Last Friday, Sony announced that they had “temporarily” ceased making CD’s that leave computers vulnerable to security breaches.

This is as about a half-hearted statement as one could make short of “shut up you stupid customers.” When people like Wired are publishing “Boycott Sony” stories after the Sony apology is released, you know things aren’t going well for the Japanese entertainment/hardware giant.

Independent Sources predicts at a minimum this will take down Sony-BMG head Andrew Lack as the fall guy. Furthermore, if something isn’t done quickly to address this ethics breach in a manner consistent with its severity it has the possibility of tarnishing the entire Sony brand–and not just the music company. Besides avoiding all Sony-BMG music titles, why would one buy a Sony VAIO if you aren’t sure what kind of hidden software that Sony has placed on it? Would you really want a TV from a company with such little regard for its customers? I don’t.

More on this story here.

Update: Freedom to Tinker warns against using the uninstaller nothing that…

Sony’s Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony’s Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

The EFF has sent a letter to Andrew Lack and other execs at Sony and BMG. Complete letter here. Gist is:

# Recall all CDs that contain the XCP and SunnComm MediaMax technology. The recall must include removing all infected CDs from store shelves as well as halting all online sales of the affected merchandise. We understand from a recent New York Times article that well over 2 million infected CDs with the XCP technology are in the marketplace and have yet to be sold.
# Remove from all current and future marketing materials statements like that on http://cp.sonybmg.com/xcp/english/updates.html that say the cloaking software “is not malicious and does not compromise security.”
# Widely publicize the potential security and other risks associated with the XCP and SunnComm MediaMax technology to allow the 2.1 million consumers who have already purchased the CDs to make informed decisions regarding their use of those CDs. The publicity campaign should include, at a minimum, issuing a public statement describing the risks and listing every Sony CD, DVD or other product that contains XCP or SunnComm MediaMax. The publicity campaign should be advertised in a manner reasonably calculated to reach all consumers who have purchased the products, in all markets where the CDs have been sold.
# Cooperate fully with any interested manufacturer of anti-virus, anti-spyware, or similar computer security tools to facilitate the identification and complete removal of XCP and SunnComm MediaMax from the computers of those infected. In particular, Sony should publicly waive any claims it may have for investigation or removal of these tools under the Digital Millennium Copyright Act (DMCA) and any similar laws.
# Offer to refund the purchase price of infected CDs or, at the consumer’s election, provide a replacement CD that does not contain the XCP or SunnComm technology. For those consumers who choose to retain infected CDs, develop and make widely available a software update that will allow consumers to easily uninstall the technology without losing the ability to play the CD on their computers. In addition, consumers should not be required to reveal any personally identifying information to Sony in order to access the update, as Sony is currently requiring.
# Compensate consumers for any damage to their computers caused by the infected products, including the time, effort, and expenditure required to remedy the damage or verify that their computer systems or networks were or were not altered or damaged by XCP or SunnComm MediaMax products.
# Prior to releasing any future product containing DRM technology, thoroughly test the software to determine the existence of any security risks or other possible damages the technology might cause to any user’s computer.
# Certify in a statement included in the packaging of every CD containing DRM technology that the product does not contain any concealed software such as the XCP rootkit, does not electronically communicate with Sony-BMG or any other party, does not initiate the download of any software update or other data without informed consent of the consumer immediately prior to each communication, can be uninstalled without any need to contact Sony or disclose personally identifying information to anyone, does not present any security risks to any consumer’s computer, and will not damage or reduce the performance of the consumer’s computer or data in any way.

What in the world is Sony thinking? Group think?

Update: Sony BMG Music Entertainment said Monday it will pull some of its most popular CDs from stores in response to backlash over copy-protection software on the discs. “Sony BMG deeply regrets any inconvenience to our customers and remains committed to providing an enjoyable and safe music experience,” the company said. Sony says more than 20 titles have been released with the XCP copy-protection software, and of those CDs, over 4 million have been manufactured, and 2.1 million sold.

Not all is good news however…The label says it will issue all major releases with copy-protection in 2006, as will rival label EMI. The other major labels, Universal Music and Warner, have yet to release copy-protected CDs.

Stupid, stupid, stupid.

—
Update Friday, November 18: Good Morning Silicon Valley reports that the code inside Sony’s DRM scheme may have been stolen! Their headline: “Let’s see — Secret installation? Check. Hidden changes? Check. Security breach? Check. Dangerous uninstall? Check. Now what was … oh, yeah. Stolen code? Check.”

h/t: Boing Boing (In fact here is a good Boing Boing roundup)

This entry was posted on Monday, November 14th, 2005 at 7:52 am by Insider and is filed under How Not To Succeed In Business. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.