Books go digital

This Wall Street Journal article just plopped into my inbox (subscription only, so no link):

Amazon.com Inc. is planning a program that will let customers purchase online access to books in a move that could be a more publisher-friendly alternative to Google Inc.’s online library project.

The Seattle online retailer announced two new programs Thursday. The first, dubbed Amazon Pages, allows customers to buy access to digital copies of select pages from books. The second service, called Amazon Upgrade, bundles the purchase of a physical book with online access to the complete work.

For instance, a customer could buy a cookbook and keep it on the shelf, and “also be able to access it anywhere via the Web,” the company said in a press release Thursday.

The two new services leverage Amazon’s existing “search inside the book” technology, a free feature launched two years ago on the retailer’s Web site that allows users to search the content of books. However, the feature can’t be used to read entire books – the site only shows the passage where the search phrase appears.

I like this idea, but the devil is in the details. Would you buy a few pages from one of my books for a buck or two instead of paying $25-plus for the whole thing?

Microsoft buys FolderShare

News out of Redmond:

Microsoft Corp. today announced it has acquired FolderShare, a leading service in the emerging space of file synchronization and remote access technology that helps customers access information across multiple devices. FolderShare customers will continue to be able to enjoy the service at http://www.foldershare.com. Financial details of the acquisition were not disclosed.

This has been on my to-do list for a while. Now I really have to look at it!

Don’t reward bad journalism

Thomas Hawk reminds us what happens when journalists lose track of their ethical responsibilities. He suggests a letter-writing campaign to Joe Fay, editor of The Register, reminding him that his publication printed a fabricated e-mail message and has never apologized for or retracted that story, despite repeated notices of the underlying facts.

Thomas could go a step further with this campaign. I would suggest writing some letters to The Register’s sponsors, pointing out that they’ve chosen to align themselves with a publication that doesn’t respect the truth.

Expansys.com (along with its USA subsidiary, Expansys-usa.com) is a major sponsor of The Register. I certainly won’t buy anything from them, and I won’t recommend them to anyone else as long as they’re supporting this outfit.

I just saw an ad for Crucial.com on The Register’s site, served via Mediaplex.com. I regularly recommend Crucial.com. I think they might want to know that they’re unwittingly affiliated with an unethical organization.

If you want to join Thomas’s letter-writing campaign, be sure to cc those folks.

Sony’s phony patch

At Freedom to Tinker, Edward Felten says Sony is trying to weasel out of its obligations to come clean with customers:

Yesterday, [Sony and First 4 Internet] released a software update that they say “removes the cloaking technology component that has been recently discussed in a number of articles”. Reading that statement, and the press statements by company representitives, you might think that that’s all the update does. It’s not.

The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they’re not just taking away the rootkit-like function — they’re almost certainly adding things to the system as well. And once again, they’re not disclosing what they’re doing.

No doubt they’ll ask us to just trust them. I wouldn’t. The companies still assert — falsely — that the original rootkit-like software “does not compromise security” and “[t]here should be no concern” about it. So I wouldn’t put much faith in any claim that the new update is harmless. And the companies claim to have developed “new ways of cloaking files on a hard drive”. So I wouldn’t derive much comfort from carefully worded assertions that they have removed “the … component .. that has been discussed”.

Whoever is making these decisions at Sony has no idea how badly they are damaging the company’s reputation.

It’s not about copy protection

Charlie Owen read all four of my posts about Sony’s customer-hostile DRM and asks (with tongue in cheek, I think):

Why has Ed picked a delivery system for his latest professional writing with such unfriendly DRM and obvious disrespect for my fair use rights?

I could blame Gutenberg. Or I could be a spoilsport and answer Charlie’s question seriously: The printed book is difficult and expensive to copy, and it’s nearly impossible to make a copy that looks and works like the original. That’s certainly not true of conventional music CDs, which allow nearly perfect digital copies.

But in the case of every version of Windows XP Inside Out, which is published by a division of Charlie’s own company, an unrestricted digital copy of the book (in PDF format in recent editions) is included on a CD bound into the back of the book. A certain number of readers will abuse the trust of that decision and make the PDF copy available for others, but we trust that most of our customers will do the right thing and that treating them like criminals by locking down the PDF copy is neither fair nor smart.

I’m not opposed to copy protection in the abstract. If a company chooses to make its products more difficult for customers to use, that’s their right. But along with that right comes the responsibility to fully disclose their business decision. And they never, ever have the right to install software on my computer without providing detailed notice, acquiring my informed consent, and providing an easy and straightforward way for me to completely undo the changes if I so choose.

Is Sony violating the law?

I’m not qualified to pass judgment on legal issues, so when I run across infuriating behavior like what Sony has been engaging in (see Sony wants to hijack your PC“>here for background), I try to find an expert on the subject. For this question, I can’t think of anyone more qualified than Ben Edelman. He’s most famous as an expert on spyware, which is noteworthy given the spyware-like behavior of these copy-protected CDs.

