Abstract

http://ssrn.com/abstract=1072229
 
 

Footnotes (309)



 


 



The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident


Deirdre K. Mulligan


University of California, Berkeley - School of Information

Aaron Perzanowski


Case Western Reserve University - School of Law

October 14, 2010

Berkeley Technology Law Journal, Vol. 22, p. 1157, 2007

Abstract:     
Late in 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers' computers and the integrity of the information infrastructure more broadly. This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that in retrospect appears obviously and fundamentally misguided.
The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.
The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers.

Number of Pages in PDF File: 76

Keywords: DRM, TPM, copy protection, HCI-Sec, rootkit, copyright, DMCA, security

Accepted Paper Series


Download This Paper

Date posted: December 16, 2007 ; Last revised: May 13, 2014

Suggested Citation

Mulligan, Deirdre K. and Perzanowski, Aaron, The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident (October 14, 2010). Berkeley Technology Law Journal, Vol. 22, p. 1157, 2007. Available at SSRN: http://ssrn.com/abstract=1072229

Contact Information

Deirdre K. Mulligan
University of California, Berkeley - School of Information ( email )
102 South Hall
Berkeley, CA 94720-4600
United States
Aaron Perzanowski (Contact Author)
Case Western Reserve University - School of Law ( email )
11075 East Boulevard
Cleveland, OH 44106-7148
United States

Feedback to SSRN


Paper statistics
Abstract Views: 19,006
Downloads: 2,895
Download Rank: 1,787
Footnotes:  309
People who downloaded this paper also downloaded:
1. Digital Exhaustion
By Aaron Perzanowski and Jason Schultz

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo7 in 0.625 seconds