Slashdot Mirror
Texas Sues Sony BMG over Rootkit
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
Way to go Texas, for $100.000 Sony will pay and do-it again ...
it still benefits the consumers, does it not, if the huge amounts of money going to lawyers and the bad publicity act as a disincentive to such behavior?
IANAL but it seems to me that criminal rather than Civil penalties is the way to go here.
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
It's a good feeling when it doesn't even take a month for a major state's state government to sue over a consumer issue that has so many people I know riled up. No, it's not just us getting ourselves worked up, it really was that slimy and abusive a thing for Sony to have done.
Last week there were complaints here and elsewhere that class-action and criminal prosecutions were slow in coming, with only California and I think New York having responded promptly. This is great news* that this is starting to be prosecuted more widely (as it should be), and encouragement to everyone lobbying elsewhere for lawsuits in their own states/countries.
[*] Technically it's not "great news", it's simply the just application of the law. But when a mega-corporation such as Sony is the spyware distributer, it doesn't take a cynic to fear that justice come second to capital, as was the case for a certain monopolist...
Sure, why not? When the RIAA sues people for sharing songs online they sue for a ridiculous amount of money per song. It's only appropriate that they are on the other end of it for a change. $100,000 sounds good to me.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
Just hold the shift key when you pop in the cd. Or better yet, disable the windows autorun "feature".
Whoever thought that running unverified code from a cd automatically without warning the user was a good idea should be shot.
Only two posts for the stereotypes to start flying, even in spite of the positive news. Seriously, do you have absolutely no shame?
I realize--in your rush to post first--that "facts" are irrelevant to you..
/. makes me wish there was an 'idiot' moderation, or at least a 'first post' moderation. In this case, a mere glance at the first sentence of the article would've made it clear that this was an action taken by the state to protect its citizens.
But the State of Texas (you know, the State Attorney General, in representation of the State of Texas and its citizens) is suing Sony. If the lawsuit is won, than the money goes into the coffers of the state of Texas, which will result in an increase in public works, which *does* benefit us.
Sometimes
I currently have no clever signature witicism to add here.
Or they better yet: should have done it the Enron way, and gotten buddy-buddy with Bush and the GOP, and not have to worry about prosecution at all.
What's up with Kenny-boy Lay, anyway?
Sorry, that wouldn't have stopped the EFF's suit, or even the Texas AG's.
Ken Lay's case is pending trial, so no, his friendship with Bush doesn't count for much.
Why do people think Bush is (1) stupid; (2) evil; and (3) has all sorts of magical powers?
Geez.
He's just a guy, you know?
D
If some college student had pulled this stunt they would be sitting in jail as we speak. Why is Sony getting away with this crap? I also can't believe that they stole code from LAME and violated the LGPL without a second thought. These people are criminals in every sense equally as bad as those they are trying to keep from copying their CDs.
I will never, never ever buy another product that says SONY on it again.
It's probably best not to get too carried away... This is an example of a bad DRM implementation. I'm not sure how you extrapolated that to "DRM is bad". That's like claiming computers are bad because one was once used in a crime.
It's possible your co-workers were losing interest because you were pushing an agenda rather than explaining facts.
Sony did the wrong thing here by installing a root-kit on their customers PC's, not by using DRM.
How the *fuck* did they ever conclude that installing a rootkit on their "enhanced" CDs was a financially sound legal tactic that came with no fear of being sued by Sony shareholders for causing loss of profit?
Loose change? They should be so lucky. They'll probably just get lots of unwanted CDs again. Only these will be more unwanted than ever before.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
So we can blame the state for:
You can blame the one guy for refusing to stand in their way - are you sure you would have had that courage ?
OT: Next time your tongue itches to say something stupid about the French, remind yourself why the Statue of Liberty is in New York, again.
/haven't/ yet found way to exploit the rootkit and thus come into posession of the first corporate-created zombie botnet (make Windows security jokes all you want, this is for real).
