Article Recounts Sony's Rootkit Debacle In Detail

Remember Sony’s cringe-inducing copy protection scheme a couple of years ago, where they secretly installed rootkits on millions of customers’ PCs and then pretended it was no big deal? (“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” — Thomas Hesse, Sony BMG’s President of Global Digital Business.) There’s a new article (PDF) about to be published in the Berkely Technology Law Journal called “The Magnificence of the Disaster: Reconstructiong the Sony BMG Rootkit Incident.” It’s a very detailed and entertaining read that examines the conditions that led Sony BMG “toward a strategy that in retrospect appears obviously and fundamentally misguided.”

The authors, Dierdre Mulligan and Aaron Perzanowski, point out that unless Sony deliberately tried to harm its customers, it neglected to properly evaluate its third-party DRM solutions before releasing them to the public—or else it would have been aware of the programs’ potential for damage. From pages 1179-80:

Prior to inking the deal to provide XCP to Sony BMG, First4Internet’s business focused on content filtering, particularly the automated recognition of pornographic images. Aside from an earlier revision on XCP used by a number of labels on a smattering of pre-release CDs, First4Internet had no apparent expertise or experience in content
protection software.

SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services. After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers, the company purchased a 3.5″ floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.

Their authors propose improving consumer protection at the PC level—the FTC “could develop best practices and regulations regarding the installation of software and the collection and transmission of information about users, their computers, and their actions,” and Congress could alter the Digital Millennium Copyright Act (DMCA) “to enable security research and the dissemination of tools to remove harmful protection measures.”

“The Magnificence of the Disaster: Reconstructiong the Sony BMG Rootkit Incident” (PDF) [Berkely Technology Law Journal via BoingBoing]

“Universal Music CEO: Record industry can’t tell when geeks are lying to us about technology”
Consumerist posts on the Sony Rootkit debacle
(Photo: Getty)


Edit Your Comment

  1. Geekybiker says:

    Yah, I’m still wary about putting anything made by sony anywhere near my pc.

  2. Buran says:

    @Geekybiker: I’ll take that and raise you “I don’t let anything Sony into my house”.

  3. Adam Hyland says:

    were the hell is the picture for this article from? Some Japanese stock photo gallery?

    also, color me unsurprised that a law forbidding the circumvention of copyright produced an incentive to create malicious monitoring systems and weak encryption systems.

    I’m not a lawyer, but I am pretty surprised that the anti-circumvention portion has lasted this long (even witht he period exceptions made) without being overturned. Does anyone know why it is legally sound?

  4. Parting says:

    Bull@#%t, any rootkit is a bad news for my PC.

    Good that I have good antivirus and anti-rootkit software. No Sony CD will come close to my PC.

  5. Bay State Darren says:

    I remember they snuck this shit onto Velvet Revolver’s Contraband. I had just gotten my first iPod and was pissed that I couldn’t keep this one CD [of the few I was still legally paying for] with the rest of my music collection. I was pissed, and this essentially ended my willingness to pay for music ever again [although I did buy CD’s yesterday, and only remembered on the way home I don’t currently own a working CD player!).

    Sony’s attitude was, in my interpretation, “You still own the music, but only in terms with the micro-type on the back of the sleeve.” I suppose that pre-computer technology logic still technically worked -that is until my entire CD and DVD collection was stolen! That was the only music I did not get to keep any copies of. By Sony’s codification, does that mean the license to own and listen to Contraband transferred to the thief? Either way, Since I never got to rip it, I still lost what I paid for. Thanks Sony! You and the rest of your archaic, consumer-hating industry can pretty much kiss my ass goodbye!

  6. I used to really like Sony stuff.. my older 27″ WEGA tv has and still is serving me well, but I’ll be damned if I buy one of their artists’ cds and put it in my computer. Crap like this makes me hold of buying a lot of new releases software and music wide until things come to light.

  7. Buran says:

    @rainmkr: I have heard that Sony HDTVs will do closed captions over component video (my current one does not, so I will need to replace it at some point) but I hate Sony so much for trying to destroy peoples’ property that I won’t even consider theirs as a replacement.

  8. clocker says:

    My, how far we’ve come.
    Used to be, the only dangerous things in music were the backwards Satanic messages.

  9. LatherRinseRepeat says:

    Oh please, stop with the “I’m never buying Sony again” act. Sadly, Sony is more than one company operating under one name. It was the music division that implemented the root kit junk. So it’s perfectly safe to buy that Sony TV you’ve been lusting; it won’t infect your computer if you put in the same room. :rolleyes:

    But here’s some general advice..

    – If ANY audio CD or even a DVD comes with special bonus features that require you to install something on your computer, don’t do it! From my observations, CD and DVD producers find the lowest bid programmers to create these lame bonus features for your computer. Often times, they’re full of bugs and will crash your computer.

    Disable auto-run on your computer. Do it now.

    – If you have a spare computer that you don’t use anymore, don’t trash it. Use it as a test machine for “questionable” software.

  10. mac-phisto says:

    @Buran: good luck with that. the closed captioning may work, but you may run into an issue with media playback b/c of HDCP.

  11. Adam Hyland says:



    It’s Sony’s fault that they are screwing over the rest of their divisions in order to satisfy the messed up needs of their music division.

    I’m not refusing to buy Sony products because I somehow thing that they are equally malicious, but because I feel their actions merit some response on a broader scale.

    Also, LOL @ the notion that disabling auto-run fixes these problems.

  12. clevershark says:

    @LatherRinseRepeat: “Oh please, stop with the “I’m never buying Sony again” act.”

