Slashdot Mirror

← Back to Stories (view on slashdot.org)

President of RIAA Says Sony-BMG Did Nothing Wrong

Posted by Hemos on from the well-might-be-true dept.

Zellis writes "In a press conference held on Nov 18 Cary Sherman, the president of the RIAA, stated in reference to Sony BMG's "rootkit" software that "there is nothing unusual about technology being used to protect intellectual property." According to Sherman, the problem with Sony BMG's XCP DRM software was simply that "the technology they used contained a security vulnerability of which they were unaware". He goes on to praise Sony's "responsible" attitude in handling the problem, saying "how many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?" It seems that the latest spin is to portray the Sony rootkit as no more of an issue than a software coding error that unintentionally creates a security hole. Will they get away with it among the non-technical public?" Arguably, Sherman is right -- but I enjoy much more the fact that this whole r00tkit fiasco has set DRM back by years. Gogogo poor implementations!

25 of 631 comments (clear)

  1. Markets always trump cartels eventually by dada21 · · Score: 5, Insightful

    Sherman would be correct -- in a free market. Fortunately for us, those who rely on helping create freedom-reducing laws eventually find themselves violating their own creations.

    The real dilemma for content creators was their inability to collude together on a newer standard to replace CD, and now it is too late. Wouldn't you be mad if your cartel couldn't react in time to new situations?

    The simple fact that any audible signal can be recorded is important, yet the record companies still seem blind that they have a viable MP3 market because most consumers (with jobs) would rather pay $1 (with Jobs) than spend 20 minutes finding a song illegally or even bothering to rip their own CDs. I have more than a few friends who've rebought albums from iTunes that they own on CD. $10, to them, is worth the time.

    Does the RIAA need to continue the "piracy is wrong" campaign? Yes! But that should be the limit. Let honest people know they're not reimbursing others for the content they pirate, and I believe you'll see people continue to pay. I believe people are generally good and moral (99% of the time even a thief acts in a good way).

    Do record labels need copy protection and lawsuits? Not against consumers, not even the guy seeding a torrent to hundreds of others. They need to re-evaluate their market and see that people will pay and more people are becoming more technologically inclined so even at a lower price they can see bigger profits.

    Nonetheless I don't think we need to worry about the RIAA or rootkits or whatever much longer. The new generation (10-16) of kids recording today are already using the next distribution system (PureVolume and MySpace). I know of a few young bands already making decent money selling very professional CDs by promoting their music online for free.

    I'm starting to filter the RIAA news (at least mentally) since it isn't news to me. They had a great run of 70 years, and just like gaslamp lighters, their time has come.

    RIP A CD, R.I.P. R.I.A.A.

    1. Re:Markets always trump cartels eventually by endemoniada · · Score: 5, Insightful

      You really hit the spot here. I, myself, have no problem supporting the artists by buying their albums and merchandise. I do, however, have a problem with not being able to give 1 cent to the artist, without HAVING to give $1 to the record company. THIS, ladies and gentlemen, is the theft we should all be discussing.

      --
      Blog -
    2. Re:Markets always trump cartels eventually by endemoniada · · Score: 5, Insightful
      Yes, I do believe that THEY are running the webstore. Several of the bands I listen to run their own labels, and contract few, if any, other bands besides themselves. I also happen to know a few bands that follow this precise strategy. They sell lots of albums at their shows, and 100% of the money goes directly to them. No middleman, no excessive advertising (most of it is for free on the internet) and yet they almost make a living playing music.

      If the RIAA are correct, how is this even possible? All RIAA wants is for artists to be dependant on record labels, so that they can cash in more money.

      Think about it. If none of the money went to record labels, wouldn't the band be able to finance themselves? With the breakthrough of the internet, advertising is cheap, next to free. You can distribute music without even having to pay for the CD-materials! There is no reason we should give most of our money to record labels anymore. They're as extinct as dinosaurs, as far as I'm concerned. Couple all this with the fact that it's no longer a matter if whether people want to buy, or download. It's now a matter of whether people want to buy-and-also-get-their-computers-taken-over-withou t-having-any-knowledge-of-it, or download it.

