Okay, so DC beat me to posting about Sony’s big fat recall, but now I’m scooping him: the rootkit contained GPLed de-DRMS code by DVD Jon! I know that makes no sense. Give me a second.

“DVD” Jon Johansen is a Norwegian hacker who likes to take things like DVD encryption and Apple’s iTunes digital rights management (DRM) software and meet them in a steel cage (and win). He releases the software he writes under an open-source license called the GPL, a legally binding agreement that says “hey, you can freely look at and reuse this source code, but only if you release code derived from it under the same license.” Like the Creative Commons license I use, the GPL is just working within existing copyright law.

Now, the XCP software that’s causing such a fuss–because it installs itself on your computer without your consent when you pop in a Sony music CD, is very difficult to find or remove, deprives you of your fair use rights and makes you vulnerable to a whole new brand of virus–needs a way to interact with the CD-ripping functionality of Apple’s iTunes. iTunes creates AAC files when it rips a CD, which are locked to specific authorized computers (although some of those restrictions may be lifted for ripping–I’m not sure, as I haven’t used it to rip CDs myself). XCP doesn’t want you to authorize any other computers to use the copies you make, though. It doesn’t want those copies to leave the ripping computer ever, at all. So the people who wrote it used DVD Jon’s open-source code for messing with iTunes DRM to make that happen.

In doing so, they created derivative software and kept it closed-source. They did not release it under GPL, violating the terms of the license under which they obtained the code. And they sold it millions of times over.

Here’s the point: this is a massive act of copyright infringement and piracy, on the same scale as the giant duplication rings of Southeast Asia that record labels and movie studios have been trying to stomp out for decades. First4Internet Software, which developed the technology to “stop piracy,” is one of the single biggest software pirates on the planet. Sony BMG paid them millions to be so, and distributed the results.

The Slashdot post I linked above says this comes from the “when-will-it-end dept.” This story is amazing. If we had plotted a fantasy scenario to bring down a record label, we probably couldn’t have come up with anything this good.