[Ecommerce] Businessweek: Sony's copyright overreach

[Manon Ress]

Sony's Copyright Overreach
http://www.businessweek.com/technology/content/nov2005/
tc20051117_444162.htm

The consumer-electronics giant has unleashed a firestorm by including
a covert program on music CDs that leaves PC users prey to viruses

Call it the revenge of the nerds -- digital style. For years,
computer geeks and cyberlibertarians have howled about aggressive
user restrictions programmed into music CDs, movie DVDs, and all
kinds of software. They've issued dire warnings about the media
industry's zeal to protect content in the Digital Age. At risk, they
cautioned, was the consumer's right to enjoy legally purchased
content how and where they saw fit.

The clamor dogged the content industry but never did much serious
damage. Hollywood, Silicon Valley, and recording studios maintained
the upper hand, introducing legislation in Congress that made it
easier to go after online thieves, and winning thousands of lawsuits
against people who illegally download music and movies from online
file-swapping networks such as KaZaA and Limewire. All the while,
content creators were rolling out creative ways to limit what
consumers could do with their tunes, movies, software, and even ring
tones without sacrificing too much in the way of public trust.

INFECTION-READY.  Now the tide might be turning, thanks to a classic
case of overreaching that has fomented a backlash against the
industry. On Oct. 31, blogger Mark Russinovich discovered a hidden
program installed on his PC by a Sony (SNE) BMG music disk. The code
was designed to prevent purchasers of the CD from copying it or
converting it. But the program was disturbing for another reason --
in an apparent effort to prevent garden-variety hackers from
circumventing the copy restrictions, Sony designed the program to
surreptitiously bury itself deep within the Windows operating system,
completely hidden from view.

Before long, software engineers were warning that the code -- known
derisively in techie parlance as a rootkit -- could easily be co-
opted by virus writers. The warning was all but an invitation, and
soon enough the viruses began circulating.

Cyberlibertarians accused Sony of violating state and federal spyware
laws, class actions were filed, and the issue exploded into the
mainstream press.

Then, Stewart Baker, an Assistant Secretary at the Homeland Security
Dept., picked up the ball and ran with it. On Nov. 10, he gave Sony a
public finger-wagging for undermining computer security measures:
"It's very important to remember that it's your intellectual property
-- it's not your computer," he said.

"TURNING POINT."  Microsoft (MSFT) declared the code a security risk
to PCs running on Windows, and security companies such as Symantec
(SYMC) began alerting PC users to its presence. On Nov. 15, Sony said
it would recall some 4.7 million music CDs, 2.1 million of which have
already been sold to consumers.

"It's a turning point," says Fred von Lohmann, senior attorney at the
Electronic Frontier Foundation, a group devoted to defending consumer
rights in the Digital Age. "Millions of people are going to suddenly
realize that thanks to Sony's copy protection, they have to worry
about viruses and security breaches and intrusions into their
computers. This scandal is going to raise the profile of the
copyright debate."

That's true partly because von Lohmann and other cyberspace freedom
lovers are using Sony's woes to their advantage. After years of
predicting that the sky would fall, geekdom intends to make hay of
the rootkit fiasco.

In theory, Sony could be liable for breaking any number of laws. A
class-action complaint filed Nov. 1 in Los Angeles Superior Court
accuses it of failing to disclose the true nature of the so-called
digital rights management (DRM) system on its CDs and alleges that
thousands of computer users have unknowingly infected their computers.

DIFFICULT BALANCE.   Von Lohmann says Sony theoretically could be
liable for breaking several California consumer-protection laws,
including the Consumer Legal Remedies Act, as well as federal
statutes such as the Computer Fraud & Abuse Act, which prohibits
anyone from accessing a computer without authorization.

"We do feel a little vindication," von Lohmann says. "I don't think
anybody is celebrating the fact that Sony has created what could be a
global Internet security problem, but we can say we told you so."

The firestorm highlights a delicate balancing act that the
intellectual-property industry has yet to perfect. DRM schemes are
pervasive in the modern world. Many are relatively benign, such as
the system used by Apple's (AAPL) iTunes, which limits how many times
a user can copy a particular set of songs.

LICENSE RESTRICTIONS.  Other controls are less obvious to consumers
but far more restrictive, such as the end-user license agreement,
also known as a "click-wrap" license, which is incorporated into
nearly every software program and now is appearing on music and movie
disks. The license concept has converted the old-fashioned retail
purchase into a complex contract arrangement that forces users to
agree to onerous restrictions before they can use whatever they've
already paid for.

The license incorporated into Sony BMG's compact disks, for example,
prohibits users from loading their purchased tunes onto their work
computer and bans them from taking music loaded onto their home PCs
out of the country. And woe to audiophiles who sell, trade, give
away, or lose their disks. If they no longer posses the original CD,
Sony BMG's license requires them to delete the music they've loaded
onto their computers.

Content-industry execs continue to press the economic importance of
protecting intellectual property, the nation's biggest export. The
explosion of Internet users, combined with expanding broadband
networks and technologies such as peer-to-peer file-swapping networks
and digital music players, have conspired to make music, software,
movies, and other digital content exceedingly easy to steal, copy,
and distribute.

READY TO EXPLODE.  Market-research firms report that some 30% of
consumers have ripped and burned music tracks from friends. "While
reasonable people can debate how far digital-rights management can
go, it's absolutely clear that it's one part of a larger strategy to
fight theft," says David Israelite, president and CEO of the National
Music Publishers Assn.

But some industry execs admit privately that the Sony rootkit
brouhaha has shown that there are some lines that content creators
simply can't cross. The industry learned a similar lesson in 2003,
when Senator Orrin Hatch (R-Utah), then-chairman of the Senate
Judiciary Committee, wondered aloud whether the tech trade could
build a computer that would explode if it was used to illegally
download music tracks. Destroying computers, Hatch said, "may be the
only way you can teach someone about copyright."

That idea certainly didn't get very far, and Sony's rootkit debacle
isn't the beginning of the end of content protections. But it will go
a long way toward setting limits on how far the industry can go in
handcuffing honest consumers in its ongoing effort to arrest digital
theft.

************************************************
Manon Anne Ress
manon.ress@cptech.org,
www.cptech.org

Consumer Project on Technology
1621 Connecticut Ave, NW, Washington, DC 20009 USA
Tel.:  +1.202.332.2670, Ext 16 Fax: +1.202.332.2673

Consumer Project on Technology
1 Route des  Morillons, CP 2100, 1211 Geneva 2, Switzerland
Tel: +41 22 791 6727

Consumer Project on Technology
24 Highbury Crescent, London, N5 1RX, UK
Tel: +44(0)207 226 6663 ex 252 Fax: +44(0)207 354 0607