Rootkits Be Gone


This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

The Federal Trade Commission wrote the final chapter in the Sony BMG rootkit saga today, announcing that the record company had agreed to a set of rules for copy-protected music CDs. With any luck, the FTC will also have closed the book on the music industry’s efforts to fight piracy by treating CD buyers as if they were all lawbreakers in waiting.

The commission didn’t try to stop Sony BMG -- or, by extension, any of its competitors -- from handicapping its products with technologies designed to prevent ripping or copying. In fact, as far as the FTC is concerned, it’s perfectly OK to sell a CD that can’t be played on a PC unless the buyer agrees to install software that disables some of the PC’s functions. Riiiight. Instead, following the lead of the 41 state attorneys general who settled with Sony BMG in December, the FTC simply required the company to put a full description on CD packages of the disc’s restrictions and requirements. That’s not much of a remedy; fans who want the latest CD from their favorite band will have no choice but to accept whatever mischief comes with it.


But the FTC did crack down on one practice that is a key element of many of today’s copy-protection techniques. In its proposed order, the FTC barred Sony BMG from installing software that hid itself from users. Here’s why this provision is critical. One of the most effective ways to bar ripping without reducing a disc’s compatibility with conventional CD and DVD players is to plant software on the disc that attacks the PC’s ability to copy it digitally. If this software isn’t hidden on the PC, it will be much easier for hackers to find and defeat it. So by barring software from being cloaked or obscured, the FTC all but guarantees that the protection it provides will be circumvented.

These provisions may be moot for Sony BMG, which gave up on copy protected CDs (at least for now) after the rootkit scandal erupted. For companies developing copy-protection technology, though, the FTC’s proposed order poses a significant new hurdle that can’t be overcome just by putting a warning label on the CD case. Perhaps that will be enough to make the rest of the industry stop trying to lock down CDs and focus instead on adding value to their products.