Posted on: November 17, 2005 in Technology, Music
The real story of Sony DRM
There has been much discussion about how Sony’s DRM (digital rights management) software installs a rootkit/malware/virus on your computer in order to enforce their copyright. While the mainstream media has pickup this story up, renowned computer security guru Bruce Schneier fills in the technical gaps and offers some poignant insight into this debacle.
Of particular note here, is that Sony’s piece of malicious code has infected over 500,000 computers, putting this ‘epidemic’ on par with virus like Blaster, Slammer, Code Red and Nimda. Somehow I don’t think the feds will come knocking on Sony’s door though. Where is the justice!
November 29th, 2005 at 1:00 pm
Hey Colin. Here’s the letter I sent to Irwin Cotler, the Atorney General of Canada, last week:
From: Barry Shell
Subject: Canada should take Sony BMG to court
Date: November 22, 2005 2:16:25 PM PST
To: Cotler.I@parl.gc.ca
Cc: info@oipc.bc.ca, Emerson.D@parl.gc.ca
Honorable Minister Irwin Cotler:
As a concerned citizen I hereby request that you initiate proceedings against SONY BMG MUSIC (CANADA) INC. (Sony) for violation of Canada’s Personal Information Protection and Electronic Documents Act (The Act). They are very clearly in violation of this law with their current much popularized Digital Rights Management system (DRM) which surreptitiously loads spyware onto unsuspecting user’s computers with no warning, and is very difficult to remove. In some cases, removing it disables the computer. It has also been shown to slow down one’s computer. The software leaves a “back door” pathway for infection from viruses, and it is impossible to stop this infection without significant effort from the end user. In addition, the software comes from an unlikely source: a music CD which consumers do not expect to contain software. Finally, this software collects information about the user and his or her usage habits, and transmits this information back to Sony without the user’s knowledge, or any notification to the user of the nature of this information, nor of the act of collection and transmission of this information, nor of Sony’s intended use of this information.
Note that this is not the first time Sony BMG has violated the Act. I would like to draw your attention to this article that was published today,
Ed Foster’s Gripe Log
http://www.gripe2ed.com/scoop/story/2005/11/22/24954/248 and here
http://www.gripe2ed.com/scoop/story/2005/7/25/91659/2897
which details similar transgressions of The Act by Sony in July of this year.
It is estimated that in Canada over 120,000 consumers have been affected by Sony’s current illegal conduct. At least 20 music CDs contain the offending software, and if inserted into one’s personal computer the spyware is automatically installed before the user has even read any End User Licensing Agreement (which, in practice, nobody reads anyway). NOTE: Sony will not make public how many or which music CDs install spyware on personal computers.
In USA, California consumers have already filed a class action suit. Please read about that here: http://www.redherring.com/Article.aspx?a=14414&hed=Sony+Spyware+Draws+Lawsuits
Sony is also being sued in Italy over this issue, and will likely be charged with similar violations in other countries and states in the USA.
A very important point must be made. The use of DRM software to protect Sony copyright material is not the issue. The true violation and criminal act is in the secret installation of software in the deepest recesses of one’s personal computer that (without the user’s knowledge or permission) collects information about the user’s computer usage and sends this information via the Internet to Sony or it’s third party agents. This would appear to be a clear violation of The Act.
I feel Canada should charge Sony with violation of Canadian law as a warning to other corporate citizens who may very likely be engaging in or planning similar activities. Canada would only be joining many other countries and states who are taking action. This is the exact reason we have this law, to protect Canadian citizens from precisely the type of behaviour that Sony has engaged in. As our attorney general and minister of justice you have a responsibility to bring charges against Sony. Why else have the law? The law must be enforced. Please charge Sony BMG with violation of Canada’s Personal Information Protection and Electronic Documents Act.
Thank you,
Sincerely,
Barry Shell
CC: to David Loukidelis, BC Privacy Commissioner, Hon. David Emerson, my MP
November 29th, 2005 at 1:11 pm
Well done Barry! I think I might change the name on this letter and send my own copy, if that is all right. I encourage everyone else to as well.