Spyware monitors classified the Digital Rootkit Management (DRM) software, which only is applicable to machines running the Windows operating system, as malicious. Sony, under massive pressure, then released a DRM uninstaller and issued a recall for 2 million XCP-protected music CDs from about 20 of their artists.

"Sony has capitulated almost entirely," says Russinovich in his blog.

The Electronic Freedom Foundation (EFF) immediately got into the act, publicly releasing the contents of a scathing letter it sent Sony, saying in part, “Software that deceives the owner of the computer it runs upon and opens that computer up to attacks by third parties may be expected to come from malicious cyber-attacks; it is certainly not expected nor acceptable to be distributed and sold to paying customers by a major music company. Accordingly, EFF welcomes your company's decision to temporarily halt manufacturing CDs with XCP and to reexamine "all aspects" of your "content protection initiative.”

EFF demanded Sony immediately offer to refund the purchase price of the infected CDs, recall the CDs containing the software, as well as undertake a massive advertising campaign to reach the 2.1 million consumers who have already purchased infected CDs, about the possible unexpected danger from hackers and other intruders the software opens their computers to. It also demanded that Sony remove from all current and future marketing materials statements like that say the cloaking software "is not malicious and does not compromise security.

Among the other demands, were that Sony compensate computer owners for any damage done by hackers and other intruders accessing their computers via the DRM vulnerabilities; it cooperate fully with any interested manufacturer of anti-virus, anti-spyware, or similar computer security tools to facilitate the identification and complete removal of XCP and that Sony publicly waive any claims it may have for investigation or removal of these tools under the Digital Millennium Copyright Act (DMCA) and any similar laws.

According to EFF, the DRM software was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, elements of it run continuously - even when no Sony-BMG music CD is in use. It provided no clear uninstallation option, until Sony released the uninstaller. Additionally, without notifying users, the software appeared to contact a remote machine under Sony's control.

In an effort to stem music piracy, Sony BMG chose an invasive approach. Other corporations, such as EMI Music, the largest independently owned music label, have so far not used any copy protection methods. Some independent labels, such as Barsuk Records based in Seattle, even view DRM as counter-productive and actually encourage file-sharing.

"I think it's going to be impossible to regulate the copying and trading of music," says John Roderick from the band The Long Winters, which is represented by Barsuk Records.

Typically, artists get the last say. One reason: Higher profile bands often refuse to comment on the issue, thinking any opinion on the matter will upset fans or the record label. Several bands, including the Dave Mathews Band and Foo Fighters - both of which have CDs protected by DRM - declined comment on the issue.

When bands do comment, it can cause tension between the band and its label. "We were horrified when we first heard about the new copy-protection policy," wrote Switchfoot guitarist Tim Foreman on a Sony BMG message forum. "It is heartbreaking to see our blood, sweat and tears over the past two years blurred by the confusion and frustration surrounding new technology."

Switchfoot is represented by Sony. The message was promptly removed.

Often, the independent labels and commercially autonomous bands are the most outspoken DRM critics. For them, the regulations are nothing more than a bureaucratic annoyance. The vast majority of bands generate most of their revenue from touring and selling merchandise - not from CD sales.

The record industry has been "engaged in the business of exploiting musicians, robbing them of their copyrights, shortchanging their royalty payments, and nickel-and-diming them with line-item expenses out of almost all their money anyway," said Roderick, of The Long Winters. "Now the record industry wants musicians to be offended that people are stealing their music? It's laughable."

But there are some artists who favor tightly instituted digital rights management. "Music piracy has changed the industry," says Lu Rubino, lead singer for rock group Story Side:B, which is represented by Off the Ground Entertainment. "The labels are just not signing as many bands. A big band like Metallica gets worked up about the debate, but it's the smaller bands that are not getting paid for what they are doing, and it makes for a rough start."

Overall, music DRM still presents a technical challenge. The Sony fiasco has some labels looking for alternative DRM methods to protect music from thieves, but are non-obtrusive and completely transparent to music fans.

EMI has tested a copy protection scheme that can be seamlessly integrated into the music listening experience, according to Todd Chanko, a DRM expert at Jupiter Research. "EMI copy protection will limit the number of burns you can do and also launches a Web application that provides music videos, opportunities to buy ring tones, t-shirts, and interviews," he said. "DRM can still be elegant."

Ultimately, it's not the industry or the analysts who decide whether DRM succeeds. Music fans will decide how much they are willing to bear to support the intellectual property rights of artists. So far, they don't appear too willing to do so.