Join 3,374 readers in helping fund MetaFilter (Hide)


did skynet need ethics?
November 14, 2005 4:28 AM   Subscribe

Should programmers refuse to write malicious programs? Doctors take an oath to do no harm. We'd all like our computers to do what we want, and would be quite upset if they didn't. Should Sony's programmers have refused to write the malware?
posted by Jerub (94 comments total)

 
Sure, blame the programmers. That'll solve the problem.
posted by spazzm at 4:33 AM on November 14, 2005


Should people who appreciate music have taken an oath not to buy any products from Sony and its subsidiaries?
posted by Rothko at 4:37 AM on November 14, 2005


This is a laudable idea and I would welcome it, but can we get this oath thing down for car mechanics first/also?

Frankly, businesses won't go for this. Moral employees are very productive and they don't always do what the boss says, so why keep them.

Finally, doesn't this call for the licensing of computer programmers?
posted by Brandon Blatcher at 4:41 AM on November 14, 2005


Morally, yes, programmers should refuse to write malicious programs. But the managers and executives should have refused to even let it get to that point. And the artists should make it clear that they consider damaging consumers' computers with their albums a breach of contract. Everyone involved was stupid or reckless or just didn't do everythng they could. Don't just blame the programmers.
posted by Plutor at 4:43 AM on November 14, 2005


I imagine that record companies feel that programmers shouldn't write P2P applications.
posted by srboisvert at 4:46 AM on November 14, 2005


Should hitmen not be able to murder people?
posted by ParisParamus at 4:52 AM on November 14, 2005


Are you saying that programmers shouldn't do stuff that's illegal? I'd imagine there are a lot of people that would agree with that...
posted by ph00dz at 4:56 AM on November 14, 2005


People should be able to write whatever code they want. People should be allowed to execute that code as well. If the code is harmful, then disciplinary measures should be, and are, available to punish those that are accountable. So what's the big deal?
posted by furtive at 5:04 AM on November 14, 2005


Curse the programmers for having come up with this DRM blight!
posted by NinjaPirate at 5:24 AM on November 14, 2005


Doctors take an oath to do no harm.

And yet Doctor's still kill people, sometimes intentionally.
posted by PenDevil at 5:29 AM on November 14, 2005


We should also first make sure doctors stick to their own oaths.
posted by Space Coyote at 5:33 AM on November 14, 2005


We already have laws to punish people who maliciously create and distribute computer viruses. Whichever Sony mugwump spearheaded the DRM project can and should be prosecuted under the existing laws. As for the programmers themselves? Well, is "I was only following orders" an acceptable excuse?
posted by Faint of Butt at 5:34 AM on November 14, 2005


when malware is outlawed only outlaws will write malware.
posted by kcm at 5:39 AM on November 14, 2005


Whichever Sony mugwump spearheaded the DRM project can and should be prosecuted under the existing laws.

...how about no?

Seriously, it's not a virus. It's not like the CD didn't say that it had copy protection on it. Sure it didn't specify exactly how it worked, but then again Norton Antivirus doesn't say exactly how it works on the box either does it?

Well, is "I was only following orders" an acceptable excuse?

Yes.

Don't even bother with stupid analogies involving guns or anything like that, it's just not worth it. We can not expect to hold everyone responsible for every little mistake they may or may not of made in any sense of the word "mistake" Your getting dangerously close to impeeding free speech if you start locking people up for writing potentially malicious software. There's some seriously enormous double standards going on here.
posted by alexst at 5:43 AM on November 14, 2005


they should probably have refused; but it's not just programmers. no-one should do things they think are sufficiently wrong.

the trouble is, deciding what is bad enough. if these people should have refused to work, should all merchant bankers shoot themselves? what about people producing the cars that are steadily fucking up our environment? shouldn't all american's - as the worl's most excessive consumers - leave the country?

i'm not trying to reduce the argument to absurdities. i think it's a reasonable question and in the past has incluenced whether or not i take/leave a job. but i think you can only reasonably claim these people did wrong if you also think a large fraction of people you know - including yourself - are morally culpable for similar crimes.
posted by andrew cooke at 5:44 AM on November 14, 2005


i think you can only reasonably claim these people did wrong if you also think a large fraction of people you know - including yourself - are morally culpable for similar crimes.

Aren't you in effect just saying "don't do things you think are bad" then?

Not that that isn't a reasonable thing to say. But it depends a lot of what people feel for morally responsible for, and whether or not they think it is morally bad in the first place.

What the people who are claiming that Sony deserve to get the crap sued out of them and that the programmers should take more responsibility seem to want is their own moral standards imposed on others, not for people to be allowed to decide (or make them up) for themselves.
posted by alexst at 5:49 AM on November 14, 2005


Seriously, it's not a virus.