      --
      Blog -
    3. Re:Markets always trump cartels eventually by arpk4n3 · · Score: 5, Interesting

      Advertising is one reason for joining with a major label, but performances and word-of-mouth themselves are better advertisment; in fact, only recently have television commericals or billboards played an important role in advertising. Radio traditionally has been an artist's best medium for advertisment. Advertising, however, means nothing without distribution. Major labels distribute globally through retailers, which independent artists would have a difficult time emulating, unless they have achieved substantial success on the charts (Which is difficult, if not impossible, for indie artists due to the connections between radio--Viacom, Infinity, and Clearchannel--and the labels. Thus indie artists have to find different means of advertising as well). It's not some arcane industry secret that artists typically only make 8-15 points (cents per dollar) from album sales, and from that have to pay for studio time/musicians, managers, lawyers, tours, etc. The label handles manufacturing and distribution.

      Interestingly, though, a growing number of artists, including myself, are choosing to survive as 'independent' as its profit margins are higher, and the artists themselves do not forfeit the copyrights to their songs to the labels. When you pirate music, the copyright you are breaching is not of the artist; the copyright for the recording typically is owned by their label.

      More on this (and more) is discussed in a paper I wrote, available here.

  2. Cary Sherman speaks truth. by mcgroarty · · Score: 5, Funny
    "how many times that software applications created the same problem?"

    The comparison is apt and honest. I can't count how many times regular application software has done this to me. For example, the time I put Outkast's Speakerbox CD into my drive, and I found a buggy version of Firefox had installed and masqueraded as a system DLL. Or the time I was listening to William 0rbit's Strange Cargo, all the while the CD was secretly installing an unpatched IIS server and updating the kernel to keep the install from showing. Boy, that sucks every time. :(

    Clearly the analogy as apt, and we need a more progresive, less bigoted view: Just because it's a shrouded rootkit doesn't mean it's a security hazard.

    1. Re:Cary Sherman speaks truth. by Anonymous Coward · · Score: 5, Insightful

      Saying that 'because software you choose to install may lead to security leaks make it okay that software that installs itself without warning opens up security leaks' is like saying 'because sleeping with someone you choose to may give you herpies then it is okay that someone who rapes you gives you herpies'.

  3. In Other News... by Anonymous Coward · · Score: 5, Funny

    Satan says Hitler did nothing wring!

  4. Commercial rootkit? by GGardner · · Score: 5, Insightful

    The most surprising thing to me about this whole affair is that there are companies selling rootkits. Which makes me wonder -- who else is buying them? Who knew this was a legal commercial enterprise? Can we get a list of their other customers?

    1. Re:Commercial rootkit? by Anonymous Coward · · Score: 5, Interesting

      I put Snort sigs in place for the Sony traffic http://www.bleedingsnort.org/ and got hits from the following company

      I have loaded the Sony DRM sigs but have gotten hits from other products. I am wondering if this is a false alert or another company using this root kit for DRM

