Today, Marielle and I stopped by Eastwood City because several major record companies were holding a sale of audio and video CDs. Yesterday she had already bought a copy of Lifehouse’s second album “Stanley Climbfall” priced at 100 pesos, so I was excited to see what else I could find at that bargain-basement price.

What’s ironic is that a few hours before that, I was at Robinsons Galleria downloading music files off Limewire. For some people this sort of behavior might be contradictory; as the ads want to have it, “Piracy is illegal.”

I don’t necessarily consider downloading music as piracy, though. I don’t download to make profit or to dodge having to buy the artists’ CDs; I use Limewire to find extremely rare tracks that didn’t even exist on commercially-released CDs, or to determine whether an artist’s album is worth buying. In the case of Gavin deGraw’s “Chariot Stripped” two-disc special edition, I haven’t seen a single copy in local record stores, so I downloaded the acoustic disc one afternoon. I’d still like to have an original of that album eventually, since my interest in it was piqued by the downloaded songs.

But what choice does one have when legitimate copies of music CDs come with hidden software that cripples your computer? On October 31, the news broke that Sony Music had packaged software into their CDs for copy protection purposes. I don’t blame them for trying, but the issue wasn’t copy protection; the issue was that Sony had used rootkit technology to hide the software. According to Mark Russinovich, the person who discovered Sony’s doings, “[r]ootkits are cloaking technologies that hide files, Registry keys, and other system objects from diagnostic and security software, and they are usually employed by malware attempting to keep their implementation hidden…” Russinovich detected the rootkit and removed it painstakingly, but this resulted in his computer losing access to its CD-ROM drives.

After Russinovich reported this in his blog, the issue snowballed; Boing Boing has a timeline of events, but basically the rootkit was discovered to serve a more insidious purpose: it opened a backdoor into the infected system, which trojans and other malicious programming could use to install themselves undetected or to play havoc with the system. Sony’s program also violated privacy rights of the people who had bought these discs legitimately; once installed in the system, the program reported disc usage back to Sony, though the company denies paying attention to this data.

Sony confounded matters even further by providing an “uninstaller” of the rootkit. Unfortunately, one was required to provide personal information before downloading the uninstaller, and the additional program didn’t actually do anything to remove the rootkit, but only made it visible. Additionally, the uninstaller opened an even bigger security hole in systems where it was installed. And the End-User License Agreement is even worse than these security holes: here are the conditions you must agree to before you can even listen to the CD.

Note that none of these things would have happened if the consumers had simply just downloaded the songs file-by-file off peer-to-peer networks. I’m not advocating illegal behavior, but Sony’s deeds were a serious disservice to the people who trusted them and attempted to do the right thing by buying original CDs. Here’s a full list of the infected CDs from Sony.

And since I’m supposed to be a good mass comm student, I have to mention the media angle to this issue. Apparently CNN failed to pick up the story in the early days of the controversy, in stark contrast to the tech news sites that were abuzz with it. A conspiracy theory attributes this to CNN being part of Time Warner and the RIAA (the industry body that is attempting to rein in digital piracy of audio and video).

As for me, I was able to find a good CD at the sale. One hundred pesos for “Long Gone Before Daylight,” The Cardigans’s fourth album. Ü