Slashdot Mirror
California Class Action Suit Sony Over Rootkit DRM
carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law,
which allows public prosecutors and private citizens to file lawsuits
to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."
Install Sony DRM protected CD
Re-Name your favorite CD ripping program to $SYS$filename.exe
Now your CD ripper is hidden from Sony's DRM
It can also be used to hide cheat programs from various games.
From the EULA :
:
NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO, THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED EQUIPMENT, DOWN TIME AND USER'S TIME), EVEN IF THE SONY BMG PARTY CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES, COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO FIVE US DOLLARS (US $5.00). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.
And this little bit too
Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY 1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS (STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS. 2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY WAY TO THIS EULA OR THE SOFTWARE.
So yeah, they tried to get out of their corperate liabilities.
Several things are important to point out:
First, right now it isn't "California" as a whole suing Sony. An attorney has filed a class action lawsuit, and California citizens (and the world as a whole) will benefit. It would be nice if the California Attorney General would lend the government's support in an amicus curiae brief, but in media-rich California that isn't likely to happen. The representatives of the people of California haven't really weighed in on the matter yet, sadly.
Second, a New York law firm will be next to join the bandwagon. Things are heating up faster than the article summary indicates
Third, all of these lawsuits are going to hit Sony *hard*, right in the wallet. Any financial benefit they might have gained from their DRM will be lost unless the lawyers involved immediately drop their cases.
Finally, Sony really doesn't have any solid defense against the charge that they violated the Consumer Protection Against Consumer Spyware Act, *unless* the act specifies that spyware can only be classified as such if it submits personally identifiable information back to the authors or a third party. I'm not too clear on that regard- anyone have information they can add on that count?
From the article: "Sony's move is the latest effort by the entertainment companies to rely on controversial 'digital rights management' (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire."
Yeah, because installing secretive, privacy-invading software on your computer is sure to stimulate CD sales.
And the uninstall process is a privacy invasion too... you gotta fill out an online form, check your email for a URL to ANOTHER online form, then get the uninstaller. And while the uninstaller gets rid of the XCP2 Aurora, it simultaneously installs another DRM (MediaJam). Nice. Sony, how I love thee. You're so sinister.
$nice = $webHosting + $domainNames + $sslCerts
Yeah, but companies always put that in. Ever go to the hospital and sign a liability waiver saying you won't sue them if the doctor makes a mistake? Malpractice suits still happen (and are won) even though the patient signed that waiver.
I believe the term is "exculpatory", and the way my legal environment professor explained it was this: "If clauses like that worked, we'd all be driving around with signs on the front of our cars that say, 'Not responsible if I hit you'." (IANAL, of course.)
Thomas Hesse, President of Sony BMG's global digital business division, showed up on NPR to try and sweep the entire thing under the rug.
Pathetic
95% of all sigs are made up.
Pestpatrol ad/spyware remover now detects and removes sony's DRM rootkit hats off to eTrust for that.
... and the part I love best is that I actually need to rip the thing before it wrecks my CD player. I bought the "DualDisc" version of the Trey Anastasio CD they show in the EFF write-up. Every time I put it in my 10 year old Sony CD player, it makes a horrible racket. One of my friends is having trouble playing it in his portable because it's so thick that it's brushing the lid. I'm afraid to put it in the car disc player for fear that it will get stuck.
Besides putting a personal ban on buying any more Sony junk, and doing my best to avoid buying any albums on their label, I will also be writing to the artist and urging others to do the same.
I had a law prof once who pointed out that waivers from liability are very limited in their ability to protect from litigation. If Sony broke the law, they broke the law. No EULA will protect them from being hauled into court.
"We are all geniuses when we dream"
- E.M. Cioran
If you want to see how the 'logic' of Sony works, see this patent;
T O2&Sect2=HITOFF&u=/netahtml/search-adv.htm&r=1&p=1 &f=G&l=50&d=ptxt&S1=(Kutaragi.INZZ.+AND+Sony.ASNM. )&OS=in/Kutaragi+AND+an/Sony&RS=(IN/Kutaragi+AND+A N/Sony
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
For short version, see this story;
http://www.joystiq.com/entry/1234000420067137/
(Sony is patenting a method for games console discs to be tied to the console unit they're first ran on. No second hand game sales or loaning of games...)
