Time for a Business-Model Remix? Music Distribution in the Wake of the Sony BMG DRM Debacle

Article ImageThe question facing digital entertainment companies seems to have changed from Can we implement effective DRM? to Should we even try? The shift seemed inevitable to some as one digital or audio DRM scheme after the next was swiftly circumvented. However, while some software distributors began to view pass-along as an inevitable fact of the digital distribution universe—developing DRM models to enable and monetize file sharing—the entertainment industry has been slow to follow. Yet in the wake of the Sony BMG DRM debacle, the entertainment digital content business model looks ripe for reformulation.

As of mid-December, Sony BMG faced three class-action law suits as the result of its CD-audio DRM solution, developed by First 4 Internet, which Sony BMG used on 52 titles (more than two million discs). The state of Texas has also filed suit under its anti-spyware laws, and the Electronic Frontier Foundation filed suit against Sony BMG and another DRM technology supplier. The suits against Sony BMG claim that its DRM solution is a rootkit, a tactic best known for its use in spyware and Trojan horses. The Sony CDs contained embedded files used for copy protection: XCP technology. The files require consumers to enter into a user agreement to install Sony's audio player so that they can play the discs, but Sony apparently also installed secret files (a rootkit) into the computer's Microsoft Windows folders, which were almost impossible for consumers to detect and which would damage Windows if removed.

Sony BMG claims that XCP technology merely prevents unlimited copying, is otherwise passive, and does not gather personal information about a computer user, but the blogosphere is abuzz with claims that rootkits can cause irreparable harm to computers and make them susceptible to spyware, viruses, and other intrusive technologies. Though F-Secure reportedly made Sony aware that its XCP DRM was problematic some time earlier, the news about the Sony BMG rootkit was made public by blogger Mark Russinovich on Halloween. A few weeks later, Sony recalled the discs, allowed consumers to exchange them for non-protected discs, halted production that employed XCP, and issued a fix that didn't remove the program, but did de-cloak it. According to John McKay, a Sony BMG spokesperson, "We share the concerns of consumers and are doing whatever we can to make the situation right." 

As Texas Attorney General Greg Abbot said when filing suit, "Sony has engaged in a technological version of cloak-and-dagger deceit against consumers by hiding secret files on their computers. Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses, and expose the consumer to possible identity crime." 

Early Sony statements suggested that the company was unaware of the full technological ramifications of this choice of DRM solution, leading many pundits to view this as a cautionary tale that the entertainment industry must "know its technology" to avoid such PR and legal nightmares. Others believe that Sony's extreme DRM maneuvers may be the death rattle of a business model made obsolete by digital distribution. Sony does not view XCP as an attempt to use severe DRM tactics, however. Company representatives say the solution was intended as a "speed bump" to slow down casual pirates and make them think twice before pirating the content. The company also felt it offset its DRM restrictions with fair use, which included three burns and usage on mobile devices. 

Yet fair use and DRM remain contentious areas. As Gartner research director Michael McGuire puts it, "This is the fine line DRM presents; you want control, but if you are impeding my ability to use this in some non-commercial fashion, what can I do? If it becomes so onerous to legally get and own music they like, consumers will pursue other options . . . and there are so many options today."

McGuire echoes the sentiments of many consumers when he says, "wait a minute, I bought this CD legitimately and purchased the CD, played by the rules, and then in exchange for playing by the rules, there's the possibility my computer has been infected with spyware." He says that this sort of activity by the entertainment industry may just prompt legitimate music consumers to seek alternate sources. In fact, he believes that some of these alternate sources offer insight into a more viable business model for content distribution. 

"Companies need to start looking at DRM as less a lock box than as an accounting tool," says McGuire. "Look at Weedshare—distributors can tune the usage rules, but what is interesting is that the technology allows me to pass it on to you, and you can listen to the whole thing a few times, and if you like it, you can buy it. The clever and important part is that it enables and monetizes pass-along." 

"Music is social currency," says McGuire. He points to the success of Weedshare, Apple iTunes' iMix, and GoFish, which focus on community-building and "take advantage of word-of-mouth." The model going forward, according to McGuire, "is to create an ecosystem that allows consumers to find the music they like and provide a frictionless way for them to acquire and use it." He goes so far as to predict that to be successful, the music industry will need to not only come to terms with digital distribution but must eventually abandon physical media. "They have to take the leap. Though labels will have to continue physical CD distribution for awhile, eventually they'll have to cut off the installed base and truly embrace digital distribution." 

(http://cp.sonybmg.com/xcp/; www.first4internet.com; www.gartner.com)