Apparently, MTV didn't learn from Sony BMG's mistake. In that "don't shoot the messenger" case (where the messenger got shot), Sony's customers were outraged to find that the record label was including third party-provided rootkit technology (what I called a Trojan horse) on its CDs: a rootkit that did things to end-users' PCs that most end users wouldn't want done without their explicit consent (including exposing them to malware). There are too many parallels between the Sony/BMG case and this one to deny. Although MTV has been slightly more upfront about what it may and may not do to end users' PCs with its new music service Urge, the gall of the entertainment company as it prepares to engage in practices that most users should find even more offensive than what Sony did, is equally audacious. As with Sony, MTV is relying on third party technology to achieve its goals. In this case, Microsoft's. As a side note, the Sony BMG case was settled yesterday.
Fellow ZDNet blogger Ed Bott has issued a scathing combination of posts (see I don't want my MTV and More details on the onerous MTV Urge license agreement) regarding the launch of MTV's Urge music service which also works with the beta version of Microsoft's recently released Windows Media Player 11 (WMP11).
CNET loves the new MTV/Microsoft music service....[Urge] sounds good until you read the Urge license agreement. (Set aside some time - it's a 6800-word document that goes on for 13 printed pages.) There is no way I’m going to allow a piece of software to update itself and install new “features” with no notification or consent to me.
Bott is referring to excerpts from the Urge license agreement which, in no uncertain terms, make it clear that MTV can basically reach into your PC to monitor it (for attempts at content piracy) and/or make changes to it at will, without first clearing it through you. The good news is that, unlike with the Sony BMG rootkit fiasco, MTV gives you a little more advance notice that it's about to put the equivalent of a Trojan horse on your system and you can put the brakes on the installation before it happens. The bad news is that (a) once it's on your system, it's just as bad as the rootkit Trojan (actually, worse because of the spyware component), and (b) as Bott alludes to in his second post, it could put Microsoft in the sticky position of allowing MTV to slip through its own security technologies -- technologies that might normally stop such "suspicious" behavior in its tracks (I have not yet asked Microsoft how it intends to handle this situation). Writes Bott:
Any impartial observer who compares those criteria with the terms of the Urge license agreement will conclude that the new service exhibits several questionable behaviors that are identical to those Microsoft uses to identify spyware. Is Urge spyware? Almost certainly not. But this add-in for Windows Media Player uses some of the same underhanded techniques that spyware distributors use.....By Microsoft’s own definition, this behavior is questionable, to say the least. Why should any program ever be allowed to update or reinstall itself without notice or consent?
There are too many parallels between the Sony/BMG case and this one to deny. Here, we have an entertainment company reaching its tentacles into our PCs in ways that most of us wouldn't approve of. The underlying technology comes from another company. And, the anti-malware programs we're depending on to stop such behavior either have or potentially could end up issuing a hall pass to the entertainment companies with a limited amount of involvement from us.
In the Sony BMG case, the provider of the rootkit technology -- First 4 Internet -- got some bad press but Sony BMG eventually ended up bearing the brunt of the blame (thus, the messenger getting shot). However, the rules could be different in this case since Microsoft is not only providing the underlying technology to the content licensor, the client side version is also included in versions of Windows Media Player that millions of people already use or will be downloading to their PCs and Microsoft is in charge of what its anti-malware software flags and doesn't flag.
In contrast, Sony BMG's customers never had to download the enabling technology from the DRM solution provider as a prerequisite to wiring up that entertainment company's version of digital rights management.
Bott thinks Microsoft shares the blame because of the role played by WMP11. Does it? Give me (and the folks at Microsoft who are undoubtedly watching) your answer below.