Development of the Sony BMG music CD rootkit case study 1 response

As the lead developer at First4Internet Ltd, the most compelling motive not to develop the rootkit software would be one of personal ethics. Trying to thwart 'media pirates' from obtaining music without acknowledgment of the artists work is not the issue. Using rootkit-like software unbeknown to the end user is. In my opinion using software techniques that have such similar features to that of rootkits, a popular tool with hackers for obtaining private user information (e.g. passwords), could easily damage the user's faith in what is a very well trusted corporation.

I think that Sony BMG Music Entertainment concentrated too much, if not entirely, on their main objective of preventing the duplication of their music. They put the importance of this above their customers computer security which I think should be top priority. The way the rootkit is programmed i.e. stopping the computer CD drive/player from working properly if removal is suspected breaches Section 3.1 and 3.2 of the Computer Misuse Act 1990 as it would, without authority, modify contents on the computer and impair operation. This in turn would breach section 3 of the Computer Society Code of Conduct under 'The Public Interest' mentioning your knowledge of computer legislation should be sufficient. Finding these pieces of legislation indicates to me that the corporation did not think through or develop this method of Digital Rights Management (DRM) properly in what could easily be construed as an attempt at stopping piracy as quickly as possible for financial reasons.

To conclude I, as lead developer's main reason would not develop the rootkit software due to the dishonesty that would be required of myself towards the users. I would look for a more suitable form of DRM as I feel it is still a necessary requirement to prevent theft of media and the damage that has to the industry.