As millions of people use the Web for doing detailed research on products and services, getting involved in political campaigns, joining music and film fan clubs, and reviewing and discussing hobbies and passions, they congregate in all kinds of online places. The technologies go by various names but all include a way for people to express opinions online: Chat rooms and message boards (places where people meet and discuss topics online), list serves (similar to a chat room but with messages going out by email to members who have registered), Wikis (a Web site that anybody can update), and blogs that have an active community of people who provide comments to blog posts written by the blog author. At specialty sites of all kinds, like-minded hobbyists, professionals, fans, and supporters meet and discuss the intricate nuances of subjects that interest them. Interactive forums like these were once seen as insignificant backwaters by PR and marketing people—not worth the time to even monitor, let alone participate in. I've heard many marketers dismiss online forums with disdain, saying things like, "Why should I worry about a bunch of geeks obsessively typing away in the dead of night?" But as many marketers have learned, ignoring forums can be hazardous to your brand while participating as a member reaps rewards.
On October 31, 2005, in a post on his blog called Sony, Rootkits And Digital Rights Management Gone Too Far, Mark Russinovich detailed an analysis he conducted on characteristics of the software used on Sony BMG music CDs to manage permissions for the purchased music. Russinovich argued that shortcomings in the software design create security issues that might be exploited by malicious software such as worms or viruses. He also showed that both the way the software is installed and its lack of an uninstaller utility were troublesome.
"The entire experience was frustrating and irritating," Russinovich wrote on his blog. "Not only had Sony put software on my system that uses techniques commonly used by malware [malicious software] to mask its presence, the software is poorly written and provides no means for uninstall. Worse, most users that stumble across the cloaked files with a RKR scan will cripple their computer if they attempt the obvious step of deleting the cloaked files. While I believe in the media industry's right to use copy protection mechanisms to prevent illegal copying, I don't think that we've found the right balance of fair use and copy protection, yet. This is a clear case of Sony taking DRM too far."
The reaction to Russinovich's post was immediate and dramatic. In the next several days, hundreds of comments, many harshly critical of Sony BMG Music, were posted on his blog. "Thank you very much for bringing to light what Sony is doing. I have purchased many thousands of dollars of their products over the years. Next year’s purchases will be zero," said User101. "I SAY BOYCOTT THE BASTARDS!!" said Jack3617. "If you plan on boycotting, let the offending company know. They need to know that they are loosing customers and WHY. Perhaps others companies will get the message as well," said Kolby. "Great article by Mark and scandalous behavior by Sony," said Petter Lindgren.
Hundreds of other bloggers jumped in with their own take on the issue, and chat rooms and forums such as Slashdot were abuzz. Many people expressed frustration that the music industry disapproves of music piracy and sues music downloaders yet treats its customers poorly (which reflected negatively on the entire industry, not just Sony BMG). Soon, reporters from online news sites such as ZDNet and InformationWeek wrote their own analyses, and the issue became international news.
So where was Sony BMG during the online hullabaloo? Not on the blogs. Not on the message boards. Nobody from Sony BMG participated in the online discussions. Nobody spoke with online media. Sony BMG was dark (not participating in the communities at all), which added to the frustrations of those who were concerned about the issues. Finally on November 4, 2005, Sony BMG's global digital business president Thomas Hesse went on NPR's Morning Edition to defend the company. The choice of NPR (radio) as a forum to react to a storm of protest on the Web was a poor one. Had Hesse immediately commented on Russinovich's blog or agreed to speak with a technology reporter for an online publication, he could have gotten his take on the issue onto the screens of concerned people early in the crisis to help diffuse the anger. But instead of understanding customer concerns, Hesse downplayed the issue on Morning Edition, saying he objected to terms such as "malware," "spyware," and "rootkit." "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said in the interview.
Online debate intensified. On November 18, 2005, Sony BMG reacted with the announcement of an exchange program. "To Our Valued Customers," the announcement read. "You may be aware of the recent attention given to the XCP content protection software included on some SONY BMG CDs. This software was provided to us by a third-party vendor, First4Internet. Discussion has centered on security concerns raised about the use of CDs containing this software. We share the concerns of consumers regarding these discs, and we are instituting a mail-in program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection and receive MP3 files of the same title…"
Unfortunately for Sony BMG, the exchange program didn't end the issue. On November 21, 2005, Texas Attorney General Greg Abbott sued Sony BMG under the state’s 2005 spyware law. California and New York followed with class action lawsuits. Soon after, law student Mark Lyon started a blog to track Sony BMG XCP rootkit lawsuits. "I trusted Sony BMG when they asked to install a 'small program' on my computer," Lyon wrote on his blog. "Instead, they infected my computer with poorly written code, which even if it wasn't designed for a malicious purpose (like reporting my activities—something they expressly promised they were not going to do), opened me up to a number of computer viruses and security problems. This site exists to help others who have been harmed by Sony BMG and their XCP Content Protection." Several cases have since been settled, and Lyon has continued to cover all the action on his Sony Suit blog.
Of course, we will never know what would have happened if someone from Sony BMG had quickly jumped into the blogstorm, apologized, stated Sony's plan of action, and offered the exchange program immediately. Yes, I'm sure it would still have been a crisis situation for the music publisher, but I'm also certain that the negative effects would have been substantially diminished.
What's important for all organizations to take away from this incident is that it is critical to respond quickly to situations as they unfold on the Web. Reacting quickly and honestly in the same forums where the discussions are taking place is essential. You may not be able to completely turn a negative situation around, but you will instantly be seen as a real person who gives a name and a personality to a large, seemingly uncaring organization. Just by participating you will contribute to making the situation right. The Web's power of linking should insure that participants who see your posts on one forum or blog will link to them from other forums and blogs, so you don’t have to worry about contributing to multiple places. What's important is first getting out there; after that, remember that authenticity and honesty are always paramount.