According to this Associated Press article, the copy-protection software used by Sony on its consumer audio compact discs is secretly sending usage data from internet-connected computers when a disc is played:
The software transmits the name of the CD being played to an office of Sony’s music division in Cary, NC. The software also transmits the IP address of the listener’s computer, Computer Associates said, but not the name of the listener.
“If you choose to let people know what you’re listening to, that’s your business,” said Sam Curry of Computer Associates. “If they do it without your permission, it’s an invasion of privacy.”
One does wonder why exactly Sony would be after this information. Certainly it can’t be to prevent unauthorised copying or distribution, because the software only accompanies legitimate copies of retail CDs. Why spy on paying customers? The expected response:
“We don’t receive any spyware information, any consumer information,” said Mathew Gilliat-Smith, chief executive of First 4 Internet Ltd, which makes the software for Sony BMG Music Entertainment. [emphasis added]
This is a somewhat cryptic answer: if First 4 Internet doesn’t receive the data, does someone else? And if they don’t receive “consumer information” (whatever that means), then what do they receive? And, for that matter, even if no information is being gathered at all, why is the software attempting to send packets over the network?
Then came this delightful comment:
“Most people, I think, don’t even know what a rootkit is, so why should they care about it,” he asked? “The software is designed to protect our CDs from unauthori[s]ed copying, ripping.”
These are serious questions deserving a proper response; to sweep them under the rug like this is unacceptable. The fact is, users aren’t informed of the hidden, don’t knowingly consent to its transmission, and Sony’s developers have taken active measures to hide it from users and prevent its removal: all in the name of piracy. Privacy implications notwithstanding, this would all be fine except for one thing: pirates don’t buy DRM-encumbered CDs. This can only be bad for consumers and serve little if any legitimate end.