Hey Sony — wake up

Here’s a column I posted at globeandmail.com about Sony’s DRM rootkit fiasco:

“For a company that has so much great technology behind it, including a number of firsts like the compact disc and the portable music player, Sony Corp. often seems to behave more like a dinosaur — and a slow-moving, club-footed dinosaur at that. A case in point is the company’s recent ham-handed attempt to protect some of its music CDs by installing anti-copying software on its customers’ computers. A simple thing, you might think. Plenty of other companies do it. Sony, however, has managed to turn what should have been a non-event into a public-relations disaster, one that has helped to cement its reputation as the technology giant with the best technology and the worst execution.

The company has said that it will stop using the “rootkit”-style copy-protection software — first discovered and publicized by Mark Russinovich on his blog — but the damage has already been done. Not only does Sony look stupid as well as sneaky, but a list of the artists whose CDs have been “protected” by the company’s technology has been published far and wide. Is anyone going to rush out and buy those particular discs, or are they going to stay as far away from them as possible? If I were an artist with Sony Music (such as Canada’s Our Lady Peace), I would consider asking the company to compensate me for the effects of its reverse PR.

Continue reading

Sony’s bait and switch

Princeton computer science professor Ed Felten writes about Sony’s DRM “rootkit,” which it installed without really telling you, and notes that the “patch” the company provides to remove the rootkit (which Sony claims is harmless) is “more than 3.5 megabytes in size, and appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they’re not just taking away the rootkit-like function — they’re almost certainly adding things to the system as well. And once again, they’re not disclosing what they’re doing.” As SiliconValley.com put it: “Sorry about those secret files — what we meant to install were these secret files.” Ed also points to a commentary by law professor Eric Goldman in which he ponders whether Sony’s EULA (end user license agreement) adequately disclosed what the company was installing. If it didn’t, it could be liable for legal action. Even if it did, it’s a pretty stupid move from a marketing point of view.

Update: Mark over at sysinternals.com got a response from the company that put together (badly, apparently) the rootkit software Sony’s CD installs, and they tried (and mostly failed) to rebut his criticisms of their kit and Sony’s behaviour.