Slashdot Mirror
Texas Sues Sony BMG over Rootkit
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
EFF has launched a class-action suit against Sony.
Man is a slave because freedom is difficult, whereas slavery is easy.
Here's a link to the official Texas AG's press release.
= 1266
http://www.oag.state.tx.us/oagNews/release.php?id
They even have an online complaint form. Be the first on your block to get in on the lawsuit!
Heck is a place for people that don't believe in gosh.
The PDF is available here. The press release is here.
:) )
(cough
If you have been damaged in any way, shape or form, it's time to call their bluff!
I believe it can also be bypassed by holding down the shift key while inserting the CD into the drive (temporarily disabling AutoRun), or by permanately disabling AutoRun.
Using a bit of tap to do it is just grandstanding.
Congratulations, you just violated the DMCA.
It's the statutory penalty for the violations: $100K per infraction. The Texas AG was just on TV (CNBC) and suggested that the fines came out to hundreds of millions of dollars.
If you want your life to be different, live it differently.
I believe it wasn't turned on. It doesn't self balance when its off.
So basically, the rootkit would install itself on your PC even if you clicked NO on the popup that appears after inserting the disk? Wow... Now re-read this (different article, posted on Slashdot earlier):
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" the head of Sony BMG's global digital business, Thomas Hesse, told National Public Radio.
I don't know... So they are counting on tricking gullible PC users into installing something which will ultimately harm their PC, which is heinous in itself, but somewhat legally "murky" enough for them to get away with it. But when your answer to the EULA actually has no effect whatsoever on whether the r00tkit is installed or not, that is beyond words. It shows how much these corporations disrespect their customers. We are sheep. With cash they gave us for working for them... and they want it back.
At $100k per offense and the highest distributed CDs figure I have seen being 24 million installations from 50 different DRM infected CDs, that'd be quite a big number, even if you only count Texas installations.
In fact the upper limit (assuming conservativly only 1 infected PC per CD) is:
2,000,000,000,000 or 2 trillion dollars. Of course what percent are provably installed in Texas? is it Five percent? even if it's two percent that's $50,000,000,000 or 50 Billion dollars.
Lets take a conservative estimate.
In the 2000 census, Texas had a population of 20,851,820 http://en.wikipedia.org/wiki/Texas
and the whole US has a population of 281,421,906. http://en.wikipedia.org/wiki/United_States
So Texas had 7.4% of the US population.
Sony claims that all DRM disks where sold domestically, but lets be kind and say that 80% of the disks were sold domestically so 19,200,000 disks in the US.
Lets assume that the consumers in all states have similar buying habits.
So 7.4% of 19,200,000 US disks is 1,420,800 Texas sold disks.
1,420,000 times $100,000 max fine per disk is: $142,100,000,000 or 142 Billion Dollars.
I have seen estimates as low as 500,000 DRM infected disks sold in the US.
That number is much lower.
500,000 * 80% * 7.4% * 100,000 max fine is: 2,960,000,000 or 2.96 Billion dollars.
Any way you spin it, this is going to get ugly for Sony.
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
So the spyware has to be pretty deadly!
Unfortunately, that only works if killing them will prevent your property from getting damaged/stolen. Inapplicable in this case.
From http://www.oag.state.tx.us/
Yeah, this guy's really a shark. Stupid frickin lawyers always screwing everything up enforcing laws. God dammit. Imagine how great the world would be without lawyers making sure everyone follows the rules. </sarcasm>
It breaks my pluginses, my precious!
This was someone else's idea here on slashdot, and it works.
"Sony intentionally infected that CD with DRM. It is infected with DRM. It will take over your computer." I just told this to a friend of mine who is a huge fan of Imogen Heap and was about to buy her recent US release of Speak for Yourself through Sony.
Sony infected this CD with DRM for the Mac, and maybe Windows, too.
My friend has spoken with Immi before and is writing her to tell her why, although he supports her and goes to her shows when possible (the hotel/cafe tour for example), he will not be buying the album.
He will not be buying it because It is INFECTED with DRM.
Whomever came up with this brilliant strategy, please feel free to take credit in a reply here. I can't find the original comment.
http://www.deathpenaltyinfo.org/article.php?scid=8 &did=245
Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
Here's a torrent of the news conference video.
