Call it the revenge of the nerds -- digital style. For years, computer geeks and cyberlibertarians have howled about aggressive user restrictions programmed into music CDs, movie DVDs, and all kinds of software. They've issued dire warnings about the media industry's zeal to protect content in the Digital Age. At risk, they cautioned, was the consumer's right to enjoy legally purchased content how and where they saw fit.
The clamor dogged the content industry but never did much serious damage. Hollywood, Silicon Valley, and recording studios maintained the upper hand, introducing legislation in Congress that made it easier to go after online thieves, and winning thousands of lawsuits against people who illegally download music and movies from online file-swapping networks such as KaZaA and Limewire. All the while, content creators were rolling out creative ways to limit what consumers could do with their tunes, movies, software, and even ring tones without sacrificing too much in the way of public trust.
INFECTION-READY. Now the tide might be turning, thanks to a classic case of overreaching that has fomented a backlash against the industry. On Oct. 31, blogger Mark Russinovich discovered a hidden program installed on his PC by a Sony (SNE) BMG music disk. The code was designed to prevent purchasers of the CD from copying it or converting it. But the program was disturbing for another reason -- in an apparent effort to prevent garden-variety hackers from circumventing the copy restrictions, Sony designed the program to surreptitiously bury itself deep within the Windows operating system, completely hidden from view.
Before long, software engineers were warning that the code -- known derisively in techie parlance as a rootkit -- could easily be co-opted by virus writers. The warning was all but an invitation, and soon enough the viruses began circulating.
Cyberlibertarians accused Sony of violating state and federal spyware laws, class actions were filed, and the issue exploded into the mainstream press.
Then, Stewart Baker, an Assistant Secretary at the Homeland Security Dept., picked up the ball and ran with it. On Nov. 10, he gave Sony a public finger-wagging for undermining computer security measures: "It's very important to remember that it's your intellectual property -- it's not your computer," he said.
"TURNING POINT." Microsoft (MSFT) declared the code a security risk to PCs running on Windows, and security companies such as Symantec (SYMC) began alerting PC users to its presence. On Nov. 15, Sony said it would recall some 4.7 million music CDs, 2.1 million of which have already been sold to consumers.
"It's a turning point," says Fred von Lohmann, senior attorney at the Electronic Frontier Foundation, a group devoted to defending consumer rights in the Digital Age. "Millions of people are going to suddenly realize that thanks to Sony's copy protection, they have to worry about viruses and security breaches and intrusions into their computers. This scandal is going to raise the profile of the copyright debate."
That's true partly because von Lohmann and other cyberspace freedom lovers are using Sony's woes to their advantage. After years of predicting that the sky would fall, geekdom intends to make hay of the rootkit fiasco.
In theory, Sony could be liable for breaking any number of laws. A class-action complaint filed Nov. 1 in Los Angeles Superior Court accuses it of failing to disclose the true nature of the so-called digital rights management (DRM) system on its CDs and alleges that thousands of computer users have unknowingly infected their computers.
DIFFICULT BALANCE. Von Lohmann says Sony theoretically could be liable for breaking several California consumer-protection laws, including the Consumer Legal Remedies Act, as well as federal statutes such as the Computer Fraud & Abuse Act, which prohibits anyone from accessing a computer without authorization.
"We do feel a little vindication," von Lohmann says. "I don't think anybody is celebrating the fact that Sony has created what could be a global Internet security problem, but we can say we told you so."
The firestorm highlights a delicate balancing act that the intellectual-property industry has yet to perfect. DRM schemes are pervasive in the modern world. Many are relatively benign, such as the system used by Apple's (AAPL) iTunes, which limits how many times a user can copy a particular set of songs.
LICENSE RESTRICTIONS. Other controls are less obvious to consumers but far more restrictive, such as the end-user license agreement, also known as a "click-wrap" license, which is incorporated into nearly every software program and now is appearing on music and movie disks. The license concept has converted the old-fashioned retail purchase into a complex contract arrangement that forces users to agree to onerous restrictions before they can use whatever they've already paid for.
The license incorporated into Sony BMG's compact disks, for example, prohibits users from loading their purchased tunes onto their work computer and bans them from taking music loaded onto their home PCs out of the country. And woe to audiophiles who sell, trade, give away, or lose their disks. If they no longer posses the original CD, Sony BMG's license requires them to delete the music they've loaded onto their computers.
Content-industry execs continue to press the economic importance of protecting intellectual property, the nation's biggest export. The explosion of Internet users, combined with expanding broadband networks and technologies such as peer-to-peer file-swapping networks and digital music players, have conspired to make music, software, movies, and other digital content exceedingly easy to steal, copy, and distribute.
READY TO EXPLODE. Market-research firms report that some 30% of consumers have ripped and burned music tracks from friends. "While reasonable people can debate how far digital-rights management can go, it's absolutely clear that it's one part of a larger strategy to fight theft," says David Israelite, president and CEO of the National Music Publishers Assn.
But some industry execs admit privately that the Sony rootkit brouhaha has shown that there are some lines that content creators simply can't cross. The industry learned a similar lesson in 2003, when Senator Orrin Hatch (R-Utah), then-chairman of the Senate Judiciary Committee, wondered aloud whether the tech trade could build a computer that would explode if it was used to illegally download music tracks. Destroying computers, Hatch said, "may be the only way you can teach someone about copyright."
That idea certainly didn't get very far, and Sony's rootkit debacle isn't the beginning of the end of content protections. But it will go a long way toward setting limits on how far the industry can go in handcuffing honest consumers in its ongoing effort to arrest digital theft.