Tuesday, November 22, 2005
From Info World's Gripe Line Blog
THE GRIPE LINE WEBLOG by Ed Foster
Tuesday, November 22, 2005
Sony's DRM Profile
You're probably getting tired of hearing about Sony BMG's rootkit DRM, but one central mystery about it remains to be solved. What was Sony's real motive for what many consider behavior that is awfully close to a criminal act? To answer that question I think we're going to need to borrow a page from the criminal profilers by tracking the company's behavior. Fortunately, we have more than one crime scene to help us with our profile, because it so happens that Sony has been employing more than one form of spywarish DRM in recent months.
Even after finally confessing, under considerable duress, that the rootkit was probably a mistake, Sony officials have stuck to the story that their use of First4Internet's XCP DRM was intended only to protect their CDs from music pirates. But that alibi doesn't really wash, since the XCP copy protection only punishes legitimate customers while doing nothing to stop file sharers. What's more, this is a pattern of behavior we saw before with Sony when readers were complaining back in July about another form of DRM it was using on music CDs from SunnComm, Inc.
What clues can we pick up by comparing the different DRM approaches Sony has employed on its CDs in recent months? Fortunately, on the subject of SunnComm's MediaMax DRM, we have the equivalent of a forensic anthropologist who can serve as an expert witness here. Princeton University computer scientist J. Alex Halderman is the researcher who SunnComm threatened with charges of violating the DMCA's anti-circumvention provisions a few years ago when he revealed how their technology could be thwarted by holding down the shift key. The rootkit brouhaha prompted Halderman to take a look at how the MediaMax DRM is implemented on recent Sony CDs (all apparently on different titles than the CDs that have the XCP rootkit), and his published findings are quite intriguing.
While Halderman found no evidence of SunnComm's MediaMax using a rootkit, some of the things he did discover provide considerable grist for our behavioral profile of Sony. For one thing, before users can even say yes or no to accepting the Sony EULA, MediaMax has already installed a dozen files on their hard drive and started running the copy protection code. The files remain even if the user rejects the EULA, and the Sony CDs provide no option for uninstalling the files at a later date.
Most interesting of all though is what Halderman discovered concerning the spyware attributes of the Sony CDs equipped with MediaMax. As with the XCP rootkit, MediaMax also "phones home" every time you play a protected CD with a code identifying what music you're listening to. And in the SunnComm server's response to these transmissions Halderman also uncovered a very important clue to what Sony's really up to: a URL including the term "perfectplacement." A MediaMax developer's webpage describes Perfect Placement to potential clients like Sony as an e-commerce revenue generation "feature of dynamic on-line and off-line banner ads. Generate revenue or added value through the placement of 3rd party dynamic, interactive ads that can be changed at any time by the content owner."
Follow this link for the entire story.