I asked Edelman if he thought that Sony’s behavior was potentially illegal. Here’s his reply:

It all comes down to consent. If Sony’s EULA is taken to obtain a user’s consent for the installation, perhaps Sony is on strong ground. But if the “consent” procedure is deemed defective (too vague, too hard to find, no clear manifestation of assent, too inconsistent with the premise of buying a CD), suddenly Sony is in trouble — for a nonconsensual installation of software onto users’ PCs. One might reasonably accuse Sony of committing a trespass to chattels, or even of exceeding authorized access to a computer system (a Computer Fraud and Abuse Act violation).

I’m also struck by the fact these items, though apparently labeled as CDs and of course sold in CD stores, aren’t actually genuine CDs (as the official “red book” CD standard defines that format). Could Sony be committing fraud by claiming to sell users CDs, when in fact what Sony is offering is something else altogether?

There are a pair of 800-pound gorillas that might have something to say about that latter question. One is Philips, which owns the CD trademark and has been vocal about its objections to copy protection since at least 2002. If Sony is using the CD logo, they’re infringing on that trademark. The other party who might want to stomp on Sony is Eliot Spitzer, Attorney General of the State of New York, who has already taken on some big names in the spyware industry. I hope he’ll weigh in here.

Sony tries to stop the bleeding

When you shoot yourself in the foot, you can expect some bleeding. That, presumably, is why Sony and its partner in crime are rushing out a patch for the crapware that comes with their copy-protected CDs. CNET News.com has the details:

Sony BMG’s technology partner First 4 Internet, a British company, said Wednesday that it has released a patch to antivirus companies that will eliminate the copy-protection software’s ability to hide. In consequence, it will also prevent virus writers from cloaking their work using the copy-protection tools.

The record label and First 4 Internet will post a similar patch on Sony BMG’s Web site for consumers to download directly, the companies said.

“We want to make sure we allay any unnecessary concerns,” said Mathew Gilliat-Smith, CEO of First 4 Internet. “We think this is a pro-active step and common sense.”

This is a tiny, tiny first step, but unless they go a lot further, a lot faster, their reputation is shredded.

Free advice for Sony:

Fire First 4 Internet immediately and publicly.
Remaster the CDs with DRM-free versions.
Offer free replacement CDs to anyone who purchased one of the rootkit-infected CDs.
Provide toll-free tech support for anyone who experiences a problem with their Windows computer that they think is related to this software.

That would be a positive response.

Update: I’ve got one more idea…

Sony’s even sleazier than I thought

In the comments to my earlier post on the sleazy DRM software that Sony is pushing, Charles Arthur (who has a very cool new job) points out that I was mistaken to accuse Sony of installing this crap “without any notification or any attempt to obtain your consent.” Fair enough. As Charles points out, the original post from Mark Russinovich at Sysinternals.com includes a reference to the end-user license agreement (EULA) for the Sony DRM software that does indeed refer to a software installation and could be construed to be a notification. In fact, Russinovich’s post is unclear on this issue. He has posted a copy of the EULA for the DRM software (with a key clause highlighted in yellow), but that license agreement is not the one that pops up when you first insert the CD. To see that license agreement, read the F-Secure write-up. (I’ve posted a copy of the screen shot here.)

This is how the makers of spyware work. See anything in the first screen that says you’re about to install a hidden file-system filter driver that will run at all times and cannot be uninstalled? See the scroll box (the small handle in the scroll bar) on the right of the dialog box? Judging by the size of the box, I estimate that you would need to scroll through approximately 25 screens to read the entire license agreement, and way down at the end it includes this line: “The SONY BMG PARTIES may from time to time provide you with updates of the SOFTWARE in a manner that the SONY BMG PARTIES deem to be appropriate.”

Folks, this is how spyware makers work. They provide misleading end-user license agreements that they count on users ignoring. They fail to disclose the true purpose or impact of their product. They fail to provide removal tools. They reserve the right to update their sleazy software at any time without any further notice or consent.

It’s even worse than I thought.

Sony wants to hijack your PC

Mark Russinovich of Sysinternals.com has documented his experience with Sony’s new copy-protected CDs: Sony, Rootkits and Digital Rights Management Gone Too Far. It’s a bone-chilling story. According to Mark, just inserting one of Sony’s copy-protected CDs into your computer installs unwanted software on your computer. The software installs as a device driver that hides itself using techniques that are the same as those used by viruses and Trojan horses. It does this without any notification or any attempt to obtain your consent. Mark reports:

Not only had Sony put software on my system that uses techniques commonly used by malware to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files.

Researchers at F-Secure were working on similar results at the same time and have now published their results:

Although the software isn’t itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.

The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix ‘$sys, the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques.

According to Mark’s research, any attempt to remove this software will essentially disable their CD or DVD drive if they try to remove this crap.

This is beyond sleazy. Whoever approved this software should be forced into court and made to pay damages. I’m not a lawyer, but it also could violate several criminal statutes.

Screw you, Sony. You’re not getting another dime from me in any way.

Follow-up: Sony’s even sleazier than I thought and Sony tries to stop the bleeding.

My latest book is out

Microsoft Windows XP Networking and Security Inside Out is officially released. It covers all the changes in SP2 and has very thorough treatment of viruses, spyware, and firewalls.

I haven’t seen a copy yet, so if you get one first, let me know what you think!