[IP] The Lasting Impact of Sony's Rootkit

To: ip@xxxxxxxxxxxxxx
Subject: [IP] The Lasting Impact of Sony's Rootkit
From: David Farber <dave@xxxxxxxxxx>
Date: Mon, 21 Nov 2005 16:35:01 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
User-agent: Thunderbird 1.5 (Macintosh/20051025)



-------- Original Message --------
Subject:        The Lasting Impact of Sony's Rootkit
Date:   Mon, 21 Nov 2005 07:37:14 -0500
From:   Michael Geist <mgeist@xxxxxxxxx>
To:     dave@xxxxxxxxxx
References:     <437E264B.5000705@xxxxxxxxxx>



Dave,

You've features a lot of commentary on the Sony rootkit story. Ifyou're interested in a bit more, my column today recaps developmentsfrom the past three weeks and focuses on the lasting impact of thecase.

I note that the incident has alerted millions of consumers to thepotential misuse of TPMs as well as to the need for consumerprotections from such systems. While policy makers have raced toprovide legal protections for TPMs, the real need is to protectagainst the misuse of this technology.

The Sony case provides a vivid illustration of how TPMs can createreal security and privacy risks. The U.S. Computer EmergencyResponse Team advised users that they should not "install softwarefrom sources that you do not expect to contain software, such as anaudio CD." Moreover, Stewart Baker, the U.S. Department of HomelandSecurity' s assistant secretary of policy, admonished the musicindustry, reminding them that "it's very important to remember thatit's your intellectual property - it's not your computer. And in thepursuit of protection of intellectual property, it's important not todefeat or undermine the security measures that people need to adoptin these days."

Baker's comments point, as well, to another issue that has beenpercolating for some time, namely that TPMs not only put users'property at risk, but they also limit use of lawfully-acquiredpersonal property.

Justice Ian Binnie of the Supreme Court of Canada raised this concernin the Theberge copyright case several years ago when he noted that"once an authorized copy of a work is sold to a member of the public,it is generally for the purchaser, not the author, to determine whathappens to it."

The Australian High Court expressed similar sentiments in the Sony v.Stevens decision issued last month. It rejected Sony's attempt toblock the use of "mod chips", utilized by video game players tounlock games with TPMs purchased outside the country, emphasizingthat "the right of the individual to enjoy lawfully acquired privateproperty (a CD ROM game or a PlayStation console purchased in anotherregion of the world or possibly to make a backup copy of the CD ROM)would ordinarily be a right inherent in Australian law upon theacquisition of such a chattel."

The incident should also galvanize Canadian regulators and politicalleaders. The Privacy Commissioner of Canada should use her auditpowers to investigate other potentially invasive uses of TPMs, whilethe Competition Bureau should consider whether Sony violateddeceptive practice legislation. Moreover, Industry Minister DavidEmerson and Canadian Heritage Liza Frulla should reconsider theirproposal to protect TPMs, which has the effect of protecting spyware,undermining consumer confidence, and ultimately reducing the sales ofCanadian musical artists.

I conclude by arguing that with consumer backlash against deceptivemusic CDs and licensing agreements, policy maker worries about theprivacy and security implications of TPMs, and the courts' concernfor personal property rights, the Sony rootkit case is destined toresonate long after the dangerous CDs disappear from store shelves.


Toronto Star version at
<http://geistsonyrootkit.notlong.com>

Freely available version at
<http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1015>

Best,

MG

--
**********************************************************************
Professor Michael A. Geist
Canada Research Chair in Internet and E-commerce Law
University of Ottawa, Faculty of Law
57 Louis Pasteur St., Ottawa, Ontario, K1N 6N5
Tel: 613-562-5800, x3319     Fax: 613-562-5124
mgeist@xxxxxxxxx              http://www.michaelgeist.ca




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Texas files anti-spyware lawsuit against Sony
Next by Date: [IP] more on EFF Fights for Bloggers' Rights
Previous by thread: [IP] Texas files anti-spyware lawsuit against Sony
Next by thread: [IP] more on EFF Fights for Bloggers' Rights
Index(es):
- Date
- Thread