IANAL, but I worked for one for more than seven years. I haven't the training or the interest to provide legal advice, but here we go:
i d=360
Exculpatory/Hold Harmless/Indemnity agreement is/are the correct term(s).
Exculpatory agreements are those contracts that attempt to create a pretext of blamelessness when a party might otherwise be typically held liable for damages in the event of some sort of failing on their part.
They're generally challenged at a state level and taken before the state supreme court. Generally speaking, the track record of such agreements is dismal. Wisconsin, for example, has recently heard some six or so cases involving exculpatory agreements, including the one provided along with Atkins. In each case, the court ruled that the agreements were unenforcable. Here's the Supreme Court's overturn of the trial court's finding of indemnity:
http://www.gklaw.com/publication.cfm?publication_
They're not always ruled unenforceable, but because they tend to be so overbroad, they're highly subject to being ruled that way. Generally speaking, this type of agreement is used mainly to frighten people away from lawsuits. The handful of people who will actually challenge them and the cost they create for a company is usually much smaller than if the company actually had to pay out when they did some harm.
I voted for Bob Dole once. That was the smartest thing I ever did since he lost.
IANAL
As I recall my Business Law textbook stating "the court frowns on disclaimers of responsibility". You see such disclaimers all over the place, signs on stores and parking lots, purchase agreements, and eulas. However there is established criteria that a company or private owner must apply due diligence to make sure their actions/product do not injure others and is generally determined in court by the "reasonable man" test. "Injure" includes not only physical injuries to persons but financial, reputation etc "injuries".
http://www.bitdefender.com/VIRUS-1000058-en--Backd oor.IRC.Snyd.A.html
Naturally, they are promoting their software as protection.
Stay away from Dell too. After I was rear-ended in a car accident, my PCMCIA slot was damaged, but the machine worked fine otherwise.
Of course that damage wasn't covered by my warranty, but the repair was covered by the other guy's insurance company. Their only clause for paying for it was this: any replaced parts needed to be shipped to them by me (I guess they wanted to make sure I wasn't trying to scam them and get myself a new computer).
When I got the repair authorization from Dell, and fronted the $800 cost, I told the tech on the phone that I needed the replaced parts returned to me (the mobo needed to be replaced). He said no problem, I just needed to attach a note to the laptop, and they'd ship the parts back with the repaired laptop.
I attached a note to the laptop to the effect (taped it securely to the back of the screen so it would be seen when the box was opened). After the laptop came back, it didn't have the old mobo, and the bill clearly stated that the mobo had been replaced. But there was no old mobo in the box.
When I called support to ask about it, the first guy I talked to said Dell had a policy of never returning bad parts, but instead they destroy them in an environmentally friendly fashion. I explained I'd been told I could get the parts back, and needed the parts back to get reimbursed for it by insurance, he sent me to level 2. Level 2 said they do have a policy that they'll return those parts, but that I needed to tell the guy who issued my RMA in the first place. I explained I had done so, and he said, "I don't see any note on your RMA for that, you must not have done so, perhaps if you'd attached a note." I explained I had also attached a note, because that's what I was instructed to do by the RMA issuer. He checked the unpacking logs, and said no mention was made of a note.
In the end I ended up talking to about a dozen different people in the returns area, almost every one had a different idea about how I'd have to have made sure I got the parts back, including some who told me that there's a 25% surcharge on getting the parts back (!).
They wouldn't provide a partial or full refund for the work completed, they wouldn't ship me another mobo (I told them I didn't care if it was smashed into 100 pieces), and they didn't care that I was out the costs of this repair without the original parts. I climbed all the way up the supervisor chain to the director of out of warranty repairs, and no one cared, and no one was 1) willing to admit that any mistake had been made on their end (I had a PHOTO of the laptop in the shipping package, with my note attached to it, clearly readable, they claimed I could have done that after the fact), nor 2) willing to take any steps to placate me as an unhappy customer.
