What do Sony and a straw have in common?

by Michael S. Kaplan, published on 2005/11/02 10:06 -08:00, original URI: http://blogs.msdn.com/michkap/archive/2005/11/02/488282.aspx

Well, if you use either one of them, significant suckage can occur.

Rootkits? Don't ever install the crap they put on CDs and DVDs (I tried not to, anyway).

(From Mark Russinovich)

# tzagotta on Wednesday, November 02, 2005 1:18 PM:

Overly agressive DRM, regardless of the company involved, sucks. I think these companies have fogotten the copyright principle of "like a book." If I buy some content, I should be able to use it how I want, when I want, and where I want.

# Mihai on Wednesday, November 02, 2005 4:15 PM:

I think the "like a book" principle was dropped in the software world a long time ago.
Even if there are no technical restrictions, the licenses for most applications
don't allow you to install on more than one system.
I don't like it, but this is the way it is.

I have no problem with Sony's protected CDs.
I have stopped buying music CDs after the first wave of RIAA lawsuits. I have all the music I wanted (old stuff). Most of the new one I can live without.
Now I only buy CDs produced by small companies, independently produced by the artist and such.

# Gabe on Wednesday, November 02, 2005 5:09 PM:

While I agree that installing this software constitutes some form of fraud, tresspassing, theft of service, or whatever, and that it is probably grounds for some sort of class-action lawsuit, it seems that it is a bit unreasonable to blame it on Sony.

It appears that Sony is merely using the XCP product (http://www.xcp-aurora.com/) from First 4 Internet, aimed at record labels in general. Sony didn't go and write a rootkit, F4i did. This means that there are probably many more labels out there selling infected CDs. Beware of ANY copy-protected CD.

# Nick Lamb on Wednesday, November 02, 2005 5:12 PM:

That principle is basically the Doctrine of First Purchase. In times past courts held up as reasonable assumption that if I buy a food mixer it is not the right of the manufacturer, seller or any other third party to decide how I use or dispose of the mixer. The people as a whole of course have an interest, but they invoke it through the government and its agents, (e.g. the police and courts will intervene if I use the food mixer to kill someone).

This doctrine annoyed publishers because it meant that instead of forcing everyone who wanted to read a novel to buy their own copy people could legally lend books to each other, or even buy second hands books. Publishers tried to stop this with lawsuits, even arrests claiming "theft". But the courts held their ground. However in most countries when recorded music became popular the new rights holders were able to lobby for "better protection" ie arbitrary restrictions on civil liberties for corporate gain. Their new rules were subsequently applied to other media like moving pictures, and were further extended for more novel inventions like computer software.

The idea that it's possible for you to "infringe" the rights of a company that sold you something just by using it is today enshrined in law. It is an unjust law which serves an influential minority, just like the segregationist laws. If we permit injustice by excusing it as convenient, or just because it is to our personal benefit then we have no ethical standing to ask for any protection under the law. Most of the people reading this blog are part of the problem.

# Dean Harding on Wednesday, November 02, 2005 5:28 PM:

The difference between a book and a CD is that it's fairly difficult to make copies of a book, while it's pretty trivial to make a copy of a CD. So while I believe lending someone a CD should be fine, making a copy of one for them is probably going a bit far.

On the other hand, what that CD does is abhorrent. Whether it's Sony's fault or not doesn't matter - though I'm inclined to say it *is* their fault, whether they wrote the software or not, they should know what their CDs do to your computer and they should take responsibility for it.

Right now, I am proud to say that I download my music for free off the internet. To me, that's a far lesser evil than what Sony does to people who try to legitimately buy their product. And when my only choices are to buy it or download it (well, or not listen to it at all but from Sony's point of view, that would be the same as downloading it), then I'm going to download.

Sue me, Sony. I dare you!

# Maurits on Wednesday, November 02, 2005 5:59 PM:

The beauty of digital data is it is infinitely reproducible. This makes it hard to license per-user.

I suppose one method would be for people to set up their own private key when they register for things like iTunes or MSN Music.

Then when they download the file, it could be pre-encrypted to the customer's private key. That way a hacker wouldn't be able to listen to the music even if they were able to steal it... unless they were able to steal the private key, too.

In which case, the user should report the theft of their private key to the music store, and generate a new private key... with the ability to re-download everything they had previously purchased.

# Jonas Grumby on Wednesday, November 02, 2005 6:16 PM:


I think your solution doesn't solve any problem. Who is worried about protecting the music they bought from "hackers"? Why does iTunes have to get involved if you want to use PKC?

# Hypocrite Alert on Wednesday, November 02, 2005 6:31 PM:

Can anyone else spot the blatant hypocrisy?