I'll concede on that point, because the DRM code is not self-replicating, and all viruses self-replicate. It is, however, deliberately designed to impair the ordinary functions of a computer, and it is disguised as something harmless. Technically speaking, that would be a Trojan.
posted by Faint of Butt at 5:54 AM on November 14, 2005


It wasn't actually written by Sony programmers AFAIK, but by First 4 Internet, which is a corporation and, in my view, jointly liable (with Sony) for any damage caused by XCP.

Anyway, since they just lost their one big customer they might not be around for much longer anyway...
posted by clevershark at 5:54 AM on November 14, 2005


Scenario:
Your boss ask you to create some especially vicious DRM.
"To show the big-wigs that it's bad for business," he tells you "it's not for release".

So you do, thinking it's never going to be released.

But then somebody (maybe it's your boss, your boss' boss or the mail clerk) does something he shouldn't have, and your DRM is released.

Since it's traceable to you but you don't know who released it, you're up shit creek without the proverbial paddle.

Sure, it's easy to say "don't work for amoral people (or companies that hire amoral people)" but that's not very realistic, is it?
posted by spazzm at 5:54 AM on November 14, 2005


alexst writes "Seriously, it's not a virus."

Correct. It's a trojan horse.
posted by clevershark at 5:54 AM on November 14, 2005


alexst writes "Seriously, it's not a virus."

Unfortunately, it has become a virus.
posted by Rothko at 5:57 AM on November 14, 2005


Since it's traceable to you but you don't know who released it, you're up shit creek without the proverbial paddle.

Isn't it fun to engineer absurd examples to prove your own points? Be reasonable for gods sakes. This is saying that if you make anything, ever, if it gets used for something you didn't intend it to be used for, it's your fault.

Seriously, don't make up extreme examples which are totally unrealistic, it helps no one.
posted by alexst at 5:57 AM on November 14, 2005


Unfortunately, it has become a virus.
Erm no it hasn't. It has been exploited by a virus.

Correct. It's a trojan horse.

No it said on the packaging that the CD contained copy protection technology.
posted by alexst at 5:59 AM on November 14, 2005


From the linked LJ post.

Who would knowingly submit themselves to a doctor, knowing that they might give you a secondary, curable disease, just to ensure they got paid?

Has anyone looked at the rates of secondary infection lately? It's really not that uncommon.
posted by alexst at 6:02 AM on November 14, 2005


Erm no it hasn't. It has been exploited by a virus.

If it infects my computer, my lawyer and I will beg to differ, given I did not authorize its installation.
posted by Rothko at 6:02 AM on November 14, 2005


If it infects my computer, my lawyer and I will beg to differ, given I did not authorize its installation.

And Sony will say that you did. Because you bought the CD. Whoever has the most money wins. Hence Sony BMG win.
posted by alexst at 6:04 AM on November 14, 2005


I see. I suppose that's what the point comes down to.
posted by Rothko at 6:16 AM on November 14, 2005


Yeah, sure... Blame the programmers. I bet Richard Stallman did it on purpose.

//hastily stuffs new Sony link into any post which even mentions Sony.
posted by seanyboy at 6:16 AM on November 14, 2005


alexst: Did you write this software?

Actually, I know of one case a long time ago about a program that was written with a clause that said if you didn't pay the license fee it would damage not only itself, but the rest of your computer. It was right there in the EULA, but the police didn't care much. The guy ended up arrested.

IMO, the programmers who wrote this software ought to be charged with writing a Trojan. The program purposefully and permanently damaged people's computers.

Also, I'm not sure if people were ever presented with a click-through license. The software was set to auto-run and auto install as soon as you put in the CD, with no warning at all.
posted by delmoi at 6:16 AM on November 14, 2005


Don't buy Sony.
posted by sjvilla79 at 6:16 AM on November 14, 2005


Don't buy Sony, agreed.
posted by Rothko at 6:20 AM on November 14, 2005


The software was set to auto-run and auto install as soon as you put in the CD, with no warning at all.

It stated it on the CD packaging that it was copy protected. Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there.

The program purposefully and permanently damaged people's computers.

Damaged? I haven't seen any evidence of it damaging anyone's computers. Besides, lots of programs cause "damage" it's not like we sue Linus for Linux being slightly slower or crashing more often than we would like it to.

alexst: Did you write this software?

Yes.
posted by alexst at 6:21 AM on November 14, 2005


Doctors are a profession and thus its possible to make them take oaths. Programmers have not professionalized, so how exactly would this oath-taking work?
posted by duck at 6:22 AM on November 14, 2005


alexst: And Sony will say that you did [authorize the infection]. Because you bought the CD.

Nope. The XCP install works very much like MediaMax (Sony's other CD protection scheme), in that it installs without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn't
posted by Popular Ethics at 6:23 AM on November 14, 2005


Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there.

That's right, because to do so may well (if verified) be admitting to taking LGPL'ed code from the open-source LAME encoder and putting it into a commercial product in violation of the LGPL licensing terms.
posted by Rothko at 6:24 AM on November 14, 2005


Ha, Ha.. Mr Rothko. I beat you to the dewinter link....
posted by seanyboy at 6:27 AM on November 14, 2005


Yer right. Apologies...
posted by Rothko at 6:28 AM on November 14, 2005


It stated it on the CD packaging that it was copy protected. Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there.

