Skip to Content

Rootkits Cross the Line

When a company trespasses upon its customers’ privacy, it should expect outrage.

Last year, anonymous executives at Sony BMG Music Entertainment blundered. They hid a “rootkit” on around two million compact discs.

As senior editor Wade Roush explains in this month’s cover story, “Inside the Spyware Scandal,” rootkits are a kind of software more often exploited by mischievous hackers than by multinational media companies: a rootkit is capable of exposing an operating system’s core functions to worms, viruses, or other programs, without anyone knowing about the subterfuge. In this case, computer users were asked to launch a Sony music player when they tried to play a Sony CD; if they did, they unwittingly downloaded a rootkit intended to hide components of a digital rights management (DRM) program. The DRM program also secretly contacted Sony every time a user played copy-protected music.

Sony’s executives thought they were within their rights: they wanted to discourage piracy. But when security experts discovered the rootkit and blogged about it, a scandal followed. Many computer users said they felt “violated.” According to John Guarino, the computer consultant who first identified the rootkit, “It’s total lawlessness, and it’s unacceptable.”

Why were computer users so angry? In explaining themselves, most seemed to fret about trespasses upon their private property. But the complaints were much more heated than any damage to users’ computers warranted (until Sony provided an uninstall program, removing the rootkit disabled users’ CD-ROM drives). Sony’s customers felt that the company had abused an interest related to property but distinct: they thought their privacy had been invaded.

The ambiguity of their complaints should not surprise. Privacy resists easy description. Philosophers or jurists eager to champion privacy as a coherent interest have nonetheless struggled to define it; others, less friendly to the idea, have argued that any interest we might protect as private can be more usefully defended by appeal to other interests, such as property, without the inconvenience of creating a new right or providing a cloak for illicit behavior. And certainly, people use “privacy” to describe very various interests.

This general confusion about what constitutes privacy has been much exploited by companies and governments in recent years. Indeed, as Sony’s rootkit makes clear, much of our behavior in digital space is now potentially subject to observation, data collection, and coercion.

Yet privacy is real. There is a distinctive characteristic to all private experiences, although no one thing can be said to define privacy. But most of us recognize privacy when we experience it. Privacy is the space where we are free from interference. It is the neces-sary condition for intimacy, trust, and all contracts, including citizenship. And while the territory claimed for privacy will vary according to culture or historical circumstance, most feel aggrieved when we feel that territory shrink.

Sony’s rootkit was not a trivial irritation, of importance only to geeks. The harm computer users suffered was limited (perhaps because the rootkit was discovered), but the offense was actual and new. Sony’s customers objected on a point of principle: they believed they saw the chill expansion of corporate interests at the expense of privacy. They were right.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.