The Sony rootkit story continues to be remarkably resilient as new developments emerge a full month after the story first began circulating in the blogosphere. I covered developments up until about a week ago in a recent column.
Three Business Week stories now shed additional light, raising several points that are worthy of mention and increasing pressure for a Canadian response. First, following the suit by the Texas Attorney General, New York State Attorney General Eliot Spitzer, who this summer extracted a significant settlement from Sony on payola charges, has now turned his attention to the rootkit story. His primary concern? Sony has failed to recall the CDs it promised to recall. Spitzer sent out investigators to several leading retailers over the weekend and they had little trouble locating CDs that were supposed to be off the shelves. Spitzer notes that "it is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year. . . strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."
Second, Business Week points to statistics that suggest that the rootkit fiasco is having a devastating effect on the artists themselves. It notes that sales of Van Zant's Get Right with the Man, dropped by 50 to 80 percent over the U.S. holiday weekend, a time when the sales should have been increasing by a similar amount. In fact, the CD has dropped from an Amazon ranking of 882 on November 2nd to 3442 today (not to mention facing many negative reviews).
Third, Business Week also reports that Sony knew about the rootkit problem a full month before the issue appeared on Mark Russinovich' s blog, yet apparently sat on the information, allowing its products to place thousands more computers at risk. Of course, this is apparently par for the course for Sony, given that Alex Halderman has uncovered that the company uses another DRM system (MediaMax) that permanently installs and runs unwanted software, even where the user declines the license agreement.
Given all the prior revelations, Canadian action is now long overdue. There is ample evidence to warrant investigations from both the Competition Bureau and the Privacy Commissioner of Canada. Moreover, with the election campaign now in full swing, the various parties should take a stand on what they intend to do about deceptive use of DRM and whether they support much-needed legal protections from DRM. This fiasco has laid bare the dangers of the recording industry' s support for DRM to consumers, artists, and retailers. With thousands of Canadians likely affected (if you are one, I'd like to hear from you), Canadian authorities can no longer sit on the sidelines.