      000 : 50 4F 53 54 20 68 74 74 70 3A 2F 2F 77 77 77 2E POST http://www./
      010 : 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 2F 4D 50 photoshow.net/MP
      020 : 53 4E 41 70 70 53 65 72 76 65 72 2F 73 65 72 76 SNAppServer/serv
      030 : 69 63 65 73 2F 6C 6F 67 67 69 6E 67 20 48 54 54 ices/logging HTT
      040 : 50 2F 31 2E 30 0D 0A 41 63 63 65 70 74 3A 20 61 P/1.0..Accept: a
      050 : 70 70 6C 69 63 61 74 69 6F 6E 2F 2A 2C 20 61 75 pplication/*, au
      060 : 64 69 6F 2F 2A 2C 20 69 6D 61 67 65 2F 2A 2C 20 dio/*, image/*,
      070 : 6D 65 73 73 61 67 65 2F 2A 2C 20 6D 6F 64 65 6C message/*, model
      080 : 2F 2A 2C 20 6D 75 6C 74 69 70 61 72 74 2F 2A 2C /*, multipart/*,
      090 : 20 74 65 78 74 2F 2A 2C 20 76 69 64 65 6F 2F 2A text/*, video/*
      0a0 : 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 ..Content-Type:
      0b0 : 74 65 78 74 2F 70 6C 61 69 6E 0D 0A 55 73 65 72 text/plain..User
      0c0 : 2D 41 67 65 6E 74 3A 20 53 65 63 75 72 65 4E 65 -Agent: SecureNe
      0d0 : 74 20 58 74 72 61 0D 0A 48 6F 73 74 3A 20 77 77 t Xtra..Host: ww
      0e0 : 77 2E 70 68 6F 74 6F 73 68 6F 77 2E 6E 65 74 0D w.photoshow.net.
      0f0 : 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A .Content-Length:
      100 : 20 31 36 33 0D 0A 50 72 6F 78 79 2D 43 6F 6E 6E 163..Proxy-Conn
      110 : 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D 41 6C 69 ection: Keep-Ali
      120 : 76 65 0D 0A 50 72 61 67 6D 61 3A 20 6E 6F 2D 63 ve..Pragma: no-c
      130 : 61 63 68 65 0D 0A 0D 0A 3C 3F 78 6D 6C 20 76 65 ache..........
      190 : 3C 69 6E 73 74 61 6C 6C 49 64 3E 35 66 37 35 30 5f750
      1a0 : 34 66 36 33 61 66 38 37 38 35 61 39 32 63 36 33 4f63af8785a92c63
      1b0 : 63 62 64 38 30 61 38 66 63 63 66 3C 2F 69 6E 73 cbd80a8fccf
      1d0 : 3C 2F 73 65 72 76 69 63 65 3E 0D 0D 0A ...

  5. They did nothing wrong by JBlaze03 · · Score: 5, Insightful

    Never mind that their software contained copyrighted code

  6. Big Surprise?[ - Radio now] by saskboy · · Score: 5, Interesting

    "President of RIAA Says Sony-BMG Did Nothing Wrong"

    In other news, cows give milk.

    Anyone interested in local radio coverage of this story, CJME.com is about to do a show on the Sony rootkit, you can listen live at 10:05AM CST, and again in the evening for a rebroadcast. Sorry, no podcast is made.

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  7. Anyone surprised? by blindcoder · · Score: 5, Insightful

    Actually, I'm only surprised it took the RIAA so long to stand in line with Sony on this publicly.

    --
    See my blog for my free opinions.
  8. This post 0wn3d by s0nY by mcgroarty · · Score: 5, Funny

    This post 0wn3d by sOny - Greets go out to Mitsubishi, Toyota... thanks to Toshiba for t3h maths. Secret message to Cary of RIAA: LOL can't believe u said it, now I owe you $5

  9. RIAA Hates its Customers by Doc+Ruby · · Score: 5, Insightful

    "Nothing unusual" != "nothing wrong". Sherman's response that Sony's crimes against its customers aren't unusual makes it worse. He defends the crimes by saying they're standard practice. He should get frogmarched to prison after a RICO case shows he conspires with the media cartel to commit these crimes, and to cover for them.

    --

    --
    make install -not war

  10. It's a freaking rain storm! by ThatGeek · · Score: 5, Insightful

    We've sold off industry, education and science. Looks like our business leaders are now selling their soul. Sure they've done bad things in the past, but their actions are now so blatant. They don't even try to hide what they do any more; they just "pee on our legs and tell us that it's raining".

    At what point can we say that business has gone to far? When PR boys start trying to convince us that it's ok for them to install stuff to spy on us? I'm waiting for the brain implants and mandatory goggles to "protect their intellectual privacy rights".

    Yuck.

    --
    What are you eating? isItVeg?.
  11. Re:Thank goodness for Konqueror by forkazoo · · Score: 5, Interesting

    Well, I'm a sys-admin at a company with a few hundred desktops. AFAICT, there isn't any way to scan my whole network for the rootkit, and the only sure fire, safe way to remove it is to reimage the machines that have it. Thankfully, it does phone home, so we have started looking through firewall logs for anything trying to get to the phone-home website. Still, a major PITA.

