Here’s a column I posted at globeandmail.com about Sony’s DRM rootkit fiasco:
“For a company that has so much great technology behind it, including a number of firsts like the compact disc and the portable music player, Sony Corp. often seems to behave more like a dinosaur — and a slow-moving, club-footed dinosaur at that. A case in point is the company’s recent ham-handed attempt to protect some of its music CDs by installing anti-copying software on its customers’ computers. A simple thing, you might think. Plenty of other companies do it. Sony, however, has managed to turn what should have been a non-event into a public-relations disaster, one that has helped to cement its reputation as the technology giant with the best technology and the worst execution.
The company has said that it will stop using the “rootkit”-style copy-protection software — first discovered and publicized by Mark Russinovich on his blog — but the damage has already been done. Not only does Sony look stupid as well as sneaky, but a list of the artists whose CDs have been “protected” by the company’s technology has been published far and wide. Is anyone going to rush out and buy those particular discs, or are they going to stay as far away from them as possible? If I were an artist with Sony Music (such as Canada’s Our Lady Peace), I would consider asking the company to compensate me for the effects of its reverse PR.
The worst part isn’t even that Sony used a form of DRM (digital rights management) technology that mimics a hostile Trojan computer virus, by installing itself at a low level — i.e., “root” or system level — and disguising itself so it can’t be found by normal means. It isn’t even that Sony’s rootkit allowed an enterprising malicious hacker to piggy-back his (or her) way into a computer and cloak his or herself with the Japanese giant’s technology. The worst part is that Sony first denied that its technology was anything more than a simple anti-copying app, then denied that its end-user license agreement (EULA) was vague and misleading to the point of being useless, then forced anyone who wanted to remove the rootkit DRM to go through an almost comically convoluted and inept process to do so.
Sony’s successes are well known — the compact disc, the VCR, the Sony Walkman, the Grand Wega television, the PlayStation, and so on. Almost as numerous are the roadblocks the company has thrown up to block its own way: the use of a proprietary standard for music files instead of supporting MP3; the use of a proprietary music storage format (MiniDisc) instead of using an existing one; the use of a proprietary data storage format (MemoryStick) instead of supporting the existing ones. Is anyone sensing a theme? To that list we can now add: using a technology to “protect” its music that amounts to a finger in the eye of its customers — the ones who are actually buying its music — and then doing its best to compound the problem by dissembling, obfuscating and delaying. Nice work, Sony.
Sony’s argument seems to be that because end-users signed the almighty EULA, they agreed to let Sony download whatever it wants onto their computer, install programs wherever it wants, disguise them so they aren’t findable and then make it almost impossible to remove without a computer science degree — and without possibly crashing or damaging your computer. Lawyer Eric Goldman says an EULA does give a company leeway to install things, but he also notes that in some cases doing so could run afoul of the Computer Fraud and Abuse Act, which applies to anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains… information from any protected computer.”