Management and the Technology Professional – B302

Case study answer 1

The most compelling reason behind why we should not have developed the XCP-Aurora software is that it causes a significantly large vulnerability (that was not present before hand) in the windows file system that can allow hackers to circumvent anti-virus software to hide and execute their mal-ware within the end users computer.

The software is additionally has no automated uninstall utility and is almost impossible to remove manually by the end-user and any consequent attempts to uninstall the software or simply delete it will result in the users CD drive(s) becoming inoperable (source: http://www.washingtonpost.com/wp-dyn/content/article/2005/11/02/AR2005110202362_pf.html) This is in clear violation of section 3 of the Computer misuse act and I quote: “A person is guilty of an offence if (a) he does any act which causes an unauthorised modification of the contents of any computer”, (source: http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm) and also places us in a grey area within the data protection act (1998) as there is the potential to use the tool for third party data mining for malicious use (such as installing Trojans).

The tool also gives the BCS (British Computer Society) grounds to throw us out of the association as we break the entire section headed “Professional Competence and Integrity” (source: http://www.bcs.org/server.php?show=nav.6030) As well as breaking the ACM (Association for Computing Machinery) code of ethics Sections 1.2, 1.3, 1.7, 1.8, 2.3, 2.5 and 2.8 (source: http://www.acm.org/about/code-of-ethics).

The above means that we have lost touch with both the way in which our software has been developed and who we are trying to protect. The XCP-Aurora software was designed as a response to combat the wide-spread adoption of casual piracy that’s been crippling CD sales since mid 2001 partially thanks to P2P (Napster) and is supposed to limit the ability of users ‘ripping’ the tracks and distributing them on a P2P network. However in retrospect we have gone in the adverse direction and by putting in such brutally harsh regimes (where the user cannot even move the track to his or her ipod as apple do not support our DRM), its forcing the legitimate users (i.e, the ones we should be embracing and rewarding) underground to illegal pirating systems simply because they cannot use their legitimately purchased tracks.
The fact that anyone can use our software to hide files on another persons system is totally irresponsible as well as dangerous and that our software over-writes system drives to break device operations (such as the CD drive) places us in a position where the device vendor could be eligible for legal action against us for actively blocking their technology. I think it also goes without saying the tool completely destroys consumer trust in both ourselves and Sony and is why the music industry and the media at large have all publicly condemned the XCP DRM system resulting in a total PR nightmare for us and Sony to the point where we have had to change our company name to Fortium technologies (source: http://en.wikipedia.org/wiki/First_4_Internet) and have since backed out from creating DRM for the music industry and have cost Sony millions upon millions of dollars in CD recalls (source: http://news.bbc.co.uk/2/hi/technology/4441928.stm) and lawsuits (http://www.theregister.co.uk/2005/11/10/sony_sued_for_rootkit/) to the point they have had to create a website just to handle people wanting compensation and software uninstallers (source: http://web.archive.org/web/20060613004518/http://www.sonybmgcdtechsettlement.com/).