  12. Logic by Experiment+626 · · Score: 5, Insightful

    Given that:

    1) The Sony rootkit contains pirated open source code, and

    2) The RIAA finds nothing wrong about the Sony rootkit

    It follows that RIAA does not consider the piracy of copyrighted material wrong... Well, I'm off to go copy a few CDs, with the cartel's blessing this time.

  13. Re:Wrong illegal and unethical by multriha · · Score: 5, Informative

    The parts of the software are installed and activated before the EULA is even displayed to the user.

  14. SonySuit.com - Strike back in Small Claims Court by marklyon · · Score: 5, Interesting

    What Sony did wasn't responsible, it was, in fact, a crime in many areas. Call and report it to your local police department.

    On the civil side, you don't have to wait for the class action lawsuits against Sony BMG Music Entertainment and First 4 Internet to wind their way through the courts -- you can sue on your own in Small Claims Court. For a useful guide to get you started, visit SonySuit.com.

    --
    -- Mark Lyon http://www.marklyon.org
  15. RIAA is a TERRORIST ORGANIZATION! by mrchaotica · · Score: 5, Funny

    By attempting to take over computers with their rootkit, the anti-American, Fascist Sony leadership has committed electronic terrorism against the United States! Therefore, all members of their organization (Al-RIAA) should go directly to Guantanamo Bay, do not pass court, do not collect any more royalties!

    (Okay, so I'm only half-serious -- but hey! It could happen, given that we've done it to others for less!)

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  16. FoxTrot tries to educate the Public by Jaxim · · Score: 5, Informative

    Did you all see today's FoxTrot? It appears that existence of Sony's rootkit is becoming more and more mainstream.
    http://news.yahoo.com/news?tmpl=story&u=/uclickcom ics/20051121/cx_ft_uc/ft20051121

  17. No, Sherman is not right by Dr.+Blue · · Score: 5, Insightful

    To pass this off as a bug "of which they were unaware" is horribly inaccurate.

    The software hides itself -- by design, not as a bug.

    The software makes itself difficult to remove -- by design, not as a bug.

    The software places itself in fundamental system areas, like accessing the CD, compromising those areas -- by design, not as a bug.

    No, the problem isn't a bug. The problem is a company thinking they have the right to get into places on my system that they have no business being, and then hiding to make it difficult to clean.

    A common component of all anti-spyware legislation and attempts that I'm aware of is that everything has to include a reasonable and effective uninstall procedure, that clears out the software. Sony didn't have this -- again by design.

  18. Evil Pirates! Putting honest people out of work ! by Chaffar · · Score: 5, Insightful
    "And for generations, students have spent their hard-earned dollars on the music they love in the local college record store. How many of those stores are left now? Makes you realize just what the impact of illegal downloading can be, and why we've taken the actions we have."

    Causal fallacy.

    It's not like he doesn't know it, but why bother building proper arguments when you can get away with absolute b*llshit and still be quoted as a respectable source? I couldn't finish reading the whole article, and to compare file-sharers to bank robbers and shoplifters was just insulting.

    Cary Sherman: Obviously, anyone who has stopped downloading (or uploading) illegally will not get sued.

    Thank you, Cary Sherman, for your infinite compassion towards us petty thieves, we are not worthy of such.

  19. SCO says, HEY! LOOK AT ME! pleeeease?!!! by Thud457 · · Score: 5, Interesting
    Sony insider: DRM is discredited at Sony

    A high-placed source at Sony BMG has emailed me with some interesting information about the ongoing rootkit DRM fiasco. My source says,

    Some of the top Sony BMG artists who had XCP placed on their CDs are complaining directly to the label heads, furious that it will hurt their relationship to their fans and their sales as they go into the massively important Christmas season. Add that to rising number of anti-DRM voices within in the company who have been against DRM as only hurting "the people that are doing the right thing and buying our music." This all means that some of the label heads are finally starting to believe that DRM is just bad for business.

    Now they are starting to stand up to the corporate leaders who are pushing DRM as the solution to their sliding revenue, particularly Thomas Hesse who notoriously said "Most people don't even know what a rootkit is, so why should they care about it?"

    At least of the label heads has threatened never to allow another CD to go out with DRM again.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  20. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion