Sony and Copy Control Technology
Sony is going to take aggressive steps to stop this. We will develop
technology that transcends the individual user. We will firewall Napster at
source — we will block it at your cable company, we will block it at your phone
company, we will block it at your ISP. We will firewall it at your PC.2
Imagine sitting in a room crowded with members of academe, silicon
valley types, and others interested in furthering the sharing of information
via computers, and hearing this coming from a representative of
arguably the largest company in the entertainment and technology business. I wasn't there, but in retrospect it
sounded to me as if Sony was going to send its minions out, armed
with various tools of electronic destruction and *snip* first at Napster, then
the TV company, then the phone company, then at our
internet wires, and then come barging into our houses and *snip!* and the "Sony"
wire on our computers is cut off now and for evermore. Big Brother-style control over what we can listen to. Only the Good Lord knows
what the rest of the people in the room thought. I'd hazard a guess that a
hushed buzz of angry voices filled the room.
The man from Sony was talking about "Copy Control Technology." Basically, it
meant that it had come to Sony's attention that there were thankless whelps out
there who were totally ignoring the big, official-looking Federal shield on the
back of CDs, as well as the accompanying language warning dire punishment for
all who'd make a copy of all or any part thereof. So a big huge corporation like
Sony's not gonna take this lying down. They're gonna fight back.
A few years back, Sony basically went and paid two software companies a princely
sum of money in order to develop a program which would insinuate itself into any
computer into which a Sony BMG (Sony's music group) CD was inserted. The
software, ideally, would essentially block programs like iTunes and Windows
Media Player from being able to "rip" or copy the music from the CD. So
therefore the only way to make copies of the CD would be to play the CD,
preferably through digital output, into an audio recording program;
then burn it back onto CDs. Big hassle. Not many people can do. Equals less music
"piracy." Therefore Sony's bottom line stays stable and doesn't go plummeting
Let's stop for a minute for a little disclaimer. The ever-controversial Recording Industry Association of America ("RIAA") reports the recorded music industry
loses approximately $4.2 billion annually to unlawful copying (piracy),
file-sharing, and bootleggers*. Sadly, the way it works, it ain't the
record labels who're taking the heat. It's the musicians, mostly. So have a
heart, unless you're really poor, go out and buy or pay for a
download of your favorite music. It's easy to rationalize that high-profile
musicians are usually multi-millionaires — so who're you really hurting? But
believe me, there are musicians out there who're making little enough on
royalties paid by ASCAP, BMI and SESAC. And they really get hurt
because of the inherent unfairness built into the royalty-paying system.
So back to the issue of Sony and their software. Sony's rationale for what
came to be called "copy control technology" verged on the ridiculous. One Sony
press release actually hinted that copy control technology would save would-be
lawbreakers from themselves and therefore make the world a happier place to live
in. Well, it backfired.
Darn, It Didn't Work Like They Said It Would!
Copy control technology, in the case of Sony BMG, is called "Digital Rights Management Software." Two companies,
SunnComm and First4Internet, were hired by Sony to create the software, which
would ideally limit the number of times one could "rip" protected music CDs,
(and, while they were at it, report computer music playback software usage back
to Sony). Yes, you heard me right, it'd collect data about your listening
habits using the same feature of, let's say, Windows Media Player that detects
the track names on the CD and provides one with the cute little picture of the
album art during playback.)
In layman's terms, what the software did was to run itself as soon as the
computer read the disk. Now, the two types of software, installed on just over
100 CD titles, basically altered the structure of the file system of computers
so as to hide certain files, and alter others. It'd also "phone home" via the
internet and report your music player use to Sony BMG. The software
basically opened up a huge hole that would-be hackers could use to gain control
over computers with; with disastrous results. That wasn't the worst part of it.
Some people discovered the software languishing on their hard drives, and
without proper knowledge nor instruction, attempted to uninstall it. This
produced even more disastrous results, causing system instability and computer
crashes at best, and physically harming the CD-ROM drive at worst.
Sony BMG must've known something was up when everyone from PC owners to PC
service centers discovered that Sony BMG's disks were wreaking havoc with what
is called in more complex terminology, the computer's rootkit. Would that the
folks at the entertainment giant had been smarter and listened to their
customers, instead of vigorously protecting their right to sell compromised
goods, all would've been hunky dory. But that ain't how it worked.
Sony BMG Music Entertainment has agreed to settle Federal Trade
Commission charges that it violated federal law when it sold CDs without
telling consumers that they contained software that limited the devices
on which the music could be played, restricted the number of copies that
could be made, and contained technology that monitored their listening
habits to send them marketing messages.3
A class action suit was filed in New York and another one in California.
