[Ecommerce] Sony unsinged by rootkit CD fiasco

[Michelle Childs]

While the reporter is still critical of DRMs he makes the point, which
others  are seeking to do, about consumer apathy in the face of such
actions. Consumer reps will have their own responses to this as prevoious
experience with product recalls shows,  and it does not detract from tha
fact that consumer laws appear to have been broken.
Michelle.
<snip>

But the CD buying public doesn't seem to care. One large retail store,
Amoeba Records in tech savvy Berkeley hasn't seen a single infected CD
returned to the store. Chart rankings and Gracenote lookups don't reflect
a fall off in sales for the affected CDs.

Far from being a historic turning point in the public's perception of
nefarious DRM tactics, that many hoped, it's proof that the CD buying
public is impervious to technology warnings, or at least extremely slow to
cotton on.


http://www.theregister.co.uk/2005/11/22/analysis/

Sony unsinged by rootkit CD fiasco
Expect more exploits
By Andrew Orlowski in San Francisco
Published Tuesday 22nd November 2005 20:15 GMT
Analysis What next for CD buyers?

For all the lawsuits, over-the fold-coverage in mainstream print and on
primetime TV, and howls of anguish from the blogosphere, Sony Music has
sailed through the rootkit CD fiasco largely unharmed.

The only figure that matters - the bottom line - appears to be unaffected
by the fiasco. CNet's John Borland reports, and as retailers confirmed to
The Register, that Sony hasn't lost sales from popular titles infected
with the notorious XCP copy-restriction technology.

The poorly written software leaves a PC wide open to hackers, and attempts
to remove it can disable the CD drive. Sony Music reluctantly announced a
recall and exchange program for XCP-infected CDs last week.

But the CD buying public doesn't seem to care. One large retail store,
Amoeba Records in tech savvy Berkeley hasn't seen a single infected CD
returned to the store. Chart rankings and Gracenote lookups don't reflect
a fall off in sales for the affected CDs.

Far from being a historic turning point in the public's perception of
nefarious DRM tactics, that many hoped, it's proof that the CD buying
public is impervious to technology warnings, or at least extremely slow to
cotton on.

We may have feared as much. One in four PCs connected to the internet in
the UK is "owned", in other words, fatally compromised by malware. And yet
good technology advice isn't hard to find: news stand magazines and
part-works offer lucid explanations, most newspapers feature weekly PC
advice columns, and much more information is only two clicks away on the
internet.

So more information in itself isn't the answer.

Will the lawsuits succeed where education has failed? Yesterday the
Electronic Frontier Foundation and the state of Texas duly filed suit
against Sony.

Don't hold your breath.

For all the angst in the US about 'tort reform' and the prominence given
to excessive damages won by 'ambulance chasing' lawyers, the effect is
negligable. If the Microsoft trial taught corporate America a lesson, it's
that litigation can be considered a minor operational expense. Business
treats it like a spot fine for littering.

Sony Music can also take heed from the limitations of internet based
activism. The New York Times reports that over 700 Amazon.com reviews
pointed out the dangers of XCP DRM, and that "... snarky Internet shoppers
have quickly turned Amazon.com's tagging system into digital graffiti" -
attaching the 'rootkit' warning tag to Sony XCP CD titles.

Why, then, has the saturation and uniformly negative coverage of Sony's
DRM failed to harm sales?

Your guesses are as good as ours, but it's hard not to conclude that the
WiReD myth of a 'Rip Mix and Burn' population has been somewhat
overstated. Only a third of CD purchasers actually play music on a PC. And
a vanishingly small number of them appear to want to take their music
anywhere other than where it's directed to go by the manufacturer. If a CD
plays in the home stereo and the car, then that's quite enough digital
freedom already for most people.

This may have less to do with a public acceptance of artificial
restrictions such as DRM than the fact that music tends to stay in
hardware 'silos', and digital music tends to stay where it's bought,
largely through apathy and forgetfulness.

And given an atomized tech savvy population, tagging and bleating in the
safety and comfort of their own PCs, Sony's nefarious tactics have failed
to harm the business.

Ultimately, there's little to change our view that DRM restrictions are an
expensive and economically inefficient stop-gap, an absurd attempt to
replicate the inconvenience of physical product in a digital form. But
equally, the 'Chicken Little' scenario of DRM as the means of introducing
a vast lock down is a paranoid fantasy. Sony now knows it only need keep
the CDs playing in home and car stereos, and it can swat away the digital
rights lobby like flies.

A better analogy, and one we've made many times, is that we're in a
Prohibition era: this is a transitional age, one where the inconveniences
of DRM are borne by a minority of the population. That happens to be us.

Ominously the Recording Industry Ass. of America president Cary Sherman
congratulated Sony Music for its ethnical behaviour, comparing it
favorably to software companies.

"The problem with the SonyBMG situation is that the technology they used
contained a security vulnerability of which they were unaware," Sherman
told a forum of student journalists.

"They have apologized for their mistake, ceased manufacture of CDs with
that technology,and pulled CDs with that technology from store shelves.
Seems very responsible to me. How many times that software applications
created the same problem? Lots. I wonder whether they've taken as
aggressive steps as SonyBMG has when those vulnerabilities were
discovered, or did they just post a patch on the Internet?"

Note the semantic redefinition of XCP as bad coding, simply a bad
implementation of a good idea.

Expect more XCPs. You only have to follow the money. =AE




--
Michelle Childs -Head of European Affairs
Consumer Project on Technology in London
24, Highbury Crescent, London, N5 1RX,UK.
Tel:+44(0)207 226 6663 ex 252.
Mob:+44(0)790 386 4642. Fax: +44(0)207 354 0607
http://www.cptech.org

Consumer Project on Technology in Washington, DC
1621 Connecticut Ave, NW, Washington, DC 20009 USA .Tel.:
+1.202.332.2670,Fax: +1.202.332.2673

Consumer Project on Technology in Geneva
1 Route des  Morillons, CP 2100, 1211 Geneva 2, Switzerland
Tel: +41 22 791 6727