"Copy protected" is not sufficient notice of "your music CD will silently install a rootkit on your computer."

Damaged? I haven't seen any evidence of it damaging anyone's computers.

The program hides itself to prevent removal and opens security holes that can be easily exploited and are difficult to close without removing the software... which is designed to prevent removal!

That's damage, and it's disingenuous to compare it to "Linux being slightly slower or crashing more often than we would like it to" or Windows being a lot slower and crashing a lot more often than we would like it to. That's imperfect coding. This is a matter of knowingly compromising a user's security without their informed consent.
posted by musicinmybrain at 6:33 AM on November 14, 2005


Aside from the present issue (Sony/BMG being hypocrites), there are good arguments for making programming a profession. I want someone to sign their reputation to the accuracy of an excel calculation, or the fireproofness of a firewall, or at least that their software will do no harm to my valuable data!. Licences like this (taken from acrobat) are criminal imho:
UNDER NO CIRCUMSTANCES WILL ADOBE OR ANY CD SERVICE PROVIDER (EXCEPT AS EXPRESSLY SET FORTH IN ITS ISSUER STATEMENT) BE LIABLE TO YOU, OR ANY OTHER PERSON OR ENTITY, FOR ANY LOSS OF USE, REVENUE OR PROFIT, LOST OR DAMAGED DATA, OR OTHER COMMERCIAL OR ECONOMIC LOSS OR FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, STATUTORY, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES WHATSOEVER RELATED TO YOUR USE OR RELIANCE UPON CD SERVICES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF SUCH DAMAGES ARE FORESEEABLE. Ugh.
posted by Popular Ethics at 6:35 AM on November 14, 2005


That's right, because to do so may well (if verified) be admitting to taking LGPL'ed code from the open-source LAME encoder and putting it into a commercial product in violation of the LGPL licensing terms.

lol yes, if that turns out to be true then there's certainly a winnable case against Sony.

Nope. The XCP install works very much like MediaMax (Sony's other CD protection scheme), in that it installs without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn't

I fail to see how that makes it a virus, or means that it breaks the law. What constitutes an "uninstaller"? It's not like it isn't removable if you know what your doing. Not that it's easy to most people.

I agree that it's not exactly obvious about what "copy-protection" entails. But you took the risk with the ambiguity it's not like you where told that it was a perfectly normal CD and didn't do anything unusual, and then it rootkitted you.

I'm not saying that Sony's DRM isn't going too far from my standing as a consumer, just attempting to demonstrate the insanely vague arguments that go on over this topic. It's ok for us to hate it because "we just do." And because publishers have a monopoly on any given album more or less it makes it very hard to apply the usual "well just buy from a different supplier" free-trade arguments. It's not like we can just go off and like different music overnight.
posted by alexst at 6:35 AM on November 14, 2005


That's imperfect coding. This is a matter of knowingly compromising a user's security without their informed consent.

XCP just makes it easier, the flaw was already there to be exploited, and is routinely. In which case, it's Microsofts fault for making kernel calls patchable and other Ring 0 elevation techniques. Which is somewhat fixed in the 64-bit version of windows btw.

Since when has a software vendor been responsible for bugs in their code unless contractually obliged to provide a certain level of quality?
posted by alexst at 6:41 AM on November 14, 2005


I want someone to sign their reputation to the accuracy of an excel calculation, or the fireproofness of a firewall, or at least that their software will do no harm to my valuable data!.

Almost always the following simple equation holds true.

Cost of developing system which won't eat your data. Ever. (Including hardware) > Cost of your data

If you pay the money, you can get such licenses, or at least agreements which mean you get to sue the crap out of them if they do eat your data. Proving who actually ate your data can be tricky though.
posted by alexst at 6:45 AM on November 14, 2005



It stated it on the CD packaging that it was copy protected. Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there.

There is no way that "copy protected" implies that it will permanently alter the person's computer, simply stating that the disk was copy protected is not enough of a warning. And secondly, people never even have to click a "click-through" agreement, it gets installed right when they insert the CD.

Damaged? I haven't seen any evidence of it damaging anyone's computers. Besides, lots of programs cause "damage" it's not like we sue Linus for Linux being slightly slower or crashing more often than we would like it to.

Uh, yeah, lots of programs accidentally damage machines, because lots of software is buggy as hell. In general, programmers try to avoid doing that, but a few bugs might slip through. But there's a big difference between damaging something by accident and on purpose.

Altering (permanently) the way a computer works and reducing its functionality is damage)

Aside from the present issue (Sony/BMG being hypocrites), there are good arguments for making programming a profession. I want someone to sign their reputation to the accuracy of an excel calculation, or the fireproofness of a firewall, or at least that their software will do no harm to my valuable data!.

Well, if you want to pay $10,000 a copy for all your software, go ahead. I'll just back my stuff up, since the hard drive might fail anyway.

