I’ve written earlier about DRM and music purchases – but this news story has reached epic proportions so I just wanted to write a little bit about it.
The story is all about how Sony decided to include a fairly nasty means of DRM on their latest CD releases. Specifically a ‘rootkit‘ is installed simply by inserting the CD into your computer. It quietly inserts itself as a layer in the very kernel of the operating system, forcing any access to the CD drive to be passed through it. It also changes the way the filesystem is seen by the user, hiding any files that start and end with a particular string. Hence it’s label as a rootkit. It opens up a backdoor wherein any virus written to take advantage of these ‘features’ can do so and infect a person’s computer without them knowing. Once the virus infects the computer via the SONY rootkit, well, game over man.
Not likely to happen? A virus exploiting this has already been spotted.
How serious is the threat? Here’s a picture of the installation base of this DRM in the USA. All those dots are computers with this rootkit installed.
So Sony got in trouble, because anyone buying their ‘special’ CDs and trying to play them on their computer would essentially become a target for a virus. Nice.
Now, geeks in general hate this DRM stuff, and some of them started probing the DRM rootkit software. What they found was that the company who had written the software had, in fact, used some Open Source software to do so. To anyone not entirely familiar with Open Source software, what this means is that they needed to make available the source they included, and to make it publicly known that they did include this software. Oops.
At this point things get very fuzzy, because nothing like this has happened in the Open Source world before. My understanding is that there is a class action lawsuit or two being prepared against Sony for the DRM rootkit. On top of this, anyone that is part of the Open Source projects that were used in the rootkit are also able to claim damages against Sony for using their software without following the license.
Sony screwed up, and I think things will be coming to court to test these Open Source licenses. Geeks are in a frenzy everywhere, and I hope you appreciate the irony here. Sony used illegal software to install damaging software on their consumers’ computers in an effort to prevent piracy of their product. Note that they did this to the people who paid for their copies of the CD. Once again we see proof that this DRM stuff simply damaged the people who actually purchase their music legally, leaving the pirates untouched.
If you’re curious as to what CD’s are included in this (which Sony are recalling and stopping selling now), you can check their list here. Note that Sony initially refused to stop using the software, and only after a huge uproar was heard via the media outlets did they realize that the bad press would be damaging. Their actions leave a bad taste in my mouth.
I think this DRM battle is only beginning, particularly when you take into account the fact that corporations are starting to try to sell television shows and movies online in addition to the already-available music.
Update (Dec. 7): A Canadian class action lawsuit is in the works. Check out this page if you’re interested or affected.
You know, after Sony dropped the ball in the portable music department (MP3 players), I’ve become more and more disenchanted with them. They used to make excellent electronics but now there are so many other companies out there that do as good a job and cost less.
Didn’t you have a post regarding Sony and Fiona Apple a while ago?
That’s a good memory you have there dude.
http://thebside.ca/?p=45
As an FYI – I updated that story (and removed my copy of her album from my site) because she finally released the album.