Mark Russinovich recently revealed in a Sysinternals blog entry titled
Sony, Rootkits And Digital Rights Management Gone Too Far
that Sony, in league with software developer,
First 4 Internet, has created music CDs that contain digital rights management software that poses a security risk for Windows users. Specifically, when you attempt to play one of Sony’s copy-protected discs on a Windows PC, the CD installs a
—a collection of tools that enable administrator-level access to the computer’s operating system. Rootkits are typically created by hackers who wish to exploit a Windows vulnerability or crack a password. This particular rootkit is cloaked, so that it’s nearly impossible to detect, and while not intended for malicious purposes, offers yet another avenue for savvy hackers to introduce viruses and malware into a Windows box.
As you might imagine, when revealed, consumers were less than thrilled with the existence of this undocumented “feature.”
Following Sony’s reluctance to join the Japanese and Australian iTunes Music Stores and its failed attempt to sell music players that supported only the company’s proprietary music encoding format, it would be easy enough to chalk up this latest imbroglio to Sony’s digital-music death wish. Short of grinding up Barbra Streisand CDs and force-feeding them to puppies, could Sony do more to tarnish its reputation?
Sony’s latest mistep hints to me that it’s time for an adult to step in. Specifically, a governing body (a kinder and gentler form of the RIAA, for example) that sits down with the heads of the major and minor record companies and comes up with guidelines that spell out what are and are not appropriate measures to take to protect intellectual property. For example, “Shut down websites that distribute illegal copies of the latest U2 album” might appear in the Good Idea column while “Toss a 12-year-old into the hoosegow for emailing an MP3 copy of ‘My Humps’ to her girlfriend” would likely make the Poor PR Opportunity list. Such a body might give Apple a thumbs up for a DRM scheme that allows you to play purchased music just about anywhere while issuing a heartfelt slap to any company whose DRM has the potential to destroy a customer’s computer.
Technical issues aside, such guidelines, if presented properly to the public, could be a tool to help combat music piracy.
Just about anyone can figure out how to glom onto illegal music given a computer, a broadband connection, and the wherewithal to perform a Google search. With technical barriers largely removed, music piracy becomes an issue of attitude, with pirates (and potential pirates) breaking out by the degree to which they’re willing to take something they have no right to own.
On one end of the spectrum you find those who either don’t get it—they’ve been stealing music forever and don’t understand that music is the fruit of someone’s labor—or don’t care—perversely twisting the notion of Fair Use to justify burning 25 copies of the latest Kanye West album to pass out to their friends at work. On the other end are people who would shun the newsgroup copy of the Beatles’
even though they’ve already paid for vinyl, 8-track, cassette, and CD versions of the album.
Somewhere in the middle are consumers who obtain most of their music legally because they understand that artists deserve to be paid and—however unsavory some of their practices may be—music labels need to make money to keep the music machine moving. It’s this group that the music industry should be concerned about. Treat these people like criminals, slip a bit of software onto their computers without notice (and possibly screw up their computers in the process), and generally make being an honest consumer more difficult, and you’re going to push a portion of them to the dark side.
Conversely, adopt an attitude that promotes purchasing music as the right thing to do and create reasonable DRM schemes that don’t criminalize consumers (and fully inform those consumers of their existence), and you may get back on the good foot with your customers.