The Sony DRM debacle shows you can’t hide

By

The big story this week has been how Sony BMG has way overstepped the mark by how they have used digital rights management (DRM) technology to prevent copying of its music CDs. This could shift the course of the debate and public perception of DRM. For those who haven’t read about this yet, Mark Russinovich, a specialist in the deep innards of PCs, stumbled across a “rootkit” installed in his computer. A rootkit is software that installs itself at the heart of the PC operating system and reconfigures files to hide its presence. Not surprisingly, this technology is usually only ever found in “malware” that is designed with nefarious intent. In this case, it turned out to have been installed when Mark had played a Sony CD on his PC. There are a couple of interesting implications of the installation of the rootkit. Anyone who tries to delete this uninvited presence on their PC risks irremediably damaging their computer. In addition, the presence of the rootkit makes it far easier for people less benevolent than Sony to hack into the PC and hide their activities, including from anti-virus software. This is potentially a massive security risk. While Sony states on the CD packaging that it has used copy protection software, it doesn’t indicate in any way what this software does. While consumers can ask Sony to uninstall the rootkit, they need to apply, provide personal details, and are then given another piece of software to uninstall it.

There is no question that Sony has gone too far here, certainly ethically, and potentially legally. While the protection software was extremely carefully hidden, it was naïve at best to imagine it would not be uncovered, and for this to become a public issue. Increased transparency is one of the most powerful trends today. The reality of transparency is not only that things get found out, but that if people are interested, word will spread very rapidly. While all the mainstream media reported this story after the case, this was first reported on a blog, and news spread through blogs. The very measure of people’s distaste for Sony BMG’s activities is how quickly this became a major story. In trying to hide what they are doing in their customers’ PCs, Sony BMG has created security risks for their customers, and created a major problem for itself. Openness is and will be rewarded in the market. Sony BMG doesn’t understand this, and undoubtedly will be punished in the market. Digital rights management has a role, but precisely how it works must be visible. Otherwise the backlash will be far bigger than the entertainment and content companies seem to comprehend.