Corporate arrogance: Sony BMG Music
By Fairfax Posted in User Blogs — Comments (18) / Email this page » / Leave a comment »
In case you've been hiding under a rock you may have missed a great story on the corporate arrogance of Sony BMG Music Entertainment. Skipping ahead to the conclusion, don't even think about putting a Sony music CD in your Windows computer-- it's infected with spyware that will open huge security holes in your computer leaving you with few choices but to reformat your hard drive and reload everything.
Federal CIO's should issue a security advisory to prohibit the loading / playing of Sony music CDs on government PCs. Consumers should consider boycotting Sony BMG. Here is a brief rundown on what happened:
Sony BMG decided that Digital Rights Management (DRM) is something they should put on all of their music to stem the tide of piracy. Essentially, they don't want you to be able to play the music you purchased on multiple PCs (home and work for example). They also want to stop you from transferring the music from your Sony CD to the mp3 format. They don't want you to be able to listen to the CD music you purchased on your Zen or iPod. If you want to do that, you can pay (yet again) for the rights to download and listen to the songs on your portable mp3 player.
So, Sony BMG loads this spyware (masquerading as DRM software) on over 4.7 million of its music CDs for over 50 of its artists. The problem with the "rootkit" program is that it opens the door for virus & Trojan horse writers to "hide" completely undetected on all PCs that played Sony BMG music CDs. Besides this "XCP" rootkit, the Electronic Frontier Foundation has found that Sony has used another technology called, MediaMax, that together with the XCP rootkit has been installed on over 24 million Sony music CDs.
Besides the obvious technical incompetence of Sony BMG, consider the following illegal, unethical, corporate arrogance of this company.
The EFF maintains that,
The XCP and SunnComm technologies were unwittingly installed by millions of music customers when they used the Sony CDs in their Windows-based computers. Researchers found that the XCP technology was designed to include many of the qualities of a "rootkit." According to the EFF, the software was developed to conceal its presence and operation from the computer's owner. Once installed, the code degraded system performance, opened new security vulnerabilities, and installed updates through an Internet connection to Sony BMG's servers, EFF alleges.
The nature of a rootkit makes it extremely difficult to remove. That often leaves reformatting the computer's hard drive as the only solution. When Sony BMG offered a program to uninstall the XCP software, the installer reportedly opened even more security vulnerabilities in users' machines.
EFF argues that the MediaMax software installed on more than 20 million CDs is similarly problematic. It apparently installs files on the users' computers even if they click "no" on the End User License Agreement, and it allegedly does not include a means to fully uninstall the program.
In addition, EFF says the software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the tracking of listening habits--even though the license states that the software will not be used to collect personal information.
When users repeatedly requested an uninstaller for the MediaMax software, EFF maintains that they were eventually provided one, but only after they had provided more personal information. The group also asserts that security researchers have determined that SunnComm's uninstaller creates significant security risks for users, as the XCP uninstaller did.
If all this was not bad enough, Reuters reports that Sony BMG music has used open-source software illegally on its music CDs. Consider the irony: Sony to protect its IP, illegally uses and hides its own use of open-source code in its XCP software.
Open-source software, if used, needs to be identified as such, so that it can be freely shared with others. Developers on Slashdot.org and other Internet bulletin boards could not find an open-source reference in the copy-protection software.
If open-source software is tightly integrated into a single executable program, the whole application has to become open source software, even open source software such as LAME whose MP3 encoder is licensed under the more relaxed Lesser General Public License (LGPL), a lawyer said.
"That's the flipside of open source: If you don't respect the open-source rules, the old regime of copy protection comes back in full force," said attorney and Internet specialist Christiaan Alberdingk Thijm at law firm SOLV in the Netherlands.
There was LAME and other LGPL code in the program, and significant amounts were tightly integrated into the executable program, Saber Security said.
Therefore, a good lawyer could argue that the use of the open-source software on the 52 artists music CDs means that all the content (music) on the disks are free to the public to use and share. So in their effort to protect their music from piracy, Sony has inadvertently released the music into the public domain.
Folks, you just can't make this stuff up.
You were doing great, until the conclusion. Including GPL or LGPL code in the programs on the CD ONLY EFFECTS THOSE PROGRAMS. They do not effect copyright on the music. The effect on those programs is limited - the parts written by SONY/BMG will still be copyright by them, it's just that if they used GPL code they MUST release their source code or be in copyright violation. With LGPL code they MUST acknowledge the LPGL code, or be in copyright violation.
