= Revisiting the Sony Rootkit fiasco 10 years later =
Today the Free Software Foundation Europe looks back on the Sony rootkit fiasco from 2005. This page outlines some facts about the rootkit and how it was handled, as well as some context about what these kinds of restrictions mean for the notion of computers as general purpose machines. 31 October 2015 marks the 10 year anniversary of when the rootkit was discovered, and in preparation for this day, we ask you all to use this information and spread the word, not only about the Sony rootkit, but about the dangers of digital restrictions on users' freedoms everywhere.
[Read online: http://fsfe.org/activities/drm/sony-rootkit-fiasco.html ]
== Table of Contents ==
- Introduction - What Sony did - The computer: a general purpose machine - FSFE's demands - Press Contact / Interview partner - Related Links - Related Pictures - About Free Software Foundation Europe
== Introduction ==
Imagine someone buys a music CD in a store. They go home and put it into their computer to listen to it. Without their knowledge, a program is installed. This program secretly checks whether that person started a program to copy CDs, and if so, forces them to stop. It also slows down their computer and opens security holes which can be used by others to attack their own computer.
That is what happened 10 years ago if you bought one of 25 million music CDs from Sony. This attack by Sony on people's computers was discovered on 31 October 2005 and was later referred as the "Sony rootkit". It affected more than 550,000 networks in more than one hundred countries, including thousands of US military and defence networks.
Sony's rootkit provides a good example of what companies are willing to do to restrict users' behaviour with technical means. Even though the Sony rootkit is now 10 years old, hurtful digital restrictions are everywhere. They are shipped in PCs, laptops, netbooks, ebook readers, audio players, cars, coffee machines, and other devices. As Digital Restriction Management (DRM) prevents uses of the device which the manufacturer does not intend, they can control and limit what a general purpose computer may be used for. In case of IT devices with internet access, they can alter these usage restrictions at any time without even informing the device owner. As a result, IT manufacturers can take away, at will, common rights owners of products usually receive.
"Manufacturers should never be in a position where they permanently control the devices they produce. Those who own a device, be it individuals, companies, public or non-public organisations, should be the ones who can control it and legally use it." say FSFE's president Matthias Kirschner. "Such restrictions limit a sustained growth in the development and use of software, for which unrestricted general purpose computers are crucial."
== What Sony Did ==
On 31 October 2005, tech security expert Mark Russinovich published his discovery on his blog[1] about a piece of spyware, known as a rootkit, that secretly installed itself on his computer. He concluded that the rootkit was connected to the proprietary music player that was included in Sony music CDs. The hidden rootkit program was used to spy on users and their listening habits, and share that information with Sony, as well as prevent other third party audio programs from reading the disk[2].
In the process of spying, the rootkit created additional security flaws[3] which opened the doors for other, more malicious attacks. Even if users detected the rootkit, safely uninstalling it without damaging their computer was another problem.
In total, the rootkit was loaded onto roughly 25 million CDs[4] and infected more than 550,000 networks in more than one hundred countries, including thousands of US military and defense networks[5].
But Sony BMG's president, Thomas Hesse, dismissed the issue completely, and was quoted saying "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"[6]. The press published what Sony was secretly doing to people's personal property and Sony was forced to settle numerous lawsuits[7] and repair customers' trust as soon as possible.
Despite the fallout of Sony's rootkit experiment, 10 years later restrictions on users' personal property are more prevalent than ever. Restrictions are commonly found in legitimately purchased ebooks, video game hardware, and all manner of proprietary software. It has even found ways into our cars[8], and coffee machines[9]. Even Steve Jobs lamented the forceful implementation of restriction software[10], software his own company was well known for using.
== The computer: a general purpose machine ==
Technological restrictions on the legitimate use of devices are dangerous because they are slowly transforming our computers from being general purpose machines with diverse capabilities, to being a singular device with limited scope of power. Private companies limit computers' functionality because it is better for business when users are locked in to a particular service provider.
When users are locked in by restrictions from content providers and oppressive copyright legislation, society suffers because people lose out on the possibilities of innovating and experimenting with new products or services, as well as their ability to fix and improve their own devices. By trying to restrict the use of devices or content for one specific case (i.e. unauthorised copying or to prevent outsiders from accessing the device), companies prevent to use computer for all other legitimate purposes that users may be entitled to.
