224 lines
11 KiB
HTML
224 lines
11 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<html>
|
|
<version>1</version>
|
|
|
|
<head>
|
|
<title>Revisiting the Sony Rootkit fiasco</title>
|
|
</head>
|
|
<body class="article" microformats="h-entry">
|
|
|
|
<!-- Breadcumb -->
|
|
<p id="category"><a href="/activities/drm/">Digital Restriction Management</a></p>
|
|
<!-- / Breadcumb -->
|
|
|
|
<h1 class="p-name">Revisiting the Sony Rootkit</h1>
|
|
|
|
<div class="e-content">
|
|
|
|
<h2 id="introduction">Introduction</h2>
|
|
|
|
<p>Imagine someone buys a music CD in a store. They go home and put it into their
|
|
computer to listen to it. Without their knowledge, a program is installed. This
|
|
program secretly checks whether that person started a program to copy CDs, and if so,
|
|
forces them to stop. It also slows down their computer and opens security holes
|
|
which can be used by others to attack their own computer.</p>
|
|
|
|
<figure class="float-right">
|
|
<a href="http://static.fsf.org/nosvn/dbd/2012/day-against-drm/image2.png"><img src="/news/2015/graphics/hi-res-in-chains.png" alt="hi res version"/></a>
|
|
<figcaption>
|
|
<a href="#restrictions-pictures">See below for more restrictions pictures</a>
|
|
</figcaption>
|
|
</figure>
|
|
|
|
<p>That is what happened 10 years ago if you bought one of 25 million music CDs
|
|
from Sony. This attack by Sony on people's computers was discovered on 31
|
|
October 2005 and was later referred as the "Sony rootkit". It affected more
|
|
than 550,000 networks in more than one hundred countries, including thousands
|
|
of US military and defence networks.</p>
|
|
|
|
<p>Sony's rootkit provides a good example of what companies are willing to do to
|
|
restrict users' behaviour with technical means. Even though the Sony rootkit is
|
|
now 10 years old, hurtful digital restrictions are everywhere. They are shipped
|
|
in PCs, laptops, netbooks, ebook readers, audio players, cars, coffee machines,
|
|
and other devices. As Digital Restriction Management (DRM) prevents uses of the
|
|
device which the manufacturer does not intend, they can control and limit what
|
|
a general purpose computer may be used for. In case of IT devices with
|
|
internet access, they can alter these usage restrictions at any time without
|
|
even informing the device owner. As a result, IT manufacturers can take away at will
|
|
common rights owners of products usually receive.</p>
|
|
|
|
<blockquote><p>"Manufacturers should never be in a position where they
|
|
permanently control the devices they produce. Those who own a device, be it
|
|
individuals, companies, public or non-public organisations, should be the ones
|
|
who can control it and legally use it." say FSFE's president Matthias
|
|
Kirschner. "Such restrictions limit a sustained growth in the development and
|
|
use of software, for which unrestricted general purpose computers are
|
|
crucial."</p></blockquote>
|
|
|
|
|
|
<h2 id="what-sony-did">What Sony Did</h2>
|
|
|
|
<p>On 31 October 2005, tech security expert Mark Russinovich published his
|
|
discovery on <a href="https://web.archive.org/web/20121103034052/http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far.aspx">
|
|
his blog</a> about a piece of spyware, known as a rootkit, that secretly
|
|
installed itself on his computer. He concluded that the rootkit was connected to the proprietary music
|
|
player that was included in Sony music CDs. The
|
|
hidden rootkit program was used to spy on users and their listening habits,
|
|
and share that information with Sony, as well as prevent other third
|
|
party audio programs from reading <a href="http://www.technologyreview.com/featuredstory/405741/inside-the-spyware-scandal/page/8/">the disk</a>.</p>
|
|
|
|
<p>In the process of spying, the rootkit<a href="https://freedom-to-tinker.com/blog/jhalderm/cd-drm-makes-computers-less-secure/">
|
|
created additional security flaws</a> which opened the doors for
|
|
other, more malicious attacks. Even if users detected the rootkit, safely
|
|
uninstalling it without damaging their computer was another problem.</p>
|
|
|
|
<p>In total, the rootkit was loaded onto <a href="https://w2.eff.org/IP/DRM/Sony-BMG/">
|
|
roughly 25 million CDs</a> and<a href="https://www.eff.org/deeplinks/2005/11/kaminsky-rootkit-causing-widespread-infection">
|
|
infected more than 550,000 networks in more than one hundred
|
|
countries, including thousands of US military and defence networks.</a></p>
|
|
|
|
<p>But Sony BMG's president, Thomas Hesse, dismissed the issue completely, and was
|
|
<a href="http://www.npr.org/templates/story/story.php?storyId=4989260">
|
|
quoted saying "Most people, I think, don't even know what a Rootkit is, so why
|
|
should they care about it?".</a> The press published what Sony was secretly
|
|
doing to people's personal property and Sony was forced to settle <a href="http://news.bbc.co.uk/2/hi/technology/4577536.stm">
|
|
numerous lawsuits</a> and repair customers' trust as soon as possible.</p>
|
|
|
|
<p>Despite the fallout of Sony's rootkit experiment, 10 years later restrictions
|
|
on users' personal property are more prevalent than ever. Restrictions are commonly found in
|
|
legitimately purchased ebooks, video game hardware, and all manner of
|
|
proprietary software. It has even found ways into our<a href="https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy">
|
|
cars</a>, and <a href="http://www.wired.com/2015/05/keurig-k-cup-drm/">coffee machines</a>.
