll retain when playing one of their CDs is the memory of the music - and not, heaven forfend, a copy of it. This sordid tale of DRM (Digital Rights Management) gone wild began several weeks ago, when a computer literate fellow was giving his system a routine exam for virus-type software and "rootkits," which are usually programs surreptitiously installed on a computer to hijack it for some nefarious purpose. After discovering a hidden directory, several hidden device drivers, and a hidden application, the fellow put two and two together and linked the presence of the hidden files to a CD he had purchased and played in his CD drive. The software is part of a copy protection scheme Sony BMG includes with some of its CDs (in this case, Van Zant's Get Right With the Man) to prevent "excessive" copying or ripping (converting to MP3 format); after you've ripped or copied the CD three times, the copy protection scheme (developed by a company called First4Internet) prevents further copying. While not in the best of taste, Sony BMG is certainly within its rights to implement any copy protection scheme it wants on the music it sells - just as consumers have a right to boycott that product. And Web sites that sell the CD, like Amazon, prominently advertise the fact that the CD is copy protected. No problem there either. But what Amazon doesn't tell you - nor Sony, for that matter - is that the company included a little "insurance" to make sure the user complies. The rootkit was there in order to hide the existence of the software that was automatically installed when you played the CD (and it is only playable on a computer with a special player included on the disc; the CD is playable on any non-computer CD player). There was apparently no way to uninstall the rootkit using the usual Windows uninstall control panel, and of course no uninstallation utility. Remember, the copy protection software itself was invisible, and meant to stay that way. And uninstalling the program using "unconventional" methods - meaning removing them physically - damaged the device driver for the CD, rendering it inoperable altogether! Now it was no longer a matter of protecting digital files from being copied. Instead, customers' computers were at risk because inadvertent or intentional removal of the software - which, remember, had surreptitiously installed itself in the first place - could cause significant damage to a computer's ability to use its CD! In fact, the company was actually misleading customers, according to some customers who checked out the secret software's activities. Although the Sony EULA (End User License Agreement, available on-line at http://www.sysinternals.com/blog/sony-eula.htm) does say that customers, by playing the CD on a computer, are agreeing to the installation of "a small proprietary software program," the EULA does not mention that it can't be uninstalled. It also doesn't reveal that the software "phones home" - i.e., it contacts a Sony Web site and records information about the use of the product on your computer! The story was first revealed on a blog (http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html) and was quickly picked up by tech Web sites and the mainstream media, making its way in a matter of days to the BBC, the Washington Post, and other publications. The viral-like manner in which the story spread is in and of itself a testimony to the newfound influence of blogs. But that's a different story. Meanwhile, as the Sony copy protection scheme gained circulation, Sony BMG was put under pressure to respond. At first the company tried to pooh-pooh the whole issue - perhaps hoping it would go away - saying there was "nothing new" in such schemes, and that they were actually standard fare for DRM. The concerns expressed by many users on dozens of Web sites prompted the company to issue a "fix" to what was being called Sony's "spyware" (http://blogs.zdnet.com/Spyware/index.php?p=696) by some anti-virus experts. And so the company developed an uninstaller for the whole setup, accessible from the Sony FAQ page (http://cp.sonybmg.com/xcp/english/faq.html). However, even this was apparently done begrudgingly, and again raised the hackles of customers alarmed by the whole story. Instead of supplying a public download, you can only get the uninstall directions by giving Sony information about who you are and where you purchased the CD - and the uninstaller has to be downloaded onto the computer you want to uninstall the software from. Which would be bad enough - but apparently, the uninstaller itself can put your system at risk of crashing! (http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html). Meanwhile, as one commentator pointed out, the entire Van Zant album (as well as others put out by Sony that have the same scheme built in) is freely available on file sharing sites, clean of any copy protection software or spyware. The bottom line: People who try to do the "right thing" and purchase their music are penalized, while the ostensible criminals who violate EULAs and purchase agreements get off scot-free. It sounds like the kind of justice you'd find in the Bizarro universe - which, unfortunately, the advocates of DRM at Sony seem to be trying to import to our own universe. Ds@newzgeek.com