Sony's use of digital rights management for some of its CDs (apparently about 20 titles with more to come) has generated a lot of interest over the past couple of days. The issue stems from the installation of a program on the users' computers that is tough to find, difficult to remove, and which may pose a security threat by rendering the computers more vulnerable to hackers. Although the license agreement for the software advises that a program will be installed on users' computers, many commentators do not believe that the license fully informs users about the nature of the program or its potential impact.
Leaving aside the irony that this is the same music industry that has regularly sought to characterize file sharing as a significant threat due to the potential to download spyware (apparently you don't need Kazaa for that, store bought Sony CDs will do), it is worth asking whether Canadian law would provide consumers with much recourse.
There is no indication that the Sony DRM program raises privacy concerns – this program seeks to establish limits on the use of the content, not to collect, use or disclose personal information. Accordingly, PIPEDA is presumably of little assistance.
David Fewer, the lead on CIPPIC' s anti-spyware efforts, notes that there are several other potential legal remedies including trespass to chattels, a Competition Act claim for materially deceptive statements, or a consumer protection claim for false, misleading or deceptive statements. Each of these would face an uphill fight, however, since license agreements can be worded broadly to address claims of deception.
If current law is unable to address the intentional implementation of computer vulnerabilities with minimal disclosure, it is time to think about reform. Some U.S. state anti-spyware legislation would address this issue, as some prohibit intentional interference with a user' s attempt to uninstall a computer program. Alternatively, lawmakers should take seriously my colleague Ian Kerr' s suggestion of a ban on anti-privacy circumvention.
Simply put, contract should not be used as end-around statutory privacy and consumer protections. Until the law is changed, however, there is another approach as Walter Mossberg of the Wall Street Journal argued a couple of weeks ago, consumers should not buy CDs loaded with DRM restrictions.