SonyBMG spyware discoveries (previously reported at SonyBMG Invades Your Computer and SonyBMG Invasion Even Uglier), continue. Even US Homeland Security advises people never to install any software from a music CD. Here is a list of currently found damaging or illegal activity.

• Secretly installs itself


• Opens your computer to new viruses. A new virus has been detected that specifically targets the SonyBMG hole.


• Secretly communicates your Internet address and music files.


• Damages your music files


• Contains stolen code


• Provides no way to remove the software


• Collusion of computer security vendors that prevented fast action to detect and remove this spyware

Sony has handled this about as poorly as possible. Tactically they should have got out in front of this before it blew up. Instead revelations about the depth of the invasion come out daily, extending this into a multi-weeklong nightmare with:

• Executive arrogance. Thomas Hesse, Sony Global Digital Business president said "Most people, I think, don't even know what a rootkit is, so why should they care about it?"


• Class-action lawsuits in California and elsewhere


• Criminal investigations


• Anti-Sony sites like Sory

Strategically, Wendy Selter writes in "Boiling a Frog" in CopyFight that DRM users have the scary ability to change your consumer rights on the fly and indeed have done so. To this point DRM has innocuously crept up on PC users who have docilely accepted it. But now the news of the SonyBMG spyware has publicized the detrimental effect of DRM on consumer rights in a very public way, setting back not just SonyBMG but all DRM distributors.

It was bound to happen sooner or later. In the end it's a case study for all that is wrong with DRM.

• DRM doesn't respect customers. It penalizes good customers, rather than incents them.


• DRM does nothing to stop illegal usage. It only makes it more attractive.


• DRM is the wrong solution. Unauthorized and pirated content is a social and legal problem, not a technological one.


• DRM is a bad solution. It introduces technology on top of other technology, creating dangerous complexity. It can only harm the user's PC, including its performance, stability, functionality, and security.

Lastly, there is an intriguing parallel that I call Contributory Fraud. The entertainment industry including SonyBMG has pushed the theory of contributory infringement against P2P developers. The Supreme Court bought this in their decision in May, saying that P2P companies may be liable if they have any knowledge of, support, or gain from their customers engaging in illegal behavior, such knowledge including the company's communications and email, mind reading not yet being legally recognized in the 21st century.

What of SonyBMG? Let's hold them to the same standard and look at their responsibility. While SonyBMG will spin this off and blame First4Internet, SonyBMG is the one that directly offered this to the public when they could have used another DRM technology or not used DRM at all. Can SonyBMG, a multi-billion dollar company with tens of thousands of employees, claim that:

• None of its employees or contractors had any knowledge, communications, or discussion that their spyware would be installed on millions of computers, as widespread as the worst of computer viruses?


• None of its employees or contractors had any knowledge, communications, or discussion that their spyware would invade consumer privacy by sending personal information to company servers?


• None of its employees or contractors had any knowledge, communications, or discussion that it was deceiving its own customers by hiding the existence of the software through secret installation, not providing software to remove it, and lack of documentation on its web site?


• None of its employees or contractors had any knowledge, communications, or discussion that rootkit technology could possibly be dangerous ... when the use of such technology had only been for malevolent viruses ... and when the software itself was intentionally hidden from the customer?


• None of its employees or contractors had any knowledge, communications, or discussion of the damages due to the software, such as damaged music files, impaired computer performance, spent time spent trying to find out how to remove the software, and the various problems from enabled viruses?

EXTRA CREDIT. Silicon Valley headlines (we love those guys and their humor)

• Let's see -- Secret installation? Check. Hidden changes? Check. Security breach? Check. Dangerous uninstall? Check. Now what was ... oh, yeah. Stolen code? Check.


• Sony reconsiders policy on hiring 'reformed' hackers


• Sony DRM: You can look but you can't touch


• Sorry about those secret files; what we meant to install were these secret files


• Find out who programmed the rootkit DRM and send Qrio to kill him


• Rootkits -- serves those Windows losers ri ... hey, what the ...?


• And we would have gotten away with it if it weren't for you meddling kids


• Sony inducted into FUBAR Hall of Fame

Marc Freedman
RazorPop, developer of TrustyFiles, the leading multiple network file sharing software with search and download of ALL top networks.
Are you a major entertainment company, other content provider, distributor, marketer, advertiser, or other organization seeking to reach the huge 80 million P2P user market? Then you need BrandedP2P.