Slashdot Mirror
California Class Action Suit Sony Over Rootkit DRM
carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law,
which allows public prosecutors and private citizens to file lawsuits
to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."
From the EULA :
:
NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO, THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED EQUIPMENT, DOWN TIME AND USER'S TIME), EVEN IF THE SONY BMG PARTY CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES, COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO FIVE US DOLLARS (US $5.00). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.
And this little bit too
Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY 1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS (STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS. 2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY WAY TO THIS EULA OR THE SOFTWARE.
So yeah, they tried to get out of their corperate liabilities.
Several things are important to point out:
First, right now it isn't "California" as a whole suing Sony. An attorney has filed a class action lawsuit, and California citizens (and the world as a whole) will benefit. It would be nice if the California Attorney General would lend the government's support in an amicus curiae brief, but in media-rich California that isn't likely to happen. The representatives of the people of California haven't really weighed in on the matter yet, sadly.
Second, a New York law firm will be next to join the bandwagon. Things are heating up faster than the article summary indicates
Third, all of these lawsuits are going to hit Sony *hard*, right in the wallet. Any financial benefit they might have gained from their DRM will be lost unless the lawyers involved immediately drop their cases.
Finally, Sony really doesn't have any solid defense against the charge that they violated the Consumer Protection Against Consumer Spyware Act, *unless* the act specifies that spyware can only be classified as such if it submits personally identifiable information back to the authors or a third party. I'm not too clear on that regard- anyone have information they can add on that count?
From the article: "Sony's move is the latest effort by the entertainment companies to rely on controversial 'digital rights management' (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire."
Yeah, because installing secretive, privacy-invading software on your computer is sure to stimulate CD sales.
And the uninstall process is a privacy invasion too... you gotta fill out an online form, check your email for a URL to ANOTHER online form, then get the uninstaller. And while the uninstaller gets rid of the XCP2 Aurora, it simultaneously installs another DRM (MediaJam). Nice. Sony, how I love thee. You're so sinister.
$nice = $webHosting + $domainNames + $sslCerts
Yeah, but companies always put that in. Ever go to the hospital and sign a liability waiver saying you won't sue them if the doctor makes a mistake? Malpractice suits still happen (and are won) even though the patient signed that waiver.
I believe the term is "exculpatory", and the way my legal environment professor explained it was this: "If clauses like that worked, we'd all be driving around with signs on the front of our cars that say, 'Not responsible if I hit you'." (IANAL, of course.)
Thomas Hesse, President of Sony BMG's global digital business division, showed up on NPR to try and sweep the entire thing under the rug.
Pathetic
95% of all sigs are made up.
Pestpatrol ad/spyware remover now detects and removes sony's DRM rootkit hats off to eTrust for that.
I had a law prof once who pointed out that waivers from liability are very limited in their ability to protect from litigation. If Sony broke the law, they broke the law. No EULA will protect them from being hauled into court.
"We are all geniuses when we dream"
- E.M. Cioran
If you want to see how the 'logic' of Sony works, see this patent;
T O2&Sect2=HITOFF&u=/netahtml/search-adv.htm&r=1&p=1 &f=G&l=50&d=ptxt&S1=(Kutaragi.INZZ.+AND+Sony.ASNM. )&OS=in/Kutaragi+AND+an/Sony&RS=(IN/Kutaragi+AND+A N/Sony
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
For short version, see this story;
http://www.joystiq.com/entry/1234000420067137/
(Sony is patenting a method for games console discs to be tied to the console unit they're first ran on. No second hand game sales or loaning of games...)
Actually renaming the ripper does NOT work, at least not consistently, according the original "discoverer" of this. See the last Slashdot story about it.
Besides, you still have their shitty security-compromising, phone-homing, CPU cycle eating rootkit installed! So what if there's some way of working around it to rip the CD, it needs eradicating completely or better yet to not be installed to begin with.
Better method :
- Disable autorun, or hold down shift whilst you insert and explore the CD
- Run ripper as normal, the rootkit isn't installed so there's nothing it can do
Best method :
- Don't buy the "CD" to begin with, write to the artist and Sony telling them why.
Yeah, it's being used to cloak several cheat programs like the WoW auto-fisher. If I were head of one of their publishers I'd have my team of vicious attack lawyers looking for some legal grounds to sue Sony for loss of earnings / financial harm, I know there probably there aren't any but it's worth a try.
IANAL, but I worked for one for more than seven years. I haven't the training or the interest to provide legal advice, but here we go:
i d=360
Exculpatory/Hold Harmless/Indemnity agreement is/are the correct term(s).
Exculpatory agreements are those contracts that attempt to create a pretext of blamelessness when a party might otherwise be typically held liable for damages in the event of some sort of failing on their part.