Since when has a software vendor been responsible for bugs in their code unless contractually obliged to provide a certain level of quality?

They have always been liable for intentionally damaging code. Always.
posted by delmoi at 6:56 AM on November 14, 2005


Absurd premise seriously over-estimating both coder latitude and responsibility. Our wage-slave ethically-disturbed coder is in no position to alter executive-driven strategy or company policy.

Such an individual has only 4 stark options:
1 - get it done, on time and to specification, while working under NDA typically
2 - quit, and get replaced
3 - get fired and replaced
4 - actually incur criminal jeopardy by doing something subversive with the code

Really, the best one could hope for in this miserable situation is to do a minimally competent job technically and get out later with an intact reference and use of the NDA to avoid ever explaining to anyone what you really did.

I want someone to sign their reputation to the accuracy of an excel calculation, or the fireproofness of a firewall, or at least that their software will do no harm to my valuable data!.


Heh, maybe in some parallel software development universe. Can you think of an industry which carries less responsibility for what it's products do or don't do?
posted by scheptech at 6:57 AM on November 14, 2005


alexst writes "No it said on the packaging that the CD contained copy protection technology."

This sets up the idea of "reasonable expectations". You don't expect "copy protection technology" to basically leave you wide open to attacks from third parties.
posted by clevershark at 6:58 AM on November 14, 2005


Aren't you in effect just saying "don't do things you think are bad" then?

yes. wouldn't the world be wonderful?
posted by andrew cooke at 7:01 AM on November 14, 2005


Microsoft are regarding Sony's bundle as malware because it falls foul of their long-instituted view of what constitutes "malware".
Certainly installing a backdoor made secure with only a piece of twine (which happens to be wrapped around the neck of the Windows IPCs) would count.

The offending software's signature will be added to the weekly updates of its malware removal tool, as well as to the newly-christened "Microsoft Defender" when it emerges in beta. That should mean easy remedial fix for those already infected and a big embarrassment for Sony.

Of course, this also has another massive implication - those once-protected CDs will now be fair game for all of the music pirates. I'm positive that Sony's music revenue will now tumble headlong as a result of lost sales, possibly destabilising the entire company and leaving the music business an unprofitable wasteland.

...or not, because music piracy is really only a tiny pimple on the bum of music revenues for the publishers. I still don't understand why publishers feel the need to attack it with such wild-eyed vigour.
posted by NinjaPirate at 7:06 AM on November 14, 2005


When a Compact Disc that contains music says it contains "copy protection technology," that means to me that it somehow will disrupt efforts to copy it. That doesn't mean I expect it to alter the playback machine. If I put this in a normal CD player like the one in my car, is it allowed to alter the laser? Or could it somehow disable the digital out on my receiver so I can't make copies? Saying that it has copy protection isn't automatic permission for them to modify my property.
posted by mikeh at 7:06 AM on November 14, 2005


Additionally, has anyone else heard about Sony's uninstaller for this crap? It's apparently an ActiveX control that's scriptable! That's right, it has functions to (presumably) inject code and one that has been shown to reboot the computer. Even if you get rid of the "copy protection," you're now left with what could be an even larger security hole.
posted by mikeh at 7:08 AM on November 14, 2005


I've worked as a programmer, and at every single programming job, I've signed a contract saying that all code I produce is there property of the corporation and that I have no ownership or responsability for it after creating it. It seems to me that the corporations have voluntarily taken responsabilty for the software, and that the programmer should not be, and can not be liable. Either that, or we should hang anyone that wrote any program for deleting or renaming a file, even if there might be "valid" uses. Especially the DOS "del" command.
posted by blue_beetle at 7:09 AM on November 14, 2005


You don't expect "copy protection technology" to basically leave you wide open to attacks from third parties.

Well, you do now.

But seriously,

Ambiguity is dangerous for precisely reasons like this. If you can't be bothered to find out exactly what "copy protection" means then your way too trusting of companies like Sony BMG which we already knew where up to no good with their DRM. You "signed" the contract, you should of know what it meant.

Not that I think buying a CD should be able to enter you into that sort of obligation, but I think Sony's lawyers would be good enough to get away with it. And consumers *should* know the sort of legal shenanigans that multinationals will try and pull by now. Although I doubt consumers will settle for a repeat of what's happened.
posted by alexst at 7:11 AM on November 14, 2005


Ambiguity is dangerous for precisely reasons like this. If you can't be bothered to find out exactly what "copy protection" means then your way too trusting of companies like Sony BMG which we already knew where up to no good with their DRM. You "signed" the contract, you should of know what it meant.

Except no one 'signed' anything, shithead.

And even if they had taken pen to paper and written there name, it still wouldn't have mattered. Contract law requires informed consent. So if you don't know what the contract said when you signed it, you're not really required to abide by the stipulations.
posted by delmoi at 7:15 AM on November 14, 2005


Microsoft are regarding Sony's bundle as malware because it falls foul of their long-instituted view of what constitutes "malware".