Anywho, personally I can't wait to see Sony go down in flames over this. Some part of me is almost disappointed that a couple of adolescents with an axe to grind
Frankly, even with autorun disabled and my shift key held down, I'm not putting a disc in my Windows box that I know has a ROOTKIT on it! If Microsoft really wants to follow through on their mantra of improved security, they should turn autorun off by default. The minor convenience of running disc-based programs without having to click on them isn't worth the risk. They've had ten years to figure this out and if they had, this rootkit issue wouldn't have been an issue. Matter of fact, it's unlikely Sony would even have bothered. Let's face it ... the real culprit isn't Sony's rootkit: it's AUTORUN. As you say, allowing removable media of unknown pedigree to execute arbitrary code is just stupid, but there you go. Microsoft left a a security hole so big you could drive a bus through it, and someone finally used it. The only surprise is that it was one of the world's biggest consumer electronics / media companies. I feel sorry for all the people that got rooted and screwed over, but with any luck Sony's penance will mirror their own.
The higher the technology, the sharper that two-edged sword.
The proper punishment for Sony out of this must be sufficient that that Sony, and every other record company will absolutely never any use any kind of DRM that changes even one bit on your computer again. Anything less is not enough.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
remind yourself why the Statue of Liberty is in New York
It's not. It's in New Jersey, despite what the Supreme Court likes to think.
Oh, for there to be a +6 funny mod for those rare ones. I'm just very glad I wasn't drinking any coffee when I read that!
To fight the war on terror, stop being afraid.
Well, that would be okay* because if they fine Sony enough, they could pay for the roads without charging tolls!
*except, of course, for the inherent stupidity in building roads instead of rails, when we really need to be transitioning towards electric-powered transportation
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Except that all DRM is bad. This so-called "bad implementation" was doing exactly what it was designed to do!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
That's absolute crap. If that's the case, then the number of violations counted in P2P copyright infringment cases should be the number of different P2P programs used!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
When I read the submission, I knew that the first 50 posts or so would probably involve a hick accent and killing people. What I didn't expect was the fact that NOBODY would say anything about that characterization.
/. readers. Austin is part of the San Francisco - Seattle - Austin Axis of Technology. Screw the rest of you guys.
Look, Texas has hick parts. There's strong concentrations of them in East Texas around the Louisiana border and also in West Texas starting from Abilene west and north. But, it is unfair to characterize this entire state as being uncultured cowboy gun slingers, nor is it fair to generalize people who live in the more rural parts as hicks. This state is as cultured as any others, and when it comes to the South, we stand far and above. We have the largest and one of the most prestigious university systems in the world, we represent one of the most diverse cultural melting pots in the country, we have probably the best music and independent film communities outside of New York and LA, and the list goes on.
What disturbs me most is that not one person from Texas wants to dispute any of that bullshit the rest of these comments are flinging about. And it's not that there aren't Texan
As far as the AG sueing Sony, hats off to him. It's not exactly a secret that this state is pretty damn laissez-faire. That was a damn impressive move.
Also, by the way, you know that Texan accent that you have been using mentally to read this post? Stop that... now.
... are the other recording corporations.
Europe has traditionally taken a very strong stance against corporations who abuse their power. While I suspect you may be trying to incite Republicans with your anti-European sentiment, the fact of the matter remains that Europe has the guts to stand up to corporations who want no-good.
They're the only ones who had the balls to truly take on Microsoft, for instance. They also had the guts to say "No!" to the manufactured war in Iraq.
Cyric Zndovzny at your service.
Its been proven to be ineffectual time and time again.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Gee, I hope the lesson Sony learns is more about what not to do, instead of how not to hide it.
"he drew his sword Ringil that glittered like ice... and he wounded Morgoth with seven wounds..."
Its been proven to be ineffectual time and time again.
I shoulda put a smiley in. However, WRT the death penelty in general, I agree for different reasons.
For the insane or those who have lost hope, it fails to deter. For those who feel they have something to lose, it's not necessary, A long prison term is enough for them.
