How Sony BMG lost its mind and rootkitted its CDs -- prepublication law paper


12 Responses to “How Sony BMG lost its mind and rootkitted its CDs -- prepublication law paper”

  1. monquixote says:

    What a superb report that is!
    I think we should thank Sony. It takes this kind of train wreck / bull in a china shop hybrid of a business strategy to generate enough backlash for the regular media to cover this kind of story.

  2. John Dallman says:

    The analysis of the decision – was it simply a mistake, or a deliberate risk on Sony’s part? – neglects an important factor. Wish fulfillment.

    Lots of corporate executives don’t understand the actual limits of information technology, and assume that most statements about the possibility or impossibility of doing something are governed purely by engineer’s views of what’s easy. They also really want powerful and effective DRM, because they are deeply uneasy about people using their products in new ways: it seems to be an invasion of their area of control, the thing they have power over as an executive.

    The combination of these psychological factors means that they are highly unwilling to question someone who offers them DRM that is claimed to be “foolproof” and “effective”. They have very strong motivations to confirm the “truthiness” of this, and will resist any activity that might challenge it. It’s also the case that engineers who are inventing DRM systems naively tend to drastically overrate the power of their products.

    My experience of these behaviors comes from two scenarios.

    The first was making a testing attack against a DRM system (for an application’s built-in programming language) produced by a previous employer, where the responsible engineer considered it unbreakable, and then, when I’d opened it up in a morning’s work, mostly spent writing some simple tools, (I had the advantage of being familiar with his programming style) started to claim that I was far more skillful than any plausible attacker.

    The second is from various attempts by a subsequent employer to design a DRM system for data, rather than media material. The requirements were always impossible to meet, but it was clear that if I claimed to have produced something that fulfilled them, I wouldn’t be questioned by management, who would try hard to defend the system against challenges, and there would be notable rewards.

    So it seems very plausible to me that once Sony went looking for a DRM system, their managers had strong motivation to accept the one with the biggest claims – and likely the highest price – to accept its producer’s claims about its effectiveness, to defend it against challenges, and not to consider side-effects.

    You also have to consider the nature of the music recording business. It’s a field where large sums are routinely risked on a combination of artistic and commercial judgment. The romantic view is of someone backing his artist to the top of the charts. That’s a situation where arbitrary decision-making can become entrenched in corporate culture really quite easily.

  3. Jerril says:

    The article has, alas, succumbed to Internet Bit-rot. Does anyone know of a re-hosted source?

  4. Jerril says:

    Der, teach me to Google. Available for free download here:

  5. anthonys82 says:

    “the company purchased a 3.5” floppy disk factory in 2001, displaying a disturbing dearth of technological savvy”

    This is my favorite part.
    honestly, what the christ?

  6. Teresa Nielsen Hayden / Moderator says:

    What you said, Anthony.

    SunnComm isn’t the first anti-copying software producer I’ve seen that was disturbingly far behind the technological curve. It would be interesting to find out if that’s a pattern.

  7. Mark Levitt says:

    I guess that guy from Warners was right. They don’t understand technology and they don’t have the skills to hire people who do.

  8. Moon says:

    Mark Levitt, there’s a LOT of those types out there and there was EVEN more in the late 90s, early 2000s.

  9. Halloween Jack says:

    When I googled for the Van Zant album mentioned above (I wasn’t sure how Little Steven’s last name was spelled, and wanted to see if it was one of his or one of the former Lynyrd Skynyrds; it’s the latter), this link from Amazon was one of the first that came up. Hmm… better check those Springsteen Dual Discs that I’ve bought to see if they’re in that group.

  10. dustyrivers says:

    Neil Diamond’s comeback record met a similar fate to that of Van Sant’s. Producer Rick Rubin is still bitter about it:

  11. flickersticks says:

    I can just see the business school books of the future, addressing the music industry in their chapter on “How to Commit Industry Suicide”

  12. realtymatching says:

    This is no less than customer hara-kiri.

Leave a Reply