That's nice of them. Of course if Sony wheren't running for the hills over this, things might be different. It's clearly a DMCA violation to remove the protection.
posted by alexst at 7:15 AM on November 14, 2005


alexst said: "Sony is clearly the devil and you just sold your soul without reading the fine print. Dumbass"

Of course, I paraphrase.
posted by NinjaPirate at 7:16 AM on November 14, 2005


It's clearly a DMCA violation to remove the protection.

Why? No party agreed to have this "protection" on the computer in the first place.
posted by Rothko at 7:17 AM on November 14, 2005


So if you don't know what the contract said when you signed it, you're not really required to abide by the stipulations.

I agree. But that doesn't mean your own blind assumption that every music publisher in the world is your best friend and really has your best interests at heart is correct.

I mean honestly, anyone buying copy-protected music should know better by now. It's disgusting what Sony did, but screwing over consumers is nothing new.
posted by alexst at 7:19 AM on November 14, 2005


Why? No party agreed to have this "protection" on the computer in the first place

Since when did the DMCA only cover digital protection systems which you expressly agreed to? It's principally designed to protect manufacturers and publishers not consumer rights.
posted by alexst at 7:20 AM on November 14, 2005


alexst said: "Sony is clearly the devil and you just sold your soul without reading the fine print. Dumbass"

Exactly.
posted by alexst at 7:21 AM on November 14, 2005


corporations have voluntarily taken responsabilty for the software, and that the programmer should not be, and can not be liable

Partly correct, except the part where the corporation has taken responsibility. They've extinguished responsibility. Read your typical software agreement, they all say in essence: "use this product at your own risk, results not guaranteed, and by the way we're not responsible for anything at all period".
posted by scheptech at 7:26 AM on November 14, 2005


Since when did the DMCA only cover digital protection systems which you expressly agreed to? It's principally designed to protect manufacturers and publishers not consumer rights.

Are you suggesting that the DMCA applies to a situation where a corporation has locked you out of the use of your property, and that circumventing this to gain access to your own property is in violation of this statute? I don't think many judges would rule in agreement with that kind of behavior.
posted by Rothko at 7:27 AM on November 14, 2005


That's nice of them. Of course if Sony wheren't running for the hills over this, things might be different. It's clearly a DMCA violation to remove the protection.--alexst

Why? No party agreed to have this "protection" on the computer in the first place.--rothko

Actually, the DMCA doesn't specifically say anything about different parties agreeing to whatever. It was basically written about physical devices (like the lockout chip on the old NES, for example).

What the DMCA actually says is that it's a felony to distribute a device that bypasses a copyright protection 'scheme'. The DeCSS case found that software can be a device, so if Microsoft's AV software gets rid of it, some people might interpret that as being a violation of the DMCA

However that would mean that the DMCA would grant a universal exemption to any software that claimed to be copyright protecting, even viruses. That's clearly not what the law was intended to do. So it's hardly 'clear'.

Either way, the DMCA is a bad law.
posted by delmoi at 7:27 AM on November 14, 2005


Members of the ACM or IEEE have as part of their ethical code not to harm others. For example, ACM code of ethics:

1.2 Avoid harm to others ("Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems of "computer viruses.");

1.3 Be honest and trustworthy.
(" The honest computing professional will not make deliberately false or deceptive claims about a system or system design, but will instead provide full disclosure of all pertinent system limitations and problems.")

The ethics of a profession are indeed what a member professes.
posted by about_time at 7:29 AM on November 14, 2005


got to admire his cheek
[doffs cap]

posted by NinjaPirate at 7:30 AM on November 14, 2005


"It's your IP, but it's not your computer" - Some DHS official whose name I can't remember.
posted by PenDevil at 7:31 AM on November 14, 2005


Members of the ACM or IEEE have as part of their ethical code not to harm others

Because regulating the IT industry wouldn't be even vaguely impossible.
posted by alexst at 7:41 AM on November 14, 2005


It stated it on the CD packaging that it was copy protected. Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there.

I don't see how "copy protected" is an sufficient indication that the CD contains software at all. Forget what the software does for a moment - is it reasonable to expect a non-technical user to understand that "copy protected" means "Automatically installs software on your PC?" Justify that leap, and maybe I'll start to understand.

Personally, I wouldn't consider a silent, automatic installer of this kind to be acceptable under any circumstances, regardless of labeling, regardless of intent, and regardless of the ultimate result. There's simply no good reason to do things this way.

If you feel that the "copy protected" notice is sufficient warning for the silent and consent-free installation of poorly-written, system-hogging, non-removeable, security-hole-creating device drivers, developed with the deliberate intention of crippling the user's/purchaser's own PC, I'd be very curious to hear what you think would constitue unacceptable behavoir for a "copy protected" CD. Would it be OK if the software actually physically ruined any CD-R drives it found? Would it be OK if the software erased any CD ripping/burning applications it found? Such actions could certainly fall under the umbrella of "copy protection," after all. Where do you draw the line for what's acceptable?
posted by Western Infidels at 8:08 AM on November 14, 2005


If programmers refuse to write malicious code, then they're ultimately robbing their fellows of jobs. After all, who will be tasked to write the code or do the research for multiple companies that will erradicate the bad code?