|
|
Even Steve Jobs lamented the forceful <a href="http://macdailynews.com/2007/02/06/apple_ceo_steve_jobs_posts_rare_open_letter_thoughts_on_music/">implementation of restriction software</a>,
|
|
software his own company was well known for using.</p>
|
|
|
|
<h2 id="The-computer:-a-general-purpose-machine">The computer: a general purpose machine</h2>
|
|
|
|
<p>Technological restrictions on the legitimate use of devices are dangerous
|
|
because they are slowly transforming our computers from being general purpose
|
|
machines with diverse capabilities, to being a singular device with limited
|
|
scope of power. Private companies limit computers' functionality because it is
|
|
better for business when users are locked in to a particular service
|
|
provider.</p>
|
|
|
|
<p>When users are locked in by restrictions from content providers and
|
|
oppressive copyright legislation, society suffers because people lose out on
|
|
the possibilities of innovating and experimenting with new products or services,
|
|
as well as their ability to fix and improve their own devices. By trying to
|
|
restrict the use of devices or content for one specific case (i.e. unauthorised
|
|
copying or to prevent outsiders from accessing the device), companies prevent
|
|
to use computer for all other legitimate purposes that users may be entitled
|
|
to.</p>
|
|
|
|
<p>This is a major obstacle for future innovations and destroys the computer
|
|
as a general purpose machine. Furthermore, these restrictions do not
|
|
differentiate between legitimate or illegal manipulations performed on the
|
|
computer by its users, imposing blanket constraints on everyone. As a
|
|
consequence, no one beside the manufacturer has control over machines that
|
|
control our lives, and the data stored on them.</p>
|
|
|
|
<h2 id="fsfe-demands">FSFE Demands</h2>
|
|
|
|
<p>FSFE's goal is to ensure that the owners of IT devices can always be in full
|
|
and sole control of them. For maintaining sustained growth in the development
|
|
and use of software, the broad availability of general purpose computers is
|
|
crucial.</p>
|
|
|
|
<ol>
|
|
|
|
<li>FSFE demands that before purchasing a device, <strong>buyers must be informed</strong>
|
|
concisely about the technical measures implemented in this device, as well as
|
|
the specific usage restrictions and their consequences for the owner.</li>
|
|
|
|
<li><a href="/news/2015/news-20150506-01.html">FSFE and other organisations
|
|
are calling on lawmakers to safeguard the right to tinker</a> for everyone.
|
|
The right to tinker makes sure that the owner of every device is allowed to
|
|
replace or supplement the software in that device if they so choose, thereby
|
|
empowering owners to control their own property. <strong>To ensure this protection,
|
|
FSFE asks the European Commission to propose legislation strengthening a computer
|
|
owner's rights, by requiring that every computer owner must be enabled to
|
|
modify and exchange the software and hardware on any computing device, and afterwards be allowed to sell it with those modifications.</strong></li>
|
|
|
|
<li> It is clear that any right to tinker must also be coupled with a legal
|
|
provision that allow circumvention of technological restrictions in
|
|
such cases.
