Slashdot Mirror
California Class Action Suit Sony Over Rootkit DRM
carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law,
which allows public prosecutors and private citizens to file lawsuits
to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."
But how did Sony's actions prevent people from suing? Was there a clause in the EULA that prohibited it? Since they're getting their asses sued off anyway, can't the judge throw this one right out?
bleh.
:)
Anyway, It's good to see this happening. It's important to make sure that the major labels realise that while DRM is legal, there are limits to what people will tolerate - and damaging peoples machines is not something that people are going to tolerate.
Heck, with luck they might even water down Blu-Ray as a result. I can dream
not to buy CDs. Like I needed more reasons. They are already too expensive and they force me to buy tracks I don't want just to get the 1 or 2 I want. I know Sony *thinks* they are *adding value* which will incent me to buy CDs, but obviously they miscalculated.
If only someone would offer a digital download service with CD quality content.
The more you regulate a company, the worse its products become.
Just rename your emailed copy of the lawsuit to $sys$lawsuit.pdf and it will disappear!
I used to buy a lot of music CDs. But after this wave of incompatible discs i just resorted to download mp3s as its sure that i can play them on whatever device i want.
1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
Before this gets /.ed, here's the text.
/.er's take on this vast DRM-wing conspiracy?
Quoth the EFF :
Now the Legalese Rootkit: Sony-BMG's EULA
November 09, 2005
If you thought XCP "rootkit" copy-protection on Sony-BMG CDs was bad, perhaps you'd better read the 3,000 word (!) end-user license agreement (aka "EULA") that comes with all these CDs.
First, a baseline. When you buy a regular CD, you own it. You do not "license" it. You own it outright. You're allowed to do anything with it you like, so long as you don't violate one of the exclusive rights reserved to the copyright owner. So you can play the CD at your next dinner party (copyright owners get no rights over private performances), you can loan it to a friend (thanks to the "first sale" doctrine), or make a copy for use on your iPod (thanks to "fair use"). Every use that falls outside the limited exclusive rights of the copyright owner belongs to you, the owner of the CD.
Now compare that baseline with the world according to the Sony-BMG EULA, which applies to any digital copies you make of the music on the CD:
1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.
2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."
3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.
4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.
5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.
6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.
7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.
8. You have no right to transfer the music on your computer, even along with the original CD.
9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.
So this is what Sony-BMG thinks we should be allowed to do with the music on the CDs that we purchase from them? No word yet about whether Sony-BMG will be offering a "patch" for this legalese rootkit. I'm not holding my breath.
Posted by Fred von Lohmann at 12:24 PM | Permalink | Technorati
Endquote. It's interesting to see just how far Sony will go to alienate the tech-savvy user base. It's been a few years since I religiously started forbidding people to buy Sony products, because I wouldn't be assed to "fix my vaio, please" or to "take a look at my LCD screen, there are, like black dots and stuff on it", but my brother-in-law still got himself a Sony DAP.
The first thing I thought was, "Wow! The salesman actually managed to sell him something that isn't an iPod.", but come on. What's you
I know that Sony's actions here will make me think twice about buying a Vaio. I'm getting ready to buy a new laptop, and Sony does have some decent ones out there. However, I have no way of knowing that they're not gonna install this crap on the machine at the factory. Well done Sony. The actions of one arm are negatively affecting sales of another...
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Looks like Sony aren't making it easy to get rid of their rootkit.
Most Spyware has fewer hoops to jump through to uninstall it.
I'm not sure how Sony arrived at the decision to take over people's computers, but I can't see the morality of it. "People are stealing from us, so let's damage their property."
In meatspace, this would be called "vigilante justice," but I'm not sure that large corporations qualify for that label.
You can piss off the consumers, the college kids, the geeks, the nerds, the haxx0rs, the artists, and even other people in the industry itself... but when you put that crap on a country CD, you just know some politician is going to buy it, and then you're screwed.
My script don't crash! She crashes, you crashed her!
Several things are important to point out:
First, right now it isn't "California" as a whole suing Sony. An attorney has filed a class action lawsuit, and California citizens (and the world as a whole) will benefit. It would be nice if the California Attorney General would lend the government's support in an amicus curiae brief, but in media-rich California that isn't likely to happen. The representatives of the people of California haven't really weighed in on the matter yet, sadly.
Second, a New York law firm will be next to join the bandwagon. Things are heating up faster than the article summary indicates
Third, all of these lawsuits are going to hit Sony *hard*, right in the wallet. Any financial benefit they might have gained from their DRM will be lost unless the lawyers involved immediately drop their cases.
Finally, Sony really doesn't have any solid defense against the charge that they violated the Consumer Protection Against Consumer Spyware Act, *unless* the act specifies that spyware can only be classified as such if it submits personally identifiable information back to the authors or a third party. I'm not too clear on that regard- anyone have information they can add on that count?
Not that there's anything wrong with that. (=
From the article: "Sony's move is the latest effort by the entertainment companies to rely on controversial 'digital rights management' (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire."
Yeah, because installing secretive, privacy-invading software on your computer is sure to stimulate CD sales.
And the uninstall process is a privacy invasion too... you gotta fill out an online form, check your email for a URL to ANOTHER online form, then get the uninstaller. And while the uninstaller gets rid of the XCP2 Aurora, it simultaneously installs another DRM (MediaJam). Nice. Sony, how I love thee. You're so sinister.
$nice = $webHosting + $domainNames + $sslCerts
I mean, come on, Sony! Celine Dion? Neil Diamond? Ricky Martin??
If you were really serious about XCP as a means to prevent illicit copying, in order to protect your revenue, how about applying it to music that people would want to download?
I can't believe how appropriate some of the song titles are:
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
almost like they are an extra subliminal warning, given the extra Sony "Bonus" that awaits on the CD.
I hope this goes to court and triggers Sony into mounting an DMCA based defense ("this is our copy protection system, and you don't mess with that shit even if does screw your PC"), then maybe people would get a better understanding of what a rotten law the DMCA actually is.
Pestpatrol ad/spyware remover now detects and removes sony's DRM rootkit hats off to eTrust for that.
Never mind: I see one of the other posters has kindly provided the EULA, which says I can't listen to (what otherwise would have been) my music at work anyway.
Problem "solved"
Caveat emptor! (read label, avoid zombie un-CDs)
Yow! I'm supposed to have a plan?
- DRM rootkit to stop piracy: $50,000,000
- Patch to water-down DRM rootkit: $5,000,000
- Top notch lawyers to sue pirates: $100,000,000
- Being sued by the only legitimate users you have: Priceless.
There are some thought processes money can't buy. For everything else there's MasterTard (tm).
And people wonder why I haven't bought a single CD in the past 5 years that didn't come from an independant artist. Sony will just have to lable me as a heathen devil commie mutant anti-social pirating slime bag since I now get all my music from other sources besides the traditional record industry. First it was a copy protection that killed my CD-Rom drive and my Car Stereo, now we have a major company turning into a @#$%ing hacker with intent on screwing up my system just to keep me from using thier music in THIER OWN MP3 PLAYER.
Yes, I love the fact that Sony wants to sell me a MP3 player and MP3 compatable CD and DVD players, but doesn't want me to actually USE the damn things to listen to thier music.
Go Figure.
The other stupid thing is the simple fact that there is no copy protection that has lasted more than 2 weeks before it was cracked, and at times in the most embarrasing way imaginable.
The one that cost millions to develop and was cracked using a $1.25 Sharpie marker jumps to mind.
Frankly I hope the music industry dies. I'm just so utterly sick to death about the whole goddamn thing I want it gone.
Phoenix
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
This opens another plan of attack which I think will have more chance of succeeding (at least for public mind-share. I can't judge the legal value of the argument).
Rubies and Pearls are not what you think.
t's important to make sure that the major labels realise that while DRM is legal, there are limits to what people will tolerate - and damaging peoples machines is not something that people are going to tolerate.
It's not simply a question of tolerance or not; some DRM may be "legal", but (IANAL) installing a root-kit on someone's machine without notification or permission almost certainly isn't. If they get away with this, it'll be because they have better lawyers, not because by any reasonable judgement it is "legal".
Of course, I hope it kicks up a stink for Sony too, but that's beside the point.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
$sys$woohoo... ;-)
Eloi are stupid, throw morlocks at them!
If you want to see how the 'logic' of Sony works, see this patent;
T O2&Sect2=HITOFF&u=/netahtml/search-adv.htm&r=1&p=1 &f=G&l=50&d=ptxt&S1=(Kutaragi.INZZ.+AND+Sony.ASNM. )&OS=in/Kutaragi+AND+an/Sony&RS=(IN/Kutaragi+AND+A N/Sony
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
For short version, see this story;
http://www.joystiq.com/entry/1234000420067137/
(Sony is patenting a method for games console discs to be tied to the console unit they're first ran on. No second hand game sales or loaning of games...)
According to this article (Dutch) on the CD Get Right With The Man of Van Zant there are strings from the library version.c of Lame. The following strings are found: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".
Also in the program go.exe their is an array called "largetbl", which is part of tables.c of libmp3lame. Can anyone confirm these findings?
LAME is licenced under the LGPL. Could this mean more trouble for Sony because of a license violation?
Actually renaming the ripper does NOT work, at least not consistently, according the original "discoverer" of this. See the last Slashdot story about it.
Besides, you still have their shitty security-compromising, phone-homing, CPU cycle eating rootkit installed! So what if there's some way of working around it to rip the CD, it needs eradicating completely or better yet to not be installed to begin with.
Better method :
- Disable autorun, or hold down shift whilst you insert and explore the CD
- Run ripper as normal, the rootkit isn't installed so there's nothing it can do
Best method :
- Don't buy the "CD" to begin with, write to the artist and Sony telling them why.
Yeah, it's being used to cloak several cheat programs like the WoW auto-fisher. If I were head of one of their publishers I'd have my team of vicious attack lawyers looking for some legal grounds to sue Sony for loss of earnings / financial harm, I know there probably there aren't any but it's worth a try.
"I bought the "DualDisc" version of the Trey Anastasio CD they show in the EFF write-up. Every time I put it in my 10 year old Sony CD player, it makes a horrible racket."
Funny, same thing happens when my wife plays the Celine Dion CD. But I think in my case, the horrible racket is the intended output.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
...as they have renamed themselves to $sys$Sony...
http://www.bitdefender.com/VIRUS-1000058-en--Backd oor.IRC.Snyd.A.html
Naturally, they are promoting their software as protection.
IANAL, but I would love to be the one kicking the shit of out this EULA.
Suppose you sign a contract with me in which for $100 I promise to fix things so your neighbors stop complaining about your dog barking at night. We agree in our contract that you will limit my liability from anything resulting from my attempts to stop Fido from barking to $50. I then drive up to your house and put a bullet through Fido's head.
Now, does any person reasonably believe that you authorized me to shoot your dog, even if it's the most convenient way to accomplish what I said I'd do? Does any person reasonably beleive that consumers authorized Sony to completely undermine the security of their systems?
Or how about this: I agreed to limit any damage due to my use of Sony's software, but my system crashed as a result of my placing a Deustche Grammaphone CD in the drive. That wasn't my use of Sony's software, that was Sony's use of Sony's software to check up on me. Or my system is compromised by a hacker. That wasn't my use of Sony's software, that was the hacker's use of Sony's software. And don't say I promised not to hold you responsible for negligence. This isn't negligence it's misrepresentation. This is not "YOUR USE OF ANY OF THE LICENSED MATERIALS"; nor is it "THIS EULA" (see point above).
Sony should just own up to the fact this was incredibly stupid and irresponsible rather than bulling ahead and piling up liability for itself. Even at $5.00 a CD, it's going to hurt when the hammer drops. They should offer to replace all existing CDs with this software and provide technical support for one year to users who are affected by it.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Can I use LAME in my commercial program?
*** IMPORTANT NOTE ***
The decoding functions provided in LAME use the mpglib decoding engine which is under the GPL. They may not be used by any program not released under the GPL unless you obtain such permission from the MPG123 project (www.mpg123.de).
Intron: the portion of DNA which expresses nothing useful.
From Macintouch today:
A reader followed up on the discovery that Sony was playing a dirty trick on its customers, secretly installing a malware-style "root kit" on their computers via audio CDs:
I recently purchased Imogen Heap's new CD (Speak for Yourself), an RCA Victor release, but with distribution credited to Sony/BMG. Reading recent reports of a Sony rootkit, I decided to poke around. In addition to the standard volume for AIFF files, there's a smaller extra partition for "enhanced" content. I was surprised to find a "Start.app" Mac application in addition to the expected Windows-related files. Running this app brings up a long legal agreement, clicking Continue prompts you for your username/password (uh-oh!), and then promptly exits. Digging around a bit, I find that Start.app actually installs 2 files: PhoenixNub1.kext and PhoenixNub12.kext.
Personally, I'm not a big fan of anyone installing kernel extensions on my Mac. In Sony's defense, upon closer reading of the EULA, they essentially tell you that they will be installing software. Also, this is apparently not the same technology used in the recent Windows rootkits (made by XCP), but rather a DRM codebase developed by SunnComm, who promotes their Mac-aware DRM technology on their site.
so, Mac users have been safe up 'til now......
http://news.com.com/Antivirus+firms+target+Sony+ro otkit/2100-1029_3-5942265.html?part=rss&tag=594226 5&subj=news
Excerpts:
However, Computer Associates, which has a security division, said on Monday it had found further security risks in the Sony software and was releasing a tool to uninstall it directly.
According to Computer Associates, the Sony software makes itself a default media player on a computer after it is installed. The software then reports back the user's Internet address and identifies which CDs are played on that computer. Intentionally or not, the software also seems to damage a computer's ability to "rip" clean copies of MP3s from non-copy protected CDs, the security company said.
"It will effectively insert pseudo-random noise into a file so that it becomes less listenable," said Sam Curry, a Computer Associates vice president. "What's disturbing about this is the lack of notice, the lack of consent, and the lack of an easy removal tool."
So, not only is it spying on you, it even prevents you from making good copies of the CD's WITHOUT any DRM!!! The BALLS!