Thursday, November 10, 2005
Hooplah about the Sony DRM EULA
UPDATE (Nov/17/05): It seems Sony is in a bigger mess than I thought - I recently read that they actually ripped code for their DRM software from Jon 'DVD' Johansen's Fair Play code which I understand is under LGPL. Obviously, this is a copyright violation. Oh well, they seem to be getting into a deeper mess with each day.
It is human nature - controversies are what we thrive on. As much as we like to hear about heroes, it is villians who make our day. This time, Sony-BMG faces the wrath of the righteous.
The story so far:
1. Sony has been shipping DRM protected CDs for a while now
2. Mark Russovich discovers, almost by accident, that Sony installs a program in your computer that actually installs some hidden files and also ensures that those files are cloaked (in other words, a normal user will never be able to see these files, unless he knows exactly how). In short, Sony installs a driver that hides any files that begin with the special letters '$sys$'
3. To Make it worse, Sony does not provide a clean uninstaller - to uninstall, one has to go through cumbersome filling up of forms and periods of non-response.
Mark discovers that when he tries to uninstall the software manually, it 'trashes' his CD player. Basically, what Sony does is that it attaches itself as a filter to the CD device driver - if you forcibly remove Sony's secret drivers, the device driver filter chain gets corrupted and boom - your CD player is no longer visible.
4. Mark gets mad, hacks his way through the DRM process and finally manages to
return his computer to stability (Mark is an established and highly respected Windows hacker)
5. Mark checks the EULA for the DRM software and rightfully finds it to be purposely vague about the intent of the 'installed software'
6. In the mean time, mainstream media picks up on this and overnight, Sony becomes the new Satan everyone is talking about. Consumer rights have been violated, and so on.....
Class action lawsuits are filed (what would the world be without class action lawsuits... *sigh* )
In the meatime, consumers go haywire in forums around the world, promising never to use anything Sony, including digital cameras. (Don't worry, the moment Sony releases their next Camera to the market all these promises will be dutifully pushed under the carpet - but till then, it makes great media news)
7. To make things worse, some virus writers exploit the new discover that Sony DRM software cloaks files that begin with "$sys$" and write a virus that begins with those letters. Guess what, Sony happily hides those files too from checkers.
8. In the meantime, Sony does a lame press notice and releases an uninstaller which is partially tested.
Fine. My 2 cents:
a) Sony did mention in the EULA about the 'proprietary software'. They also mention that it does not transmit private information of clients - this is actually true.
b) Sony's EULA is worded, as usually, heavily in favour of Sony. The liability is severely limited and the grounds of winning any law suit against them is low to none.
c) The fact that Sony's cloaking resulted in exploits like the virus writer did is true. However, this is not an something that can be held in court against them. It is similar, to, say, installing sendmail in your computer and someone designing an exploit of sendmail. Sure that exploit never would have existed if sendmail was not vulnerable. Same holds true for Windows vulnerabilities. Software bugs happen. Sony's DRM code did many wrongs, but this part is bogus. This is why the EULA protects software with the 'AS IS' para. Most software vendors do this to protect themselves.
d) Sony did a horrible job as a followup. Instead of trying to please their customer base with a good patch , their uninstaller release was directed only to the press, and to top it off, badly tested. This seems to me, to be an act of defiance by Sony which seems to say 'Yes, we did. So what. Simmer down, have a cookie'.
e) However, the software does not directly violate anything expressed in the EULA. For example, Sony does not say it will provide an uninstaller. It words it as 'until removed or deleted' - whether manual or automatic, is not explictly stated. Yes, this is wordsmithing a contract, but that is what lawyers do.
Does this mean I will stop using Sony ? Hell No ! Not me. But that is just me. Welcome to the world of DRM. If you choose to buy DRM software or hardware, accept the fact the vendors will do everything possible to enforce DRM. If you have problems, fight DRM as a concept (and best of luck with it).
In other words, please don't change the focus to 'Sony is Evil' - fight the larger concept of DRM if you must.