THE GRIPE LINE WEBLOG by Ed Foster Tuesday, November 22, 2005 Sony's DRM Profile
You're probably getting tired of hearing about Sony BMG's rootkit DRM, but one central mystery about it remains to be solved. What was Sony's real motive for what many consider behavior that is awfully close to a criminal act? To answer that question I think we're going to need to borrow a page from the criminal profilers by tracking the company's behavior. Fortunately, we have more than one crime scene to help us with our profile, because it so happens that Sony has been employing more than one form of spywarish DRM in recent months.
Even after finally confessing, under considerable duress, that the rootkit was probably a mistake, Sony officials have stuck to the story that their use of First4Internet's XCP DRM was intended only to protect their CDs from music pirates. But that alibi doesn't really wash, since the XCP copy protection only punishes legitimate customers while doing nothing to stop file sharers. What's more, this is a pattern of behavior we saw before with Sony when readers were complaining back in July about another form of DRM it was using on music CDs from SunnComm, Inc.
What clues can we pick up by comparing the different DRM approaches Sony has employed on its CDs in recent months? Fortunately, on the subject of SunnComm's MediaMax DRM, we have the equivalent of a forensic anthropologist who can serve as an expert witness here. Princeton University computer scientist J. Alex Halderman is the researcher who SunnComm threatened with charges of violating the DMCA's anti-circumvention provisions a few years ago when he revealed how their technology could be thwarted by holding down the shift key. The rootkit brouhaha prompted Halderman to take a look at how the MediaMax DRM is implemented on recent Sony CDs (all apparently on different titles than the CDs that have the XCP rootkit), and his published findings are quite intriguing.
While Halderman found no evidence of SunnComm's MediaMax using a rootkit, some of the things he did discover provide considerable grist for our behavioral profile of Sony. For one thing, before users can even say yes or no to accepting the Sony EULA, MediaMax has already installed a dozen files on their hard drive and started running the copy protection code. The files remain even if the user rejects the EULA, and the Sony CDs provide no option for uninstalling the files at a later date.
Most interesting of all though is what Halderman discovered concerning the spyware attributes of the Sony CDs equipped with MediaMax. As with the XCP rootkit, MediaMax also "phones home" every time you play a protected CD with a code identifying what music you're listening to. And in the SunnComm server's response to these transmissions Halderman also uncovered a very important clue to what Sony's really up to: a URL including the term "perfectplacement." A MediaMax developer's webpage describes Perfect Placement to potential clients like Sony as an e-commerce revenue generation "feature of dynamic on-line and off-line banner ads. Generate revenue or added value through the placement of 3rd party dynamic, interactive ads that can be changed at any time by the content owner."
OK, so let's see what we've got here. A company that seems bent on sneaking files onto unsuspecting users' computers, pretending they've gotten permission to do so from a vaguely-worded EULA, transmitting a constant stream of usage information back to their servers, and using that information for who-knows-what revenue generating opportunities. Does this sound like a familiar profile to you? Of course, it's the profile of all the spyware/adware scum that have come very close to destroying the Internet just to make a few bucks peddling their trash.
But we shouldn't miss the fact that Sony's behavior with both its XCP and MediaMax implementations matches another pattern we've seen many times before. It's the serial DRM offender profile that Microsoft, Symantec, Intuit, and lesser lights in the software industry have exhibited. Their product activation and other forms of copy protection also aren't really about stopping piracy - they admit their DRM won't stop the software counterfeiters. It's about giving the vendors control over your usage of the products you buy, so they can decide if you're using it in ways they don't like, or that they ought to force you to upgrade, or that it's time to start selling the information they've collected about you to the highest bidder.
No, I don't believe there really is much mystery as to the motive behind Sony's DRM. Hey, if I were a record company executive, I'd be looking for new revenue generating opportunities too. And, as I've said, we should be grateful that they botched it so badly by using a rootkit. They've given us the best and maybe the last chance we're likely to get to stop the music, movie, TV, software and countless other companies from controlling our lives with their DRM. If we don't, you and I will match another familiar profile: that of the fool who is soon parted from his money.
Phil Daley < AutoDesk > http://www.conknet.com/~p_daley _______________________________________________ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale
