Sony's EULA Worse Than Its Rootkit?

jaaron writes "If you think the Sony rootkit is bad, check out the accompanying EULA! From the EFF's summary: 'If your house gets burgled, you have to delete all your music from your laptop when you get home. ... Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. ... Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling.'"

Screw their license and software: use Linux

[acroyear]

I realize this comment is now making /. violate the DMCA, so if they feel like deleting it for legal reasons, fine.

The CDs "protected" by this scheme are very easy to copy and have no "skip-gap" style protections that break normal cd-copy mechanisms and theoretically work "fine" on normal cd players (experience has shown otherwise).

cdrdao can read the cds just fine (I used it on the G3 Live in Tokyo release that just came out last week), and quickly identifies the data/file-system tracks from the main. rip with cdrdao, edit the toc file to remove the data tracks, and burn away. the resultant cdrom can load anywhere and is easily ripped into mp3s for your *legal* right to listen to music you purchase your way.

in fact, the most rediculous thing about their "protection" of the G3 cds is that for the 2-cd set, the second cd isn't even "protected" with that filesystem. protecting the 2nd disk relies directly on the root-kit hack that detects and analysis when sony cds are inserted, that SONY expects you would have installed by sticking the cd-1 in first.

It gets worse...

[LiquidCoooled]

The Sony uninstaller is an ActiveX object marked safe for scripting (which means any website can use it in their code)

Its got some wonderful entries which still leave holes in your system (like rebooting your computer, and a method called "ExecuteCode")
The guys has only just started work, but has an expliotable test together which will reboot your machine.

Look here for more info about Sony uninstallation fun.

Re:Misleading Artical

To me, it seems that if your CD is really stolen, you can still use the back-up you have. That's part of fair use, isn't it?

That IS part of fair use and thats why there is a problem. The EULA stating that you lose rights to the "digital content" means that if you don't have the physical CD, then you're not allowed to have the music it contained. The original authors statement is an extreme case, but his interpretation of the license agreement is correct.

Re:SONY's modest proposal

[Fafnir43]

Or else you'll be stuck playing Pikachu's.

Or perhaps RPGs (e.g. Final Fantasy, Baten Kaitos, Harvest Moon), FPSes (Metroid Prime comes to mind), or survival horror games (like Resident Evil and Eternal Darkness). I'm really getting tired of people bashing Nintendo for being 'kiddy' when it is now blatantly false.

Thats well and good, except for....

...the 4th Amendment to the Constitution prohibits revoking the right of a trial by jury....

"In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State"

hmmmm, I guess if that part of the EULA is invaled, is the rest of it really enforceable?

Re:Bash.org's funny quote related to Sony rootkit.

[danheretic]

Quick and easy solution for you:
(1) Copy and Paste into OpenOffice Writer.
(2) Highlight the text.
(3) From the Format menu, choose Change Case, then Lowercase.
Voila!

Derivative Works

[Carcass666]

From TFA:

Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

My wife is a figure skating coach and it is common for us to create short cuts of tracks (usually between 1:30 and 4:00) for use in skating programs. I'm wondering if Sony truly wants to kill the use of its music for performances such as skating, dance, etc. At any rate, it seems based on this language that her students may not be able to skate to music released under such a license. If Disney were to release such a license for its soundtracks, it would kill about 80% of the programs in lower level competitions!

Maybe you can help me out here.

[StarKruzr]

Because I refuse to fund the RIAA but still want to ensure the artists I like are compensated for their work, I buy merch and boycott CDs off of Big 5 labels. As I understand it the RIAA does not get a cut of that money, instead it all goes to the artist (less production costs). Any idea whether or not that's true?

Incorrect

The RIAA was formed in 1952 because the industry needed a standard for technology...remember the "RIAA equalization curve" for vinyl? All they did was set technical standards and certify record sales...wikipedia it for more info. That's the issue and that's why we dislike them.

Disclaimer: I'm a broadcast professional.

Information about Sony

[gone.fishing]

From their Web Site "Contact Us" page:

General SONY BMG: 212-833-8000
Arista Records: 646-840-5600
SONY BMG U.S. Latin: 305-695-3600
J Records: 646-840-5600
Jive Records: 212-727-0016
RCA Label Group Nashville: 615-301-4300
RCA Records: 212-930-4000
SONY BMG Corporate Press: 212-833-5047

WHOIS INFORMATION:
Registrant:
Sony Music Entertainment Corporation
Sony Music Entertainment Corporation
550 Madison Avenue, Sixth Floor .
New York, NY 10022
US
Email: mis_online@SONYMUSIC.COM

Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: sonybmg.com

Created on..............: Tue, Jan 25, 2000
Expires on..............: Sun, Jan 25, 2009
Record last updated on..: Fri, Aug 19, 2005

Administrative Contact:
Sony Music Entertainment Corporation
Sony Music Entertainment Corporation
550 Madison Avenue, Sixth Floor .
New York, NY 10022
US
Phone: +1.2128337305
Email: mis_online@SONYMUSIC.COM

Technical Contact:
Sony Music Entertainment Corporation
Sony Music Entertainment Corporation
550 Madison Avenue, Sixth Floor .
New York, NY 10022
GB
Phone: +1.2128337305
Email: mis_online@SONYMUSIC.COM

DNS Servers:

udns1.ultradns.net
udns2.ultradns.net

Execuitives:

ANDREW LACK
CHIEF EXECUTIVE OFFICER
SONY BMG MUSIC ENTERTAINMENT

Andrew Lack is the founding Chief Executive Officer of Sony BMG Music Entertainment, a post he assumed in August of 2004. Sony BMG Music Entertainment is a joint venture between Sony Corporation of America and Bertelsmann AG, comprising the recorded music businesses of both companies. From January of 2003 to August of 2004, Mr. Lack served as Chairman and Chief Executive Officer, Sony Music Entertainment.

