While it may not be the biggest story you hear on the local or nation news this evening, the Sony DRM Rootkit situation has started a wild fire across the Internet. The implications of what has occurred reaches from your rights as a consumer and the security of your computer, to how far the recording industry will really go to protect their bottom line. Lets first get those of you who haven’t heard anything about this yet up to speed. It all started when Mark Russinovich at SysInternals found that there was a very well hidden program running on his machine. After more investigation he found that this application was installed from a Sony/BMG music CD, which was used to control digital copies of the CD (such as ripping to the hard drive). His investigation also found that removing the application was just short of impossible.
The first thing you may think when you hear something like this is “did they really have the right to install this application without my permission”. As many blogs have indicated, the music cd’s in question do not have any marking indicating that they will attempt to install any such program. On almost every cynical response I’ve read however has simply stated to make use of the shift key auto play disable feature within windows (if you hold down the shift key when you insert a CD, Windows will not execute the auto play). Unfortunately I have a really difficult time swallowing this one because I should have to. I shouldn’t have to be concerned that both my Operating System has the ability to execute things that I didn’t tell it to execute (insert recommendation to run Linux instead here), and I definitely shouldn’t have to worry that the music CD I’m about to listen to isn’t going to install something without my permission. Maybe it wouldn’t be so bad if they had come straight out with a disclaimer stating that they were doing such a thing. Unfortunately, that’s not what happened, and even worse, once it was installed, there was no way to remove it. A few states have stepped up withlaw suites against Sony/BMG in an attempt to protect the consumer, and hopefully force Sony/BMG to discontinue what they’re doing. One article I read was quite wonderful in pointing out how sluggish the response from security apps, such as Norton Antivirus and McAfee, was. In fact the fact that this has been out and on people’s machines for months, and nothing has been found until a consumer found it is quite disturbing.
All in all, I went on this little ramble due to the part of this that I have the biggest problem with, and that is the recording industry and their continuous rampage to “protect” against illegal music copying. I really do hope that people realize how insane these people are in regards to being able to keep their bottom line. First, they recommend a law the would allow them to hack into your computer and determine whether you have illegally copied music/movies (I.E. MP3′s). I’m still trying to figure out how they would determine if they were legitamate copies that I ripped from my collection? I’m sure I would have been on their watch list in a heart beat when they saw my 15gb collection of my CD’s on MP3. Next, the recording industry start getting in bed with companies like Microsoft and Apple, allowing for the creation of technologies that will stifle your ability to listen to the music you’ve purchased. Oh wait, lets step back here. You didn’t purchase it, like Microsoft they want to believe you simply purchased the right to listen to the music, and you don’t actually own any physical copy of it. Think I’m joking? Think again… Now they’ve gone as far as having applications attached to the music CD’s to install on your computer in an attempt to keep you from making copies. A piece of software, that was stealthily install without my permission, monitoring my activities, and even reporting information back to Sony. I’m sorry but if it didn’t have the name Sony attached to the front of it, wouldn’t we call this a virus and there would be criminal charges associated with it?
I just hope that everyone is aware that these are the same people who think it should be legal to hack into your computer are the same people who lobby your government representatives in order to shove a strangle hold on your rights as a consumer. They’ve already made many accomplishments with their ability to go after people who circumvent protection methods (I.E. the decss library written for Linux, which I USE in order to watch the DVD’s I legally purchased). By the way this code, and lame (an MP3 encoder) code was found in this rootkit. So it’s also ok for them to deem a piece of software illegal but then use that same exact software to their own benefit? Not to mention they are violating the LGPL/GPL licenses of those software products. Unfortunately I don’t know what the correct answer is to this situation. I, being a music lover, am torn between making a stand and not purchasing the music or giving in and continue to be strung along. Just keep your eye on this, and if you hear something that doesn’t seem right, it probably isn’t. If you feel, as I do that your rights are being threated, you need to let your Congressman or women know how you feel. Let your voice be heard…
Oh, and by the way, the RIAA doesn’t feel that Sony did anything wrong…
Check here if you are concerned that you may own one of these music CD’s. Here, thanks to wonderful list of what your rights really are when you purchase a Sony/BMG music CD.
Update: November 22nd, 2005
Suprisingly enough I heard a bit on this mornings news indicating that Texas has joined the list of states who are going after Sony.
The state sued Sony BMG Music Entertainment on Monday under its new anti-spyware law, saying anti-piracy technology the company slipped into music CDs leaves huge security holes on consumers’ computers. link
“Sony has engaged in a technological version of cloak-and-dagger deceit against consumers by hiding secret files on their computers,” Abbott said in a statement. link