On Monday, October 31, people began to discover that Sony BMG was using it’s copy protected CDs to covertly install its DRM (digital rights management) technology on PCs in order to prevent unauthorized copying of digital products. You didn’t need to install it yourself. You didn’t even have to be ripping a CD. All you had to do was play it, and that would trigger the installation. In some cases, you only had to insert the CD. The installed software is called a rootkit, traditionally used by hackers to hide viruses.
Mark Russinovich, one of the first bloggers to report this, unfortunately discovered a nasty side effect. When he tried to remove the rootkit, it disabled his CD drive, breaking his computer. As Molly Wood of Cnet describes it, “You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place.”
We all understand the struggle to protect the rights of musicians, artists and other creators as well as the companies that represent them. No one is in favor of the vast piracy of intellectual property emerging from countries like China. We do, however, object to heavy handed intrusion and control that makes us vulnerable to the malicious actions of other hackers who could use the rootkit to install viruses or to the potential destruction of our property as happened to Mr. Russinovich.
Now this morning, while Sony acts in damage control mode, the situation has started to spiral out of control. For one thing, mainstream media has picked up the story. Check out USA Today’s Business section, “Some Sony CD’s piracy protection called spyware”. The first viruses taking advantage of the rootkits have been detected. And the first Sony boycotts and class action suits have begun to gear up.
Sony’s mistake was in not being authentic and transparent about what it was doing. It treated it’s customers as an enemy, at worst, and as stupid, at best. Either way, customer confidence in Sony will sink.
Sony did not help itself as the story broke. It did announce that it released a patch to antivirus companies that will eliminate the ability of this software’s ability to hide. But the cows were out of the barn.
Then in an NPR interview, Thomas Hesse, President of Sony’s Global Digital Business, is recorded saying, rather dismissively, “Most people, I think, don’t even know what a rootkit is, so why should they care about it.” I’ll let you ponder how that sounds and what that communicates about his view of us as customers and of Sony’s responsibility to its customers.
Another executive tried to assure the press that the rootkits would not be used to secretly collect information on customers. But given the situation, who can really believe him? Credibility and trust have been destroyed.
What are the lessons for us? When I heard this story, Philippians 1:10 came to mind. In the passage, followers of Christ are exhorted to be “sincere” and “blameless”. These two words are rooted (no pun intended) in vivid word pictures in the original Greek language.
The word, sincere, is a marketplace term. If you were buying pottery in an ancient Greek market, you would take the pot out of the tent and examine it in the sunlight. This would reveal the quality of the pottery. An unscrupulous potter would glaze and paint over cracks. The examination would reveal this. This is an admonition to us to have no hidden cracks at a personal or corporate level. We need to be authentic. Sony missed this big time.
The word, blameless, has the idea of rocks on a road. To be blameless is to live in a way that there is nothing in me or what I do that causes others to stumble or fall. A good personal application to be sure, but a corporate lesson that Sony has missed. There will be many who will not buy Sony products again.
I told my eleven year old daughter about this. She was aghast and said, “How can people do something like this? Don’t they know that secrets and lies will always come out into the light?” Good insight, little one. They needed to talk to you first.
- How do you engage with customers and business partners to both protect the rights of intellectual property creators and the rights of the customers?
- In talking with a co-worker once, I asked him, “Why did you do that?” His reply, “Because I knew I could get away with it.” Maybe he was joking. Do you or your company exhibit any such behavior?
- How would you assess your personal or company’s actions by the “sincere and blameless” benchmark?
- How do you build confidence and trust with your customers in a time of growing distrust, cynicism, and skepticism?
- When you make a mistake as a corporation, how do you respond?
Links:
blog by Mark Russinovich, Sony, Rootkits and Digital Rights Management Gone Too Far
DRM this, Sony! By Molly Wood, section editor, cnet.com
NPR interview with Thomas Hesse, President of Sony’s Global Digital Business, “Most people, I think, don’t even know what a rootkit is, so why should they care about it?”
