Virus writers quickly unleashed Internet Trojan horses that took advantage of the XCP rootkit.  The security expert Ed Felten of Princeton University found that First4Internet's subsequently released uninstall procedure may cause more problems than it solves, since it leaves openings for spyware.  Microsoft is "officially" treating XCP as malware: it is adding detection and removal instructions to the upcoming release of its AntiSpyware software. And SonyBMG is the target of a class action lawsuit over allegedly improper disclosure of its use of copy protection.

SonyBMG has announced that it is suspending production of the more than 20 titles that include XCP, and that it is offering a recall of protected discs with free exchange for non-protected ones.  Other record labels, such as EMI, are stressing that they do not use XCP (although they use CD copy protection from such other vendors as SunnComm and Macrovision).

XCP was designed to be intrusive to consumers' PCs; for example, First4Internet took pains to insure that users could not uninstall it.  At first, we felt that such strong technology served to disprove our cynical suspicion that major record companies were using CD copy protection to get audio CDs grandfathered under the Digital Millennium Copyright Act's anticircumvention provision (DMCA 1201), as well as similar provisions in many European copyright laws derived from the European Union Copyright Directive.  DMCA 1201 shelters technologies that don't work very well; previous attempts at CD copy protection from SunnComm and Sony Electronics suffered from being suspiciously easy to circumvent. 

The voice that is speaking the loudest throughout this debacle is that of the market.  The market has already spoken out against poorly-designed copy protection in some European and Latin American countries -- locations where new security technologies are typically test-marketed before being introduced to the US.  But now the market is speaking through the megaphones of the US-based news media as well as the blogosphere. It was the subject of a lead story in The New York Times's Monday Information Industries business section, and the Times is sticking with the story.

Consumers are rebelling against technology that deserves to be rebelled against, and the record labels must react accordingly.  Do record companies intentionally sanction the use of such intrusive technology, or did they just not understand what the vendors of that technology were showing them?  One of those two must be the case, and historical precedent points to the latter. 

It is time for record companies to get serious about technology, to understand it well enough so that they can foresee the impact of DRM technology without, as we suspect, being blindsided.  With DMCA 1201 in place, content owners do not need to worry too much about whether DRM technology is all that good at curbing infringement.  Now we know that such technology can negatively affect consumers in ways that go beyond anyone's definition of "fair use." 

As anyone who reads DRM Watch regularly should know, we are far from anti-DRM.  But we are anti-CD copy protection, because we strongly suspect that it is not a technology that can be made to work right -- that is, to provide a reasonable measure of protection for content owners while also affording a decent user experience.  That is the only kind of DRM that the market will accept; anything else will merely cause embarrassment -- or worse -- for all involved.

It is not sufficient for content owners to take what technology vendors -- particularly small, aggressive, early-stage vendors -- say at face value. Content owners need to do far more technical analysis than they appear to have done to determine whether the problem is actually solvable.  We strongly suspect it's not.

Get DRM Watch Newsletter

Click here to subscribe to DRM Watch