Who has the right to control your PC?

By John Borland

Story last modified Mon Nov 21 04:00:00 PST 2005

Sony BMG Music Entertainment opened a rather ugly can of worms when it
started selling copy-protected compact discs that planted so-called rootkit
software on computers that played them.

Now, as Sony embarks on a nearly unprecedented recall and exchange program
for the 4.7 million rootkit-carrying CDs already distributed to stores,
industry experts say the record label's missteps highlight a broader
question for the computer and entertainment industries: Who has the right to
control your computer?

Sony's CDs, which installed a rootkit program that hid its copy protection
tools deep inside computers' hard drives, crossed over a line of acceptable
behavior, critics say. But the entertainment giant was hardly the first
company to do something like this. Many other software programs also take
over aspects of people's computers, often without consumers fully
understanding what is happening.

"Consumers don't have any kind of assurance that other companies aren't
going to do the same kind of thing (as Sony)," said Mark Russinovich, a
software developer and blogger who first discovered the rootkit three weeks
ago. "Which actions are considered actions for which users want really
prominent disclosure? I think that's a complicated issue, but it needs to be

This issue cuts deep in the entertainment industry, whose music, movies and
video games are particularly vulnerable to computers' ability to make
perfect digital copies. But the question will increasingly cut across other
industries as more products and services move online, requiring the use--or
facilitating the abuse--of PCs.

"A personal computer is called a personal computer because it's yours," said
Andrew Moss, Microsoft's senior director of technical policy. "Anything that
runs on that computer, you should have control over."

Sounds simple, but it's not.

The average consumer PC is quickly filled with a myriad of applications,
from instant messaging clients to media players to confusing DSL-networking
software. Many of these make deep changes to the way a computer
functions--often dropping automatic update features, for example--and rarely
provide license agreements both technically specific and comprehensible to
the nontechnical user.

"It really gets at how much control a user can reasonably expect to have
over the amazing number of clowns that are inside the clown car of a
computer," said Jonathan Zittrain, a professor of Internet government and
regulation at Oxford University. "I don't know that there are good standards
out there that respect the kind of colloquial property interest in computers
that we as consumers have."

Culture clash inside the hard drive
The controversy over Sony's copy protection highlights two ideas of property
that are clashing as the technology and entertainment worlds converge.

Record labels and movie studios have complained bitterly over the last few
years that their intellectual property rights in films, music and games are
routinely undermined by people burning copies of discs or DVDs, or trading
files online. Recent analyst research suggests that nearly 30 percent of
people in the United States have acquired music by burning a copy of a CD
from a friend. Record labels are deeply worried that trend will do
irreparable harm to their businesses.

They've responded by developing, supporting or lobbying for technology that
shuts down the ability of a computer to make unrestricted copies. That
ranges from Sony's rootkit software to the "broadcast flag" policies that
would prevent digitally recorded television content from being traded

But if some computer owners have shown a lack of respect for intellectual
property rights, Sony's invasive content protection tools displayed a
similarly tone-deaf attitude to consumers' sense of ownership over their own
PCs, critics say.

"If you wanted to take something from the lesson of Sony's rootkit, it
should be that people want their demands for respect and autonomy to be
taken more seriously," said Julie Cohen, a Georgetown University law
professor who has written extensively on the intersection of property and

Are these two sides always destined to clash? Executives on both sides of
the technology and entertainment divide optimistically say no, and hope that
gaffes like Sony's rootkit are a sign of digital growing pains.

"What this looks like is a collision of very legitimate interests," Mitch
Bainwol, the Recording Industry Association of America CEO, told CNET
News.com. "The next step is can you find a way to respect both interests in
a way that advances the ball. I would submit that the answer is yes."

"People are doing way more with PCs than anyone anticipated even five to 10
years ago," Microsoft's Moss added. "We are in a period of transition, and
the challenge in this transition is to find that balance."

A way forward?
Some of this squabble is old hat in policy and technology circles, which
have buzzed for years with debates on how to control or regulate spyware and

State and federal legislative attempts to pass laws regulating spyware have
often stumbled when politicos have tried to deal with the technical
differences between legitimate and malicious software.

But Congresswoman Zoe Lofgren, a California Democrat, said the Sony case
underlines the necessity for federal anti-spyware legislation that she has
co-authored. The bill is still being considered in the House but isn't
likely to go anywhere this year.

"When we started working on spyware, we were not assuming that a major
corporation would put spyware onto their customers' computers," Lofgren told
CNET News.com. "This would fall in the category of behavior that was
criminal under my billŠIf they knew it was a felony, they probably would
have been deterred."

Federal regulation or not, broad consensus has developed around notifying
consumers of potentially controversial functions as clearly and specifically
as possible.

A group of large Internet companies launched a new effort last week to
certify that software downloads do only what they say they will do. To
obtain a Trusted Download Program certification, any software must disclose
what user settings are changed on a computer, what kind of user behavior is
monitored or tracked, and must contain consent for the download. (One of the
founding members of the group, which also includes Yahoo, America Online,
Verizon and Computer Associates, was News.com publisher CNET Networks.)

Record companies have clearly watched Sony's public relations debacle over
the past week and are drawing lessons. Without offering details, the RIAA's
Bainwol noted that the last several weeks have been "instructive."

In a statement on its own plans for copy-protected discs, EMI Music said its
antipiracy tools have been certified as "100 percent spyware free," and will
not hide any files or download any software without a user's permission.

Sony BMG has also said that it continues to believe in the idea of
copy-protecting music, as do movie studios and video game companies, but
says it is reviewing its plans in light of the ongoing criticism.

"Sony BMG is committed to testing, verifying and disclosing to consumers its
use of any copy-protection technology," the company said in a statement
Friday. "(The company) is reviewing all aspects of its content protection
initiatives to be sure that they are secure and user-friendly for

Russinovich, the computer programmer who discovered the Sony rootkit weeks
ago, believes companies will pay at least some heed to this market response.

"I think other companies will look at this and say, 'We shouldn't try to
hide things from the consumer, even in the interest of protecting content,'"
he said. "I think they'll say, 'We need to be transparent about what we're
doing, otherwise it's going to come back and bite us.'"

Copyright ©1995-2005 CNET Networks, Inc. All rights reserved.

You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.

Reply via email to