To grow our economy, we need to write MORE malicious code!
posted by jmccorm at 8:09 AM on November 14, 2005


alexst writes "It stated it on the CD packaging that it was copy protected. Sure it's vague and hand wavy term, but it's not like they can put a full copy of the source code on there."

Geez it installs a frickin' device driver without letting you know. And then hides it from normal system tools so even if you knew it was there you can't use windows kit to remove it. Criminal negligent is what it is at the least.

Of course considering how wonderful this operation Foot-Bullet is going for Sony, would it be all right to code this and then leak it out once it was well distributed as a tactic to discredit DRM?
posted by Mitheral at 8:10 AM on November 14, 2005


The programmers I work with do exercise a fair amount of "ethics" in the development process. The company long ago figured out that you have to please and serve users if you want to stay around, so it's not like they're ever asked to do anything really scummy like install malware or even code a popup ad. But still there are a million and one ways that programmers can argue about what's best for the user. "Refusing to write malicious code," for some, might mean use of the < font> tag in a web page ;)

"Do only what the user tells you" sounds straightforward enough, but in practice it falls apart almost instantly. Who is the user, what do they expect implicitly, what did they just tell us to do?

Still, the Sony example is well outside any grey area. If none of the staff ever complained along the way that what they were doing felt scummy I'd be very surprised. But really, what are their options. You can't just "refuse to code" without getting fired. If it were me, I wouldn't want to work there anymore anyway. But that's me.
posted by scarabic at 8:12 AM on November 14, 2005


Rothko writes "re you suggesting that the DMCA applies to a situation where a corporation has locked you out of the use of your property, and that circumventing this to gain access to your own property is in violation of this statute? I don't think many judges would rule in agreement with that kind of behavior."

What, you mean like distributing a tool to allow consumers to legally make a backup or media shifted copy of the latest DVD they just bought?

Ya, I can see where that would never fly.
posted by Mitheral at 8:19 AM on November 14, 2005


No-one has mentioned the somewhat pertinent fact that the DRM software / malware is not automatically installed by Sony - it is automatically installed if users have their machines configured to autorun disks when they are put in the machine. I would lay the blame for this at the door of either Microsoft or the end user - anyone who leaves autorun enabled on their computer deserves everything they get - it's like having a car with an option to automatically engage first gear / drive when you turn the ignition; only a moron would leave it enabled.

Also, I'm still amazed when a topic like this comes up - so many people seem to think that DRM is per se an evil. I have no problem with the concept of DRM (or even with some of the experimental approaches), my concerns are that badly defined or implemented DRM limits my legal use of copyrighted material, or that the publishers / distributors (such as Apple) start to rewrite the licenses upon which you purchase material in such a way as to severely limit your right to use it. <aside>In my view, the limits placed on the right to use an iTunes purchased track are far worse than the foolish actions of Sony</aside>

On the main slant of the topic: Of course they shouldn't have refused to write the software, at least not until every other profession refuses to develop anything that runs counter to people's best interests. Even if you count doctors as taking such an oath, can you think of any other profession that would refuse ?
posted by daveg at 8:19 AM on November 14, 2005


Rothko: Are you suggesting that the DMCA applies to a situation where a corporation has locked you out of the use of your property, and that circumventing this to gain access to your own property is in violation of this statute? I don't think many judges would rule in agreement with that kind of behavior.

Well, that's basically the legal case for copy-protection and region-code locks on DVDs. DVD publishers include technologies preventing me from using my DVD the way I want, and have essentially coerced DVD-player manufacturers to "pre-infect" all their hardware. Developers selling software allowing me to bypass the infection and use my DVD the way I want have gotten sued under the DMCA a few times.

Obviously that's different from the case here. Sony's certainly opened itself up to lawsuits on a few fronts. What concerns me (a little) is that the DMCA has already been used to make otherwise-legal behavior illegal; I wonder if it can be used here to make otherwise-illegal behavior legal.
posted by adamrice at 8:20 AM on November 14, 2005


on post-view--Mithral beat me to it.
posted by adamrice at 8:21 AM on November 14, 2005


alexst: "Damaged? I haven't seen any evidence of it damaging anyone's computers.Besides, lots of programs cause "damage" it's not like we sue Linus forLinux being slightly slower or crashing more often than we would like it to."