"Trustworthy computing" aka DRM up the wazoo (FUD'd by including it with 'security' even though it's almost entirely about anticompetition) is one of MSFT's big things.

You're going to have DRM in the platform beyond belief. Nice HDTV monitor? Oops, has an analog hole, can't use it.

You might be kind enough to tell people about it first (although from your historical record, probably not). But it still sucks.

DRM JUST DOESN'T WORK when it comes to multimedia. It might be nice for Office documents etc, where the environment is more controlled and the people who own the computers actually want it. But for music/video it's trivial to get around it, and even if it's not, once one decent copy is out the whole project is pointless.

Glad to see that this offends you though. DRM is teh suck.

# Hypocrite alert on Wednesday, November 02, 2005 6:34 PM:

Oh, and you say that YOU don't use the 'software' bit of the CD or DVD.

How about enabling ordinary lusers do the same by actually exposing the audio part of the CD instead of the crappy 'limited' stuff by default? Autorun with bad defaults is also teh suck, and the problem is that with your company's ridiculously onerous stance on "IP" rights where you only punish the honest with Genuine Disadvantage, you can't do what's right for your customers.

# Michael S. Kaplan on Wednesday, November 02, 2005 7:19 PM:

I don't tend to feel much need to respond in detail to people who are that anonymous, sorry. If you come out of the shadows then we'll see....

# Maurits on Wednesday, November 02, 2005 7:33 PM:

> Who is worried about protecting the music they bought from "hackers"?

Um, the people who sold it to you, for one.

Q: How would you feel if:

You had just spent several million dollars to make a movie
You gave a pre-release copy to five or six reviewers so they could write up some reviews
One of the reviewer's computers was hacked
His copy of the movie was leaked to the internet and downloaded by thousands of potential customers?

A: You'd be a little upset.

# Dean Harding on Wednesday, November 02, 2005 7:43 PM:

> One of the reviewer's computers was hacked

That's generally not how pre-release copies are leaked... it's usually the person you gave it to who makes the copy themselves.

# Maurits on Wednesday, November 02, 2005 7:56 PM:

Shame on them, then. :)

That's where those steganographic tags come in handy...

"Boss, I downloaded this copy of our movie off the internet!"

"Hmmm... this is the copy we gave to Joe Smith at Moves-R-Us... Fire up the Lawsuit-O-Matic!"

# Jonas Grumby on Thursday, November 03, 2005 12:30 PM:

>> Who is worried about protecting the music they bought from "hackers"?

> Um, the people who sold it to you, for one.

The sellers are not the buyers, of course.

> Q: How would you feel if: [...]
> A: You'd be a little upset.

Sure. But the solution you propose does nothing to remedy this. PK will make sure that it gets where it's going. The user has to decrypt to use, and there's no incentive for him to store it in its encrypted form (as it's not immediately usable and loss of the key = loss of the content). Also, he wants to use the content on "unblessed" platforms (read: Linux). What you're describing isn't too unlike CSS, and see how well that prevented DVD piracy?
The burden has to be borne by the party that is concerned with the risk. The things you are suggesting place the burden on the user with *disincentives* for him to act in the way you would like him to.

# Mike on Thursday, November 03, 2005 1:14 PM:

I can't believe somebody is suggesting Sony is not at fault. They shipped the rootkit, presumably purposely, of course they're at fault. The fact that they didn't write it in the first place is irrelevant.

That's like saying hiring somebody to kill for you is ok because you're not the one that actually pulled the trigger.

# Gabe on Tuesday, November 08, 2005 9:45 AM:

I'm not saying that it's not Sony's fault that the rootkit ended up on their CDs, I'm saying that we shouldn't be blaming Sony for writing a rootkit. Sony isn't the only company trying to sell us copy-protected CDs, and since they didn't write it, they're not the only company shipping that rootkit.

People often fault Microsoft for writing buggy, insecure, bloated programs. In fact, I often find myself muttering such thoughts to myself. Unfortunately, I sometimes end up using software that MS did not write, and then I realize how good most of Microsoft's software is compared to the crap out there. Have you had to use Acrobat Reader lately?

Bitching about Sony's rootkit is like bitching about MS's software quality -- it's an INDUSTRY problem, of which Sony is just an example.

# Michael S. Kaplan on Tuesday, November 08, 2005 10:39 AM:

If you look at the later post from Mark, it is clear that they are knowingly violating a great deal of their own claims about privacy in the process here. I do not see what Sony is doing now as indicative of a company trying to be more open and honest....

Please consider a donation to keep this archive running, maintained and free of advertising.
Donate €20 or more to receive an offline copy of the whole archive including all images.

referenced by

2005/11/14 Rookit begone, foul tempter!

2005/11/05 Sony uses up a few of MSLU's 15 minutes of fame

go to newer or older post, or back to index or month or day