Remember Sony’s cringe-inducing copy protection scheme a couple of years ago, where they secretly installed rootkits on millions of customers’ PCs and then pretended it was no big deal? (“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” — Thomas Hesse, Sony BMG’s President of Global Digital Business.) There’s a new article (PDF) about to be published in the Berkely Technology Law Journal called “The Magnificence of the Disaster: Reconstructiong the Sony BMG Rootkit Incident.” It’s a very detailed and entertaining read that examines the conditions that led Sony BMG “toward a strategy that in retrospect appears obviously and fundamentally misguided.”
The authors, Dierdre Mulligan and Aaron Perzanowski, point out that unless Sony deliberately tried to harm its customers, it neglected to properly evaluate its third-party DRM solutions before releasing them to the public—or else it would have been aware of the programs’ potential for damage. From pages 1179-80:
Prior to inking the deal to provide XCP to Sony BMG, First4Internet’s business focused on content filtering, particularly the automated recognition of pornographic images. Aside from an earlier revision on XCP used by a number of labels on a smattering of pre-release CDs, First4Internet had no apparent expertise or experience in content
SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services. After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers, the company purchased a 3.5″ floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.
Their authors propose improving consumer protection at the PC level—the FTC “could develop best practices and regulations regarding the installation of software and the collection and transmission of information about users, their computers, and their actions,” and Congress could alter the Digital Millennium Copyright Act (DMCA) “to enable security research and the dissemination of tools to remove harmful protection measures.”
“The Magnificence of the Disaster: Reconstructiong the Sony BMG Rootkit Incident” (PDF) [Berkely Technology Law Journal via BoingBoing]