The program checks every CD that is inserted against the internal whitelist. Costing me CPU cycles.
It "phones home", retrieving banner ads (costing me bandwidth), incidentally breaching my privacy by telling Sony how often I play what CD, at which times.
How is that alone "not damaging" my computer?
What if other firms take the same approach, installing, say, SETI@home on my computer ("He won't mind, he agreed to the EULA, so we can do with his hardware whatever we want!")?
posted by PontifexPrimus at 8:25 AM on November 14, 2005


Mitheral, adamrice, it's a bit of derail but you don't actually own your DVDs. You own a license to play them, if I remember correctly. So it's not quite the same scenario I was describing.
posted by Rothko at 8:37 AM on November 14, 2005


...the DRM software / malware is not automatically installed by Sony - it is automatically installed if users have their machines configured to autorun disks when they are put in the machine. I would lay the blame for this at the door of either Microsoft or the end user - anyone who leaves autorun enabled on their computer deserves everything they get.

I agree that autorun stinks and that everyone should turn it off. It was an ill-conceived feature.

But, when designing a CD-ROM, autorun is entirely optional. Sony was in no sense required to use it. They opted to do so. The software in question absolutely, positively "is automatically installed by Sony." I don't see any wiggle room on this one. It was Sony's choice, it was Sony's doing, and the damage is Sony's fault.
posted by Western Infidels at 8:44 AM on November 14, 2005


1 - get it done, on time and to specification, while working under NDA typically
2 - quit, and get replaced
3 - get fired and replaced
4 - actually incur criminal jeopardy by doing something subversive with the code


Right, because programmers aren't professionalized. If they were professionalized, there would be 5. Refuse if code violates the professional code. Company abandons/modifies project.

That said, I don't think programmers could ever professioanlize. The skills are too widely held and too easily accessible. Second, I would imagine it would do serious damage to the open source movement.

I don't think we'll be seeing any oaths anytime soon.
posted by duck at 8:51 AM on November 14, 2005


scarabic writes "If none of the staff ever complained along the way that what they were doing felt scummy I'd be very surprised."

I wouldn't, there are lots of sociopaths in the business world.

daveg writes "Also, I'm still amazed when a topic like this comes up - so many people seem to think that DRM is per se an evil."

I've yet to see a DRM scheme that expires when the copyright does, that makes them inherently evil. Look forward a hundred years (assuming copyright doesn't get extended again). The DMCA is still inforce so you still can't freely copy Star Wars. And even if you think SW is a blight upon the land there is no doubt it is a cultural icon of the last 30 years that should be able to be studied. The public domain is being stripped mined by the content industry and I refuse to give them the benifit of the doubt.

Rothko writes "Mitheral, adamrice, it's a bit of derail but you don't actually own your DVDs. You own a license to play them, if I remember correctly. So it's not quite the same scenario I was describing."

Don't see how that makes much difference as there is still a right under copyright law to copy them for my own use. Fair use which is thwarted by the DMCA and all the judges who have upheld the application of it against distribution of DVD copy tools.

daveg writes "would lay the blame for this at the door of either Microsoft or the end user - anyone who leaves autorun enabled on their computer deserves everything they get"

You can't blame the user here, you've got to download an unsupported utility from Microsoft (or elsewhere) to turn it off. Feel free to heap scorn on MS though, it's a brain dead feature that should have been removed by at the latest W2K.
posted by Mitheral at 8:52 AM on November 14, 2005


I think programmers should, in fact, take such an oath. And I don't think it should stop there.

I think all human beings should take an oath not to harm anyone else in whatever ways they can see if they can help it. It would not eliminate all of our troubles, not by a long shot, but it would be a good start.
posted by JHarris at 8:53 AM on November 14, 2005


I think all human beings should take an oath not to harm anyone else in whatever ways they can see if they can help it.

I bet Asimov never saw this coming.
posted by alexst at 8:57 AM on November 14, 2005


I think all human beings should take an oath not to harm anyone else in whatever ways they can see if they can help it.

Ape shall never kill ape.
posted by Faint of Butt at 9:15 AM on November 14, 2005


I think all human beings should take an oath not to harm anyone else in whatever ways they can see if they can help it.

Read all about it. Seriously, great book. (No, not a dystopia or allegory on this topic, but the book is basically about a man who makes such a vow and how his life and the lives of his family unfold).
posted by duck at 9:50 AM on November 14, 2005


JHarris: As per the fourth and fifth precepts of the Buddhist eightfold path:
  1. Right Action
    An ethical foundation for life based on the principle of non-exploitation of oneself and others.
  2. Right Livelihood
    This is a livelihood based on correct action the ethical principal of non-exploitation. The basis of an Ideal society.
So, if only we can get all programmers to be Buddhist, we should be OK.
posted by daveg at 9:51 AM on November 14, 2005


I was going to purchase a Sony phone in the next few weeks -- not a cheap one either, a K750 -- but as a result of the XCP story I have decided that I would no longer purchase anything Sony-owned or franchised, including seeing movies.

And yes, that applies to the PS3 also (when it comes out). Would I really want to connect that thing to my network, knowing the underhanded shenanigans that Sony's tried in the past?
posted by clevershark at 10:13 AM on November 14, 2005


Doctors are a profession and thus its possible to make them take oaths.
Except the hippocratic oath is not mandatory, and is not legally enforceable ...
posted by kaemaril at 11:32 AM on November 14, 2005


Doctors are a profession and thus its possible to make them take oaths.
Except the hippocratic oath is not mandatory, and is not legally enforceable ...