Quite frankly a lawyer would have to be an idiot to touch this - copyright law has a solid foundation, and you don't mess with it.
buying a new Sony release for the last week or so for this very reason. Which is too bad, because I always buy CDs of artists I like. The ironic thing is that Sony's actions have actually prodded me into downloading Limewire, so I can get the music without (or with less, anyway) security concern. Without this shadiness on Sony's part, I would have certainly continued to buy the CDs to support the artists.
I'm sure Sony will be facing a large class action suit, what irks me is the lack of criminal charges for a company literally sabotaging my property. If Sony snuck around putting wiretaps on everyone's phone (just to see what they might want to buy) they'd be sent to prison. How is it not illegal to do the same thing to one's computer?
I might have stretched it a bit with the "open to the public" concluding comment. Including GPL or LGPL code effects only those programs-- not the music on the CDs. Yet, the point still stands that Sony has shot itself (and its artists) in the foot with their DRM fiasco.
The Texas Attorney General Gregg Abbott on Nov 21, filed a lawsuit alleging that Sony BMG has violated the state's anti-spyware laws. Abbott is seeking fines of $100,000 per violation. New York Attorney General Elliot Spitzer is considering bringing charges against Sony. Earlier this year, Spitzer secured a $10 million settlement from Sony BMG for a "payola" scheme to get Sony's music more airtime on the radio.
With this the Christmas shopping season and with consumer outrage combined with a lack of inventory of non-spyware CDs, sales of Sony CDs are plummeting.
Meanwhile, the rootkit blunder continues to inspire consumer outrage and affect sales of artists who produced the affected CDs. The ranking of Van Zant's Get Right with the Man CD plummeted on Amazon.com's (AMZN ) bestseller list in the wake of Sony BMG snafu (see BW 11/22/05, "Sony's Escalating 'Spyware' Fiasco".
And when Sony BMG started pulling CDs, it didn't have enough replacements lined up, says Ross Schilling, of Van Zant's Nashville-based manager, Vector Management.
Sony BMG had promised the CD would be swapped out with non-rootkit CDs. Instead, the rootkit CDs simply were pulled, Schilling says. "It's obviously very bothersome," he says.
"HARMING THE ARTIST." That means Van Zant's CD and others were not on the shelves for the busiest shopping weekend of the year. Sony BMG has told Van Zant to expect a 50% to 80% decrease in sales when the new numbers come out on Nov. 30. That's in a week that should have seen a 50% to 80% increase in sales... Now that retailers are pulling the CD, there's potential for a 50,000- to 60,000-unit loss, Schilling says.
On top of that, Business Week reports that Apple Computer refuses to license its proprietary iPod software for any music that isn't downloaded directly from its iTunes music store.
As Sony BMG and other labels release more CDs with tracks that can't be dragged to iPods, artists are hearing from outraged fans. In response, some artists -- including Tim Foreman, guitarist for Switchfoot, whose Nothing Is Sound release was part of the Sony recall -- used a fan site to post instructions for disabling Sony content protections that prevent consumers from dragging tunes to their iPods. "We were horrified when we first heard about the new copy-protection policy," Foreman wrote in a Sept. 14 post first reported by Billboard magazine. "It is heartbreaking to see our blood, sweat, and tears over the past two years blurred by the confusion and frustration surrounding new technology."
A reasonable person could argue that Sony BMG acts more like an organized crime syndicate than a responsible corporation bent of serving the demands of its customers. Lost in all of this is the "fair use" right that was put in place by our founding fathers. It seems that the current generation of politicians are more interested in protecting the interests of <strike>organized crime syndicates</strike> corporations than guaranteeing the rights of its citizens to the "fair use" of copyrighted material.
Please read the slashdot article. bring up some interesting ideas.
http://politics.slashdot.org/politics/05/12/02/1524252.shtml?tid=126&ti
d=185&tid=219
There has been a request filed to allow an exemption to the Digital Millennium Copyright Act so they can circumvent Sony's copy protection. Certainly a good idea in this case. But the precedent of allowing government to decide on a case by case basis is a bit less desirable. This may be an issue to watch.
letting the government decide on a case by case basis is far less attractive.
SONY has certainly made a technical blunder and a marketing blunder.
It's become fashionable on the Left to demand that artists and programmers and anyone who produces non-physical products must sacrifice their property rights for the common good. But we cannot stiffle creativity by removing the rights and incentives of creative people.
