Uncategorized —

Spitzer shakes finger at Sony

The New York Attorney General went shopping, and he's not happy with what he …

As a fitting followup to yesterday's post on Sony's DRM shenanigans, today Eliot Spitzer announced his own interest in the case. Spitzer, the New York Attorney General, has gone on record as saying that he is not pleased with Sony. The source of Spitzer's displeasure is the fact that Sony's XCP-protected CDs are still easily available at retail.

"It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year," Spitzer said in a written statement. "I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."

Spitzer sent a group of investigators "disguised as customers" (presumably in North Face coats and false mustaches) to local stores that included Circuit City, Best Buy, and Wal-Mart. None of them had any trouble purchasing XCP-protected discs, even though Sony announced that they had all been recalled.

This isn't the first time Spitzer's tangled with Sony. He went medieval on them earlier this year over charges of a "payola" scheme involving radio play and promotion, and Sony coughed up a cool ten million to settle.

Despite the fact that the XCP rootkit has been in the headlines of late, it's important to note that Sony uses other forms of DRM as well, some almost as nasty. SunComm's MediaMax software also comes as a free bonus on selected Sony discs, and because SunComm knows how much you want their DRM on your computer, they've gone ahead and given you an early Christmas present: MediaMax installs itself on your PC even if you decline the license agreement.

J. Alex Halderman lays out the evidence on his blog, Freedom to Tinker, and shows that MediaMax does three things more characteristic of spyware than of legitimate code:

  • Is installed onto the computer without meaningful notification or consent, and remains installed even if the license agreement is declined;
  • Includes either no uninstall mechanism or an uninstaller that fails to completely remove the program like it claims;
  • Sends information to SunnComm about the user?s activities contrary to SunnComm and Sony statements and without any option to disable the transmissions.

This sort of nonsense isn't new; it was making people angry as far back as 2002, when a fitting rant against coders who write this garbage appeared on the Pigdog Journal. From the most family-friendly section of the diatribe:

"Look at you. Look at yourself. Look at what you've BECOME. Your job is writing code to BREAK PEOPLE'S COMPUTERS if they dare to put a CELINE DION CD into their disk drive. Is this what you always wanted? Is this what you went to school for? Is this what we've all -- all of us, every other hacker and programmer and geek and computer person -- is this what we've all helped you to do?"

Oddly enough, most of this DRM is trivial to circumvent. You can play the disc in a Mac, you can disable Autorun on Windows, you can put tape on the outside of the disc, you can use a marker, you can record from your home stereo... and the list goes on. It's not a great piracy deterrent, but it sure makes customers mad, and mad is good. One of the things that music execs want to accomplish in the short term with their DRM strategy is to put pressure on Apple to open up the iPod and its Fairplay DRM. The thinking (if you can call it that) apparently goes like this: angry customers can't rip a CD to their iPod and fire off a nasty note to Apple about how unhappy they are. Apple then caves, licensing Fairply or agreeing to support Windows Media. As one label executive told Variety, the hope is that when the great unwashed masses find themselves thwarted by DRM,

"Maybe they'll send Steve Jobs an e-mail."

Sony wants to turn its customers into a pressure group that will generate enough smoke and heat to crack Apple's stranglehold on the iPod, and DRM is one of the tools they're using to get the job done. It sounds strange, but does Sony want their customers angry?

Channel Ars Technica