That the AG, like basically all state employees, is paid salary. So it doesn't matter how many of what kind of cases he wins, he gets the same amount of money, it's not a contenginecy basis like private lawyers. So ALL the money goes to the state, not just a certian percentage. You don't get rich working as a lawyer for the state.
No, this sentence refers to SunnComm MediaMax, not First4Internet XCP. MediaMax doesn't use a rootkit, but installs even if you reject the EULA, phones home when you play a CD, does not include a functioning uninstaller--but if you jump through a bunch of hoops, SunnComm will give you an ActiveX uninstaller that opens a huge security hole on your computer, kind of like XCP's.
Sony recalled XCP CDs but didn't say a word about MediaMax. The EFF is pressuring them to recall those CDs as well, which have been on the market for two years and number at least ten times as many as XCP.
- Using random or deceptive filenames to make it difficult for the consumer to find and uninstall the program, in violation of CPACSA 48.053(5).
- Inducing the consumer to install software by falsely claiming that it is necessary to play the media, in violation of CPACSA 48.055(1).
Seems pretty weak, but I imagine they'll tack on additional charges once they've had the chance to do some discovery.People don't know what DRM is, but they DO know what a virus is.
This isn't EXACTLY a virus, but it's VERY close, so call it that.
You're not enough of a salesperson. You're trying to be exact and precise about what you say--instead, give them a term they understand that is close to reality.
"Sony distributed a virus on their CD's in an attempt to break your CD drive so that it cannot copy their CD's. In addition, it opens your computer up so that it can get many other viruses, and it has the ability to report your usage back to Sony at any time."
That'll sell, and it's true.
-=Lothsahn=-
I had sent a friend information about this Sony thing last week and it got not a lot of attention. However same friend was trying to de-lous another persons PC yesterday and called me for support (Note: I'm not particularly qualified for Windows support at this point, but I can do Google searches and say things like "hang in there" from time to time). I think by that time I was called many of the virus and spyware elements had been cleaned by conventional means, but there seemed to be some persistent problems. Just in case, I asked whether they had played any of those Sony BMG music discs in the machine. Apparently I was on a speakerphone setup, and I heard several denials of the form "We never use our machine for such things" while my friend asked me what I was talking about.
After refreshing his memory, and in turn having the family involved talk among themselves for a while, it turned out that some Sony BMG discs HAD been played in that machine, and some of the remaining questionable files had Sony all over them even though the family didn't own a Sony camera, Sony music player or any other Sony device that they could think of. Finally someone remembered that the little girl in the family HAD played, or ripped, or SOMETHING some music CDs in the machine and off they rushed to find them. In the mean time I was looking for the list of Sony BMG discs affected, originally numbered 20 and widely circulated at that count, but subsequently updated to 50, and listed on a Sony website. I found the list of 50 at about the same time that they found their played/ripped/inserted/whatever CDs and sure enough, several of them had the Sony BMG label on them. Now the catch was that (a) none of the CDs they had found were on the list and (b) none of the CDs they had found had the warning that they contained copyright protection software, and my understanding was that the affected discs did contain such a warning.
Well, by getting rid of the Sony BMG stuff they seemed to be back to a clean machine, and they swore to never insert a music CD into their machine again or to buy a CD from Sony. So, congratulations should go out to Sony BMG and First4Internet for accomplishing their objectives. Now to round out the picture:
(1) I suspect that Sony BMG, Sony alone, and BMG alone have in the past used other protection schemes and while they haven't been vocal about it, other companies are doing the same experimentation. All of these programs have their own ways and means of hiding themselves and controlling what YOU do with YOUR PC. But NONE of them have exhaustively looked into the legal, much less technical ramifications of what they do. They think that by merely relying on third party companies like First4Internet they can claim ignorance of the consequences.
(2) Rumor has it that by the time you are asked for your permission to install software when you insert these disks SOME software has already been installed.
(3) Sony/BMG isn't the only company doing this, they are just the only company that has been caught.
(4) These discs have been out for a year, and some people say two years, or maybe more.
(5) There is no quick and easy way to uninstall these programs, either from Sony BMG or the s
We just disabled the installation of any software from removable media.
