Devaluing the Product Part II - Sony Music CDs Threaten PCs

By Richard Menta 11/02/05

Four years ago, almost to the month, I wrote Devaluing the Product, which examined the risk record labels were taking by adopting copy-protected CDs. I wrote then:

As we spend more time in front of the computer, especially at work, the PC has evolved into a convenient place to listen to our music collection. By developing and selling CDs that cannot play on the computer, the record industry is in essence violating consumer expectations of that product. The effect can devalue it in the eyes of consumers who, now encumbered with restrictions on when and where they can use it, may think twice before consummating that $18.99 impulse buy.


The 30GB iPod Video is available on Amazon

The record companies have tried several forms of Digital Rights Management (DRM) schemes to control the use of CDs over the last few years, but their exhuberance may have gotten the best of them this time. Sony's over-exhuberance to be exact.

It has been revealed that some Sony CDs install a rootkit, a tool used by hackers to hide malicious code on a PC. Sony is using a rootkit to hide DRM files from users so they can't remove them.

The problem this act can cause for Sony is three-fold. First, the rootkit in itself is considered malicious code and might even violate the Cyber Security Enhancement Act of 2002. Second, it has been discovered that hackers can easily manipulate Sony's rootkit for their own gain, possibly opening up the company to product litigation. Third, users now have reason to fear the CD and if users start to fear CDs they will stop buying them.

This damage cause by this rootkit may not be limited to Sony. It may affect all labels, even those that do not apply any DRM schemes to their CDs. If consumers lose trust in the CD, sales could suffer irreparable damage. The fact that most DRM-enabled CDs don't disclose what is added to a person's computer - the Sony rootkit was added covertly - means that users never know for sure if the CD they purchased has it. Most will simply play it safe and assume all have it. Then the record labels have a big problem on their hands.

I spoke with a person who handles anti-virus for a Fortune 500 company. He thinks the anti-virus companies like McAfee and Symantec may create a signature to detect the Sony rootkit and prevent it from installing. In the corporate world this is critical, because they cannot allow a simple act such as listening to a CD at work threaten the network. People will also no longer be able to listen to CDs at work. In fact, this rootkit may encourage Information Security personnel to add policy specifically saying staff may not play personal music CDs on work systems to reduce the risk posed.

That's the potential fallout from this over-zealous application of DRM..

If the labels are smart they will re-evaluate their DRM strategies before this story moves from CNET & Slashdot to the USA Today & the New York Times. When that happens it may be too late.

Other MP3 stories:
Can iTunes Resurrect Old Time TV?
Apple Portable Does Video. Notes.


The 4GB iPod Nano is available on Amazon

Back to