asawritz's blog

Just another FSFE Fellowship Blogs site

Sony rootkit still making headlines 10 years later

November 4th, 2015

CC BY SA 3.0 by Brendan Mruk and Matt Lee

Last month FSFE started a short awareness campaign to promote General Purposing Computing and the rights of users to tinker with their own computing devices. The goal this time was to remind the public about a landmark event in digital restrictions history, the Sony rootkit fiasco.

If you haven’t read anything about Sony rootkit before, here’s an excerpt from the FSFE page about what happened way back in 2005.

On 31 October 2005, tech security expert Mark Russinovich published his discovery on his blog about a piece of spyware, known as a rootkit, that secretly installed itself on his computer. He concluded that the rootkit was connected to the proprietary music player that was included in Sony music CDs. The hidden rootkit program was used to spy on users and their listening habits, and share that information with Sony, as well as prevent other third party audio programs from reading the disk.

In the process of spying, the rootkit created additional security flaws which opened the doors for other, more malicious attacks. Even if users detected the rootkit, safely uninstalling it without damaging their computer was another problem.

In total, the rootkit was loaded onto roughly 25 million CDs and infected more than 550,000 networks in more than one hundred countries, including thousands of US military and defence networks.

People were outraged and numerous lawsuits were filed but the damage was already done. Sony’s reputation was tarnished, but digital restrictions would continue to move forward.

In the hopes of preventing another such event, we created our own page with facts about the anniversary. Firstly, we wanted to reach out to the public to remind them about what happened, so we got some help from tech news journalists and bloggers to write articles about the anniversary and share information about the dangers of digital restrictions management (DRM).

Our secondary goal was to share some more knowledge about the idea of computers as general purpose machines, where users are free to tinker with their devices to innovate new products and services, rather than being locked into a particular business model imposed by digital restrictions from a huge corporation.

FSFE leading the pack

In the end, FSFE got out in front of rest of the news circuit and our info page was linked with at least a dozen articles from several big name news sources. Some of the most relevant and well known articles are from:

Bob Brown wrote an excellent article covering the most important Sony rootkit facts, along with some quotes from DRM expert Cory Doctorow and tech security expert Bruce Schneier. Previously, Brown wrote an article for the 5th anniversary of Sony rootkit, but this time around FSFE received a lot more attention, with links to the FSFE page, Twitter post, and a quote.

The leading activist against DRM, Cory Doctorow also wrote a short reminder on his website BoingBoing. Doctorow has written dozens of articles and speeches about the dangers of digital restrictions, and it is great to see him include information (and graphics) from the our page in his work. If you want to learn more about DRM and general purpose computing, Cory Doctorow is a great source for information, although he tends to stick more to DRM issues in the US.

Zak Rogoff, campaign manager and blogger from the Free Software Foundation’s anti-DRM project, known as Defective by Design also made some noise about the 10th anniversary with a detailed blog post. His post linked to our background page early on, but expanded onto the activism changes that have taken place since 2005, like the founding new organisations (such as Defective by Design), public campaigns, and protests against DRM around the world. The Defective by Design blog is a popular source for anti-DRM news and it also gives advice on ways to get active against DRM with boycotts and promotional material.

There were also several articles from Germany as well. FSFE’s German Team Coordinator, Max Mehl, published (in German) an article and a commentary on German tech news website Heise. In the article he covers Sony rootkit history and the digital restriction problem in general, while his commentary expands on the specific reasons for removing digital restrictions. Mehl also includes a section on promoting the “Right to Tinker”, a principal component of Free Software and the concept of General Purpose Computers.

In addition to Mehl’s article in Heise, FSFE’s German Deputy Coordinator, Björn Schießle, also contributed a guest article to tech/internet policy website, Netzpolitik. Naturally there was a brief history of the events, but he also mentions FSFE’s demands in regards to removing digital restrictions (in English).

Other big tech news sources wrote articles on Sony rookit, or at least mentioned it. This article from Wired linked Sony rootkit and digital restrictions with copyright and the recent VW scandal. And another article from Engadget quickly covered Sony rootkit before bringing up recent problems Lenovo has been having with security . But in each of these there is only a brief mention of FSFE, or no direct link to the FSFE page. Regardless, having some more big name online journals write about some of our work and interests is always a good thing.

Overall, a positive outcome

Of course its difficult to assess overall effectiveness of this advocacy campaign. We can’t reasonably know how many people read the articles, or how many of the ones who read it changed their mind about Sony, or learned something new about DRM, the Right to Tinker, or other FSFE activities. We do know that our recent work raising awareness about Sony rootkit provides a really valuable resource for anyone who might not believe us when we tell them companies definitely ‘’’would’’’ risk your computer’s security, privacy, and performance, as well as your personal loyalty, for a few more dollars.

The public tends to have a short memory, and problems from 10 years ago can easily be forgotton. But with continued collaboration between news outlets and activists, we can make repeating another “Sony rootkit” a whole lot more difficult. And though the anniversary has ended, you can still do your part today by spending a few minutes this month to share this lesson with friends, family, or colleagues who have never heard of the Sony rootkit. The more people who know about the consequences of digital restrictions, the more strength we have to make a difference in policy.