Neil Diamond released a new album a few weeks ago that was destined for greatness and was selling like keg beers at an outdoor Ben Harper show. But after only a week on the shelves it was pulled. The problem wasn't with sales--it was the No. 5 best seller at The Record Exchange--the problem was with an added "bonus" on the disc--a creepy little piece of code called a "rootkit." What is a rootkit? On Wikipedia.com, a rootkit is defined as: "A set of software tools used by a third party (usually an intruder) after gaining access to a computer system. These tools conceal [certain] processes, files or data, which helps maintain access to a system without the user's knowledge. "
Spyware and virus jerks use rootkits to ruin computers and steal information. What made the Sony BMG rootkit special, is that it had to be installed on a PC for that PC to play the new Neil Diamond CD or any of the 20 or so other new Sony releases. The sneaky code first became well-known on Halloween. Mark Russinovich, an I.T. guy in Seattle, traced a spyware problem he was having with his computer to a CD he had purchased: Van Zant's Get Right With the Man. When Russinovich delved further, he found that whenever he played the CD on his PC, it triggered a rootkit installation. The rootkit was designed to monitor his computer habits and relay that information back to Sony. The code also left an almost undetectable space open on his hard drive that could be accessed by any would-be hacker with an Internet connection. When Russinovich tried to delete the rootkit, his CD drive was disabled.
CNET tech writer Molly Wood writes, "You put a CD into your PC ... Sony grabs this opportunity to sneak into your house and set up camp, and it leaves the back door open so that they or any other enterprising intruder can have run of the place. If you try to kick Sony out, it trashes the place."
The P2P sharing phenomenon--Napster, for example--made it so people were able to maintain libraries of music without ever having to buy an album. CD sales decreased and some corporate bean counters got their feathers ruffled. Pretty soon talking heads like Lars Ulrich were fired-up over having missed out on some money. But Napster wasn't all bad. "[P2P sharing] can be part of the promotion of a product," says Record Exchange owner Michael Bunnell. "The record industry made a mistake when it destroyed the singles market. Kids eventually found a way to get them [singles]. For years people who got used to downloading never had an alternative that was legal. It took someone from outside the industry to find a legal way to deliver music to people."
The most visible business to legalize music downloading was Apple. While Steve Jobs and crew were reaping fantastic profits (they have legally sold over a billion songs), the record labels went to work criminalizing their own customers which is the worst way for Sony and others to go. It has long been well-known that the large-scale piracy groups actually take a chunk out of a label's bottom line. Those illegal operations have probably already found a way around Sony's crappy code. In the meantime, your computer is crashing and your personal information is being spread all over the Net because you bought a Neil Diamond CD. Talk about bad PR.
"It is pretty much illegal wire-tapping," says Tim O'Neil, a Boise State instructor of Extended Studies Information Securities. "It is not just the consumers who are being harmed. Business networks are being compromised because some employee wants to listen to music at work." So far there are an estimated half-million networks infected with the rootkit.
Class action lawsuits began on November 1. In an NPR interview, Thomas Hesse, president of Sony BMG Music Entertainment's Global Digital Business division stated, "Most people don't even know what a rootkit is, so why should they care about it?"
Finally, Sony pulled its CDs from the shelves and offered a fix that doesn't really fix anything. The patch requires that consumers give out even more personal information and still leaves computers wide open to hackers. But at least they pulling their rootkit-installing CDs from the shelves, is good, right? Wrong. Recalling these CDs hurts businesses like the Record Exchange big time says Bunnell. "Now we have to pull [the Neil Diamond CD} right before the holidays." For record stores it can mean millions of dollars of lost profits.
The solution? For now, stick with the labels that aren't engaged in some stupid nickel and dime parry with their best customers and wait and see how this gets played out. In the meantime, go to the Record Exchange and ask the staff for help finding music that's great to listen to and won't destroy your PC. Let them steer you to something that doesn't invade your home with anything but great sounds.