Sony, DRM and Canadian Law

Sony's use of digital rights management for some of its CDs (apparently about 20 titles with more to come) has generated a lot of interest over the past couple of days.  The issue stems from the installation of a program on the users' computers that is tough to find, difficult to remove, and which may pose a security threat by rendering the computers more vulnerable to hackers.  Although the license agreement for the software advises that a program will be installed on users' computers, many commentators do not believe that the license fully informs users about the nature of the program or its potential impact.

Leaving aside the irony that this is the same music industry that has regularly sought to characterize file sharing as a significant threat due to the potential to download spyware (apparently you don't need Kazaa for that, store bought Sony CDs will do), it is worth asking whether Canadian law would provide consumers with much recourse.

There is no indication that the Sony DRM program raises privacy concerns – this program seeks to establish limits on the use of the content, not to collect, use or disclose personal information.  Accordingly, PIPEDA is presumably of little assistance.

David Fewer, the lead on CIPPIC' s anti-spyware efforts, notes that there are several other potential legal remedies including trespass to chattels, a Competition Act claim for materially deceptive statements, or a consumer protection claim for false, misleading or deceptive statements.  Each of these would face an uphill fight, however, since license agreements can be worded broadly to address claims of deception.

If current law is unable to address the intentional implementation of computer vulnerabilities with minimal disclosure, it is time to think about reform.  Some U.S. state anti-spyware legislation would address this issue, as some prohibit intentional interference with a user' s attempt to uninstall a computer program.  Alternatively, lawmakers should take seriously my colleague Ian Kerr' s suggestion of a ban on anti-privacy circumvention.  

Simply put, contract should not be used as end-around statutory privacy and consumer protections.  Until the law is changed, however, there is another approach as Walter Mossberg of the Wall Street Journal argued a couple of weeks ago, consumers should not buy CDs loaded with DRM restrictions.


  1. Rob Hyndman says:

    DRM also being used in music as a compet
    See also TUAW, which links to an article noting that the Sony DRM, quite apart from the rootkit issue, disables playability in iTunes / iPod.

    So, not only is DRM being used to restrict copying, it’s being used to determine the devices and software the buyer can use to listen to the CD.

  2. Sony releases removal software

    They’ve released a patch that either gets rid of the cloaking on the software or removes it entirely. I’m not sure which.

  3. Typical Reply From Sony
    Two comments:

    First, it appears as if Sony may be treating Mark Russinovich’s tinkering with their spyware/malware as a contravention of the DMCA. Big surprise.

    Second, with regards to the privacy issue raised, it is not the rootkit per se that may violate PIPEDA, but the ActiveX control that Sony and First 4 Internet require you to install in order to *remove* the rootkit. Said control appears to send information to First 4 Internet, including a user’s system configuration.

    So, in order to uninstall software which was, in my view, not authorized (indeed, Sony made deliberate attempts to conceal the rootkit) to begin with, users are forced to fork over information about their PC. The fact that Sony has, from the first attempt to play a CD, intruded on users’ privacy raises the question of why users should give any creedence whatsoever to Sony’s promise that no personal information will be collected.

    As far as this user is concerned, their word is mud.

  4. My respose posted to the CRIA
    actions like SONY are making it like walking through a mine field not knowing when your computer is going to crash.
    I believe in buying and supporting the artists but I wont buy these copy controlled disks… you say you loose a sale for every download but you also can loose sales through DRM’d Disks… i for one wont buy them consider every one a lost sale (its not consumer friendly or equipment friendly)….funny thing is there is not much good music these days not the selection like the 70-80’s seems to manufactured and formula based YUCK!!! no really good music…so improve selection lower costs cut out DRM and i for one will be happy P.S. how can you collect the levy when you want DRM cant have it both ways.

  5. Dwight Williams says:

    On this revelation and the DRM boycott
    I continue to agree on this point of avoiding DRMed albums. It means I choose to miss out on good music, but the point has to be made. Especially as one of the more dire alternatives has now been publicly noted in such fashion as this.

  6. Rootkits are just sleazy, and when a company gets a reputation as being sleazy, it takes a long time to shake.

  7. Francisco Cabanas says:

    Does SONY DRM violate the Copyright Act?
    According to an article by Reuters published The SONY DRM appears to use code from the LAME project and that code is used in direct violation of the license.

    It is possible to pirate open source software.

    If the music disks in question do indeed contain pirated software then is not an end user who buys the music disk in question at a retail store also engaging in software piracy?