Lawsuits :-)
$100,000 per violation, multiplied by how many people may have been rooted by this rootkit?
I'm hoping at least 1000, as $100,000,000 would be a noticable sum even to Sony, and certainly serve as a deterrant to them and others against future idiocy. Even if it were just Texas that put a few extra nails in Sony's coffin. Such a lawsuit will seem profitable, which will probably engage the interest of more states, which will be baaaad news for Sony. Blood in the shark filled waters.
Ah well, live by the buck...
what are evil companies to do in the future. Not sell their wares in Texas? It would become pretty identifyable which wares were infested if they excluded them all from the Texam market. This is a case where the mariad of individual state laws is going to possibly be good for everyone.
Tons of people got suckered into installing this because they trusted Sony. The CD won't play without Sony's player installed, so most people would have browsed into the CD and found an installer if they had autorun disabled. In a trusted computing world, Sony would have had a valid signature, so their software would have been "trusted" by the OS, so it would install just fine. If it prompted users for their Administrator password, most people would supply it, because it's generally needed to install software. Mark Russinovich even fell prey to this, although he was smart enough to figure out that he had been rooted, and how. The issue certainly isn't about users being too dumb, because Mark is not dumb, it's about companies taking advantage of the implicit trust that comes with their being viewed as a "legitimate" company.
The trust issue goes much, much deeper, as Bruce Schneier points out on his blog. Where were the anti-virus companies during all of this? Where was Microsoft during all of this? It has the appearance that they were all colluding with Sony. A question that should be asked of each of those companies is "were they in on it, or were they just incompetent?" Either way, it's not encouraging.
Don't be silly. We don't object to the teaching of microaddition - that's perfectly obvious. We only have a problem with the teaching of macroaddition - the theory of ones to quintillions. Nobody has ever even seen more than a few million of anything. It takes just as much faith to believe in Graham's Number as it does to believe in the Lord Jesus Christ, so we expect either equal time to be given to Intelligent Math, or that the teaching of atheistic macroaddition be removed from the curriculum.
Real Daleks don't climb stairs - they level the building.
The uneducated midwest/south screams "Help! We need protection in our big cities from terrorism!"
Our coasts and big cities scream "Help! We need protection from the midwest/south who think they know what's best for us!"
Or disband them? The problem is that shareholders don't see a need to appoint a board that operates ethically. If we were to disband a corporation or two, I think that perhaps shareholders might start seeing things differently.
Of course, there is a lot of negative economic impact, but that is precisely the bargaining chip they've been using to extort for years.
Engineering and the Ultimate
You did study US history in school, right? You do know that your country exists because of them?
Plus "The US" is way wrong, it was the allies and you are insulting everyone who laid down their lives for your freedom when you assert otherwise. In terms of numbers, the US's involvement wasn't all that great; Russia won WW2 if anything. Anyone who says "France surrenders" is also saying "I am completely ignorant on matters of history".
So the question is why to you feel the need to stick up for the French?
Many of us will stand up against racism, regardless of who it's against. I don't think I've ever even met a Frenchman, but I'll still take their side over that of a nazi like yourself. "We hate them because of where they are from". Good going, way to drag the human race back a half-century.
Oh right, they can't fight for themselves (ZING!).
Go read about WWI. It's even topical, what with 11/11 just passing. Learn what happened. Find out why France was unable to mount a defense in WW2. Then, learn how resistance fighting works, essentially you don't meet the invading troops on the battlefield. You hide and mount insurgent attacks. Sound familiar? They really ought to teach you guys some history in school, and not the propaganda "USA! USA! USA!" stuff you currently get indoctinated with from kindergarden up. Perhaps then you might learn something and stop continuing to make the same mistakes. The methods used in Iraq are very similar to the French resistance, and if your leaders weren't so moronic and ignorant they might have seen it coming. We tried to warn them regardless, but hey, they just stupid I guess.
Oh, and BTW, for a "zing" you have to be either funny or insightful. You failed.
I'll test this:
Mods: Do NOT mod this insightful! (or else)