Skip to Content

Rootkits Cross the Line

When a company trespasses upon its customers’ privacy, it should expect outrage.

Last year, anonymous executives at Sony BMG Music Entertainment blundered. They hid a “rootkit” on around two million compact discs.

As senior editor Wade Roush explains in this month’s cover story, “Inside the Spyware Scandal,” rootkits are a kind of software more often exploited by mischievous hackers than by multinational media companies: a rootkit is capable of exposing an operating system’s core functions to worms, viruses, or other programs, without anyone knowing about the subterfuge. In this case, computer users were asked to launch a Sony music player when they tried to play a Sony CD; if they did, they unwittingly downloaded a rootkit intended to hide components of a digital rights management (DRM) program. The DRM program also secretly contacted Sony every time a user played copy-protected music.

Sony’s executives thought they were within their rights: they wanted to discourage piracy. But when security experts discovered the rootkit and blogged about it, a scandal followed. Many computer users said they felt “violated.” According to John Guarino, the computer consultant who first identified the rootkit, “It’s total lawlessness, and it’s unacceptable.”

Why were computer users so angry? In explaining themselves, most seemed to fret about trespasses upon their private property. But the complaints were much more heated than any damage to users’ computers warranted (until Sony provided an uninstall program, removing the rootkit disabled users’ CD-ROM drives). Sony’s customers felt that the company had abused an interest related to property but distinct: they thought their privacy had been invaded.

The ambiguity of their complaints should not surprise. Privacy resists easy description. Philosophers or jurists eager to champion privacy as a coherent interest have nonetheless struggled to define it; others, less friendly to the idea, have argued that any interest we might protect as private can be more usefully defended by appeal to other interests, such as property, without the inconvenience of creating a new right or providing a cloak for illicit behavior. And certainly, people use “privacy” to describe very various interests.

This general confusion about what constitutes privacy has been much exploited by companies and governments in recent years. Indeed, as Sony’s rootkit makes clear, much of our behavior in digital space is now potentially subject to observation, data collection, and coercion.

Yet privacy is real. There is a distinctive characteristic to all private experiences, although no one thing can be said to define privacy. But most of us recognize privacy when we experience it. Privacy is the space where we are free from interference. It is the neces-sary condition for intimacy, trust, and all contracts, including citizenship. And while the territory claimed for privacy will vary according to culture or historical circumstance, most feel aggrieved when we feel that territory shrink.

Sony’s rootkit was not a trivial irritation, of importance only to geeks. The harm computer users suffered was limited (perhaps because the rootkit was discovered), but the offense was actual and new. Sony’s customers objected on a point of principle: they believed they saw the chill expansion of corporate interests at the expense of privacy. They were right.

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

The Biggest Questions: What is death?

New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

How to fix the internet

If we want online discourse to improve, we need to move beyond the big platforms.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.