2005-11-17

Intolerance: The Sony BMG rootkit fallout

Call it the revenge of the nerds -- digital style... For years, computer geeks and cyberlibertarians have howled about aggressive user restrictions programmed into music CDs, movie DVDs, and all kinds of software. They've issued dire warnings about the media industry's zeal to protect content in the Digital Age. At risk, they cautioned, was the consumer's right to enjoy legally purchased content how and where they saw fit. The clamor dogged the content industry but never did much serious damage. 'Hollywood', 'Silicon Valley', and recording studios maintained the upper hand, introducing legislation in the Congress of the USA that made it easier to go after on-line thieves, and winning thousands of lawsuits against people who illegally download music and movies from on-line file-swapping networks such as 'KaZaA' and 'Limewire'. All the while, content creators were rolling out creative ways to limit what consumers could do with their tunes, movies, software, and even ring tones without sacrificing too much in the way of public trust. INFECTION-READY. Now the tide might be turning, thanks to a classic case of overreaching that has fomented a backlash against the industry. On 2005-10-31, blogger Mr.Mark Russinovich discovered a hidden program installed on his PC by a 'Sony BMG' music disk. The code was designed to prevent purchasers of the CD from copying it or converting it. But the program was disturbing for another reason -- in an apparent effort to prevent garden-variety hackers from circumventing the copy restrictions, 'Sony' designed the program to surreptitiously bury itself deep within the 'Windows' operating system, completely hidden from view. Before long, software engineers were warning that the code -- known derisively in techie parlance as a 'rootkit' -- could easily be co-opted by virus writers. The warning was all but an invitation, and soon enough the viruses began circulating. Cyberlibertarians accused 'Sony' of violating state and federal spyware laws, class actions were filed, and the issue exploded into the mainstream press. Then, Mr.Stewart Baker, an Assistant Secretary at the Homeland Security Dept., picked up the ball and ran with it. On 2005-11-10, he gave 'Sony' a public finger-wagging for undermining computer security measures: 'It's very important to remember that it's your intellectual property -- it's not your computer' he said. 'TURNING POINT.' 'Microsoft' declared the code a security risk to PCs running on 'Windows', and security companies such as 'Symantec' began alerting PC users to its presence. On 2005-11-15 'Sony' said it would recall some 4.7 million music CDs, 2.1 million of which have already been sold to consumers. 'It's a turning point,' says Mr.Fred von Lohmann, senior attorney at 'The Electronic Frontier Foundation', a group devoted to defending consumer rights in the Digital Age.
'Millions of people are going to suddenly realise that, thanks to "Sony's" copy protection, they have to worry about viruses and security breaches and intrusions into their computers. 'This scandal is going to raise the profile of the copyright debate.'
That's true partly because Mr.von Lohmann and other cyberspace freedom lovers are using 'Sony's' woes to their advantage. After years of predicting that the sky would fall, geekdom intends to make hay of the 'rootkit' fiasco. In theory, 'Sony' could be liable for breaking any number of laws. A class-action complaint filed 2005-11-01 in Los Angeles Superior Court accuses it of failing to disclose the true nature of the so-called digital rights management [DRM] system on its CDs and alleges that thousands of computer users have unknowingly infected their computers. DIFFICULT BALANCE. Mr.Von Lohmann says 'Sony' theoretically could be liable for breaking several California consumer-protection laws, including 'The Consumer Legal Remedies Act', as well as federal statutes such as 'The Computer Fraud & Abuse Act', which prohibits anyone from accessing a computer without authorisation.
'We do feel a little vindication,' Mr.von Lohmann says. 'I don't think anybody is celebrating the fact that "Sony" has created what could be a global Internet security problem, but we can say "we told you so".'
The firestorm highlights a delicate balancing act that the intellectual-property industry has yet to perfect. DRM schemes are pervasive in the modern world. Many are relatively benign, such as the system used by 'Apple's' 'iTunes', which limits how many times a user can copy a particular set of songs. LICENSE RESTRICTIONS. Other controls are less obvious to consumers but far more restrictive, such as the end-user license agreement, also known as a 'click-wrap' license, which is incorporated into nearly every software program and now is appearing on music and movie disks. The license concept has converted the old-fashioned retail purchase into a complex contract arrangement that forces users to agree to onerous restrictions before they can use whatever they've already paid for. The license incorporated into 'Sony BMG's' compact disks, for example, prohibits users from loading their purchased tunes onto their work computer and bans them from taking music loaded onto their home PCs out of the country. And woe to audiophiles who sell, trade, give away, or lose their disks. If they no longer posses the original CD, 'Sony BMG's' license requires them to delete the music they've loaded onto their computers. Content-industry execs continue to press the economic importance of protecting intellectual property, the nation's biggest export. The explosion of Internet users, combined with expanding broadband networks and technologies such as 'peer-to-peer' file-swapping networks and digital music players, have conspired to make music, software, movies, and other digital content exceedingly easy to steal, copy, and distribute. READY TO EXPLODE. Market-research firms report that some 30 per cent of consumers have 'ripped' and 'burned' music tracks from friends.
'While reasonable people can debate how far digital-rights management can go, it's absolutely clear that it's one part of a larger strategy to fight theft,' says Mr.David Israelite, president and CEO of the National Music Publishers 'Assn'.
But some industry execs. admit privately that the 'Sony' 'rootkit' brouhaha has shown that there are some lines that content creators simply can't cross. The industry learned a similar lesson in 2003, when Senator Mr.Orrin Hatch [R-Utah], then-chairman of 'The Senate Judiciary Committee', wondered aloud whether the tech trade could build a computer that would explode if it was used to illegally download music tracks. Destroying computers, Mr.Hatch said, 'may be the only way you can teach someone about copyright.' That idea certainly didn't get very far, and 'Sony's' 'rootkit' debacle isn't the beginning of the end of content protections. But it will go a long way toward setting limits on how far the industry can go in handcuffing honest consumers in its ongoing effort to arrest digital theft. 'Sony's Copyright Overreach', Lorraine Woellert, Yahoo! News 2005-11-17

1 Comments:

Blogger Dave said...

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

11/17/2005 11:55:00 pm  

Post a Comment

Links to this post:

Create a Link

<< Home