Business & Finance
News
11/16/2005
05:59 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Bloggers Break Sony

Sony made an unpopular product decision and got its reputation incinerated by waves of flaming bloggers. That's a lesson for other companies.

Sony's decision to withdraw its controversial copy-protected CDs followed weeks of flames by bloggers.

Sony BMG Music Entertainment said Wednesday it will stop selling 50 CD titles with its XCP content protection software. Sony also said it will remove the discs from stores, and offer replacements without copy protection to customers.

Before Sony acted, the company suffered through weeks of angry posts by bloggers who stirred outrage against the company.

It started when security researcher Mark Russinovich first posted to his blog that Sony's music CDs surreptitiously installed digital rights management software based on a "rootkit"--a hacking tool widely considered to be spyware. Following that, bloggers of all stripes, from seasoned security experts to aggrieved consumers, vented about the record company's unethical and possibly illegal behavior.

"It seems crystal clear that but for the citizen journalists, Sony never would have done anything about this," says Fred von Lohmann, senior intellectual property attorney for the Electronic Frontier Foundation, a cyber liberties advocacy group that has been vocal in its condemnation of Sony and may eventually file a a lawsuit against Sony, in addition to three that have already been filed. "It's plain to me that it was Sony's intent to brush the story under the rug and forget about it."

Alan Scott, chief marketing office at business information service Factiva, said, "I think that we're in an entirely new world from a marketing perspective. The rules of the game have changed dramatically. The old way of doing things by ignoring issues, or with giving the canned PR spin response within the blogosphere, it just doesn't work."

Thomas Hesse, Sony BMG's Global Digital Business President, attempted to do just that by dismissing the online protests. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said in a November 4 interview on National Public Radio's Morning Edition. He added, "The software is designed to protect our CDs from unauthorized copying and ripping."

Blog search site Technorati.com shows well over a hundred blog postings ridiculing this particular quote, each of which may have been linked to by other blogs.

Two days before the NPR interview, Sony attempted to mollify its critics by offering an update that "removes the cloaking technology component" of the XCP DRM software. The update notes claim, "This component is not malicious and does not compromise security."

That's simply not true--the rootkit component allows attackers to take control of target computers. Moreover, another component, the uninstaller Sony provided to remove the XCP software, did compromise security. And once again, it was the blog community that brought this fact to light.

In their Freedom-to-Tinker.com blog, computer researchers J. Alex Halderman and Edward Felten confirmed the findings of a Finnish computer expert that the uninstaller utilizes a poorly coded ActiveX control that allows any Web page a user visits to install and run any code its like on the user's machine.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.