    I got news for you kid, it’s not an act.

  13. Buran says:

    @mac-phisto: I have a DVD player that upsamples over component, the TV can upsample (most can), and my Tivo series 3 uses the HDMI port and has an internal CC decoder that dumps the captions into the video stream on its side and doesn’t rely on the TV to do it.

    I am not buying that crap called Blu-Ray or HD-DVD until they realize that getting into these stupid arguments does nothing but make people buy regular DVDs, thus denying them profits. You would think that businesses that want profit would try to maximise profit, but they are not doing that very well.

    And I don’t care about copy protection, either. If I have to work around it to be able to view captions, I’ll do that. Or I’ll stick with standard DVD if that’s what it takes — thus denying even more profit.

  14. Buran says:

    @LatherRinseRepeat: If you think it’s an “act”, you’ve got another think coming. Thanks for assuming I’m a liar for daring to stand up for what’s right.

  15. Techguy1138 says:

    Sony really really took a bad beating over this.

    Sony is a global company with many divisions and they all say Sony. When one division messes up it damages the reputation of the others.

    The best thing Sony could have done is drop the “Sony” from the name SONY/BMG.

    See that is the thing, given the stature of Sony no one even notices that BMG is attached. I even think they they are the ones that call the shots.

    People are REALLY pissed and they will take it out on Sony for decades to come.

  16. Bay State Darren says:

    Quoth Sony asshole: “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”

    Most people don’t know what a Candiru is, but i think they’d care if it got into their system! [I betcha this poor excuse for a spin doctor doesn’t know what it is either…]

  17. spinachdip says:

    @Techguy1138: As a point of comparison, I imagine not many people here would boycott General Electrics products even though Universal has to be about the least consumer-friendly entertainment conglomerate around, e.g. NBC refused to renew with iTunes partly because iPods are filled with pirated materials OMG, while Universal Music is responsible for the anti-piracy tax attached to every Zune sold.

    I, for one, stopped buying GE products, not so much because of their ties to Universal, but because I’ve had really bad experience with their cordless phones and fighter jets.

  18. revmatty says:

    @LatherRinseRepeat: A more important point is that the quality of Sony electronics has dropped precipitously over the past decade. They used to be THE number one name in home theater and high end consumer electronics. Now I won’t even consider them because the quality just isn’t there. I can get a much nicer unit from Samsung for a lot less money.

  19. Fist-o™ says:


    I’m not sure, but I think all the photos that they use here at are either created by gawker media, or from users that upload to the gawker media flickr pool… I could be wrong though.

  20. mac-phisto says:

    @LatherRinseRepeat: act? i haven’t bought a sony product since 1992. haha!

    they lost me well before this DRM nonsense – their walkmans were crap. 6 walkmans (walkmen?) all broke in half as many years; i bought 1 panasonic personal cassette player & it lasted me a decade (& then i lost it…probably still in use somewhere).

    & even though sony/bmg is pushing the music side of this, sony is obviously infected with DRM-craze. they want it embedded in their media AND their media players – everything from blu-ray to bravia.

  21. Munsoned says:

    @spinachdip: I haven’t had any problems with the phones or jets. My problem with GE is their locomotives. I will NEVER buy another GE product after their locomotive ran over my foot.

  22. cerbie says:

    @Buran: I’ll raise you a, “I have had autostart turned off religiously since Windows 95.” It was a security hole waiting to be torn open.

    That said, the only Sony stuff I’m buying are the few 90s Ozzy remasters I still don’t have (the new ones are craptastic remixes).

    @Techguy1138: that would work, if and only if the other entity calling itself Sony, with all of its divisions, did not work the same way. The other Sony makes screwy computers. The other Sony makes overpriced A/V hardware. The other Sony helped come up with BD.

    BMG was the worst before this mess, but Sony deserves blame, and deserves to be lumped in with it.

  23. lowlight69 says:

    all you guys and your not buying this brand or that brand make me laugh. :) I’m Amish so i don’t buy anything at all. :)

    sorry, only two hours until i leave for vacation, my mind has already switched to the off position. :)

  24. Adam Hyland says:

    @schmeckendeugler: I believe you. I was mostly being impish. It just really looks like an actor trying to act out a scene from a japanese cartoon. With a hammer.

  25. b612markt says:

    I had terrible experiences with Sony’s consumer electronics, their music label really screwed over one of my favorite bands of all time (Anything Box) and I was disgusted when I purchased a Sony DAP that converted all my mp3s into ATRAC files. After the spectacularly horrific rootkit fiasco, I vowed never to purchase any Sony products ever again. I sincerely hope Blu-Ray dies a slow and painful death.

    My over-the-top hatred for this company is 70% rational and 30% irrational. I won’t apologize for it and I encourage everyone I know to stay away from the brand. I even get a little queasy when I watch a Columbia picture at the movies.

    It’s not an act and I’ll never sway.

    I’ve donned my flame-proof smock, so fire away.

  26. spinachdip says:

    @cerbie: It’s pretty amazing how far and how fast such a great brand fell into disrepair. I mean, even as recently as 10 years ago, Sony had a great thing going with the original Playstation, but they even screwed that up by ignoring casual game players while catering to a small, stagnant market of gamers and going spec-crazy.

  27. Rhyss says:

    This has recently been a problem with Maxis/EA games with their new sims products as they have Sony’s SECUREROM(sp?)as their copyright protection. Fortunately I never installed any of the products with that program, but many users are complaining of many difficulties including BSOD.