Cathode Tan - Games, Media and Geek Stuff
logo design by man bytes blog

Tuesday, November 15, 2005

Sony's DRM, a EULA and You

Sony has come under heat recently for the DRM and EULA model used for their BMG branded CD's. This is with good reason: they're both completely insane.

The DRM isn't so much anti-piracy as it is anti-security. Developed by British company First 4 Internet, the XCP code uses a black hat style rootkit to manipulate your OS into ignoring files named in a certain way. XCP does not do this within any kind of sandbox, however, so any file can take advantage of Sony's stealth technology. To date - it's been tied to virus code and cheat programs. Should this rootkit be installed on your Windows PC ... you've essentially got a massive back door into your computer until it's removed.

And Mac users shouldn't feel left out. Sony also has a kernel extension for you.

Think that's insane? There's more. Sony has also decided that fair use isn't fair, so they've written up a EULA which defies so much logic, I'll coin the term anti-logical. No, it's not just illogical ... this thing repels logic. Here is the EFF breakdown:

If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

You have no right to transfer the music on your computer, even along with the original CD.

Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.
-- Now the Legalese Rootkit: Sony-BMG's EULA

Sony's response to all of this has been less than stellar. For one thing, they lie about the number of titles actually effected by all of this. Plus, the means to uninstall their rootkit is painfully obscure and potentially harmful. So even if you can find the means to make you computer secure, it might crash Windows. Thankfully, Microsoft and others have stepped up to the obvious problem and offered alternate means of removing the code.

So what does this all boil down to? Well for one thing, it's remarkable how much abuse a large corporation can smack down. Imagine if some software employee had managed to sneak this rootkit onto a download or CD? They'd have the FBI smashing down their door and confiscating all their equipment and probably a decent chunk of livelihood. Sony might be facing a few lawsuits, but at this time they haven't even issued a recall of these CDs.

This brazen attitude, however, isn't simply some rogue aspect of a rogue company. This is Sony. They're a market leader for media and consumer electronics. That makes this not just somewhat shocking, but more than mildly disturbing. This isn't just a freak moment, but part of a larger trend of the media and software industry hell bent to protect their bottom line ... even at the risk of their consumers. While we might see much wringing of hands and shaking of heads over this, it's not like we haven't seen odd DRM and EULA schemas come out from the likes of Apple or Microsoft.

Sony needs way more than a slap here. Consumers need to start fighting for their rights to fair use before the hardware we own at home is little more than a victim for some corporate EULA to justify their "protective" software.

Also, How-To: Protect Yourself from Sony DRM Rootkit Malware

No comments: