Among the albums Sony released last month on CDs backed with its patented DRM (Digital Rights Management) system were Suspicious Activity by Bad Plus, Nothing is Sound by Switchfoot and Invisible Invasions by The Coral.
Prophetic titles. On October 31, Mark Russinovich discovered that Sony's CDs installed a rootkit on computer systems. Rootkits are hacker tools, designed to hide "malware"; if you tried to uninstall Sony's rootkit, Windows crashed.
Sony is now at the centre of an epic PR disaster. Its stealth DRM systems were designed to prevent unauthorised copying of CDs, but they created serious security holes in the user's system, and allowed data to be transferred back --not just to Sony, but to any other hacker willing to exploit the vulnerabilities opened up by the malware.
In effect, if you played a CD encrypted with Sony's new DRM software, you had just blown the security system of your computer sky high.
As geek after geek discovered, the rootkit is fiendishly hard to remove -- Sony's own malware patch opened new gaping holes in computer security systems. Sony is one of the world's most respected companies, but its response was appalling: first it denied and played down the problem, then it stopped shipping CDs but failed to pull the offending CDs off the racks.
In the face of growing anger from fans and musicians and a score of lawsuits in the United States and Europe, Sony is finally coming to grips with the debacle. It should be stressed that Sony's stealth malware didn't just create privacy problems -- it constituted a serious security threat.
Pity the ordinary music lover. Caught between downloading pirated music or being nuked by malware distributed by the record company, what are the options?
1) CD-buying: Check to see if the CD will play only on a proprietory system or if the CD is digitally encrypted with DRM/CP (Content-Protection) systems. If either of these is true, don't buy it. You wouldn't have bought a record that played on only one kind of player; don't do it with a CD.
You wouldn't buy malware-ridden software --
2) Music downloads: I can't recommend the many file-sharing networks that sprung up in Napster's wake, because several are illegal and also bundle spyware onto your system. If you must, try Shareazaa. It isn't spyware-riddled, but it's like buying pirated CDs in Malaysia or Sri Lanka -- if you get in trouble, you're on your own.
Legal options include the iTunes music store, the Real Networks music store and a score of others, which typically charge 99 c per song. All of them use their own DRM protection; we can't vouch for Sony, but the iTunes DRM systems are regarded as fairly benign.
3) For broadband babies: If you're on broadband or a good WiFi network, you're probably already plugged into streaming radio and Podcasts. Many media players offer ways to record the stream legally; Podcasts can be recorded. Existing radio playlists can be downloaded and modified by the listener.
The sound quality isn't great, but radio playlist recording and modification is already a popular way to listen to music.
4) The direct route: Many sophisticated users go directly to musicians' websites and download their music from there, cutting out the middleman. This has a downside: many bands and artists don't yet have an online presence, or don't own their music.
But more artists are moving in this direction, and some Web sites, like Calabash Music, have been offering music from small, independent world musicians for a while now.
I know; these options aren't great. The best of them is actually the streaming radio boom and the growth of online music stores. But the music industry has been protecting its rights by holding the customer hostage.
Until they figure out a new way to do business, you'll have to see whether you can afford the high cost of doing business with them.