Skip to Content

Rootkits Cross the Line

When a company trespasses upon its customers’ privacy, it should expect outrage.

Last year, anonymous executives at Sony BMG Music Entertainment blundered. They hid a “rootkit” on around two million compact discs.

As senior editor Wade Roush explains in this month’s cover story, “Inside the Spyware Scandal,” rootkits are a kind of software more often exploited by mischievous hackers than by multinational media companies: a rootkit is capable of exposing an operating system’s core functions to worms, viruses, or other programs, without anyone knowing about the subterfuge. In this case, computer users were asked to launch a Sony music player when they tried to play a Sony CD; if they did, they unwittingly downloaded a rootkit intended to hide components of a digital rights management (DRM) program. The DRM program also secretly contacted Sony every time a user played copy-protected music.

Sony’s executives thought they were within their rights: they wanted to discourage piracy. But when security experts discovered the rootkit and blogged about it, a scandal followed. Many computer users said they felt “violated.” According to John Guarino, the computer consultant who first identified the rootkit, “It’s total lawlessness, and it’s unacceptable.”

Why were computer users so angry? In explaining themselves, most seemed to fret about trespasses upon their private property. But the complaints were much more heated than any damage to users’ computers warranted (until Sony provided an uninstall program, removing the rootkit disabled users’ CD-ROM drives). Sony’s customers felt that the company had abused an interest related to property but distinct: they thought their privacy had been invaded.

The ambiguity of their complaints should not surprise. Privacy resists easy description. Philosophers or jurists eager to champion privacy as a coherent interest have nonetheless struggled to define it; others, less friendly to the idea, have argued that any interest we might protect as private can be more usefully defended by appeal to other interests, such as property, without the inconvenience of creating a new right or providing a cloak for illicit behavior. And certainly, people use “privacy” to describe very various interests.

This general confusion about what constitutes privacy has been much exploited by companies and governments in recent years. Indeed, as Sony’s rootkit makes clear, much of our behavior in digital space is now potentially subject to observation, data collection, and coercion.

Yet privacy is real. There is a distinctive characteristic to all private experiences, although no one thing can be said to define privacy. But most of us recognize privacy when we experience it. Privacy is the space where we are free from interference. It is the neces-sary condition for intimacy, trust, and all contracts, including citizenship. And while the territory claimed for privacy will vary according to culture or historical circumstance, most feel aggrieved when we feel that territory shrink.

Sony’s rootkit was not a trivial irritation, of importance only to geeks. The harm computer users suffered was limited (perhaps because the rootkit was discovered), but the offense was actual and new. Sony’s customers objected on a point of principle: they believed they saw the chill expansion of corporate interests at the expense of privacy. They were right.

Keep Reading

Most Popular

mouse engineered to grow human hair
mouse engineered to grow human hair

Going bald? Lab-grown hair cells could be on the way

These biotech companies are reprogramming cells to treat baldness, but it’s still early days.

tonga eruption
tonga eruption

Tonga’s volcano blast cut it off from the world. Here’s what it will take to get it reconnected.

The world is anxiously awaiting news from the island—but on top of the physical destruction, the eruption has disconnected it from the internet.

conceptual illustration showing various women's faces being scanned
conceptual illustration showing various women's faces being scanned

A horrifying new AI app swaps women into porn videos with a click

Deepfake researchers have long feared the day this would arrive.

seeing is believing concept
seeing is believing concept

Our brains exist in a state of “controlled hallucination”

Three new books lay bare the weirdness of how our brains process the world around us.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.