Slashdot Mirror
Texas Sues Sony BMG over Rootkit
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
it still benefits the consumers, does it not, if the huge amounts of money going to lawyers and the bad publicity act as a disincentive to such behavior?
IANAL but it seems to me that criminal rather than Civil penalties is the way to go here.
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
It's a good feeling when it doesn't even take a month for a major state's state government to sue over a consumer issue that has so many people I know riled up. No, it's not just us getting ourselves worked up, it really was that slimy and abusive a thing for Sony to have done.
Last week there were complaints here and elsewhere that class-action and criminal prosecutions were slow in coming, with only California and I think New York having responded promptly. This is great news* that this is starting to be prosecuted more widely (as it should be), and encouragement to everyone lobbying elsewhere for lawsuits in their own states/countries.
[*] Technically it's not "great news", it's simply the just application of the law. But when a mega-corporation such as Sony is the spyware distributer, it doesn't take a cynic to fear that justice come second to capital, as was the case for a certain monopolist...
Sure, why not? When the RIAA sues people for sharing songs online they sue for a ridiculous amount of money per song. It's only appropriate that they are on the other end of it for a change. $100,000 sounds good to me.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
I realize--in your rush to post first--that "facts" are irrelevant to you..
/. makes me wish there was an 'idiot' moderation, or at least a 'first post' moderation. In this case, a mere glance at the first sentence of the article would've made it clear that this was an action taken by the state to protect its citizens.
But the State of Texas (you know, the State Attorney General, in representation of the State of Texas and its citizens) is suing Sony. If the lawsuit is won, than the money goes into the coffers of the state of Texas, which will result in an increase in public works, which *does* benefit us.
Sometimes
I currently have no clever signature witicism to add here.
If some college student had pulled this stunt they would be sitting in jail as we speak. Why is Sony getting away with this crap? I also can't believe that they stole code from LAME and violated the LGPL without a second thought. These people are criminals in every sense equally as bad as those they are trying to keep from copying their CDs.
I will never, never ever buy another product that says SONY on it again.
Judging by the map of infected computers, theres alot more than 100 infections in the state of texas.
In Soviet Russia the insensitive clod is YOU!
This isn't a scenario regarding a purchase though, it's a scenario involving a hacking incident. If I take my Sony CD to a friend's house and it r00ts their machine, that is an instance of hacking, regardless of who bought the CD.
The proof is in the computers themselves, not in anything on paper. The number of infractions will likely be estimated. I'm not familiar with the details of the rootkit--does it phone home? If it does phone home then they can subpoena the "phone home records" and determine which connections originated from Texas.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
How the *fuck* did they ever conclude that installing a rootkit on their "enhanced" CDs was a financially sound legal tactic that came with no fear of being sued by Sony shareholders for causing loss of profit?
Loose change? They should be so lucky. They'll probably just get lots of unwanted CDs again. Only these will be more unwanted than ever before.
You cannot truly appreciate Dilbert until you read it in the original Klingon.
So we can blame the state for:
You can blame the one guy for refusing to stand in their way - are you sure you would have had that courage ?
OT: Next time your tongue itches to say something stupid about the French, remind yourself why the Statue of Liberty is in New York, again.
/haven't/ yet found way to exploit the rootkit and thus come into posession of the first corporate-created zombie botnet (make Windows security jokes all you want, this is for real).
Anywho, personally I can't wait to see Sony go down in flames over this. Some part of me is almost disappointed that a couple of adolescents with an axe to grind
Frankly, even with autorun disabled and my shift key held down, I'm not putting a disc in my Windows box that I know has a ROOTKIT on it! If Microsoft really wants to follow through on their mantra of improved security, they should turn autorun off by default. The minor convenience of running disc-based programs without having to click on them isn't worth the risk. They've had ten years to figure this out and if they had, this rootkit issue wouldn't have been an issue. Matter of fact, it's unlikely Sony would even have bothered. Let's face it ... the real culprit isn't Sony's rootkit: it's AUTORUN. As you say, allowing removable media of unknown pedigree to execute arbitrary code is just stupid, but there you go. Microsoft left a a security hole so big you could drive a bus through it, and someone finally used it. The only surprise is that it was one of the world's biggest consumer electronics / media companies. I feel sorry for all the people that got rooted and screwed over, but with any luck Sony's penance will mirror their own.
The higher the technology, the sharper that two-edged sword.
The proper punishment for Sony out of this must be sufficient that that Sony, and every other record company will absolutely never any use any kind of DRM that changes even one bit on your computer again. Anything less is not enough.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
remind yourself why the Statue of Liberty is in New York
It's not. It's in New Jersey, despite what the Supreme Court likes to think.
Well, that would be okay* because if they fine Sony enough, they could pay for the roads without charging tolls!
*except, of course, for the inherent stupidity in building roads instead of rails, when we really need to be transitioning towards electric-powered transportation
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
When I read the submission, I knew that the first 50 posts or so would probably involve a hick accent and killing people. What I didn't expect was the fact that NOBODY would say anything about that characterization.
/. readers. Austin is part of the San Francisco - Seattle - Austin Axis of Technology. Screw the rest of you guys.
Look, Texas has hick parts. There's strong concentrations of them in East Texas around the Louisiana border and also in West Texas starting from Abilene west and north. But, it is unfair to characterize this entire state as being uncultured cowboy gun slingers, nor is it fair to generalize people who live in the more rural parts as hicks. This state is as cultured as any others, and when it comes to the South, we stand far and above. We have the largest and one of the most prestigious university systems in the world, we represent one of the most diverse cultural melting pots in the country, we have probably the best music and independent film communities outside of New York and LA, and the list goes on.
What disturbs me most is that not one person from Texas wants to dispute any of that bullshit the rest of these comments are flinging about. And it's not that there aren't Texan
As far as the AG sueing Sony, hats off to him. It's not exactly a secret that this state is pretty damn laissez-faire. That was a damn impressive move.
Also, by the way, you know that Texan accent that you have been using mentally to read this post? Stop that... now.
... are the other recording corporations.
Europe has traditionally taken a very strong stance against corporations who abuse their power. While I suspect you may be trying to incite Republicans with your anti-European sentiment, the fact of the matter remains that Europe has the guts to stand up to corporations who want no-good.
They're the only ones who had the balls to truly take on Microsoft, for instance. They also had the guts to say "No!" to the manufactured war in Iraq.
Cyric Zndovzny at your service.
Its been proven to be ineffectual time and time again.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Tons of people got suckered into installing this because they trusted Sony. The CD won't play without Sony's player installed, so most people would have browsed into the CD and found an installer if they had autorun disabled. In a trusted computing world, Sony would have had a valid signature, so their software would have been "trusted" by the OS, so it would install just fine. If it prompted users for their Administrator password, most people would supply it, because it's generally needed to install software. Mark Russinovich even fell prey to this, although he was smart enough to figure out that he had been rooted, and how. The issue certainly isn't about users being too dumb, because Mark is not dumb, it's about companies taking advantage of the implicit trust that comes with their being viewed as a "legitimate" company.
The trust issue goes much, much deeper, as Bruce Schneier points out on his blog. Where were the anti-virus companies during all of this? Where was Microsoft during all of this? It has the appearance that they were all colluding with Sony. A question that should be asked of each of those companies is "were they in on it, or were they just incompetent?" Either way, it's not encouraging.