A View from Wade Roush

Rooting Out Sony's Rootkit

Why you should care about the decade’s worst digital rights management debacle.

  • May 18, 2006

My feature story “Inside the Spyware Scandal” – published this week in TR’s print magazine and here on our website – asks how the world’s second-largest record label, Sony BMG, became one of the world’s largest distributors of malware.

Fifty-two Sony BMG CDs released last year carried the notice “Content Enhanced & Protected.” The main “enhancement”: a proprietary player program that restricted owners of the CDs to ripping and burning no more than three digital copies of the music. (Those copies were “sterile,” meaning they couldn’t be copied again, and they were in Windows Media format, meaning they couldn’t be played on the most popular mobile music player, the iPod.)

The player software, which users had to install in order to listen to the CDs, secretly placed a hacker tool called a “rootkit” on users’ hard drives as a way of cloaking key elements of the copy-protection system against prying eyes and tampering.

The cloaking technique was highly effective. In fact, it was too clever by half. The problem – which went unnoticed by Sony BMG or anyone else for 10 months – was that a rootkit amounts to a haven for anything hackers might want to hide, such as viruses, worms, and Trojan horse programs.

Other software on the CDs transmitted a computer’s Internet address to Sony BMG whenever a user loaded a disc. Once security experts discovered the rootkit and the “phone home” behavior – and exactly how that mystery unfolded is the core of my story – consumers who had bought the CDs were understandably outraged by what they saw as an invasion of their privacy and property. So were advocates of freedom of information in the digital world, such as the indefatigable attorneys at the Electronic Frontier Foundation.

But why should you care about Sony BMG’s blunder? 

* Because when you buy music on a CD, you expect to be able to listen to it wherever you like.

* Because when you install software on your computer, you expect it to behave politely, not invite viruses and worms and Trojan horses to take over your machine and infect others’.

* Because you probably don’t want that same software reporting your Internet address to the recording studio every time you listen to a CD on your computer.

* Because you benefit from the free flow of ideas bolstered by the “fair use” provisions of U.S. copyright law.

* Because you believe in a thriving culture industry – and you don’t want to see the mutually profitable exchange of great content between creators and consumers slowed by a coagulation of ill-conceived digital rights management technologies.

If you’re concerned about the future of art and literature in the digital age, I urge you to read my piece and leave your comments – and to think twice before buying your next “Enhanced & Protected” CD.

More discussion to come.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly magazine delivery and unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look: exclusive early access to important stories, before they’re available to anyone else

    Insider Conversations: listen in on in-depth calls between our editors and today’s thought leaders

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.