:) While Windows isn't the greatest OS... it's pretty flexible and I admit, I have a soft spot for Active Directory and Group Policy :)
The rootkit can't install unless you have rights to do it -- Domain Admins in our case
The price is always right if someone else is paying.
the security fix blog over at washingtonpost.com appears to be suggesting so...
That this is a STATE Attorney General, suing on behalf of the citizens of his (MY) state, the State Of Texas. Considering that any statutory penalties would go into the state coffers and NOT into the AG's pockets (He's a salaried employee of the State of Texas, not your lawfirm type attorney...) your claims of 33% of this going into his pockets would be dead wrong. Your rant, nice though it was, was like a tale told by an idiot, full of sound and fury, signifying nothing. (With apologies to Wm. Shakespeare...)
But then, this IS Slashdot, afterall...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
That they stole code from LAME and violated the LGPL got like one minute of news airtime before falling into the background. That really isn't important to the average person, which is really a damn shame. I would expect that part to be more important or at least more-covered in the media.
NPR Covered the story which pleased me. They started it off like this:
"Today's vocabulary word is 2 words: ROOT KIT"
A decent 5 minute segment on it.
actually comment id #14086744 is in violation of the digitial millenium copyright act, because it 'describes' a 'method' for defeating a digital copyright protection scheme. actually holding down said key is not a violation of the DMCA, since you then have to use software to violate copyright, which is then covered under copyright law. the violation of the DMCA is in Sharing the method for defeating the copyright method. not in making a tool (in this case Microsoft Windows) which _can_ be used to defeat copyright protections. unless the Primary function of that software is 'defeating copyright protection' there is pretty much no case against them.
so, there you go windows is not in violation of the DMCA, every poster on every fourm/blog/etc telling people of this 'method' is violating the DMCA. but don't worry, with as many laws as the united states has on the books you're sure to have violated at least one of them in the past week.
https://www.gnu.org/philosophy/free-sw.html
Simply put, there are no criminal charges because no LAME copyright holder has yet sued them.
I didn't bash Texas. You obviously have a problem with the french, apparently . Funny that - that's gratitude for being able to live in America versus British Colony XYZ, I suppose.
Btw I have nothing against Brits. I just hate mindless jingoism fueled by ignorance and hypocrisy. I bet your bigotry began right about the time of ``freedom fries'' and other such anti-French nonsense fueled by rightful opposition to what is now clearly an illegal war?
It does phone home.
It opens a connection to connected. sonymusic. com (IIRC), and apparently transmits the ID of the CD. Sony claimed this didn't happen, but a simple packet sniffer is all it takes - the connection opens the instant you tell the player to start.
-=This sig has nothing to do with my comment. Move along now=-
Actually Texas didn't give you Bush. Connecticut gave you Bush. He lived in Texas for a bit before moving back to New England for high school, college and then graduate school. His mom is from New York and his dad is from Massachusetts. I'm half-way convinced that the accent is faked.
Texas did however produce Ann Richards, the democrat governor of Texas prior Bush and David Cobb, 2004's Green Party candidate.
Sorry -- I know the above was an attempt at humor, but I do get sick of the assumption that everyone in Texas is far-flung Bush-lovin' right wingers.
That would be billion, not trillion.
//not trying to be an ass...
$3,362,560,000 ($3 billion, 362 million, 560 thousand, 000.00)
Just thought I'd clear that up, since you made the mistake twice in your post.
Of course, I may be wrong...if the whole counting thing was changed recently.
BDR Gear
Outdoor gear, MREs, and more!
It's not so ironic as predictable. The mods will moderate you whatever you ask them not to, provided you post early enough, and the rest of your content is good enough to make them look.
Mods, I forbid you to moderate this post informative.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
It's not. It's in New Jersey, despite what the Supreme Court likes to think.
http://www.nps.gov/stli/
Indeed. Live by the ridiculously high fine; die by the ridiculously high fine.
And, today's PSA:
Copyright Office Taking DMCA Comments. Clearly, the rules need to make it 100% unambiguously clear that, yes, it's legal to remove malware from your computer.
/. If the government wants us to respect the law, it should set a better example.