Information Technology Reference
In-Depth Information
The copy protection software used a root kit, interfered with Windows, and
created new security vulnerabilities on affected computers, which affected many
customers. The copy protection also slowed down computers whether or not they
were playing CDs.
When the problem was broadcast on the web, Sony BMG was sued by many in-
dignant customers. Worse, it turned out that Sony had violated the GNU license in
creating the copy protection scheme. At first, there was a denial of harm by Sony,
but that was quickly proved to be wrong.
Sony's next response was to issue a pseudo-removal tool that made the prob-
lems worse and caused new problems. Here, too, the power of the web broadcast
the failures of the first attempt and caused more embarrassment to Sony BMG.
Eventually in November 2005, Sony BMG issued a removal tool that seemed
to work. The offending CDs with the copy protection were recalled and taken off
the market, although some copies were found still available in stores weeks after
the nominal recall.
Lessons learned:
The lesson from this problem is that unless they are caught,
some vendors think they can do anything they want to protect profits.
Problem avoidance:
Because Sony deliberately and secretly put the flawed copy
protection software into the hands of the public, it was outside of the scope of nor-
mal inspections, static analysis, requirements modeling, and every other quality
control approach.
The second part of this issue is the fact that the Sony software was buggy and
damaged host computers. This could have been found by formal design and code
inspections. Neither static analysis nor pair programming would have found the
upstream design issues.
What finally eliminated this problem was a combination of skilled software en-
gineers finding out about the problem and using the web to broadcast this inform-
ation to millions of others. Expertise on the part of sophisticated customers com-
bined with the social pressure of the web caused Sony to withdraw the offending
copy protection scheme.
It is interesting that this problem was finally picked up by the attorney generals
of New York, Massachusetts, Texas, California, and some other states. The Federal
Trade Commission (FTC) was also involved and filed a complaint.
Search WWH ::
Custom Search