|
|
<strong>For this reason, the FSFE asks
|
|
the Commission to propose legislation to ensure that consumers can make use of
|
|
digital goods which they have acquired within the full scope of copyright
|
|
exceptions and limitations.</strong></li>
|
|
|
|
</ol>
|
|
|
|
<h2 id="related-links">Related links</h2>
|
|
|
|
<ul>
|
|
<li><a href="http://www.defectivebydesign.org/">Defective By Design</a> - FSF's sideproject blog specifically against DRM</li>
|
|
<li><a href="https://www.eff.org/search/site/DRM">EFF's DRM info database</a> - EFF's database of all things DRM related</li>
|
|
<li><a href="http://boingboing.net/2005/11/14/sony-anticustomer-te.html">BoingBoing timeline</a> - covers major events following Russinovich's blog post</li>
|
|
<li><a href="http://www.technologyreview.com/featuredstory/405741/inside-the-spyware-scandal/">MIT Technology Review</a> - In depth article on the technology, companies, and fallout of Sony's rootkit</li>
|
|
<li><a href="/contribute/spreadtheword#drm-leaflet">DRM.info leaflets</a> - FSFE's leaflets on the dangers of DRM available for download or hard copy</li>
|
|
<li><a href="http://ftp5.gwdg.de/pub/linux/kde/extrafiles/akademy/2015/videos/Matthias%20Kirschner%20-%20An%20Endangered%20Species:%20The%20Computer%20as%20a%20Universal%20Machine.webm">Keynote on General Purpose Computing</a> - by FSFE President Matthias Kirschner</li>
|
|
</ul>
|
|
|
|
<h2 id="restrictions-pictures">Related pictures</h2>
|
|
|
|
<figure>
|
|
<a href="http://static.fsf.org/nosvn/dbd/2012/day-against-drm/image2.png"><img src="/news/2015/graphics/hi-res-in-chains.png" alt="hi-res in-chains"/></a>
|
|
<figcaption>
|
|
<a href="http://creativecommons.org/licenses/by-sa/3.0/">CC BY SA 3.0</a> by Brendan Mruk and Matt Lee.
|
|
<a href="http://static.fsf.org/nosvn/dbd/2012/day-against-drm/image2.png">Hi-res</a>
|
|
<a href="http://static.fsf.org/nosvn/dbd/2012/day-against-drm/in-chains.png">Low-res</a>
|
|
</figcaption>
|
|
</figure>
|
|
|
|
<figure>
|
|
<a href="http://www.geograph.org.uk/photo/3478665"><img src="/news/2015/graphics/Locked-library.jpg" alt="locked library"/></a>
|
|
<figcaption>
|
|
<a href="http://creativecommons.org/licenses/by-sa/2.0/">CC BY-SA 2.0</a> by Chris Downer
|
|
</figcaption>
|
|
</figure>
|
|
|
|
<figure>
|
|
<a href="https://pixabay.com/en/privacy-policy-data-security-445156/"><img src="/news/2015/graphics/Locked-CD.jpg" alt="locked cd"/></a>
|
|
<figcaption>
|
|
<a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Public Domain</a>
|
|
</figcaption>
|
|
</figure>
|
|
|
|
<figure>
|
|
<a href="https://pixabay.com/en/keyboard-sure-privacy-policy-castle-628703/"><img src="/news/2015/graphics/Locked-keyboard.jpg" alt="locked keyboard"/></a>
|
|
<figcaption>
|
|
<a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Public Domain</a>
|
|
</figcaption>
|
|
</figure>
|
|
|
|
</div>
|
|
</body>
|
|
|
|
<sidebar promo="our-work">
|
|
<!-- TODO update at the end to make sure it is correct -->
|
|
|
|
<h2>Table of Contents</h2>
|
|
<ul>
|
|
<li><a href="#introduction">Introduction</a></li>
|
|
<li><a href="#what-sony-did">What Sony did</a></li>
|
|
<li><a href="#The-computer:-a-general-purpose-machine">The computer: A general purpose machine</a></li>
|
|
<li><a href="#fsfe-demands">FSFE demands</a></li>
|
|
<li><a href="#related-links">Related links</a></li>
|
|
<li><a href="#restrictions-pictures">Related pictures</a></li>
|
|
|
|
</ul>
|
|
|
|
</sidebar>
|
|
|
|
<tags>
|
|
|
|
|
|
</tags>
|
|
</html>
|
|
<!--
|
|
Local Variables: ***
|
|
mode: xml ***
|
|
End: ***
|
|
-->
|