Letter from the Editor

Rootkits Cross the Line

When a company trespasses upon its customers’ privacy, it should expect outrage.

  • This letter appeared in the May/June 2006 issue.
  • by Jason Pontin
  • May 1, 2006

Last year, anonymous executives at Sony BMG Music Entertainment blundered. They hid a “rootkit” on around two million compact discs.

As senior editor Wade Roush explains in this month’s cover story, “Inside the Spyware Scandal,” rootkits are a kind of software more often exploited by mischievous hackers than by multinational media companies: a rootkit is capable of exposing an operating system’s core functions to worms, viruses, or other programs, without anyone knowing about the subterfuge. In this case, computer users were asked to launch a Sony music player when they tried to play a Sony CD; if they did, they unwittingly downloaded a rootkit intended to hide components of a digital rights management (DRM) program. The DRM program also secretly contacted Sony every time a user played copy-protected music.

Sony’s executives thought they were within their rights: they wanted to discourage piracy. But when security experts discovered the rootkit and blogged about it, a scandal followed. Many computer users said they felt “violated.” According to John Guarino, the computer consultant who first identified the rootkit, “It’s total lawlessness, and it’s unacceptable.”

This story is part of our May/June 2006 Issue
See the rest of the issue
Subscribe

Why were computer users so angry? In explaining themselves, most seemed to fret about trespasses upon their private property. But the complaints were much more heated than any damage to users’ computers warranted (until Sony provided an uninstall program, removing the rootkit disabled users’ CD-ROM drives). Sony’s customers felt that the company had abused an interest related to property but distinct: they thought their privacy had been invaded.

The ambiguity of their complaints should not surprise. Privacy resists easy description. Philosophers or jurists eager to champion privacy as a coherent interest have nonetheless struggled to define it; others, less friendly to the idea, have argued that any interest we might protect as private can be more usefully defended by appeal to other interests, such as property, without the inconvenience of creating a new right or providing a cloak for illicit behavior. And certainly, people use “privacy” to describe very various interests.

This general confusion about what constitutes privacy has been much exploited by companies and governments in recent years. Indeed, as Sony’s rootkit makes clear, much of our behavior in digital space is now potentially subject to observation, data collection, and coercion.

Yet privacy is real. There is a distinctive characteristic to all private experiences, although no one thing can be said to define privacy. But most of us recognize privacy when we experience it. Privacy is the space where we are free from interference. It is the neces-sary condition for intimacy, trust, and all contracts, including citizenship. And while the territory claimed for privacy will vary according to culture or historical circumstance, most feel aggrieved when we feel that territory shrink.

Sony’s rootkit was not a trivial irritation, of importance only to geeks. The harm computer users suffered was limited (perhaps because the rootkit was discovered), but the offense was actual and new. Sony’s customers objected on a point of principle: they believed they saw the chill expansion of corporate interests at the expense of privacy. They were right.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.
Subscribe today

Uh oh–you've read all five of your free articles for this month.

Insider Premium

$179.95/yr US PRICE

More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Premium.

  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

You've read of free articles this month.