As I mentioned here a few months ago, the big record labels
have been trying for years to limit what you can do with the
music you buy on a CD. What they are trying to do falls under
the broad category of what’s called Digital Rights Management,
or DRM. If you haven’t already, you’ll be seeing these initials
a lot in the future.
They’ve been vainly trying to sell you “copy-protected” CDs,
which means for the illegally inflated prices you pay for
a CD, you might be getting music with digital handcuffs attached.
With copy-protected CDs, if you try to play your CD on your
computer, bad stuff happens. Want to bounce the music from
your CD into your iPod? No can do!
The industry has been told for years that this is tilting
at windmills; that, try as they might, they aren’t going to
bend the will of the consumer, and they aren’t going to outrun
the smarts of the hacker community, which will deftly undo
any shackles the industry tries to put on digital music. Information
wants to be free, fight the power, etc. The DRM dog ain’t
gonna hunt, bubba.
A few months ago, SONY BMG, in their infinite wisdom, tried
something new. They put a few different self-executing DRM
programs on a bunch of their CDs. When you stuck one of these
CDs into your computer, the programs installed themselves
into your Windows operating system. They didn’t tell you they
were doing this; if they did, the disclosure was buried in
a click-through user agreement that may or may not have popped
up on your computer screen when you stuck the CD into your
CD drive. These programs took up a considerable amount of
space and slowed down your computer. Even worse, these programs
monitored what you listened to, and in some cases reported
findings, via the Internet, back to SONY BMG’s “security vendor,”
a company pleasantly named SunnComm. These programs have features
that hide themselves from detection and are hard to remove
when detected, and their presence on your machine makes you
vulnerable to attacks from vicious hackers. Well, more
attacks, I should say, since you’ve already been attacked
by a vicious hacker: SONY.
The two programs, titled MediaMax and XCP Rootkit, have been
included on almost 25 million CDs that have been sold to the
This all blew up a week or so ago, and this is what has happened
After first denying there was a problem (a SONY BMG bigwig
told NPR “most people don’t even know what a rootkit is, so
why should they worry about it?”), SONY has apologized for
one of the two programs, the XCP Rootkit, and offered an uninstall
program for it, as well as an exchange program by which they
will give a buyer a clean CD and—get this—clean, downloadable
MP3s of the songs on the infected disks. Amazon has offered
refunds. SONY hasn’t.
Windows has come up with its own uninstall program, too, as
have several other consumer groups. None of these uninstall
programs has been deemed entirely safe, though, as they all
are suspected of leaving computers vulnerable to attack. In
other words, it’s unclear that anything will leave your computer
the way it was before the Rootkit program got in there.
The Department of Homeland Security’s Computer Readiness Team
has advised consumers not to install these programs! Be on
a heightened state of alert, cause SONY’s in town! Wired
News reports that military and governmental networks have
been compromised by SONY’s programs.
On Monday, both the State of Texas and the Electronic Freedom
Foundation filed lawsuits against SONY BMG, alleging various
violations of consumers’ privacy, damage to property, and
anti-spyware laws. That’s right. SONY is being banged just
like those loathsome, sweaty little nerds who sneak stuff
on your computer while you’re web surfing or looking through
your e-mail. The little criminals who’ve forced you to run
Spybot every week—SONY’s now one of them.
Meantime the RIAA, the overfunded mouthpiece for the recording
industry, has come out in favor of DRM and, despite everything
that’s happened, has announced that XCP Rootkit, MediaMax
and their ilk are perfectly acceptable ways to control the
use of its member-labels’ product, errrr . . . content, errrr
. . . music.
If this all sounds serious, it is. Most of the dust on this
hasn’t even been kicked up yet, much less had the opportunity
to settle. Obviously, SONY would love for this dust to get
swept under the carpet, but I don’t think that’s gonna happen,
not this time. We haven’t yet heard from the artists, who
tend to be a cowardly bunch on stuff like this; but, as consumers’
ire rises about why their new Trey Anastasio CD screwed up
their computer, I think artists will have to start screaming.
(A list of XCP Rootkit-infected disks that SONY admits to
can be found at cp.sonybmg.com/xcp/ english/titles.html; I
haven’t seen a list of titles with MediaMax infections.)
And folks are gonna stop buying CDs. SONY BMG has caused the
perception that CDs are dangerous, because they’ve sold CDs
that are. I think, as a punitive measure, SONY ought to put
all of the songs on all of its infected CDs on 100 computers
connected to broadband and running Morpheus, Grokster, Bearshare,
eDonkey, and Limewire. And then pay the artists double royalties
for every free download that happens. And then get the hell
out of the music business.