For a company that has so much great technology behind it, including a number of firsts like the compact disc and the portable music player, Sony Corp. often seems to behave more like a dinosaur -- and a slow-moving, club-footed dinosaur at that. A case in point is the company's recent ham-handed attempt to protect some of its music CDs by installing anti-copying software on its customers' computers. A simple thing, you might think. Plenty of other companies do it. Sony, however, has managed to turn what should have been a non-event into a public-relations disaster, one that has helped to cement its reputation as the technology giant with the best technology and the worst execution.
The company has said that it will stop using the “rootkit”-style copy-protection software, but the damage has already been done. Not only does Sony look stupid as well as sneaky, but a list of the artists whose CDs have been “protected” by the company's technology has been published far and wide. Is anyone going to rush out and buy those particular discs, or are they going to stay as far away from them as possible? If I were an artist with Sony Music (such as Canada's Our Lady Peace), I would consider asking the company to compensate me for the effects of its reverse PR.
The worst part isn't even that Sony used a form of DRM (digital rights management) technology that mimics a hostile Trojan computer virus, by installing itself at a low level -- i.e., "root" or system level -- and disguising itself so it can't be found by normal means. It isn't even that Sony's rootkit allowed an enterprising malicious hacker to piggy-back his (or her) way into a computer and cloak his or herself with the Japanese giant's technology. The worst part is that Sony first denied that its technology was anything more than a simple anti-copying app, then denied that its end-user license agreement (EULA) was vague and misleading to the point of being useless, then forced anyone who wanted to remove the rootkit DRM to go through an almost comically convoluted and inept process to do so.
Sony's successes are well known -- the compact disc, the VCR, the Sony Walkman, the Grand Wega television, the PlayStation, and so on. Almost as numerous are the roadblocks the company has thrown up to block its own way: the use of a proprietary standard for music files instead of supporting MP3; the use of a proprietary music storage format (MiniDisc) instead of using an existing one; the use of a proprietary data storage format (MemoryStick) instead of supporting the existing ones. Is anyone sensing a theme? To that list we can now add: using a technology to "protect" its music that amounts to a finger in the eye of its customers -- the ones who are actually buying its music -- and then doing its best to compound the problem by dissembling, obfuscating and delaying.
Related Articles
Sony's argument seems to be that because end-users signed the almighty EULA, they agreed to let Sony download whatever it wants onto their computer, install programs wherever it wants, disguise them so they aren't findable and then make it almost impossible to remove without a computer science degree -- and without possibly crashing or damaging your computer. Lawyer Eric Goldman says an EULA does give a company leeway to install things, but he also notes that in some cases doing so could run afoul of the Computer Fraud and Abuse Act, which applies to anyone who "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains... information from any protected computer."
Sony's EULA is like having a man appear at your door to sell you natural gas, and having him install a gas meter in your basement that unlocks your front door whenever the right code is entered -- either by the gas company or anyone else who knows how -- and fills your house with foul-smelling blue smoke if you try to remove it. Did you give him the authority to do all that? More to the point, would you buy natural gas from him again?
Nice work, Sony.
Update:Reader Craig Piercey writes to say that he agrees Sony's anti-PR hurts both the company and its artists. "I couldn't agree more with you," he says. "I purchase about a dozen CDs each year. Last year, I encountered a CD protection issue with a Radiohead release that reaaaaally bugged me because I convert my music to MP3 format. I have copies of my MP3 collection on multiple computers for ease of access (I own the music so why not...). The protection on the Radiohead CD has discouraged me from buying another release from the band! Everybody loses with this type of technology: the recording company, the artists, and the consumer."
Jeff Lewis notes that in Canada, we pay a fee (the "private copying levy") with every blank CD we buy that is meant to compensate artists for any illegal copying. "By putting copy protection into a CD, Sony is trying to have their cake and eat it too," says Jeff. "They are directly infringing a practice we're legally entitled to... It is a case where they're making a legal practice (and one we actually pay for out of our pockets via the levy) impossible by blocking us — and then by taking advantage of laws they lobbied for in order to prevent us from getting around their block. Damaging our computers in the process is just one more injury added to the insult, so to speak."
Andrew Cunningham notes that Sony isn't the only one using the "rootkit"-style DRM from a company called First 4 Internet. According to the company's website, Universal and BMG are also using it, although only for pre-release CDs. Mr. Cunningham also points out that there are allegations that Sony's DRM technology contains code that may infringe on copyright. Reader and lawyer Rob Hyndman says that "it's at least possible, and probably reasonably likely, that a judge in Canada would find that the Sony EULA did not protect Sony, at least in certain cases." He says a judge would likely find it hard to believe that users were knowingly agreeing to expose their system to the kinds of dangers that rootkits involve. He says "it would strike most judges as fundamentally unfair, I think, that without any reasonable disclosure of the risk one could blindly expose subject oneself to a considerable danger."
Update 2: Sony Corp. has said it will recall the affected CDs and make its patch easier to get and run. Unfortunately, according to several knowledgeable sources, the fix that Sony provides actually makes the situation worse than it was before, by making your PC more vulnerable to malicious hackers than it was with the rootkit-style DRM installed. Apparently, removing the software leaves a hole that allows any Web page to download and install programs without your permission. Hopefully someone is keeping track of all this for a business-school course entitled "Greatest Marketing Screw-Ups Of All Time."
Mathew Ingram is the Globe and Mail's on-line business columnist. Feel free to comment by clicking here, or by e-mailing Mathew at mingram@globeandmail.ca
