Of rootkits and personal responsibility

Network World's front page last week featured a story titled "Are all rootkits evil?" What triggered this question was the court-ordered settlement handed down the week before that requires Sony BMG Music Entertainment to compensate consumers who purchased Sony audio CDs that installed a rootkit when they were played on a PC. The compensation amounts to $7.50 and a free album download from Sony's catalog for each CD purchased.

Let's see, at 15 million purchases that works out to a total fine of about $250 million . . . not bad. Certainly a lot more than a slap on the wrist, but is it fair?

I ask because had some teenager in the likes of Defiant, Idaho, released similar code on the world with such reckless abandon, he would be looking at a jail term and his parents would be looking at bankruptcy. The culprit and his parents would have been held personally responsible.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Network World's front page last week featured a story titled "Are all rootkits evil?" What triggered this question was the court-ordered settlement handed down the week before that requires Sony BMG Music Entertainment to compensate consumers who purchased Sony audio CDs that installed a rootkit when they were played on a PC. The compensation amounts to $7.50 and a free album download from Sony's catalog for each CD purchased.

Let's see, at 15 million purchases that works out to a total fine of about $250 million . . . not bad. Certainly a lot more than a slap on the wrist, but is it fair?

I ask because had some teenager in the likes of Defiant, Idaho, released similar code on the world with such reckless abandon, he would be looking at a jail term and his parents would be looking at bankruptcy. The culprit and his parents would have been held personally responsible.

So why have no Sony BMG executives been held personally responsible for their reckless, ignorant decision to distribute malware with their CDs?

Remember Thomas Hesse, the president of global digital business for Sony BMG Music Entertainment? When the furor over the Sony rootkit was reaching a head, it was Hesse who, in an interview on National Public Radio's "Morning Edition," said: "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

Anyway, it probably won't come as a surprise to find out that what happened to Hesse, who as top dog in this area surely should carry the responsibility of major cock-ups, was nothing. I checked with his office, and he's still there and still the president of global digital business. Amazing.

The Network World story continued: "But the broader rootkit debate seems far from over." Various people are jumping into the fray, with some saying rootkits are a practical and defensible technique, while others decry them as the spawn of the devil and the beginning of the end of civilization as we know it.