Recognizing a growing trend, Sony BMG decided to fight back against villainous music-sharers by restricting how many times listeners can copy their CDs. Fighting technology with technology, last spring it started selling CDs that contain Extended Copying Protection software – a lovely euphemism for what is little more than a commercially distributed computer virus.

Jess Cox

The innocent-looking XCP software automatically installs itself on Windows computers and limits listeners’ ability to copy the CD’s music – supposedly protecting Sony from untold lost profits. But while copy-protection software keeps Sony safe, it also puts buyers’ computers at risk. This type of program, called a rootkit, lurks on users’ systems – undetected even by antivirus software – and makes computers more susceptible to viruses.

Viruses happen, but who expects “The Essential Pete Seeger” to be the culprit?

A blogger revealed the threat Sony’s software poses in late October, quickly attracting national attention. The company at first provided only a flawed uninstall program that left computers even more vulnerable. Thomas Hesse, president of Sony BMG’s global digital business division, told National Public Radio, “Most people don’t even know what a rootkit is, so why should they care about it?” I must have misunderstood – as long as listeners don’t know that Sony is violating their computer’s security, there’s no real harm done?

By late November, the company recalled all affected CDs – 52 titles amounting to roughly 5 million discs – but ignored the Electronic Frontier Foundation’s complaints about a similar Trojan horse-style program included with another 20 million CDs. It wasn’t until yesterday that Sony finally issued an advisory on the second program.

During the gap between the public’s discovery of the risk and Sony’s recall, one brave institution took action: the Ann Arbor District Library.

Employees read about what was going on and promptly cancelled orders of CDs that contain the XCP software and pulled discs that contain it off the shelves. Just like run-of-the-mill library censorship, well-meaning library administrators sought to protect patrons from loaned materials. But unlike controversial literature, the CDs actually posed a threat.

Eli Neiburger, tech manager for the library, said the choice was a no-brainer: “It’s as if it were a book that had spikes stuck out in it.”

Sony has taken the spikes out of its CDs now, but what’s next? It depends on how much consumers are paying attention. For now, the library will begin purchasing Sony’s CDs again, and a handful of jaded buyers will look elsewhere for their music. As for Sony, everyone from the Electronic Frontier Foundation to the Texas state attorney general is fuming – and suing.

If Sony can keep its 16 lawsuits (and counting) quiet, it seems likely that it’ll simply find a bigger, better copy-protection program that does the job without jeopardizing computer security. Neiburger suggested that Sony’s mistakes could generate the backlash needed to signal “the beginning of the end” of these sorts of restrictions, but I’m not that optimistic.

Although companies are starting to realize the music industry needs more than just CD sales to survive, they’re still trying to keep afloat by pegging themselves to the past. Sony’s stubborn crusade to make sure buyers share CDs no more frequently than they share underwear fails to recognize that the game has changed. It seems absurd that Sony’s innovation consists of little more than researching new ways to restrict its product’s use.

Neiburger mentioned that these music companies, along with other corporations struggling with copyright law, need to come up with a business plan that actually reflects the change in how consumers demand music. And indeed, a few companies have adapted – iTunes emerged out of the Napster mess as a copyright-friendly way to make money off digital media. But for all its popularity, Apple, not the buyer, is in total control. Apple can “change, suspend, remove, or disable access – at any time without notice” to downloaded music – meaning that $0.99 music file isn’t really yours at all.

At a certain point, customers will want to actually own what they purchase, and they may be willing to pay a little more in order to be free of restrictions. But even as things stand today, it’s not consumers’ job to worry about what their music CDs could do to their computers. And it certainly shouldn’t have to be the library’s job to keep us safe from viruses.


Beam can be reached at ebeam@umich.edu.

Leave a comment

Your email address will not be published. Required fields are marked *