This is a major obstacle for future innovations and destroys the computer as a general purpose machine. Furthermore, these restrictions do not differentiate between legitimate or illegal manipulations performed on the computer by its users, imposing blanket constraints on everyone. As a consequence, no one beside the manufacturer has control over machines that control our lives, and the data stored on them.
"Try to build a kitchen knife which prevents others from killing someone with it. You cannot technically restrict one use case without restricting many others as well." says Matthias Kirschner.
== FSFE Demands ==
FSFE's goal is to ensure that the owners of IT devices can always be in full and sole control of them. For maintaining sustained growth in the development and use of software, the broad availability of general purpose computers is crucial.
1. FSFE demands that before purchasing a device, buyers must be informed concisely about the technical measures implemented in this device, as well as the specific usage restrictions and their consequences for the owner.
2. FSFE and other organisations are calling on lawmakers to safeguard the right to tinker for everyone. The right to tinker makes sure that the owner of every device is allowed to replace or supplement the software in that device if they so choose, thereby empowering owners to control their own property. To ensure this protection, FSFE asks the European Commission to propose legislation strengthening computer owner's rights, by requiring that every computer owner must be enabled to modify and exchange the software and hardware on any computing device, and afterwards be allowed to sell it with those modifications.
3. It is clear that the right to tinker must also be coupled with a legal provision that prevents technological restrictions of the same right. For this reason the FSFE asks the Commission to propose legislation to ensure that consumers can make use of digital goods which they have acquired within the full scope of copyright exceptions and limitations.
== Press contact / interview partner ==
Matthias Kirschner: press@fsfeurope.org (English, German) President Free Software Foundation Europe Schönhauser Allee 6/7, 10119 Berlin, Germany +49-30-27595290
If you would like to have an interview or answers to your questions in another languages, please contact us, and we refer you to someone speaking that language.
== Related links ==
- Defective By Design - EFF's sideproject blog specifically against DRM http://www.defectivebydesign.org/
- EFF's DRM info database - EFF's database of all things DRM related https://www.eff.org/search/site/DRM
- BoingBoing timeline - covers major events following Russinovich's blog post http://boingboing.net/2005/11/14/sony-anticustomer-te.html
- MIT Technology Review - In depth article on the technology, companies, and fallout of Sony's rootkit http://www.technologyreview.com/featuredstory/405741/inside-the-spyware-scandal/
- DRM.info leaflets - FSFE's leaflets on the dangers of DRM available for download or hard copy http://fsfe.org/contribute/spreadtheword#drm-leaflet
- Keynote on General Purpose Computing - by FSFE President Matthias Kirschner http://ftp5.gwdg.de/pub/linux/kde/extrafiles/akademy/2015/videos/Matthias%20Kirschner%20-%20An%20Endangered%20Species:%20The%20Computer%20as%20a%20Universal%20Machine.webm
== Related pictures ==
Related pictures under Creative Commons licenses are available on: http://fsfe.org/activities/drm/sony-rootkit-fiasco.html#restrictions-picture...
== References ==
1. http://blogs.technet.com/b/markrussinovich/archive/2005/10/31/sony-rootkits-... 2. http://www.technologyreview.com/featuredstory/405741/inside-the-spyware-scan... 3. https://freedom-to-tinker.com/blog/jhalderm/cd-drm-makes-computers-less-secu... 4. https://w2.eff.org/IP/DRM/Sony-BMG/ 5. https://www.eff.org/deeplinks/2005/11/kaminsky-rootkit-causing-widespread-in... 6. http://www.npr.org/templates/story/story.php?storyId=4989260 7. http://news.bbc.co.uk/2/hi/technology/4577536.stm 8. https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy 9. http://www.wired.com/2015/05/keurig-k-cup-drm/ 10. http://macdailynews.com/2007/02/06/apple_ceo_steve_jobs_posts_rare_open_lett...
== About the Free Software Foundation Europe ==
Free Software Foundation Europe is a charity that empowers users to control technology. Software is deeply involved in all aspects of our lives; and it is important that this technology empowers rather than restricts us. Free Software gives everybody the rights to use, understand, adapt and share software. These rights help support other fundamental freedoms like freedom of speech, press and privacy.
The FSFE helps individuals and organisations to understand how Free Software contributes to freedom, transparency, and self-determination. It enhances users' rights by abolishing barriers to Free Software adoption, encourage people to use and develop Free Software, and provide resources to enable everyone to further promote Free Software in Europe.