GOODSOUND!GoodSound! "Editorial" Archives

December 1, 2005

 

Sony-BMG Doesn't Trust You

Sony-BMG may have hijacked your computer and you don’t even know it. The major record label has been releasing CDs that include XCP, a content-protection scheme that installs software on your computer without asking you. What’s worse, XCP leaves you vulnerable to Trojan-horse programs that exploit Sony’s software. The Trojan arrives via e-mail, and often requires the user to open a file that the more security-conscious of us wouldn’t think of doing. But if you do open it, XCP helps it to hide in your computer.

Mark Russinovich first discovered XCP on his own computer; those with an interest in his trials in discovering and identifying XCP can read more about it. In short, XCP hides files with certain extensions (those of Sony’s content-protection software) so that they remain invisible to the average user -- even one sophisticated enough to go looking for files in the computer’s registry. This means that viruses that use that extension will also be invisible to the user. If I’m a virus maker, I just need to add this extension to my file names and they’ll be invisible to the computer user. If you’re curious about which Sony discs include XCP, the Electronic Frontier Foundation has compiled a list.

If you don’t use your computer for playing CDs, then you don’t have to worry about this latest round of content protection. Unlike other content-protection schemes in the past, XCP doesn’t seem to affect a conventional CD player’s playback of the discs. Don’t be too complacent, though. If the outcry over XCP brings about a change in Sony’s attempt at content protection, the next idea just might affect you, too.

Once it became clear that Russinovich’s story of discovery was spreading like wildfire, Sony temporarily stopped shipping XCP CDs. Of course, that does nothing to stop people from buying the thousands of XCP CDs already in stores. Nor does it do anything for those who’ve already bought the discs. Just as I was about to submit this column, I got word that Sony intends to implement a replacement policy for XCP CDs -- but, of course, you’ll need to have been paying attention to this developing story to discover the details. Sony has also issued a "fix" for XCP-infected computers, but security experts have already pointed out that the fix may be more problematic than the original problem.

It is unfortunate that record companies feel they must treat their customers as potential criminals. If Sony-BMG thought that their customers were honest people with integrity, then there would be no need for them to add content-protection software to their discs. Therefore, they must think that at least some of their customers are criminally minded. But if they thought that only a small percentage of users are so inclined, then it wouldn’t be cost-effective to buy the software and put it on the discs. I’m left thinking that Sony must not think too highly of its average customer. Too bad they just can’t produce a product that people will want to buy at a reasonable price, which might be the best content-protection scheme.

Sony-BMG’s actions here are immoral. First, by not alerting users to the installation of XCP, they violate users’ right to control what is on their computers. At the very least, this is an act of deception. Putting an XCP CD in your computer doesn’t produce a screen that says something like, "We’re about to install content-protection software on your computer. Do you agree?" If it did, it would at least be left up to the user to decide whether or not to accept it.

Second, by not providing a clear way to uninstall XCP, Sony has further hijacked their own customers’ computers. By using system resources and masking files on your computer, XCP takes away your ability to use your property the way you want to use it. When XCP is secretly installed on your computer, some of its files are labeled "Essential Systems Tools" -- another act of deception that suggests to all but the most knowledgeable users that they should leave those files alone.

Third, the implementation of XCP shows a lack of respect for customers. Such actions show that Sony does not value users’ time and property in a way similar to how they would wish to be treated. The fact that removing XCP can itself seriously cripple your computer (see Russinovich’s essay) shows just how little the software developers and Sony care about their customers. Any time a customer spends uninstalling XCP is time they could have spent doing something else.

As if all this weren’t bad enough, you should read the end-user’s license agreement that goes along with these CDs. Obviously, you own the CD and can do what you want with it. But when you install an XCP CD on your computer, you get a 3000-word agreement in which Sony states that you must delete the digital music files if the physical CD is broken, if you move out of the country, or if you file for bankruptcy. That’s just for starters; you can see a more detailed analysis of the end user’s agreement by the Electronic Frontier Foundation.

I don’t usually use my computer to play CDs, but this action on Sony-BMG’s part has made me unwilling to purchase any CDs from Sony’s labels. I have a hard time supporting a company that treats its users so poorly. This is unfortunate, as there are many Sony albums -- including one XCP release -- that I wanted to buy.

Luckily, there are a great number of independent labels that use no content-protection malware, and that cater to any musical taste you might wish to explore. Here are three examples: Chesky Records has released some great jazz records in recent months; M•A Recordings offers a wide variety of musical styles, and I’ve been pleased with everything I’ve bought from them; and Six Degree Records has a nice selection of world-pop music. Next time you’re looking for new music, why not try an artist from such a label? They’ll likely appreciate your business more than Sony-BMG does, and treat you accordingly.

…Eric D. Hetherington


GOODSOUND!All Contents Copyright © 2005
Schneider Publishing Inc., All Rights Reserved.
Any reproduction of content on
this site without permission is strictly forbidden.