Sony and Copy Control Technology

Or, "Just try to get in my way, just try. I'll get you, my little pretty. And your little dog, too!"1

Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source — we will block it at your cable company, we will block it at your phone company, we will block it at your ISP. We will firewall it at your PC.2

Imagine sitting in a room crowded with members of academe, silicon valley types, and others interested in furthering the sharing of information via computers, and hearing this coming from a representative of arguably the largest company in the entertainment and technology business. I wasn't there, but in retrospect it sounded to me as if Sony was going to send its minions out, armed with various tools of electronic destruction and *snip* first at Napster, then the TV company, then the phone company, then at our internet wires, and then come barging into our houses and *snip!* and the "Sony" wire on our computers is cut off now and for evermore. Big Brother-style control over what we can listen to. Only the Good Lord knows what the rest of the people in the room thought. I'd hazard a guess that a hushed buzz of angry voices filled the room.

The man from Sony was talking about "Copy Control Technology." Basically, it meant that it had come to Sony's attention that there were thankless whelps out there who were totally ignoring the big, official-looking Federal shield on the back of CDs, as well as the accompanying language warning dire punishment for all who'd make a copy of all or any part thereof. So a big huge corporation like Sony's not gonna take this lying down. They're gonna fight back.

What Happened

A few years back, Sony basically went and paid two software companies a princely sum of money in order to develop a program which would insinuate itself into any computer into which a Sony BMG (Sony's music group) CD was inserted. The software, ideally, would essentially block programs like iTunes and Windows Media Player from being able to "rip" or copy the music from the CD. So therefore the only way to make copies of the CD would be to play the CD, preferably through digital output, into an audio recording program; then burn it back onto CDs. Big hassle. Not many people can do. Equals less music "piracy." Therefore Sony's bottom line stays stable and doesn't go plummeting downward. Supposedly.

Let's stop for a minute for a little disclaimer. The ever-controversial Recording Industry Association of America ("RIAA") reports the recorded music industry loses approximately $4.2 billion annually to unlawful copying (piracy), file-sharing, and bootleggers*. Sadly, the way it works, it ain't the record labels who're taking the heat. It's the musicians, mostly. So have a heart, unless you're really poor, go out and buy or pay for a download of your favorite music. It's easy to rationalize that high-profile musicians are usually multi-millionaires — so who're you really hurting? But believe me, there are musicians out there who're making little enough on royalties paid by ASCAP, BMI and SESAC. And they really get hurt because of the inherent unfairness built into the royalty-paying system.

So back to the issue of Sony and their software. Sony's rationale for what came to be called "copy control technology" verged on the ridiculous. One Sony press release actually hinted that copy control technology would save would-be lawbreakers from themselves and therefore make the world a happier place to live in. Well, it backfired.

Darn, It Didn't Work Like They Said It Would!

Copy control technology, in the case of Sony BMG, is called "Digital Rights Management Software." Two companies, SunnComm and First4Internet, were hired by Sony to create the software, which would ideally limit the number of times one could "rip" protected music CDs, (and, while they were at it, report computer music playback software usage back to Sony). Yes, you heard me right, it'd collect data about your listening habits using the same feature of, let's say, Windows Media Player that detects the track names on the CD and provides one with the cute little picture of the album art during playback.)

In layman's terms, what the software did was to run itself as soon as the computer read the disk. Now, the two types of software, installed on just over 100 CD titles, basically altered the structure of the file system of computers so as to hide certain files, and alter others. It'd also "phone home" via the internet and report your music player use to Sony BMG. The software basically opened up a huge hole that would-be hackers could use to gain control over computers with; with disastrous results. That wasn't the worst part of it. Some people discovered the software languishing on their hard drives, and without proper knowledge nor instruction, attempted to uninstall it. This produced even more disastrous results, causing system instability and computer crashes at best, and physically harming the CD-ROM drive at worst.

Sony BMG must've known something was up when everyone from PC owners to PC service centers discovered that Sony BMG's disks were wreaking havoc with what is called in more complex terminology, the computer's rootkit. Would that the folks at the entertainment giant had been smarter and listened to their customers, instead of vigorously protecting their right to sell compromised goods, all would've been hunky dory. But that ain't how it worked.

Sony BMG Music Entertainment has agreed to settle Federal Trade Commission charges that it violated federal law when it sold CDs without telling consumers that they contained software that limited the devices on which the music could be played, restricted the number of copies that could be made, and contained technology that monitored their listening habits to send them marketing messages.3

A class action suit was filed in New York and another one in California. The Texas Attorney General filed suit. Governmental agencies in Italy and Canada sued Sony BMG. Finally, after duly noting that Sony BMG was failing to admit liability and fighting tooth and nail to offer purchasers of the software-attached discs token, minuscule settlements, the United States Federal Trade Commission came in and filed charges.


Had Sony BMG settled the class-action cases to the satisfaction of those involved, perhaps the federal government wouldn't have gotten involved. But that's mere speculation.

As soon as hackers discovered (via newspapers and the Internet) the security hole in "infected" computers, viruses began to flood the Internet, seeking out and damaging computers "infected" with Sony's software. Sony's original offer, before the extent of the damaged population was realized, was to offer anyone a download, from their website, of a "patch" which would effectively and safely remove the offending software. This, basically, added insult to injury because as soon as the patch was released, scientists at Princeton University discovered that whole new avenues of invasion were made available to hackers by the patch software. Sony was not, under any circumstances, going to go farther than that to satisfy its customers and distributors.

Then, after New York State's Attorney General prevailed in a suit against it, Sony BMG recalled over 5 million discs, exchanging them for discs not equipped with Digital Rights Management Software. As a result of further suits, Sony added to the exchange program a "sweetener," allowing damaged CD purchasers up to three free downloads from its music download site. Sony intended to do nothing whatsoever to compensate damaged parties for the time, effort and expense of restoring their computers to useable condition.

Now, probably anyone reading this has experienced what's called an End-User License Agreement ("EULA"). It's the huge file of text one ostensibly need read before checking a box which will allow you to download software, media, games etc. A EULA basically says that the user utilizes the software at his/her own risk, and that the manufacturer of the software, media, etc. is not responsible for damage done to any computer upon which it is loaded, and further that the manufacturer will not reimburse any person or business for losses incurred (of time or money or data) related to use of the software. Well, this is what tripped Sony BMG up. If one did not agree to the legalese of the EULA, one's disk was essentially unplayable. Sony made no indication on the packaging of the disks that there was any software, nor that there was any contractual obligation of the user, to play the music contained therein.

Sony ended up having to pay up to $150 per user of the "infected" CDs "to repair damage that resulted directly from consumers’ attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs."4

Do the math. Millions of CDs. Millions more in return. Up to $150 per CD in damages. Thus the cost of launching what was initially heralded by the RIAA (Recording Industry Association of America) as one of the most innovative and aggressive methods of preventing music piracy in the history of the industry.

UPDATE 3/22/07: Cincinnatus checked my work and found errors. Thank goodness he knows more about the software end of it than did I. I was mislead by one of my sources into believing that the first-generation of the CDs did not contain a EULA, but in fact they did. My apologies to all whom I misled. Cincinnatus's eloquent correction follows: "I checked all the links you provided in your w/u, but didn't find any notes of version without EULAs. I did find notice of sofware install when the EULA was denied, and activities that EULA said would not, but did. That's just as bad, IMHO."


  1. Quote from the film The Wizard of Oz (MGM - 1939) more particularly the Wicked Witch of the West (played by Margaret Hamilton) threatening Dorothy (played by Judy Garland).
  2. Quote from Steve Heckler, senior vice president of Sony Pictures Entertainment Inc., who spoke to more than 1,200 educators, researchers and other computing experts at a conference hosted by California State University (Long Beach) in August, 2000
  3. Lede from the website of The United States Federal Trade Commission (FTC), explaining the suit in detail.
  4. Wording taken from the FTC website.


  • "Sony BMG Settles FTC Charges" Website of the United States Federal Trade Commission (Accessed 3/19/07)
  • "Sony's Fix for CDs Has Security Problems of Its Own" By Brian Krebs The Washington Post Thursday, November 17, 2005; Page D01 (Accessed 3/19/07)
  • Electronic Frontier Foundation: "Sony BMG Settlement FAQs" (Accessed 3/19/07)
  • "Sony Exec: 'We Will Beat Napster'" by M.A. Anastasi, The Daily Forty-Niner, August 17, 2000 on the website of New Yorkers for Fair Use (Accessed 3/19/07)
  • Website of Girard Gibbs, LLP (various) (Accessed 3/19/07)
  • Sony BMG class-action settlement website: (Accessed 3/19/07)
  • Website dedicated to the lawsuit: (Accessed 3/20/07)
  • Groklaw legal website: (Accessed 3/20/07)
  • *Website of the Recording Industry Association of America: (Accessed 3/21/07)