Sony’s Secret DRM and the Power of the Blogosphere

You may also like...

8 Responses

  1. Joe Liu says:

    There’s a long (for internet time) history of failed and/or misguided attempts to implement DRMs in the music industry.

    One feature of this that interests me is the apparently robust perception, held by the music copyright owners, that they need to engage in some degree of surreptitious behavior in implementing DRMs.

    Is this because: (a) they believe this will make the DRM harder to crack (the “security through obscurity” fallacy); or (b) because they are afraid that consumers would resist DRMs if they knew all of the details about them? Or maybe they just have guilty consciences (doubtful)?

    Ed Felten’s site has a nice discussion of some of the technical aspects of Sony’s actions.

  2. John Jenkins says:

    I think there is an option “c”, which is that Sony is utterly clueless when it comes to computer users and software. I once had a Sony Minidisc player that I bought because, at the time, the only affordable alternative was a portable cd-player. Given that I wanted to use it when working out, and that the MD promised no skipping where the cd-player couldn’t, I went with the MD player and that was a serious mistake.

    In the first place, no content is ever released onto MD, so you have to use your computer to record songs onto the MD. You had to use Sony’s prorpietary software AND compression to get it on there (ATRAC or something like that as I recall). The software was just the worst I had ever seen and remains so. It was clunky, slow, and unstable. When I looked around on the web, it seemed I was not the only one with problems like that. After Sony, its no wonder to me that Apple’s streamlined and stable iTunes platform caught on (not for me, I now use a small Flash MP3 player that I can use Media Player to write to). It’s my understanding that their software hasn’t gotten any better in that regard anyway (YMMV, given that satisfied people aren’t likely to talk about it, but lots of people still complain about it online).

    All of that leads me to conclude that Sony is just obtuse in this area. I don’t think they were malicious, I just don’t think they had a clue what might happen (viruses infecting the DRM and being hidden).

  3. haris skiadas says:

    One issue is whether making the software hidden and difficult to delete constitutes “exceeding authorized access,” which is also prohibited under the CFAA. People may authorize limited access to their computers, but that doesn’t entitle one to have permanent access. If the software is hidden from view and extremely difficult to get rid of without causing damage, is it designed to stick around beyond what users are authorizing?

    The program goes on to do more. I’m no lawyer, but presumably “authorized access” would mean that the user would authorize this program to execute while the music player is active, at least only when the CD is in the drive. On the contrary, as Mark Russinovich reports, the program actually runs constantly, using 1-2% of the computer’s processing power at all times, apparently scanning every two seconds all the current processes running on the computer. This seems to me to go a lot beyond “authorized access”.

  4. Paul Gowder says:

    The fact that it disables the CD drive on deletion seems to be a significantly greater intrusion than that implied in the contract language you quote. In fact, had they not posted instructions to cleanly delete it, I’d have to say there’d be a class action for trespass to chattels…

    Even with the EULA, how is this agreed to? Does it pop up whenever a CD is played on the computer? (Suppose one’s CD playing software doesn’t pop it up? Is there assent?) Eric’s analysis of the whole EULA-after-purchase issue seems spot on (ProCD notwithstanding). I don’t share much of Eric’s concern about Sotelo, however. All non-consensual software installation should be trespass to chattels, and if it causes damages, which non-malicious javascript/flash wouldn’t, it should be subject to liability.

    Why isn’t there a simple piece of software that prevents software from being installed without explicit consent? How hard would it be to set a series of permissions for various saves to the hard drive, and then for those that don’t fall into that category (i.e. anything that modifies the windows registry files), demand user permission first? Has nobody written a utility like this yet? Hellooo… geeks..

  5. Bruce says:

    I think the initial hurdle on a CFAA claim would be showing that Sony BMG “accesses” a computer when a user installs a program from a CD in the user’s physical possession. This is not an intuitive use of the word “access” (Sony BMG doesn’t “access” my house when I bring one of their CDs home) and I doubt it’s what Congress had in mind. What they had in mind was hackers.

    “Causes … transmission” might be a slightly closer call, although I’m not sure installation from a CD should count as a transmission that the programmer causes. In any event, the user would have to prove Sony BMG “intentionally cause[d] damage” to the computer, which I doubt can be shown with respect to the installation itself, and anything other the installation was probably not “intentional.” Getting too broad with the CFAA would subject all sorts of software to its provisions, which I doubt many people really want.

  6. Paul Gowder says:

    Bruce (and Eric if you’re reading): What would be wrong with a flat out rule: “the distribution of any software whose known and serious detrimental effects on a user’s computer is not disclosed to that user subjects the distributor to tort liability” be a bad thing?

    Perhaps I’ve been in Virginia too long. I’m begining to believe in this “property rights” stuff. There’s something deeply and fundaamentally wrong about turning someone’s own property traitor. It’s like the business with cell phone tracking, speed recorders in cars, etc. My property is mine, and no third party has a right to interfere it.

    (Now if you’ll excuse me, I have to go back to the ranch and chew some tobaccy.)

  7. Sony DRM: Singing the Blues

    Talk about a backfire. A brief update on a story I previously blogged about a week ago. Sony attempted to install hidden DRM software into the computers of its CD users. A blogger criticized the software, setting off a firestorm…