They're generally challenged at a state level and taken before the state supreme court. Generally speaking, the track record of such agreements is dismal. Wisconsin, for example, has recently heard some six or so cases involving exculpatory agreements, including the one provided along with Atkins. In each case, the court ruled that the agreements were unenforcable. Here's the Supreme Court's overturn of the trial court's finding of indemnity:
http://www.gklaw.com/publication.cfm?publication_
They're not always ruled unenforceable, but because they tend to be so overbroad, they're highly subject to being ruled that way. Generally speaking, this type of agreement is used mainly to frighten people away from lawsuits. The handful of people who will actually challenge them and the cost they create for a company is usually much smaller than if the company actually had to pay out when they did some harm.
I voted for Bob Dole once. That was the smartest thing I ever did since he lost.
http://www.bitdefender.com/VIRUS-1000058-en--Backd oor.IRC.Snyd.A.html
Naturally, they are promoting their software as protection.
Stay away from Dell too. After I was rear-ended in a car accident, my PCMCIA slot was damaged, but the machine worked fine otherwise.
Of course that damage wasn't covered by my warranty, but the repair was covered by the other guy's insurance company. Their only clause for paying for it was this: any replaced parts needed to be shipped to them by me (I guess they wanted to make sure I wasn't trying to scam them and get myself a new computer).
When I got the repair authorization from Dell, and fronted the $800 cost, I told the tech on the phone that I needed the replaced parts returned to me (the mobo needed to be replaced). He said no problem, I just needed to attach a note to the laptop, and they'd ship the parts back with the repaired laptop.
I attached a note to the laptop to the effect (taped it securely to the back of the screen so it would be seen when the box was opened). After the laptop came back, it didn't have the old mobo, and the bill clearly stated that the mobo had been replaced. But there was no old mobo in the box.
When I called support to ask about it, the first guy I talked to said Dell had a policy of never returning bad parts, but instead they destroy them in an environmentally friendly fashion. I explained I'd been told I could get the parts back, and needed the parts back to get reimbursed for it by insurance, he sent me to level 2. Level 2 said they do have a policy that they'll return those parts, but that I needed to tell the guy who issued my RMA in the first place. I explained I had done so, and he said, "I don't see any note on your RMA for that, you must not have done so, perhaps if you'd attached a note." I explained I had also attached a note, because that's what I was instructed to do by the RMA issuer. He checked the unpacking logs, and said no mention was made of a note.
In the end I ended up talking to about a dozen different people in the returns area, almost every one had a different idea about how I'd have to have made sure I got the parts back, including some who told me that there's a 25% surcharge on getting the parts back (!).
They wouldn't provide a partial or full refund for the work completed, they wouldn't ship me another mobo (I told them I didn't care if it was smashed into 100 pieces), and they didn't care that I was out the costs of this repair without the original parts. I climbed all the way up the supervisor chain to the director of out of warranty repairs, and no one cared, and no one was 1) willing to admit that any mistake had been made on their end (I had a PHOTO of the laptop in the shipping package, with my note attached to it, clearly readable, they claimed I could have done that after the fact), nor 2) willing to take any steps to placate me as an unhappy customer.
So the insurance company wouldn't reimburse me, I spent $800 repairing a laptop that was not really worth that much (guess the insurance company should have totaled it), and it's all Dell's fault. They honestly didn't care.
Slay a dragon... over lunch!
Can I use LAME in my commercial program?
*** IMPORTANT NOTE ***
The decoding functions provided in LAME use the mpglib decoding engine which is under the GPL. They may not be used by any program not released under the GPL unless you obtain such permission from the MPG123 project (www.mpg123.de).
Intron: the portion of DNA which expresses nothing useful.
When non-lawyers point out that they aren't lawyers, it's for the benefit of the reader so the reader doesn't mistake a layperson's opinion on a legal matter with expert legal advice. In other words, I'm saying above "I'm not an expert on this matter, so don't take what I say here and try to apply it in a court of law or you could be in serious trouble".
Lawyers have to be careful online about giving out legal advice because of ethical standards, so they frequently disclaim their statements (whether it means anything or not) with "this does not constitute legal advice". Providing certain advice could be construed as creating an attorney-client relationship. At that point, you could also be automatically in breach of attorney-client privilege because you would be posting your new client's advice on a public forum.
There's actually a significant amount of debate on the matter. By simply pointing out that you're not providing legal advice, does your advice become any less legal?
Disclaiming is sort of like those statements at the bottom of corporate emails that say if you receive a message by mistake you're obligated to destroy it immediately. Well, of course you're not unless you have a contract with the company that says otherwise. If I get a private email from somebody with damaging corporate details, I'm in no way, shape, or form obligated to destroy it, and I'm entirely free to share it with other people so long as I'm not breaking other laws by doing so (e.g. - committing fraud, espionage, etc.).
I voted for Bob Dole once. That was the smartest thing I ever did since he lost.