(illegally?) reposting..

Devil's Advocate

Opinion by Frank Hayes

NOVEMBER 14, 2005 (COMPUTERWORLD) - Could Sony BMG have botched it any
more badly? It's hard to see how. By now you've heard the story: Sony
has been using a copy protection system called XCP on recent music CDs
to discourage piracy. XCP, it turns out, installs hidden spyware on a
Windows-based PC when an XCP-treated disc is put in the PC's CD drive.
Mark Russinovich, chief software architect at Winternals Software,
spotted the worm and raised a stink. Sony claimed that the worm was
innocuous but issued a patch anyway. Now the patch may crash PCs, the
spyware reportedly contacts Sony via the Internet, Italian police are
investigating whether Sony committed a crime, and Sony's reputation is
in the toilet.
And the worst of it? XCP doesn't stop piracy. Not at all.

Sony should have known that. A quick browse through the Web site of
First 4 Internet Ltd., the British company that sells XCP, turns up
this caveat: "If data in any format is digitally written to a compact
disc or DVD then it can be read from that disc in some way. XCP is
designed to give a level of protection that will make it suitably
difficult for the general consumer to copy and/or illegally distribute
the content of the disc."

In other words, XCP isn't designed to stop real music pirates from
stripping out the copy protection and stamping out thousands of
pirated discs to sell. Or to prevent experienced file-swappers from
ripping CD tracks and turning them into illegal MP3s to put on the
Internet.

No, XCP is aimed only at ordinary consumers -- the paying customers
Sony makes money from. Anyone else can easily work around it. Sony
managed to employ a copy protection system that doesn't stop thieves,
just legitimate buyers.

Hey, quit smirking. You're not that much smarter than Sony.

You say Sony should have done pilot tests with XCP before putting it
on regular products? Sony did. Sony didn't keep its use of copy
protection a secret, either. Anyone who read the recording-business
trade news knew about it. Even some daily newspapers ran stories on it
last February. Making CD copy protection highly visible was central to
Sony's plan.

No, Sony didn't need more testing or publicity or planning. What Sony
needed was a devil's advocate -- to point out that the company was
spending money on a "solution" that couldn't solve the problem,
wouldn't be worth the cost and could cause big problems down the line.

Think you're so smart? How many of your new technology projects have a
devil's advocate?

Not just a foot-dragger who dislikes the idea of the project, but a
tough-minded critic whose job is to ferret out everything that's
likely to be wrong with it.

A highly professional pessimist who assumes that the network won't be
able to handle the increased load. And that the users won't find the
new interface intuitive. And that the programmers won't sail through
that optimistic project schedule without so much as a glitch.

Someone who will make sure the project is vetted from every angle. Who
will describe it in unflattering detail to your lawyers. Who will
demand those unflattering details from your vendors. Who will check
out reference customers, tease out questionable claims and generally
make sure all the problematic questions get asked.

And -- one thing more -- someone who always remembers that his job
isn't political but technical and that it's not to torpedo the project
but to spot all the things that can go wrong so they won't torpedo the
project.

Would a devil's advocate have saved Sony from its XCP botch job? Maybe
not. But at least Sony would have known in advance a lot more of the
ways its new copy-protection scheme could go horribly wrong.

Will your next project demonstrate that you're ever so much smarter
than Sony? Maybe.

Get yourself a devil's advocate and find out.

Editor's note: After deadline, Sony announced it was suspending use of
XCP technology.