According to Mark Russinovich (via the washingtonpost blog), Sony recently started adding some overly eager and troublesome “copy protection” software to their Sony/BMG audio CDs. Evidently, when you try to copy CD content to your computer, you also get some, shall we say, enhanced software in the form of spyware that utilizes tactics previously reserved for hackers and virus writers. The software uses rootkits to gain covert control of your computer.

This seems to me several steps beyond the most liberal boundaries of ‘appropriate’ copy protection measures. The software can render your CD drive useless, corrupt your OS, and attempts to not only strip consumers of most accepted uses of their CDs (including fair uses), but also seeks to penalize people who purchase CDs if they so much as copy their music to their iTunes library.

If this kind of intrusion isn’t bad enough, the approach that Sony/BMG uses basically sets up a nice backdoor to your computer, so that any hacker can gain access to your machine. In other words, once the rootkit is installed, it’s a hacker’s paradise unless you have some good anti-rootkit software running.

This is a bad idea, and a bad sign if other record labels and CD manufacturers follow suit. In the long run, this will have no effect on copying. Hackers and determined pirates will easily circumvent the short-sighted, clunky DRM. Hopefully consumers and some media outlets will chime in, and Sony will be weighing the value of this move against the PR costs. Ahhh, Sony. I thought you made sense in 1984, but lately it’s like I hardly know you! These days you’re like a total stranger. And now I can’t even buy your CDs without giving up reasonable access to the music. This seems like a losing proposition to me.

Updated 11/2/2005 @ 1:14 AM PST: Professor Ed Felton just posted a more detailed and insightful analysis here