For companies who market these products, its going to be a long road to find solutions to the piracy problem that are technically sound and acceptable to consumers.
You said: "It's become fashionable on the Left to demand that artists and programmers and anyone who produces non-physical products must sacrifice their property rights for the common good. But we cannot stiffle creativity by removing the rights and incentives of creative people."
Please understand that I do not advocate the theft of music specifically, or IP in general. My main thrust is that the "fair use" provision of the copyright law has been essentially gutted. The pendulum has swung far too much in favor of copyright holders to the detriment of the people. Real "fair use" of IP will not stifle the creativity and incentive to produce original works.
I believe that technical impediments are not the answer to copyright abuse. The answer lies in education and enforcement of the existing laws. The music and film industry have long complained about how VCR's and other technologies would be the 'death' of their respective industries. Their dire warnings proved to be completely wrong. The entertainment industry would make far more money in the long run if they gave the consumer what he wanted and trusted their customers to use the media in accordance with "fair use" precedents.
And just for the record, I'm certainly no lefty. :)
is a terrible piece of legislation, with so many unintended consequences that it promises to provide IP lawyers plenty of work for a long time.
I became convinced a long time ago that the entire concept of Intellectual Property is bogus. For starters, it lumps in copyright law, patent law, trademark law, and others into the same category; these areas all developed independently and confusing them only leads to non-obvious errors in logic. Furthermore, using the term 'property' for non-tangible objects such as ideas leads to further confusion-- if I give you something that's obviously property, like a book, you have the book and I don't; whereas if I tell you an idea of mine, I still have the idea, and telling it to you may in fact improve my idea, since you may think of something more that I didn't.
I intend to write up a diary about this at some point; I was very disappointed at the Supreme Court in Eldred v. Ashcroft a few years back, which to my mind was the Supreme Court saying "sure, the Constitution says that copyrights are for limited times, but the Congress gets to say what 'limited times' are, and if they make that effectively unlimited, then there's nothing we can do".
I've stopped buying any Sony products. Every one of their divisions seems to be completely brain dead.
Electronics for example. They always have to roll their own thing, incompatible with whatever standards are widely in use at the time. The quality of their products has also gone from being very good 25 years ago to as bad or worse than your average no name brand.
They are just extending the stupidity to all their divisions. So this did not surprise me at all. Neither did all the detailed records on their payola schemes that came out earlier this year.
But I've been convinced that the DMCA was bad law since before it was passed in 1999. I'm just surprised it hasn't been abused more than it has been.
Wasn't the DMCA run through to comply with WTO rules? It is a horrible law in any case.
It was like that tax bill a year or two ago--WTO said we had to start taxing something that we didn't tax in the past, and since Reps didn't want to raise taxes, they were going to offset that tax with tax cuts elsewhere. So far, fine. But then the lobbyists got a hold of it and produced a pretty bad piece of sausage.
DMCA was kind of like that--the "entertainment" and software industry lobbyists did all kinds of things with that bill, which was championed by Hollings.
Imagine bad legislation being selectively enforced as certain officals see fit. A lobbyists dream.
I found this on the Sony website. If you are not happy with their business practices, you can let them know. Perhaps if they receive enough negative feedback they will modify their corporate behaviour.
the following is a link to Sony Music Feedback page:
http://www.sonymusic.net/sony/feedback.cgi
AND
here are som sony email addresses.
General Comments: SonyMusicOnline@sonymusic.com
Website Technical Problem: SonyMusicOnline@sonymusic.com
Columbia Records: feedback@columbiarecords.com
Epic Records: feedback@epicrecords.com
Legacy Recordings: LegacyOnline@sonymusic.com
Sony Music Nashville: SonyMusicOnline@sonymusic.com
Sony Classical: feedback@sonyclassical.com
Sony Wonder: SonyWonder@sonymusic.com
Sony Music Store: SMFCustomer_Services@sonymusic.com
Sony Music Custom Marketing: smsp@sonymusic.com
Unfortunately, this kind of thing is becoming more common, not less. Copyright has been extended repeatedly so that nothing enters the public domain any more, the Digital Millenium Copyright Act (DMCA) makes fair use impossible except what the publishing company deigns to allow you, and computer software comes with insanely burdensome Extended User License Agreements (EULAs) that in some cases try to restrict your freedom of speech so that you can't say anything unfavorable about the product without their permission.
But hopefully, shining light on these practices will make these cockroaches in suits scatter.