InformationWeek has a roundup on the storm that engulfed Sony over their DRM rootkit over the last few weeks. I've been writing on this one extensively - InformationWeek provides a nice summary of the event. The upshot for companies is here:

"It seems crystal clear that but for the citizen journalists, Sony never would have done anything about this," says Fred von Lohmann, senior intellectual property attorney for the Electronic Frontier Foundation, a cyber liberties advocacy group that has been vocal in its condemnation of Sony and may eventually file a a lawsuit against Sony, in addition to three that have already been filed. "It's plain to me that it was Sony's intent to brush the story under the rug and forget about it."

Alan Scott, chief marketing office at business information service Factiva, said, "I think that we're in an entirely new world from a marketing perspective. The rules of the game have changed dramatically. The old way of doing things by ignoring issues, or with giving the canned PR spin response within the blogosphere, it just doesn't work."

Thomas Hesse, Sony BMG's Global Digital Business President, attempted to do just that by dismissing the online protests. "Most people, I think, don't even know what a rootkit is, so why should they care about it?" he said in a November 4 interview on National Public Radio's Morning Edition. He added, "The software is designed to protect our CDs from unauthorized copying and ripping."

That last paragraph might well have worked a decade ago. All Hesse would have had to do is convince a few journalists from Time, Newsweek (et. al.) that their intentions were good, and it would have been the end of the story. It's not as if most business reporters understand technology - they would have played it as Sony vs. a bunch of black hat hackers (various bad examples like the Morris Worm would have come up), and poof - end of story.

Now, there are plenty of knowledgeable people - like Mark Russinovich - have a platform on which to explain the problem. Others can then echo the original report, linking back to it as a source of authority. Over time, the MSM picks it up, and the story catches fire - leaving the original (third paragraph, above) response from the company in question looking stupid.

Sony learned this the hard way - they spent a couple of weeks taking damage, and - in the process - convincing a lot of people like me that Sony products just aren't trustworthy. A rapid response - would have made the whole thing go away. There are a lot of PR/marketing people out there who simply haven't adjusted to the new reality. If you do something lame, you can't just spin and watch the problem go away as the media gets distracted by something shinier. I rather suspect that no one in a position of influence at Sony was watching the rising BlogStorm, so management just chugged along, confident in their outdated view of how messaging works.

There's a lesson in that for other companies - but I'm willing to predict that an awful lot of them haven't paid any attention to this mess, and will make the same mistake when it happens to them.