November 3, 2005 | By Jason Schultz

Uproot Sony-BMG's Invasion of Your Privacy and Your Computer

For years now, copy-restriction software has been a looming threat to those who purchase music and want to make fair uses such as space-shifting it from one device or computer to another. Fortunately, early versions of the software were so cumbersome and easy to work around that consumers whole-heartedly rejected or bypassed them. Recently, however, at least one record label has stepped up the war for control of digital content by drawing from the playbook of spyware companies and virus-writers.

Using a program called a rootkit, inserting a Sony BMG music CD will now infect your computer with a nefarious program, burying it deeply and obscurely within your operating system. The program will monitor your computer activity in the name of preventing the so-called epidemic of "piracy" that results from people making extra copies of their music CDs or favorite songs. Worse yet, there is no "uninstall" feature on this program. It's like the roach motel -- once Sony BMG's surveillance program checks in, you can't make it check out without completely wiping your entire system clean. Such practices have been widely condemned in the computer world, even by Microsoft's own research division.

Outrage from computer users and music fans has sparked Sony BMG into offering a program on its website that will show you if you have been infected with the rootkit. However, while you can see the program running, you still can't uninstall it, and some security experts believe installing the "update" may even infect your computer with more unwanted files.

While it is debatable whether copy-restriction software can even prevent serious illegal copying to begin with, there should be no question that invading our computers and infecting our systems should be off-limits. Unfortunately, the law is unclear on the exact rights users have to keep programs like Sony's rootkit off your computer when you purchase their CDs or click on a random "I Agree" button that might appear during an installation process. Until the law clarifies that We the Consumer actually hold the rights and keys to our computers, spyware companies, virus-makers, and now even entertainment conglomerates will be the ones dictating what we can and cannot do in the privacy of our own homes with the equipment and content we have lawfully purchased. Left unchecked, they will continue using our own computers against us to enforce their will and whims over our personal freedoms and behavior.

Entertainment companies often complain that computer users refuse to respect their intellectual property rights. Yet tools like Sony's rootkit refuse to respect our own personal property and privacy rights. Such hypocrisy should not stand.

Note: According to Princeton University CS Prof. Ed Felten, if you're using a recent version of Windows, you can protect yourself against this type of software, and some other security risks, by disabling autorun.

UPDATE: Calling the rootkit a "security risk," Symantec has just released a new removal tool that targets the risk. Professor Ed Felten has also posted a Sony DRM Customer Survival Kit with tools for figuring out whether you've been infected with the rootkit, how to disable it, how to disable the DRM software altogether, etc.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

We're in Las Vegas for some of the world's most renowned computer security events. Check out what we're doing: eff.org/LasVegas2015

Aug 3 @ 9:11pm

MPAA seeks website blocking with one court order to bind every Internet company. https://eff.org/r.unil #SOPApower

Aug 3 @ 3:43pm

BREAKING: Sen. McConnell just filed cloture on CISA. That means he wants to move it this week. Take action now https://stopcyberspying.com

Aug 3 @ 3:13pm
JavaScript license information