Slashdot Mirror
Texas Sues Sony BMG over Rootkit
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
Don't mess with Texas?
According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $2 * 2 * 2 * 2 * 2 * 5 * 5 * 5 * 5 * 5 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.
from the link:
Can anyone verify this on their own disks?
I'll just use my special getting high powers one more time...
EFF has launched a class-action suit against Sony.
Man is a slave because freedom is difficult, whereas slavery is easy.
Unfortunately, his opponent in the next election can back the Brinks truck up to Sony HQ at his convenience.
Here's a link to the official Texas AG's press release.
= 1266
http://www.oag.state.tx.us/oagNews/release.php?id
They even have an online complaint form. Be the first on your block to get in on the lawsuit!
Heck is a place for people that don't believe in gosh.
IANAL but it seems to me that criminal rather than Civil penalties is the way to go here.
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
It's a good feeling when it doesn't even take a month for a major state's state government to sue over a consumer issue that has so many people I know riled up. No, it's not just us getting ourselves worked up, it really was that slimy and abusive a thing for Sony to have done.
Last week there were complaints here and elsewhere that class-action and criminal prosecutions were slow in coming, with only California and I think New York having responded promptly. This is great news* that this is starting to be prosecuted more widely (as it should be), and encouragement to everyone lobbying elsewhere for lawsuits in their own states/countries.
[*] Technically it's not "great news", it's simply the just application of the law. But when a mega-corporation such as Sony is the spyware distributer, it doesn't take a cynic to fear that justice come second to capital, as was the case for a certain monopolist...
Well today I felt a bit better about the situation. First my wife asked me about it which surprised me. She hasn't shown much interest in stuff like this in the past. And then a little later on when I went over to Stars and Stripes to read todays news they had a story about the rootkit and that they are pulling them out of the BX/PX's.
The more word of this gets out the more DRM will come to light. Eventually most people will know how bad DRM is and maybe, just maybe Sony and the rest will start to feel some pressure to stop trying to push it on us.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
For $100,000 per violation, I don't know. My guess is that a violation is a provable installation of the software, which can add up fast if they had as many sales as were reported. Even if there is only 100 cases of the rootkit being installed, that's $10,000,000. Add in the image damage and that's a hefty tag. But we all know image damage can be fixed with a few donations to the right charities.
Sure, why not? When the RIAA sues people for sharing songs online they sue for a ridiculous amount of money per song. It's only appropriate that they are on the other end of it for a change. $100,000 sounds good to me.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
In Canada, the levy allows you to make copy of music CDs, even your friends CDs for you own personnal use without restriction. The 3 limit per CD is a clear restriction that goes against what Canadians pay for. I feel another law suit comming.
So basically, the rootkit would install itself on your PC even if you clicked NO on the popup that appears after inserting the disk? Wow... Now re-read this (different article, posted on Slashdot earlier):
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" the head of Sony BMG's global digital business, Thomas Hesse, told National Public Radio.
I don't know... So they are counting on tricking gullible PC users into installing something which will ultimately harm their PC, which is heinous in itself, but somewhat legally "murky" enough for them to get away with it. But when your answer to the EULA actually has no effect whatsoever on whether the r00tkit is installed or not, that is beyond words. It shows how much these corporations disrespect their customers. We are sheep. With cash they gave us for working for them... and they want it back.
It's the AG's office, not a private law firm. The lawyers are public servants on salary, not working for a percentage. They are constrained by law to work in the public's (the people who provide their salaries) interest.
They're prosecutors.
When the NY Attorney General's office nailed Song BMG for "payola" the settelement included a $10 million grant to the Rockefeller Philanthropy Advisors to New York State, a non profit, to promote music education.
The EFF has also filled a rootkit suit against Sony BMG in LA. I guess you can decide for yourself whether these guys are just after a big paycheck.
KFG
Assuming a computer counts as tangible, movable property, and I do believe the rootkit at least counts as "criminal mischief", and the Texas AG has a legal duty to protect people's computers (or people ask him to), the use of lethal force against Sony BMG would be authorized. 9.43. PROTECTION OF THIRD PERSON'S PROPERTY. A person is justified in using force or deadly force against another to protect land or tangible, movable property of a third person if, under the circumstances as he reasonably believes them to be, the actor would be justified under Section 9.41 or 9.42 in using force or deadly force to protect his own land or property and: (1) the actor reasonably believes the unlawful interference constitutes attempted or consummated theft of or criminal mischief to the tangible, movable property; or (2) the actor reasonably believes that: (A) the third person has requested his protection of the land or property; (B) he has a legal duty to protect the third person's land or property; or (C) the third person whose land or property he uses force or deadly force to protect is the actor's spouse, parent, or child, resides with the actor, or is under the actor's care
What is the state of Texas going to do with 5 million coupons for a free Sony CD?
Have any companies disallowed playing CD's at work computers because of potential security risks? Can someone be fired for unknowing installing rootkits and can fired employees sue the music distributors for costing them their jobs?
I hope the Texas Attorney General extracts hundreds of millions from Sony. And then that the other states' attorneys general smell blood and jump on the bandwagon, just like the tobacco settlement. Imagine Sony forced to fund a foundation that makes commercials warning youth of the dangers of DRM :).
I too have felt the cold finger of injustice.
If some college student had pulled this stunt they would be sitting in jail as we speak. Why is Sony getting away with this crap? I also can't believe that they stole code from LAME and violated the LGPL without a second thought. These people are criminals in every sense equally as bad as those they are trying to keep from copying their CDs.
I will never, never ever buy another product that says SONY on it again.
Judging by the map of infected computers, theres alot more than 100 infections in the state of texas.
