Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Cryptographer Bruce Schneier is chief technical officer at Counterpane Internet Security in Mountain View, CA, and a frequent critic of how companies implement computer security technologies. He publishes a widely read monthly security newsletter, Crypto-Gram, and is the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Schneier has been particularly outspoken in public statements and editorials about Sony BMG’s botched attempt last year to limit copying of its music CDs; the company used a tool called a “rootkit” to hide copy-protection software on people’s computers, inadvertently opening up those computers to attack by hackers (see “Inside the Spyware Scandal”).

Technology Review senior editor Wade Roush interviewed Schneier about the Sony episode on March 16.

Technology Review: Last year, Sony BMG released CDs carrying copy protection software called XCP written by U.K. company First4Internet, which hid itself using a rootkit-like technique. Once the rootkit became public knowledge, security experts immediately labeled XCP as malware. Why?

Bruce Schneier: When you take functionality away from the user – where there is a mechanism by which some third party can bypass what the user wants – that, inherently, is what malware is. It’s a system that does things behind the user’s back that the user doesn’t want. So almost by definition, these copy protection programs are indistinguishable from malicious code.

TR: Will the Sony rootkit episode lead to consumers viewing digital media in a different way? For example, do you think they’ll eventually demand less restrictive types of digital rights management?

BS: I hope so, but it’s always dicey trying to guess what consumers will do. In the market for computers and software, consumers usually don’t know what they’re buying. They don’t have a clue. This debacle gave a window into what is going on. But was it enough to make consumers realize that they need to not buy certain products, or that they’re being sold substandard goods? The answer is probably not. And that’s too bad, because if buyers can’t make intelligent buying decisions, the whole structure of capitalism starts to break down.

TR: Okay, let’s say you’re a consumer and want to buy some digital content, but you don’t want to give up control of your computer. What should you do?

BS: Write your congressman. If all consumers can get is what is being sold, and what is being sold has copy protection, consumers can’t get what they want. The only way consumers can get what they want is if we as a society either demand it or force it. We could boycott [the media companies], but that’s probably not going to happen. The boycotts against Sony BMG didn’t last, and the media companies know that.

11 comments. Share your thoughts »

Tagged: Business

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me