Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

My feature story “Inside the Spyware Scandal” – published this week in TR’s print magazine and here on our website – asks how the world’s second-largest record label, Sony BMG, became one of the world’s largest distributors of malware.

Fifty-two Sony BMG CDs released last year carried the notice “Content Enhanced & Protected.” The main “enhancement”: a proprietary player program that restricted owners of the CDs to ripping and burning no more than three digital copies of the music. (Those copies were “sterile,” meaning they couldn’t be copied again, and they were in Windows Media format, meaning they couldn’t be played on the most popular mobile music player, the iPod.)

The player software, which users had to install in order to listen to the CDs, secretly placed a hacker tool called a “rootkit” on users’ hard drives as a way of cloaking key elements of the copy-protection system against prying eyes and tampering.

The cloaking technique was highly effective. In fact, it was too clever by half. The problem – which went unnoticed by Sony BMG or anyone else for 10 months – was that a rootkit amounts to a haven for anything hackers might want to hide, such as viruses, worms, and Trojan horse programs.

Other software on the CDs transmitted a computer’s Internet address to Sony BMG whenever a user loaded a disc. Once security experts discovered the rootkit and the “phone home” behavior – and exactly how that mystery unfolded is the core of my story – consumers who had bought the CDs were understandably outraged by what they saw as an invasion of their privacy and property. So were advocates of freedom of information in the digital world, such as the indefatigable attorneys at the Electronic Frontier Foundation.

But why should you care about Sony BMG’s blunder? 

* Because when you buy music on a CD, you expect to be able to listen to it wherever you like.

* Because when you install software on your computer, you expect it to behave politely, not invite viruses and worms and Trojan horses to take over your machine and infect others’.

* Because you probably don’t want that same software reporting your Internet address to the recording studio every time you listen to a CD on your computer.

* Because you benefit from the free flow of ideas bolstered by the “fair use” provisions of U.S. copyright law.

* Because you believe in a thriving culture industry – and you don’t want to see the mutually profitable exchange of great content between creators and consumers slowed by a coagulation of ill-conceived digital rights management technologies.

If you’re concerned about the future of art and literature in the digital age, I urge you to read my piece and leave your comments – and to think twice before buying your next “Enhanced & Protected” CD.

More discussion to come.

13 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me