November 3, 2005 | By Jason Schultz

Uproot Sony-BMG's Invasion of Your Privacy and Your Computer

For years now, copy-restriction software has been a looming threat to those who purchase music and want to make fair uses such as space-shifting it from one device or computer to another. Fortunately, early versions of the software were so cumbersome and easy to work around that consumers whole-heartedly rejected or bypassed them. Recently, however, at least one record label has stepped up the war for control of digital content by drawing from the playbook of spyware companies and virus-writers.

Using a program called a rootkit, inserting a Sony BMG music CD will now infect your computer with a nefarious program, burying it deeply and obscurely within your operating system. The program will monitor your computer activity in the name of preventing the so-called epidemic of "piracy" that results from people making extra copies of their music CDs or favorite songs. Worse yet, there is no "uninstall" feature on this program. It's like the roach motel -- once Sony BMG's surveillance program checks in, you can't make it check out without completely wiping your entire system clean. Such practices have been widely condemned in the computer world, even by Microsoft's own research division.

Outrage from computer users and music fans has sparked Sony BMG into offering a program on its website that will show you if you have been infected with the rootkit. However, while you can see the program running, you still can't uninstall it, and some security experts believe installing the "update" may even infect your computer with more unwanted files.

While it is debatable whether copy-restriction software can even prevent serious illegal copying to begin with, there should be no question that invading our computers and infecting our systems should be off-limits. Unfortunately, the law is unclear on the exact rights users have to keep programs like Sony's rootkit off your computer when you purchase their CDs or click on a random "I Agree" button that might appear during an installation process. Until the law clarifies that We the Consumer actually hold the rights and keys to our computers, spyware companies, virus-makers, and now even entertainment conglomerates will be the ones dictating what we can and cannot do in the privacy of our own homes with the equipment and content we have lawfully purchased. Left unchecked, they will continue using our own computers against us to enforce their will and whims over our personal freedoms and behavior.

Entertainment companies often complain that computer users refuse to respect their intellectual property rights. Yet tools like Sony's rootkit refuse to respect our own personal property and privacy rights. Such hypocrisy should not stand.

Note: According to Princeton University CS Prof. Ed Felten, if you're using a recent version of Windows, you can protect yourself against this type of software, and some other security risks, by disabling autorun.

UPDATE: Calling the rootkit a "security risk," Symantec has just released a new removal tool that targets the risk. Professor Ed Felten has also posted a Sony DRM Customer Survival Kit with tools for figuring out whether you've been infected with the rootkit, how to disable it, how to disable the DRM software altogether, etc.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Federal appeals court rules that sheriff’s threats against credit card companies violate the First Amendment

Dec 1 @ 7:54pm

The TPP negotiations have ended but the fight to stop it is far from over. Here's how we're going to defeat it:

Dec 1 @ 5:14pm

First-ever complete unmasking of FBI national security letter shows scope of spying, need for NSL challenges:

Dec 1 @ 3:59pm
JavaScript license information