Bloggers Break Sony
Sony made an unpopular product decision and got its reputation incinerated
by waves of flaming bloggers. That's a lesson for other companies.
By Thomas Claburn, InformationWeek
http://www.informationweek.com/story/showArticle.jhtml?articleID=174300636
Sony's decision to withdraw its controversial copy-protected CDs followed
weeks of flames by bloggers.
Sony BMG Music Entertainment said Wednesday it will stop selling 50 CD
titles with its XCP content protection software. Sony also said it
will remove the discs from stores, and offer replacements without copy
protection to customers.
Before Sony acted, the company suffered through weeks of angry posts by
bloggers who stirred outrage against the company.
It started when security researcher Mark Russinovich first posted to
his blog that Sony's music CDs surreptitiously installed digital
rights management software based on a "rootkit" -- a hacking tool
widely considered to be spyware. Following that, bloggers of all
stripes, from seasoned security experts to aggrieved consumers, vented
about the record company's unethical and possibly illegal behavior.
"It seems crystal clear that but for the citizen journalists, Sony
never would have done anything about this," says Fred von Lohmann,
senior intellectual property attorney for the Electronic Frontier
Foundation, a cyber liberties advocacy group that has been vocal in
its condemnation of Sony and may eventually file a a lawsuit against
Sony, in addition to three that have already been filed. "It's plain
to me that it was Sony's intent to brush the story under the rug and
forget about it."
Alan Scott, chief marketing office at business information service
Factiva, said, "I think that we're in an entirely new world from a
marketing perspective. The rules of the game have changed
dramatically. The old way of doing things by ignoring issues, or with
giving the canned PR spin response within the blogosphere, it just
doesn't work."
Thomas Hesse, Sony BMG's Global Digital Business President, attempted
to do just that by dismissing the online protests. "Most people, I
think, don't even know what a rootkit is, so why should they care
about it?" he said in a November 4 interview on National Public
Radio's Morning Edition. He added, "The software is designed to
protect our CDs from unauthorized copying and ripping."
Blog search site Technorati.com shows well over a hundred blog
postings ridiculing this particular quote, each of which may have been
linked to by other blogs.
The day before the NPR interview, Sony attempted to mollify its
critics by offering an update that "removes the cloaking technology
component" of the XCP DRM software. The update notes claim, "This
component is not malicious and does not compromise security."
That's simply not true -- the rootkit component allows attackers to
take control of target computers. Moreover, another component, the
uninstaller Sony provided to remove the XCP software, did compromise
security. And once again, it was the blog community that brought this
fact to light.
In their Freedom-to-Tinker.com blog, computer researchers J. Alex
Halderman and Edward Felten confirmed the findings of a Finnish
computer expert that the uninstaller utilizes a poorly coded ActiveX
control that allows any Web page a user visits to install and run any
code its like on the user's machine. In a E-mail message, Graham
Cluley, senior technology consultant at security company Sophos,
condemned Sony's actions. "Business PC users have a very low opinion
of any code that endangers the safety of their networks, and they have
sent a loud and clear message to Sony and other companies that this
kind of code is unacceptable," he wrote.
Indeed, judging by the online outcry, it's fair to say that PC users
in general feel that way.
However, Cluley said that Sony XCP software isn't really comparable to
a virus incident in terms of impact. "In many ways it can be argued
that it's more similar to Microsoft security vulnerabilities which
have later led to a worm infection," he explained via E-mail. "Sony's
code wasn't intentionally malicious, but did open up a security hole
on users' computers which could be exploited by malware. Rather than
malware, I would term this as 'ineptware.'"
Finnish computer security company F-Secure Corporation contends the
software is malware because it hides from the user and doesn't offer a
way to uninstall itself.
But the company's intellectual property concerns have not
disappeared. At a music industry conference in San Diego in August
2005, Recording Industry Association of America CEO Mitch Bainwol
presented findings by market research firm NPD Group Inc. that
suggested ripping songs--copying them to a computer from a CD--and
sharing them has come to represent a revenue threat that's at least as
significant as illegal peer-to-peer file trading.
In his presentation, Bainwol noted that the people in the music
industry are seen as bad guys rather than the victims they perceive
themselves to be. Yet winning the hearts and minds of the blogosphere,
and by extension, consumers in general, will require more than
marketing as usual.
"There's a whole new set of rules that people have to live by," Scott
says. "Whether it's blogs or user groups or NGOs, it's all about
honesty and authenticity. This is just the latest painful example of a
major company finding that the old tools and the old actions don't
work."
Scott's advice to companies is to look for text-mining software, which
Factiva happens to make, to help follow what's being said online and
then to participate in the conversation honestly. In an example of the
sort of transparency called for under the "new rules," Scott admits
his advice is self-serving. He says, nonetheless, he believes in what
he's selling.
The same might be said for Sony BMG. The company no doubt believes in
content protection technology. The trouble is few of its customers do.
Either Sony's customers don't know what they're missing or the company
is selling something no one wants.
As for participating in the conversation, Sony BMG has a ways to go.
Repeated calls to the company's corporate press office for further
comment met with the message, "Announcement not recorded. Try again
later. Please disconnect."
Copyright 2005 CMP Media LLC
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, CMP Media and informationweek.com
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Thomas Claburn (informationweek@telecom-digest.org)