The Texas Attorney General filed suit. Governmental agencies in Italy and Canada
sued Sony BMG. Finally, after duly noting that Sony BMG was failing to admit
liability and fighting tooth and nail to offer purchasers of the
software-attached discs token, minuscule settlements, the United States Federal
Trade Commission came in and filed charges.
Had Sony BMG settled the class-action cases to the satisfaction of those
involved, perhaps the federal government wouldn't have gotten involved. But
that's mere speculation.
As soon as hackers discovered (via newspapers and the Internet) the
security hole in "infected" computers, viruses began to flood the Internet,
seeking out and damaging computers "infected" with Sony's software. Sony's
original offer, before the extent of the damaged population was realized, was to
offer anyone a download, from their website, of a "patch" which would
effectively and safely remove the offending software. This, basically, added
insult to injury because as soon as the patch was released, scientists at
Princeton University discovered that whole new avenues of invasion were made available to
hackers by the patch software. Sony was not, under any circumstances, going to
go farther than that to satisfy its customers and distributors.
Then, after New York State's Attorney General prevailed in a suit against it,
Sony BMG recalled over 5 million discs, exchanging them for discs not equipped
with Digital Rights Management Software. As a result of further suits, Sony
added to the exchange program a "sweetener," allowing damaged CD purchasers up
to three free downloads from its music download site. Sony intended to do
nothing whatsoever to compensate damaged parties for the time, effort and
expense of restoring their computers to useable condition.
Now, probably anyone reading this has experienced what's called an End-User
License Agreement ("EULA"). It's the huge file of text one ostensibly need read
before checking a box which will allow you to download software, media, games
etc. A EULA basically says that the user utilizes the software at his/her own
risk, and that the manufacturer of the software, media, etc. is not responsible
for damage done to any computer upon which it is loaded, and further that the
manufacturer will not reimburse any person or business for losses incurred (of
time or money or data) related to use of the software. Well, this is what
tripped Sony BMG up. If one did not agree to the legalese of the EULA, one's disk was essentially unplayable. Sony made no indication on the packaging of the disks that there was any software, nor that there was any contractual obligation of the user, to play the music contained therein.
Sony ended up having to pay up to $150 per user of the "infected" CDs "to
repair damage that resulted directly from consumers’ attempts to remove the
software installed without their consent. Sony BMG is required to publish
notices on its Web site describing the exchange and repair reimbursement
Do the math. Millions of CDs. Millions more in return. Up to $150 per CD in
damages. Thus the cost of launching what was initially heralded by the RIAA
(Recording Industry Association of America) as one of the most innovative and
aggressive methods of preventing music piracy in the history of the industry.
UPDATE 3/22/07: Cincinnatus checked my work and found errors. Thank goodness he knows more about the software end of it than did I. I was mislead by one of my sources into believing that the first-generation of the CDs did not contain a EULA, but in fact they did. My apologies to all whom I misled. Cincinnatus's eloquent correction follows: "I checked all the links you provided in your w/u, but didn't find any notes of version without EULAs. I did find notice of sofware install when the EULA was denied, and activities that EULA said would not, but did. That's just as bad, IMHO."
- Quote from the film The Wizard of Oz (MGM - 1939) more particularly
the Wicked Witch of the West (played by Margaret Hamilton) threatening Dorothy
(played by Judy Garland).
- Quote from Steve Heckler, senior vice president of Sony Pictures
Entertainment Inc., who spoke to more than 1,200 educators, researchers and
other computing experts at a conference hosted by California State
University (Long Beach) in August, 2000
- Lede from the website of The United States Federal Trade Commission
(FTC), explaining the suit in detail.
- Wording taken from the FTC website.
- "Sony BMG Settles FTC Charges" Website of the United States Federal Trade
Commission http://www.ftc.gov/opa/2007/01/sony.htm (Accessed 3/19/07)
- "Sony's Fix for CDs Has Security Problems of Its Own" By Brian Krebs
Washington Post Thursday, November 17, 2005; Page D01
- Electronic Frontier Foundation: "Sony BMG Settlement FAQs"
http://www.eff.org/IP/DRM/Sony-BMG/settlement_faq.php (Accessed 3/19/07)
- "Sony Exec: 'We Will Beat Napster'" by M.A. Anastasi, The Daily Forty-Niner,
August 17, 2000 on the website of New Yorkers for Fair Use
http://www.nyfairuse.org/sony.xhtml (Accessed 3/19/07)
- Website of Girard Gibbs, LLP http://www.girardgibbs.com/ (various) (Accessed 3/19/07)
- Sony BMG class-action settlement website:
http://www.sonybmgcdtechsettlement.com/ (Accessed 3/19/07)
- Website dedicated to the lawsuit:
http://www.sonysuit.com/ (Accessed 3/20/07)
- Groklaw legal website:
- *Website of the Recording Industry Association of America: