Posted by: Steve Hamm on December 2, 2005
The blowup over Sony BMG’s XCP digital-rights management software shows how the entertainment industry needs to wise up to technology pitfalls as the world increasingly goes digital. Entertainment companies aren’t software companies, but, in essence, they’re distributing software. And that’s especially apt when they load DRM software on CDs and DVDs. This puts them in an awkward position. As product companies shipping music on CDs and movies on DVDs, they’re accustomed to the idea of offering recalls on faulty products. But, in the software world, faulty products are patched, not replaced. Sony distributed a patch for XCP, but, in addition, it offered to replace nearly 5 million copies of 52 music CDs it had distributed with the flawed DRM software. If that becomes the new standard for the entertainment industry in situations like this, an industry already seriously wounded by illegal copying will be spilling even more blood.
Is it fair? Probably not. After all, Microsoft doesn't replace copies of Windows or Office if vulnerabilities in the code are exploited by virus writers. And some of these things have a lot more impact than Sony's glitch--which didn't result in a big virus outbreak.
Take the Sober worm. It has been in circulation since late 2003, and, this month won the dubious distinction of being the most widely distributed piece of malware. It hijacks Windows-based computers and forces them to send out spam e-mails that overwhelm servers and networks. At its peak this month, the Sober-Z variant accounted for one in every 13 e-mails sent. Imagine the financial blow to Microsoft if it had to replace all the software products that Sober-Z exploits.
Sony BMG, under extreme pressure to do the right thing, did the right thing. Now we'll see if replacing CDs and DVDs, rather than just patching them, becomes the must-do response for the digital entertainment industry.