Wednesday, November 23, 2005

Schneier on the real story in the Sony drm fiasco

Bruce Schneier thinks the real story in the Sony drm disaster is

not Sony's rogue drm rootkit,
not that the drm acts as spyware,
not that attempts to get rid of it damage your Windows operating system
not that Sony stopped production on the destructive CDs
not that Sony recalled the destructive CDs
not that Sony secretly rolled out destructive drm
not that Sony after a lot of hassle and further privacy invasion offered a "fix" that not only didn't work appropriately but created more security problems
not that Sony lied about the privacy invading features of the drm
not that Sony said "Most people don't even know what a rootkit is, so why should they care about it?"
not that Sony's rootkit may have infringed on others' copyrights
not that Sony may have breached UK, US, Italian and other criminal codes
not that Sony probably won't be prosecuted in the US or the UK

but

"the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us...

That all the big security companies, with over a year's lead time, would fail to notice or do anything about this Sony rootkit demonstrates incompetence at best, and lousy ethics at worst...

Who are the security companies really working for? It's unlikely that this Sony rootkit is the only example of a media company using this technology. Which security company has engineers looking for the others who might be doing it? And what will they do if they find one? What will they do the next time some multinational company decides that owning your computers is a good idea?

These questions are the real story, and we all deserve answers."

No comments: