After weeks of criticism, Sony has finally agreed to temporarily stand down on an abusive and likely illegal copy restriction practice. Hold the applause.
On Friday, the world's second-biggest record label pledged to temporarily stop making CDs that leave computers vulnerable to security breaches. This is a step in the right direction, but it does not go nearly far enough toward correcting a serious ethical lapse. In fact, it is proof positive that Sony is unworthy of our trust or our business.
A lot has been written about this issue already. But a lot more needs to be said to ensure Sony gets the message: This kind of behavior can never be tolerated. It may be unrealistic to think many will heed this call, but someone’s got to say it: Boycott Sony. Boycott them until they come clean and recall all the infected CDs. Boycott them until they distribute a removal program. Boycott them until they promise never do anything like this again.
Sony agreed to suspend production of the CDs after computer security experts warned weeks ago that the copy-protection software, dubbed "XCP," could leave Sony customers vulnerable to hackers intent on taking over target PCs. This is possible because the software, made by a U.K. company called First 4 Internet, contains a "rootkit" that hides files related to the antipiracy program so would-be pirates can't disable it. The problem: Once installed, it can hide any file, regardless of who puts it there.
The software, which Sony included on 20 or more recent CDs, gives no warning of the rootkit, nor does it inform users that it prompts PCs to contact a Sony website for updated lyrics or art, and in the process, reveals the user's internet address and details about how often the CD has been played.
Friday's announcement was inadequate to say the least. Sony, which has yet to say how many CDs carrying the XCP software remain on store shelves, stopped short of issuing a recall, a necessary step if consumers are ever to trust Sony with their computers again. And it still owes customers who have loaded the XCP software onto their machines an easy way to get rid of it.
Add to these failures the utter lack of contrition shown by the label and its executives and you get what's effectively an unforgivable combination. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists," Sony said in Friday's statement announcing the temporary suspension.
All of which goes to show that a mealy-mouthed apology is worse than no apology at all. Even Microsoft, which is trying to court content providers with so-called digital rights management software that limits the way audio and video can be used on computers, took a stand against the unrepentant label. On Saturday, it agreed with the chorus of critics that Sony's rootkit poses security risks and that the software company will update its antispyware and malicious software removal tools to uninstall it.
Then there are the onerous terms, set out in more than 3,000 words of dense legalese that Sony makes users agree to when installing the XCP software, according to the Electronic Frontier Foundation. Among them, customers who move out of the country are required to delete the CD's contents from their PCs and the contents may not be stored on a business computer.
It's time for Sony to admit what everyone else already knows. The XCP software amounts to an unseemly intrusion that gives virus writers and other digital miscreants a leg up in getting our computer to do extremely scary things, such as giving up bank account numbers and logging passwords.
If it was a mistake for Sony to foist a rootkit on its users -- as Sony's retreat on Friday would suggest -- then halting production of the offending CDs is only the first step in rebuilding our trust. Sony now must recall all remaining disks, make it easier for people to remove the rootkits and provide free support for anyone who still has difficulty.
It's time to draw a line in the silicon. Until Sony acknowledges the mistakes it has made, recalls the CDs and publishes guidelines for copy-protection programs it intends to use in the future, we should boycott its CDs containing the software. It pains me to say this because artists with no control over Sony's software are caught in the crossfire.
Sony has little to lose by admitting the XCP experiment was a mistake because the XCP software doesn't appear to make any appreciable dent in the piracy of the content it's supposed to protect. Searching unauthorized file swapping services, I had no trouble finding Shine, the latest album from Phish alum Trey Anastasio, or Get Right With the Man, from country/rock duo Van Zant. CDex, one of my favorite programs for converting CDs to MP3 files, has no trouble ripping the Sony titles, so it's unclear what benefit the label is getting for all its trouble.
I'm generally not a fan of services such as Apple Computer's iTunes store. For one thing, songs from those sites are encoded at lower bitrates that can lead to poor sound quality in some cases. And for another, the music has too many restrictions on copying. But for the time being, I recommend these online services if you plan on buying any of the 20 titles EFF says contain the rootkit in their CD form.
The issue raised by Sony's antipiracy software is one of control over what does and doesn't get installed on a user's computer. With studies estimating that 80 percent or more of computers contain viruses, spyware and other security-compromising pests, it's incumbent on PC owners to proactively monitor what gets installed on their machines. Sony's opacity -- not disclosing the program's rootkit and features that use the listener's internet connection to sync up to a Sony website and not widely distributing software that completely removes the offending software -- reflects poorly on the company's integrity.
In the fall of 1982, Johnson & Johnson faced the biggest public relations crisis in corporate history after seven people in Illinois died from taking Extra-Strength Tylenol. J&J sprang into action, recalling 31 million bottles of the pain reliever nationwide at a cost of more than $100 million and launching a PR campaign the likes of which the world had never seen before. The decisive action saved lives. It also helped Tylenol quickly recapture sales, as J&J's candor, contrition and commitment to transparency made people decide that J&J once again could be trusted.