No, but the professional codes of ethics set by the licensing bodies are enforceable. Meaning you can be "thrown out" of being a doctor. You can't be "thrown out" of being a programmer. The licensing bodies controls who is allowed to practice medicine (that's what makes them a profession), and this control is enforced by the state. There is no equivalent for programmers and the creation of an equivalent is unlikely and not necessarily "good."
posted by duck at 11:56 AM on November 14, 2005


As ParisP already noted tangentially, these programmer(s) are hitman in the sense that they're paid to do their probably unethical and amoral job and if one chooses not to, enter the second hitman and so on.

We're not talking about really killing anybody and that makes the programmer job even easier as it doesn't involve really harming anybody or doing something illegal.

Duck noted the skill to do the job are held by many and relatively easy to gain, which makes the programmer base even wider, so bye bye ethical inspiration, all it takes is ONE programmer to render the system practically useless even if it remains inspirational it has no claws.

What gives ?

* Compliments to these discovering all the dirty job done by Sony

* Thanks to those who divulged it and are still divulging it

* Middle finger to current Sony execs and brand I'm not
going to buy, sue me on that

On a tangent, remeber the idelogical thingie that market adapts to demand ? Let's see if it's true and how long it takes to have market adapt to unrestricted content...and if doesn't perfectly meet demand, sorry If I don't perfectly respect rules made in favor of Sony et amici.
posted by elpapacito at 1:16 PM on November 14, 2005


duck: Quite so. I was merely pointing out that the hippocratic oath isn't the be all and end all ...
posted by kaemaril at 2:01 PM on November 14, 2005


Duck noted the skill to do the job are held by many and relatively easy to gain, which makes the programmer base even wider, so bye bye ethical inspiration, all it takes is ONE programmer to render the system practically useless even if it remains inspirational it has no claws.

That's just not true. A lot of "engineering work" is just as easy to pick up as programming (you can wire your home after reading one book for instance). So we see much of a black market for engineering work because the idea that "this work requires a professional" has been engrained through years of enforcement. This would take time, and would make software more expensive. I agree that open-source projects could suffer. But it's worth considering, because more and more of our lives require unconscious trust in software.
posted by Popular Ethics at 3:15 PM on November 14, 2005


So we - The reason we don't.
posted by Popular Ethics at 5:38 PM on November 14, 2005


"The DeCSS case found that software can be a device, so if Microsoft's AV software gets rid of it, some people might interpret that as being a violation of the DMCA"

Ooooh, boy I'd love to see Sony try to sue Microsoft for a DMCA violation. That would be tons of fun, and Microsoft would crush them like a bug. American-economy-driving software giant vs. Japanese competitor in a US court? Yeaaahhh, ouch. Pass the popcorn, ma!

Meanwhile, I'm boycotting all Sony and BMG products, with the exception of Playstation 2 and games therefor because I'm in the game biz and I need that stuff for my work. Note that all of my home entertainment electronics were made by Sony, so they're losing a lifelong customer. I'm gonna get the Mitsubishi big-screen TV instead.

I just think Sony BMG enormously arrogant and foolish for doing this. I'm kind of enjoying watching the Big Music Biz eating itself alive; I had a record deal once and got screwed by them, so seeing them self-destructing is warming to my heart.

As regards the programmer moral aspect, well... people gotta work for a living to keep themselves and their homes and families housed and fed. I'm sure some of them felt crappy about it, but finding a job isn't so easy these days.
posted by zoogleplex at 5:38 PM on November 14, 2005


Alex Halderman and I have confirmed that Sony's Web-based XCP uninstallation utility exposes users to serious security risk. Under at least some circumstances, running Sony's Web-based uninstaller opens a huge security hole on your computer. We have a working demonstration exploit.

We are working furiously to nail down the details and will report our results here as soon as we can.

In the meantime, we recommend strongly against downloading or running Sony's Web-based XCP uninstaller.

posted by elpapacito at 5:48 PM on November 14, 2005


Sony sue Microsoft? I doubt it. By now at least some of the VHS/BetaMax case should be evident in its potential comparisons. Why did VHS survive? Because the courts determined that you can't simply restrict the legitimate uses of a device in an attempt to get rid of the illegitimate uses. DMCA is a violation of that decision already, and yet people are reluctant to mention it.
posted by mystyk at 6:31 PM on November 14, 2005


Yeah. Let's have a programmer's equivalent of the Hippocratic oath.

"Dude. I totally, like, won't do any heinous shit with my skills. Unless they pay me to, of course."

I realise that byte monkeys didn't even talk like this in the nineties but I'm in a funny phase where I find the words "dude", "totally" and "like" like, totally hilarious. Dude.
posted by Decani at 7:02 PM on November 14, 2005


« Older 10 years....  |  Sound 101... Newer »


This thread has been archived and is closed to new comments