How Sony BMG lost its mind and rootkitted its CDs -- prepublication law
paper
Posted by Cory Doctorow, December 17, 2007
Aaron Perzanowski and Deirdre Mulligan have just posted a wonderful
pre-publication paper called "The Magnificence of the Disaster:
Reconstructing the Sony BMG Rootkit Incident," which will shortly be
published in the Berkeley Technology Law Journal. Exhaustively researched
and footnoted -- but written in clear, non-lawyerese prose -- The
Magnificence of the Disaster comprehensively analyses the madness that led
Sony-BMG to install dangerous, illegal rootkit anti-copying software as well
as spyware (produced by a company founded to supply Elvis impersonators, no
less!) on millions of its CDs, leading the company to enormous financial and
legal penalties.
Potential customers who were aware of the existence and dangers posed by
Sony BMG¹s protection measures steered clear of XCP discs. The sales history
of Get Right with the Man, an XCP-infected album by Van Zant that was
released some six months prior to the rootkit announcement, is emblematic of
the online retail impact of the rootkit incident. On November 2, just two
days after the initial public announcement of the rootkit, Get Right with
the Man ranked at number 887 on the music charts at Amazon.com.61 The next
day, after Amazon user reviews alerted shoppers to the dangers posed by XCP,
the album dropped to number 1,392.62 By the Thanksgiving holiday weekend,
the XCP recall was underway and the album plummeted to number 25,802.63 In
contrast, in retail environments in which customers had less immediate
access to information about the dangers of XCP, sales of Get Right with the
Man were relatively undisturbed.64 Since brick and mortar retailers like
Wal-Mart, the nation¹s leading seller of CDs,65 do not facilitate the sort
of customer feedback common to online retailers, this outcome is hardly
surprising...
SunnComm, the company that delivered MediaMax, offered even more cause
for concern. The company began as a provider of Elvis impersonation
services.114 After a change in management following a false press release
announcing a non-existent $25 million production deal with Warner
Brothers,115 the company purchased a 3.5² floppy disk factory in 2001,
displaying a disturbing dearth of technological savvy.116 After two em-
ployees announced their intention to leave the fledgling company to de-
velop copy protection software, SunnComm convinced the pair to lead a new
division, leaving both Elvis and floppy discs behind in order to de- velop
what would become MediaMax.117
PDF Link
Understand Rootkit and why Sony is a Cracker
Record label to pay $4.25 million a year after acknowledging that it secretly installed antipiracy software on
music CDs to a consortium of 39 states after acknowledging the company
loaded antipiracy software on music CDs without notifying buyers.
Boycott Sony Andy Lack of Sony BMG Music Entertainment Division was
responsible for the rootkit cracker software fiasco and as of 4/4/06 he resigned from Sony.