In Soviet Russia the insensitive clod is YOU!
No, this sentence refers to SunnComm MediaMax, not First4Internet XCP. MediaMax doesn't use a rootkit, but installs even if you reject the EULA, phones home when you play a CD, does not include a functioning uninstaller--but if you jump through a bunch of hoops, SunnComm will give you an ActiveX uninstaller that opens a huge security hole on your computer, kind of like XCP's.
Sony recalled XCP CDs but didn't say a word about MediaMax. The EFF is pressuring them to recall those CDs as well, which have been on the market for two years and number at least ten times as many as XCP.
This isn't a scenario regarding a purchase though, it's a scenario involving a hacking incident. If I take my Sony CD to a friend's house and it r00ts their machine, that is an instance of hacking, regardless of who bought the CD.
The proof is in the computers themselves, not in anything on paper. The number of infractions will likely be estimated. I'm not familiar with the details of the rootkit--does it phone home? If it does phone home then they can subpoena the "phone home records" and determine which connections originated from Texas.
Reinvent the wheel only at either a lower cost, greater effectiveness, or your own personal enrichment and satisfaction.
Why do people think Bush is (1) stupid; (2) evil; and (3) has all sorts of magical powers?
Well, those who believe #1 and #2 must believe in #3, how else would they explain how Bush won in the last election despite #1 and #2?
It got modded as funny! Now that's ironic . . . . . . . .
So we can blame the state for:
You can blame the one guy for refusing to stand in their way - are you sure you would have had that courage ?
OT: Next time your tongue itches to say something stupid about the French, remind yourself why the Statue of Liberty is in New York, again.
/haven't/ yet found way to exploit the rootkit and thus come into posession of the first corporate-created zombie botnet (make Windows security jokes all you want, this is for real).
Anywho, personally I can't wait to see Sony go down in flames over this. Some part of me is almost disappointed that a couple of adolescents with an axe to grind
I had sent a friend information about this Sony thing last week and it got not a lot of attention. However same friend was trying to de-lous another persons PC yesterday and called me for support (Note: I'm not particularly qualified for Windows support at this point, but I can do Google searches and say things like "hang in there" from time to time). I think by that time I was called many of the virus and spyware elements had been cleaned by conventional means, but there seemed to be some persistent problems. Just in case, I asked whether they had played any of those Sony BMG music discs in the machine. Apparently I was on a speakerphone setup, and I heard several denials of the form "We never use our machine for such things" while my friend asked me what I was talking about.
After refreshing his memory, and in turn having the family involved talk among themselves for a while, it turned out that some Sony BMG discs HAD been played in that machine, and some of the remaining questionable files had Sony all over them even though the family didn't own a Sony camera, Sony music player or any other Sony device that they could think of. Finally someone remembered that the little girl in the family HAD played, or ripped, or SOMETHING some music CDs in the machine and off they rushed to find them. In the mean time I was looking for the list of Sony BMG discs affected, originally numbered 20 and widely circulated at that count, but subsequently updated to 50, and listed on a Sony website. I found the list of 50 at about the same time that they found their played/ripped/inserted/whatever CDs and sure enough, several of them had the Sony BMG label on them. Now the catch was that (a) none of the CDs they had found were on the list and (b) none of the CDs they had found had the warning that they contained copyright protection software, and my understanding was that the affected discs did contain such a warning.
Well, by getting rid of the Sony BMG stuff they seemed to be back to a clean machine, and they swore to never insert a music CD into their machine again or to buy a CD from Sony. So, congratulations should go out to Sony BMG and First4Internet for accomplishing their objectives. Now to round out the picture:
(1) I suspect that Sony BMG, Sony alone, and BMG alone have in the past used other protection schemes and while they haven't been vocal about it, other companies are doing the same experimentation. All of these programs have their own ways and means of hiding themselves and controlling what YOU do with YOUR PC. But NONE of them have exhaustively looked into the legal, much less technical ramifications of what they do. They think that by merely relying on third party companies like First4Internet they can claim ignorance of the consequences.
(2) Rumor has it that by the time you are asked for your permission to install software when you insert these disks SOME software has already been installed.
(3) Sony/BMG isn't the only company doing this, they are just the only company that has been caught.
(4) These discs have been out for a year, and some people say two years, or maybe more.
(5) There is no quick and easy way to uninstall these programs, either from Sony BMG or the s
Unless you live in New Jersey or Chicago, then you don't even need a heartbeat.
Sounds like a John Lennon song...
except for the killin' part.
When I read the submission, I knew that the first 50 posts or so would probably involve a hick accent and killing people. What I didn't expect was the fact that NOBODY would say anything about that characterization.
/. readers. Austin is part of the San Francisco - Seattle - Austin Axis of Technology. Screw the rest of you guys.
Look, Texas has hick parts. There's strong concentrations of them in East Texas around the Louisiana border and also in West Texas starting from Abilene west and north. But, it is unfair to characterize this entire state as being uncultured cowboy gun slingers, nor is it fair to generalize people who live in the more rural parts as hicks. This state is as cultured as any others, and when it comes to the South, we stand far and above. We have the largest and one of the most prestigious university systems in the world, we represent one of the most diverse cultural melting pots in the country, we have probably the best music and independent film communities outside of New York and LA, and the list goes on.
What disturbs me most is that not one person from Texas wants to dispute any of that bullshit the rest of these comments are flinging about. And it's not that there aren't Texan
As far as the AG sueing Sony, hats off to him. It's not exactly a secret that this state is pretty damn laissez-faire. That was a damn impressive move.
Also, by the way, you know that Texan accent that you have been using mentally to read this post? Stop that... now.