Home' Technology Review : May June 2006 Contents 50 FEATURE STORY
TECHNOLOGY REVIEW /
creators might wish to hide from users; and removing this
particular rootkit disabled the CD drive. Guarino could only
conclude that the malware s source was Sony BMG itself.
"That s when I gave up," Guarino says. He could ght
malware one machine at a time. But if the world s second-
largest record company wanted to install secret software on
its customers computers, he would never win.
Before putting the problem aside, Guarino did one very
important thing. He e-mailed his logs to F-Secure, a com-
puter security rm in Helsinki, Finland, whose software he
had used to detect the les. Though F-Secure s malware
watchers had not previously encountered the rootkit, they
were quickly able to con rm Guarino s suspicions. Over
the next two weeks, they came to another, much more trou-
bling realization: the rootkit could hide other les as easily
as it hid Sony BMG s copy protection software. Every com-
puter that had ever been used to play a copy-protected Sony
BMG disc was now, in e ect, an open receptacle for worms,
vir uses, and other malware.
On October 17, F-Secure contacted Sony. Two weeks
later, respected security expert Mark Russinovich found
the rootkit on his own computer and publicized his nd-
ings on his widely read blog. He also discovered that other
software installed along with the copy protection program
secretly contacted Sony BMG via the Internet every time
a PC user played a copy-protected disc. And over the next
several months, what had begun as a curiosity in Guarino s
little shop escalated into a full-blown scandal, complete
with backroom negotiations, public exposés, heated denials,
angry boycotts, vengeful lawsuits, and rueful apologies.
Though its original purpose was to hide software that
prevented listeners from making more than three copies of
their music, Sony BMG s rootkit became the most public
symbol to date of the perceived excesses of DRM tech-
nology---and of the growing suspicion media companies
seem to harbor toward their own customers. The scandal
is still having repercussions. It has reignited a dispute in
the public sphere over the ways consumers should be
allowed to use copyrighted digital infor mation and, con-
versely, just how far copyright holders can go to secure their
intellectual property against piracy. (See "Who Will Own
, a TR special package published in June 2005.)
Taken to extremes, experts say, digital rights manage-
ment not only curtails people s right to make "fair use" of
copyrighted material, which is guaranteed by U.S. copy-
right law, but can even create new technological hazards.
"When you build computer systems where you re not pro-
tecting the user, but something from the user, you have very
bad security," says Bruce Schneier, a luminary in the eld
of computer security and chief technical o cer of Counter-
pane Internet Security in Mountain View, CA. "That s my
biggest fear---this notion that the user is the enemy."
The story of the Sony BMG rootkit asco is about more
than bad corporate judgment or the ongoing str uggle over the
rights of consumers to do what they want with the things they
own. It is also about fear and the excesses it can arouse. When
media companies apply such powerful, secret tools to content
protection, it suggests that their ner vousness over piracy has
turned to panic. Although Sony BMG insists that the rootkit
was deployed unintentionally, the episode persuaded many
obser vers that the music industry had come to see deception as
an indispensable component of digital rights management. It
should be no surprise when customers who feel they are being
treated like thieves stop buying things. If there is one message
in Sony BMG s experience for other companies entering the
digital world, it is that distrust engenders distrust.
Demand for digital "content" (a feeble but convenient jar-
gon word for everything from poetry to podcasts) is greater
than ever. Sales of downloadable music worldwide nearly
tripled between 2004 and 2005, from $380 million to $1.1
billion, and now represent about 6 percent of all music sales.
As of March 2004, Apple s iTunes music store was selling
songs at a pace of about 2.5 million per week. According to
the U.K. version of Macworld magazine, it now sells three
million songs every day.
One might expect content producers and distributors to
be thrilled by digital s takeo . But in reality, they are often
preoccupied with the ever present threat of rampant copying.
And for good reason: in a one-month period in 2005, 3.8
million U.S. households downloaded music using the free
peer-to-peer le-sharing ser vices WinMX and Limewire,
while only 1.7 million households purchased les from
iTunes, according to market research rm NPD Group.
The Recording Industry Association of America puts the
lost retail revenues from digital music piracy at $4.2 billion
per year, and it has fought illegal downloads aggressively: in
Febr uary, it announced that it had launched 750 new law-
suits against users of peer-to-peer le-sharing networks,
bringing the total since 2003 to more than 18,000.
Sony BMG s rootkit became
the most public symbol to
date of the perceived ex-
cesses of digital rights man-
agement---and the growing
suspicion media companies
seem to harbor toward their
Links Archive March April 2006 September October 2006 Navigation Previous Page Next Page