By Todd Martens and Brian Garrity
Complaints continue to mount regarding a controversial CD
copy-protection initiative by Sony BMG Music Entertainment.
Artists and consumers' initial concern was that the digital rights
management technology does not work with iPods. Now a growing number
of music fans charge that the security software behaves like spyware
and may create security vulnerabilities in users' computers.
The matter drew increased attention in technology circles October 31,
when software developer/computer security expert Mark Russinovich
began blogging the details of problems he experienced after using his
computer to play the copy-protected CD of "Get Right With the Man" by
Van Zant, a Southern rock act signed to Columbia Records.
Russinovich posted that Sony BMG's DRM drained resources from his
computer processor, even when the CD was not being played, and was
extraordinarily difficult to locate and uninstall. When he finally
deleted the software, his computer's CD player stopped working. "This
is a clear case of Sony taking DRM too far," he wrote.
Within 24 hours, online tech-news sites including SlashDot and CNet
had posted news about Russinovich's account. And by November 2, Sony
BMG had posted instructions on its own site (cp.sonybmg/xcp) for
removing the DRM.
IN SEARCH OF TRANSPARENCY
Copy-protection software is not actually spyware, of course. And
industry executives have long pointed to piracy rates in defense of
DRM measures. Consumers on average acquire almost 30 percent of their
music annually by burning and ripping CDs, according to the NPD Group.
But Russinovich and others complain that Sony BMG's latest DRM lacks
transparency -- and a simple uninstall option.
"The disclosure is totally inadequate," says Fred Von Lohmann, a
senior staff attorney with the Electronic Frontier Foundation. "I read
the (end-user license agreement), and it does not say they will
install software that hides itself and is difficult to uninstall. When
I read that someone is going to install software, I don't think it's
going to behave like spyware and try to evade me."
Sony BMG representatives declined to comment, but sources in the
company and the label's technology partners -- which include First 4
Internet and SunnComm -- say hiding software on computers is standard.
"Cloaking technology is reasonably commonplace," says Mathew Gilliat
Smith, CEO of First 4 Internet, a developer of copy-protection
technology. "This is a protection software, and the object is to make
it more difficult to circumvent."
But Russinovich says Sony's software may create a weakness for others
to exploit. "All it takes is one malware (malicious software) author
to get one of these CDs and see how it works and recognize it's on
millions of people's machines," Russinovich says. "The whole malware
industry is financially driven, and there are tons of smart people
paid to find those opportunities."
PATCHING THINGS UP
As part of their November 2 online update, Sony BMG and First 4
Internet released a patch to make the files visible and ensure that
malware writers cannot hide their own files behind the DRM
technology. The patch is also being distributed to manufacturers of
Gilliat Smith says First 4 Internet is looking for new installation
methods for its software, but did not provide specifics. SunnComm
executives say they have not had any problems with their technology.
In the meantime, a growing number of consumers and consumer advocates
are expressing frustration with the technology.
"I know this is the last copy-protected CD I will buy," Russinovich says.
"It strikes me as particularly pernicious," Von Lohmann adds, "to
single out paying customers for this kind of treatment."
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new