November 21, 2005 12:42 PM PST
Sony sailing past rootkit controversy
Certainly, the pressure on Sony is mounting. On Monday, Texas Attorney General Greg Abbott charged that the entertainment giant violated Texas' new anti-spyware law by releasing albums that secretly installed rootkit software that hid itself on computer hard drives. Rootkits can open a PC to viruses and other malicious code.
"Sony has engaged in a technological version of cloak-and-dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement. "Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime."
Abbott's response is the latest in a string of protests, online and off, that have led Sony to an unprecedented recall of more than 4.7 million CDs and an offer to replace the 2.1 million that were sold.
But despite three weeks of stinging criticism and calls for boycotts, consumers appear to be buying and using Sony CDs just as they always have.
According to data from market tracker Nielsen SoundScan, the discs carrying Sony's copy protection software suffered little, if any, decline in sales compared with other medium-selling titles at similar points in their release cycles--at least up to the point of Sony's recall last week.
Sales of the title first and most widely associated with the problem, southern rockers Van Zant's "Get Right with the Man," actually climbed in the two weeks following exposure of the CD's security risks, according to Nielsen SoundScan data. Celine Dion's album "On Ne Change Pas" held steady at 300 copies per week throughout the controversy.
Several titles that were closer to their release dates, such as albums by Trey Anastasio and Puerto Rican singer Chayanne, showed more substantial drops over the same period of time. However, industry insiders said even these week-to-week drops were not unusual, close to an album's release.
Another measure of albums' popularity is provided by Gracenote, whose CDDB--Compact Disc Database--service counts how many times people put CDs in their computers using a media player such as iTunes, Windows Media Player or RealPlayer. These programs automatically look up the album name and song titles.
A representative for Gracenote said the company's data shows no appreciable difference in trends--and specifically no obvious drop-off in listening--between Van Zant and similar-selling albums that don't carry the rootkit. The same goes for several other recalled Sony titles, it noted.
News of which CDs were carrying the rootkits took a varying amount of time to circulate. Van Zant's album was named as a rootkit carrier by Nov. 1. Albums by Anastasio and Celine Dion were on a list circulated by the Electronic Frontier Foundation a week later, while Chayanne's album and dozens of others were identified by Sony itself last week.
Online, the response has been deafening. A sampling of the 255 reviews of Van Zant's album on Amazon.com reveals the angry response provoked by the Sony news.
"Do not purchase--Installs dangerous software on your PC," says the first prominently displayed consumer review on Amazon.com's Van Zant page. The posting has been judged "helpful" by 741 of 745 people who rated the advice.
"Forget boycotts. Prosecute Sony," reads another long, articulate Amazon review posted by an IT professional.
Brick-and-mortar record stores have seen a less obvious reaction, however. A manager at Berkeley, Calif.'s Amoeba Records, one of the biggest and most successful independent record stores in the country, said he had seen no backlash whatsoever.
"No one's come in and complained that their computer got a virus from buying one of these discs," Allen Lewites, the manager at the Amoeba store, said. "I don't think anyone cares what record companies do."
Regardless of whether mainstream consumer market response is slow to develop or is simply muted, Sony looks like to see a backlash for some time.
The Texas attorney general's civil lawsuit seeks $100,000 per violation of the law. Class-action suits have already been filed in New York and California, and others are expected. At least one federal legislator said the issue should be impetus to pass a national anti-spyware law.
The Electronic Frontier Foundation also announced Monday that it and two law firms would file an additional class-action suit against the record label.
Sony itself has launched an exchange program that offers consumers a new CD, as well as MP3 downloads, for anyone who sends in a CD that has the copy protection loaded. The company has also begun working with one of its chief critics in the security research community, Princeton University Computer Science Professor Ed Felten, to ensure that it releases uninstall software that is safe to use.
9 commentsJoin the conversation! Add your comment