CyberTech Rambler

November 16, 2005

Sony on the right path to fix DRM Debacle, more doubts on the competency of First4Internet

Filed under: Uncategorized — ctrambler @ 11:27 am

Finally, Sony is on the right path to limit the damage caused by the DRM Rootkit debacle. According to USA Today, Sony will pull all copies of the Rootkit-infected CDs from the shelves and swap these CDs if consumer ask them to. It also soften its tone from “There is no security threat” to “Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience”.

Dear Sony, what took you so long? That should had been the second logical step to take (The first step is to establish that the deployed DRM is doing something unacceptable to consumers.) Not the fifth or sixth step! Why go through the tortures, self-harming ritual of denying there was a problem in the first place? Not having the correct staff to evaluate the technical aspect of this problem? For god sake hire one then! May be your PR guru believe that this is “denial then fix it” strategy is the best overall PR damage control. Believe me, this is not a good strategy. It completely destroy trust. Next time if someone cries wolf, nobody will believe your denial anymore.

The biggest casualty in the whole saga is First4Internet, the company that supplied the DRM technology. First we have the negative publicity. Then, Sony’s denial that there is a problem reflects First4Internet’ view (since it does not bother to correct Sony). In an effort to provide a fix, (when read in conjunction to Sony’s denial, an unnecessary fix), it opens another security hole. It is alarming that this new security hole, i.e., not properly checking the source of a script download, thus allowing the infected computer to execute arbitrary program, is remarkably similar to the whole the Rootkit opened, i.e., allowing other programs to use it to hide their presence because of inadequate check on the name of the program to cloak from user. Two same problems in a row make one wonder whether First4Internet do the due-diligence check expected from them.

Most importantly, as a technology-oriented person, this cast doubt on the company’s business practice. It is going to take its toll on the company.

To be fair, SunnComm probably have a worse reputation for threatening to inappropriately use DMCA to sue a Princeton student for showing how to bypass its copy-protection system and now, its version of DRM insist of keeping active until you shutdown your computer even if you say “No” and abort the installation process. This means SunnComm has the potential to be the next target in the DRM war.

Raising questions on DRM practices is good for the consumer. It is still not a certainty whether consumer will accept DRM. DRM is still in its infancy. All these revealation about DRMs have positive effect. It might not be successful in achieving its ultimate aim: Removal of DRMs from the market place. Sometimes, revealation is a double-edge sword: By pointing out what is wrong with DRM, it allows DRM vendor to take corrective steps and thus, make newer versions of DRM more acceptable to Joe Consumer. However, at the minimum, it

  1. Educate consumers on DRM
  2. establish the line between protection of IP and intrusions (trespass) into computers
  3. Keeps companies honest

Thus, I think we in the anti-DRM camp have a lot more to win than to lose.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: