SSRN Home Search and Download Papers Browse Abstract and Paper Submission Subscribe to Networks View Briefcase Top Papers Top Authors Top Institutions

 

Abstract

  
 

Footnotes (309)

Beta

 		 


 


Download | Share | Email | Add to Briefcase | Buy Hard Copy

The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident

Deirdre K. Mulligan
UC Berkeley School of Law

Aaron K. Perzanowski
University of California, Berkeley - School of Law; Berkeley Center for Law & Technology


Berkeley Technology Law Journal, Vol. 22, p. 1157, 2007

Abstract:     
Late in 2005, Sony BMG released millions of Compact Discs containing digital rights management technologies that threatened the security of its customers' computers and the integrity of the information infrastructure more broadly. This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy that in retrospect appears obviously and fundamentally misguided.

The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.

The Article concludes with two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and antitrafficking provisions that enable security research and the dissemination of tools to remove harmful protection measures. Second, the Federal Trade Commission should leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers.

Keywords: DRM, TPM, copy protection, HCI-Sec, rootkit, copyright, DMCA, security

Accepted Paper Series

Date posted: December 16, 2007 ; Last revised: January 14, 2008

Suggested Citation

Mulligan, Deirdre K. and Perzanowski, Aaron K.,The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident. Berkeley Technology Law Journal, Vol. 22, p. 1157, 2007. Available at SSRN: http://ssrn.com/abstract=1072229


Export to: Export Citation What's this?

Contact Information

Aaron K. Perzanowski (Contact Author)
University of California, Berkeley - School of Law ( email )
Boalt Hall
Berkeley, CA 94720-7200
United States
Berkeley Center for Law & Technology ( email )
2440 Bancroft Way
Suite 307
Berkeley, CA 94720-7200
United States
HOME PAGE: http://www.law.berkeley.edu/faculty/profiles/facultyProfile.php?facID=11462
Deirdre K. Mulligan
UC Berkeley School of Law ( email )
346 Boalt Hall (NA)
Berkeley Law (UC Berkeley)
Berkeley, CA 94720
United States
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 11,602
Downloads: 2,200
Download Rank: 722
Footnotes: 309

© 2008 Social Science Electronic Publishing, Inc. All Rights Reserved. Terms of Use
This page was served by apollo5 in 0.156 seconds.