So the insurance company wouldn't reimburse me, I spent $800 repairing a laptop that was not really worth that much (guess the insurance company should have totaled it), and it's all Dell's fault. They honestly didn't care.
Slay a dragon... over lunch!
Can I use LAME in my commercial program?
*** IMPORTANT NOTE ***
The decoding functions provided in LAME use the mpglib decoding engine which is under the GPL. They may not be used by any program not released under the GPL unless you obtain such permission from the MPG123 project (www.mpg123.de).
Intron: the portion of DNA which expresses nothing useful.
Get an AMEX card, pay with it and dispute any nonsense like this with them, you'll likely get your money back.
A body shop pulled a similar stunt with my car after I was in an accident. The repairs that they made were of poor quality, and the insurance company refused to do anything since I didn't tow the car 50 miles to the nearest authorized center.
Fortunately, I charged it to my amex blue card, and wrote them a letter describing the situation in detail. There was some back and forth with the body shop, but the end result was a $3,000 chargeback which allowed me to get the shoddy work replaced.
Conformity is the jailer of freedom and enemy of growth. -JFK
When non-lawyers point out that they aren't lawyers, it's for the benefit of the reader so the reader doesn't mistake a layperson's opinion on a legal matter with expert legal advice. In other words, I'm saying above "I'm not an expert on this matter, so don't take what I say here and try to apply it in a court of law or you could be in serious trouble".
Lawyers have to be careful online about giving out legal advice because of ethical standards, so they frequently disclaim their statements (whether it means anything or not) with "this does not constitute legal advice". Providing certain advice could be construed as creating an attorney-client relationship. At that point, you could also be automatically in breach of attorney-client privilege because you would be posting your new client's advice on a public forum.
There's actually a significant amount of debate on the matter. By simply pointing out that you're not providing legal advice, does your advice become any less legal?
Disclaiming is sort of like those statements at the bottom of corporate emails that say if you receive a message by mistake you're obligated to destroy it immediately. Well, of course you're not unless you have a contract with the company that says otherwise. If I get a private email from somebody with damaging corporate details, I'm in no way, shape, or form obligated to destroy it, and I'm entirely free to share it with other people so long as I'm not breaking other laws by doing so (e.g. - committing fraud, espionage, etc.).
I voted for Bob Dole once. That was the smartest thing I ever did since he lost.
Because in many jurisdictions, offering certain types of advice (typically legal, financial or medical) as if you're knowledgable on a subject, but without the professional qualifications, insurance etc. to match, can get you in a whole heap of trouble if the advice turns out to be wrong. There's nothing wrong with discussing these issues anywhere, AFAIK, as long as it's clear that it's a personal opinion and not professional advice.
AIUI, the disclaimers are actually more relevant for those who are practising professionals. For example, if a lawyer gives some general legal advice randomly on the Internet, they probably wouldn't want it to be treated the same way as advice they gave in confidence to a client whose exact situation they knew. A couple of fairly regular Slashdotters have a sig that says something like "I am a lawyer, but I'm not your lawyer, and this is not my legal advice to you".
Of course, the most important disclaimer is that if you get your legal advice from Slashdot, you probably deserve whatever consequences befall you anyway...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
There are already 10's of millions of non-TPC computers in the world. You should be able to live the rest of your life buying cheap used computers off of eBay to use.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
It's because on /. we often assume the law should reflect our own common sense of how things should work. There is in reality no connection. Every day hundreds of disappointed litigants leave courts scratching their heads on how the law came up with such a screwy result against common sense and all decency.
'IANAL' is a nod to the way things really work. 'IANAL' says, 'Here's my common sense, but it means nothing in a court of law.'
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
It doesn't require auto-run to be disabled or enabled. You have to use the media player software that comes on the CD to play the CD.
PS. iTunes for Windows will turn on auto-run if you have it disabled.