Ten years ago today, Sony was caught red-handed in a flashpoint that galvanized popular resistance to Digital Restrictions Management (DRM). A security researcher named Mark Russinovich published a description of surveillance malware (in this case a technically sophisticated rootkit) that was secretly installed on users' computers by the DRM on Sony music CDs.
The rootkit's purpose was to spy on users and send information about their music use habits back to Sony. Adding to the privacy violation, the rootkit had the predictable secondary effect of opening a massive security hole in the thousands of affected computers, which malware developers took advantage of to inflict further abuse on users. You can read more background about the rootkit fiasco from the Free Software Foundation Europe.
Media coverage of the rootkit substantially raised public awareness of DRM issues. The year after, in 2006, the Free Software Foundation started Defective by Design to educate, organize and empower users to end DRM forever. In 2011, Sony demonstrated more disregard for computers users by prosecuting tinkerers for installing a different operating system on their PlayStation 3s, and Defective by Design hit back with our Boycott Sony campaign to highlight the moral bankruptcy of Sony's actions.
What has changed since Russinovich's revelatory 2005 blog post? We have grown into a strong, global movement against DRM that comes together yearly for the International Day Against DRM, supported the growing community of DRM-free media distributors, and pushed back against the DRM industry's propaganda in every public forum we can find.
Since DRM-peddlers have taken to governments to add legal barbs to their technical restrictions, we track their influence on the US government and organize the anti-DRM community to call them out. Defective by Design is also a promient voice demanding repeal of the laws that make circumventing DRM a criminal act. Further, we fight the spread of the worst DRM-supporting laws around the globe by vigorously criticizing the Trans-Pacific Partnership trade deal.
The fight against DRM also rages in the non-governmental standards bodies where important global technical decisions are made, like the World Wide Web Consortium (W3C). In 2013 we delivered a petition with tens of thousands of signatures to the W3C, opposing an industry plan to add an official DRM extension to HTML, the very fabric of the Web. Our sources tell us that there will likely be another opportunity for action on DRM in HTML soon, and we intend make the most of it.
We should not have to trust manufacturers like Sony not to do bad things with DRM. We should just end DRM. Running a proprietary black box program, specifically designed to restrict, will always be an invitation for its owners to take advantage of users. Even when their actions are not technically criminal, they are unethical in their unjustified control and restriction.
In the last ten years, computers have continued to play an ever more prominent role in our lives, our vehicles, our communications and even our bodies. Ten years from now, what will the state of our digital freedoms be? Will we have relegated DRM to an unsavory corner of history, or will another security researcher be disclosing a DRM-carried rootkit in a medical device embedded in someone's body? It's up to all of us.