Article 43


Monday, December 17, 2007

Reconstructing the Sony Rootkit Incident


DRM SUCKS.  This mass of third-party, non-standard DRM THAT COMPANIES ARE ADDING to content makes it suck even more.  Sony DRM takes sucking to a whole new level.  [Let’s also not forget the draconian EULA that accompaines DRM tainted crap. Ed.]
- Adrian Kingsley-Hughes, ZD Net

Social Science Research Network
December 16, 2007

LATE IN 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers’ computers and the integrity of the information infrastructure more broadly. THIS ARTICLE aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that IN RETROSPECT appears obviously and fundamentally MISGUIDED.

The Article first addresses the market-based rationales that likely influenced Sony BMG’s deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG’s internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG’s decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.

The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the DIGITAL MILLENIUM COPYRIGHT ACT (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user CONTROL over the security and privacy aspects of computers.


Posted by Elvis on 12/17/07 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Page 1 of 1 pages


Total page hits 12268393
Page rendered in 0.6179 seconds
40 queries executed
Debug mode is off
Total Entries: 3455
Total Comments: 339
Most Recent Entry: 01/27/2023 09:58 am
Most Recent Comment on: 09/26/2021 05:03 pm
Total Logged in members: 0
Total guests: 18
Total anonymous users: 0
The most visitors ever was 588 on 01/11/2023 03:46 pm

Email Us


Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

When a friend is in trouble, don't annoy him by asking if there is anything you can do. Think up something appropriate and do it. - Anonymous


Advanced Search



December 2007
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Must Read

Most recent entries

RSS Feeds

CNN Top Stories

ARS Technica

External Links

Elvis Favorites

BLS and FRED Pages


Other Links

All Posts



Creative Commons License

Support Bloggers' Rights