As CEO of Sony BMG Mr. Lack oversees all operations of the global recorded music company, which is a leading producer and marketer of pre-recorded music and video.

Previously, Andrew Lack served as President and Chief Operating Officer for NBC since June of 2001. During his tenure with NBC he oversaw the operations of most of NBC's divisions, including Entertainment, News and MSNBC, Network, Stations, CNBC, Sales, and Broadcast & Network Operations

From 1993 to 2001 Mr. Lack was the president of NBC News, where he transformed the News division into the most-watched news organization in the world. Today, NBC Nightly News with Tom Brokaw, and Meet the Press are each No. 1 in their time periods, and the primetime franchise Dateline NBC is the top newsmagazine in key sales demographic categories and a significant part of NBC's primetime program

Re:Rootkit worse

No, they are generally not binding. They're only visible after purchase, and the "agree" button is considered a part of the install process, not an agreement to the "contract" that isn't valid at that point in the install process.

While a few idiot judges in a few jurisdictions have held otherwise, in the VAST majority of jurisdictions, they're not worth the pixels they're printed on.

The only way one would be valid in MOST places would be for it to be "signed" - electronically or paper - BEFORE the exchange of money. And of course, even then, the "whacko" clauses would be invalid.

An "after the fact" contract is almost never legally binding.

Re:Sony rootkit uses GPL code (LAME)

[yfkar]

Actually, it's LGPL but static linking is still forbidden iirc.

Wastepaper EULAs

[Markus+Registrada]

I don't understand why anybody acts as if these EULA things mean anything. Under U.S. law they have no force at all. If they sold you a product that damaged your computer or data, sue them. The judge won't even let them enter the EULA in evidence.

If you didn't get to read the EULA before you paid for the disc, it's just wastepaper. Even a button presented on-screen, "I Agree", is meaningless. (You can click those without reading them.) Under the Uniform Commercial Code, Sony has no right to place extra conditions on your use of a product you have already paid for. So, EULAs may be discarded unread, and you may click "I Agree" anywhere without actually committing yourself to anything. What remains is whatever was on the *outside* of the box that you could read before paying, and your state's implied warranty laws. Note that under many states' warranty laws, many disclaimers there are void, also.

Caveats: (1) I'm no lawyer; (2) If you didn't pay (e.g., for a web download), then the UCC doesn't apply, and you'd better read the license carefully; (3) Maryland has rescinded its Uniform Commercial Code; and (4) The U.S. Federal 2nd Circuit's court of appeals (covering NY, CT, VT) has upheld shrink-wrap licensing in those states. If you live in MD or the 2nd Circuit then you're screwed until (in MD) you fix the law or (2nd circuit) you get the decision overturned.

Re:Sony Boycott???

[PHPfanboy]

How's abouts these: (from http://www.sonybmg.com/labels.html)

• Arista Records
• BMG Classics
• BMG Heritage
• BMG International Companies
• Columbia Records
• Epic Records
• J Records
• Jive Records
• LaFace Records
• Legacy Recordings
• Provident Music Group
• RCA Records
• RCA Victor Group
• RLG - Nashville
• Sony Classical
• Sony Music International
• Sony Music Nashville
• Sony Wonder
• Sony Urban Music
• So So Def Records
• Verity Records

Next time, you can use this great new site I found called Google. Those guys are great, they seem to know everything...

Re:Don't pay for CD from these guys

[mochan_s]

Well, if you're truly paranoid, there's no reason to believe than an MP3 cannot have 'latent tags' in it either, encoded in a manner similar to (but different from) ID3v2, and perhaps mangled so you cannot see them there. So, as long as you use iTunes, WMP, or any other similar proprietary software, you cannot truly be sure that some DRM scheme won't be activated one day and suddenly apply to all your old files retroactively, MP3 or not. FOSS players are somewhat safer, not only because you can, in theory, check the code for yourself, but also because there's arguably no motivation for the people who write it to introduce such things. Then again, I'd watch out for any open-source media offerings from MS and Apple either way.

There IS a reason to believe that MP3 will always be good. The source code for an MP3 decoder is out there and it does not change from version to version of WMP or iTunes or whatever. You get an MP3 file, you can strip the tags or make the headers complaint whatever. You know exactly what's supposed to be there in the file.

However, there are no source code or formal specification for WMP and iTunes AAC out there. It's totally closed and locked away. So, you get or buy a WMP or an AAC file who knows what's in there.

Symantec's "SecurityRisk.First4DRM" removal tool

[grolschie]

http://securityresponse.symantec.com/avcenter/venc /data/securityrisk.aries.html
http://securityresponse.symantec.com/avcenter/FixR yknos.exe

it runs but does not install on close

When you run the application that shows the EULA, it also runs the copy protection. If you accept the EULA the software is installed, otherwise it only remains running until you reboot.

Reboot and it will be gone.

Please mod this up. It doesn't install unless you say yes. I would never have implemented it if it worked the way the parent post describes.

--
ex sunncomm developer

Re:it runs but does not install on close

you are an EX-employee. where is the guarantee that the current employees did not, uhm, 'improve' upon your work?

The company was going in that direction. That's when I quit.

I don't have a garantee, but I know FooFighters was released with mediamax, rev 3, (the same described in the halderman document). There is no 'download/update' code in rev 3, so if you have that CD, rev 3 is all you have.

Re:Ironic but true..

[Scarletdown]

An EULA for CD audio?!

And for years, I was under the impression that this... http://www.law.cornell.edu/uscode/html/uscode17/us c_sup_01_17.html was the EULA for music and other copyrighted works.