Rooting Out Sony’s Rootkit
My feature story “Inside the Spyware Scandal” – published this week in TR’s print magazine and here on our website – asks how the world’s second-largest record label, Sony BMG, became one of the world’s largest distributors of malware.
Fifty-two Sony BMG CDs released last year carried the notice “Content Enhanced & Protected.” The main “enhancement”: a proprietary player program that restricted owners of the CDs to ripping and burning no more than three digital copies of the music. (Those copies were “sterile,” meaning they couldn’t be copied again, and they were in Windows Media format, meaning they couldn’t be played on the most popular mobile music player, the iPod.)
The player software, which users had to install in order to listen to the CDs, secretly placed a hacker tool called a “rootkit” on users’ hard drives as a way of cloaking key elements of the copy-protection system against prying eyes and tampering.
The cloaking technique was highly effective. In fact, it was too clever by half. The problem – which went unnoticed by Sony BMG or anyone else for 10 months – was that a rootkit amounts to a haven for anything hackers might want to hide, such as viruses, worms, and Trojan horse programs.
Other software on the CDs transmitted a computer’s Internet address to Sony BMG whenever a user loaded a disc. Once security experts discovered the rootkit and the “phone home” behavior – and exactly how that mystery unfolded is the core of my story – consumers who had bought the CDs were understandably outraged by what they saw as an invasion of their privacy and property. So were advocates of freedom of information in the digital world, such as the indefatigable attorneys at the Electronic Frontier Foundation.
But why should you care about Sony BMG’s blunder?
* Because when you buy music on a CD, you expect to be able to listen to it wherever you like.
* Because when you install software on your computer, you expect it to behave politely, not invite viruses and worms and Trojan horses to take over your machine and infect others’.
* Because you probably don’t want that same software reporting your Internet address to the recording studio every time you listen to a CD on your computer.
* Because you benefit from the free flow of ideas bolstered by the “fair use” provisions of U.S. copyright law.
* Because you believe in a thriving culture industry – and you don’t want to see the mutually profitable exchange of great content between creators and consumers slowed by a coagulation of ill-conceived digital rights management technologies.
If you’re concerned about the future of art and literature in the digital age, I urge you to read my piece and leave your comments – and to think twice before buying your next “Enhanced & Protected” CD.
More discussion to come.
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.