Of course, Sony's crisis isn't a matter of life and death. But it illustrates that the label has the ability to make its aggrieved customers whole again. Its failure to do so, now that would be a real tragedy.
http://www.wired.com/news/digiwood/0,1412,69559,00.html?tw=wn_tophead_2
On Friday, the world's second-biggest record label pledged to temporarily stop making CDs that leave computers vulnerable to security breaches. This is a step in the right direction, but it does not go nearly far enough toward correcting a serious ethical lapse. In fact, it is proof positive that Sony is unworthy of our trust or our business.
A lot has been written about this issue already. But a lot more needs to be said to ensure Sony gets the message: This kind of behavior can never be tolerated. It may be unrealistic to think many will heed this call, but someone’s got to say it: Boycott Sony. Boycott them until they come clean and recall all the infected CDs. Boycott them until they distribute a removal program. Boycott them until they promise never do anything like this again.
Sony agreed to suspend production of the CDs after computer security experts warned weeks ago that the copy-protection software, dubbed "XCP," could leave Sony customers vulnerable to hackers intent on taking over target PCs. This is possible because the software, made by a U.K. company called First 4 Internet, contains a "rootkit" that hides files related to the antipiracy program so would-be pirates can't disable it. The problem: Once installed, it can hide any file, regardless of who puts it there.
The software, which Sony included on 20 or more recent CDs, gives no warning of the rootkit, nor does it inform users that it prompts PCs to contact a Sony website for updated lyrics or art, and in the process, reveals the user's internet address and details about how often the CD has been played.
Friday's announcement was inadequate to say the least. Sony, which has yet to say how many CDs carrying the XCP software remain on store shelves, stopped short of issuing a recall, a necessary step if consumers are ever to trust Sony with their computers again. And it still owes customers who have loaded the XCP software onto their machines an easy way to get rid of it.
Add to these failures the utter lack of contrition shown by the label and its executives and you get what's effectively an unforgivable combination. "We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists," Sony said in Friday's statement announcing the temporary suspension.
All of which goes to show that a mealy-mouthed apology is worse than no apology at all. Even Microsoft, which is trying to court content providers with so-called digital rights management software that limits the way audio and video can be used on computers, took a stand against the unrepentant label. On Saturday, it agreed with the chorus of critics that Sony's rootkit poses security risks and that the software company will update its antispyware and malicious software removal tools to uninstall it.
Then there are the onerous terms, set out in more than 3,000 words of dense legalese that Sony makes users agree to when installing the XCP software, according to the Electronic Frontier Foundation. Among them, customers who move out of the country are required to delete the CD's contents from their PCs and the contents may not be stored on a business computer.
It's time for Sony to admit what everyone else already knows. The XCP software amounts to an unseemly intrusion that gives virus writers and other digital miscreants a leg up in getting our computer to do extremely scary things, such as giving up bank account numbers and logging passwords.
If it was a mistake for Sony to foist a rootkit on its users -- as Sony's retreat on Friday would suggest -- then halting production of the offending CDs is only the first step in rebuilding our trust. Sony now must recall all remaining disks, make it easier for people to remove the rootkits and provide free support for anyone who still has difficulty.
It's time to draw a line in the silicon. Until Sony acknowledges the mistakes it has made, recalls the CDs and publishes guidelines for copy-protection programs it intends to use in the future, we should boycott its CDs containing the software. It pains me to say this because artists with no control over Sony's software are caught in the crossfire.
Sony has little to lose by admitting the XCP experiment was a mistake because the XCP software doesn't appear to make any appreciable dent in the piracy of the content it's supposed to protect. Searching unauthorized file swapping services, I had no trouble finding Shine, the latest album from Phish alum Trey Anastasio, or Get Right With the Man, from country/rock duo Van Zant. CDex, one of my favorite programs for converting CDs to MP3 files, has no trouble ripping the Sony titles, so it's unclear what benefit the label is getting for all its trouble.
I'm generally not a fan of services such as Apple Computer's iTunes store. For one thing, songs from those sites are encoded at lower bitrates that can lead to poor sound quality in some cases. And for another, the music has too many restrictions on copying. But for the time being, I recommend these online services if you plan on buying any of the 20 titles EFF says contain the rootkit in their CD form.
The issue raised by Sony's antipiracy software is one of control over what does and doesn't get installed on a user's computer. With studies estimating that 80 percent or more of computers contain viruses, spyware and other security-compromising pests, it's incumbent on PC owners to proactively monitor what gets installed on their machines. Sony's opacity -- not disclosing the program's rootkit and features that use the listener's internet connection to sync up to a Sony website and not widely distributing software that completely removes the offending software -- reflects poorly on the company's integrity.
In the fall of 1982, Johnson & Johnson faced the biggest public relations crisis in corporate history after seven people in Illinois died from taking Extra-Strength Tylenol. J&J sprang into action, recalling 31 million bottles of the pain reliever nationwide at a cost of more than $100 million and launching a PR campaign the likes of which the world had never seen before. The decisive action saved lives. It also helped Tylenol quickly recapture sales, as J&J's candor, contrition and commitment to transparency made people decide that J&J once again could be trusted.
Of course, Sony's crisis isn't a matter of life and death. But it illustrates that the label has the ability to make its aggrieved customers whole again. Its failure to do so, now that would be a real tragedy.
http://www.wired.com/news/digiwood/0,1412,69559,00.html?tw=wn_tophead_2
