Sony Rootkit Settlement Gets Judge's Approval

Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "

Wow! A replacement CD!

[Whiney+Mac+Fanboy]

Imagine if after reading about the original rootkit & associated vulnerabilities, you check your DNS records & see that indeed, one or more PCs you're responsible for are infected. You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

At the end of all your time, you still can't claim the replacement CD + download + patch, (let alone compensation for your lost time) because you didn't buy the offending CD (it was a temp receptionist).

I really want to see someone go after Sony for a real settlement. For that matter, I'd like to see a government go after Sony. Corporations have the same rights as individuals, how about we give them the same responsibilities as well. I think a four or five years of community service for the entire company (say 20 hours a week), would be about what's deserved for a widespread crack attempt like this.

Re:Wow! A replacement CD!

[TheSpoom]

Yeah.

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

</sarcasm>

Re:Wow! A replacement CD!

[Lave]

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case.

At least this will put record companies off this kind of behaviour.

Re:Wow! A replacement CD!

He said "entire company," not "all employers" - in other words, everyone who owns Sony stock, either directly or indirectly via a mutual fund. If you're making money from Sony, you should be made to pay for Sony's actions.

Re:Wow! A replacement CD!

[gfxguy]

Why don't you blame the temp receptionist for using her company computer for personal use?

Re:Wow! A replacement CD!

[Whiney+Mac+Fanboy]

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

You know, if I worked as a filing clerk, and got to do 20 hours / week cleaning the local church or helping old people or something whilst getting paid for and not doing my normal work I wouldn't consider it punishment.

But, what I meant was Sony as a company, doing the equivilant of 20 hours community service per week per employee for four-five years. They could pay others to do it, pay their employees to do it or whatever.

Re:Wow! A replacement CD!

[Mateo_LeFou]

"...a government go after Sony"

TFA: "Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general."

I've been trying to get Greg Abbott (TX's AG) to go after the antivirus companies, refuse to settle, and various other things that might keep this from getting swept under the rug. This was a devious and dangerous product that was released, not a minor technical flaw in a few CDs.

That's why I take Major issue (below) with the phrase "flawed digital rights management (DRM) software". It is as though someone sold microwave ovens that secretly (by design) emitted chloroform and put you to sleep when someone at a remote location pushed a button, so they could come rob you. And it is as though someone figure this out, and the nice rich guys came to a settlement with the other nice rich guys over "flawed microwave oven buttons"

Re:Wow! A replacement CD!

[johnfatz]

Is it just me or are courts completely unable to fine companies proparly? If someone steals they get jail. If a big company does anything they are told to stop and go home because they are very naughty indeed!

Whoever came up with this scam should be jailed for what they did. They did the same thing what hackers do (i know its crackers - ya know what i mean!) and hackers get jail time so why not the person behind this? Oh wait.... their rich! - I forgot!

Re:Wow! A replacement CD!

[morie]

Maybe they can hire someone who has to do community service anyway. Then they don't have to do it twice.

Efficiency is God. I think I'll be a management consultant. Maybe Dogbert has a vacancy. I'll go and buy a slab of liver.

Re:Wow! A replacement CD!

[hotspotbloc]

Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?

Re:Wow! A replacement CD!

[Whiney+Mac+Fanboy]

Why don't you blame the temp receptionist for using her company computer for personal use?

Let me rephrase your question.

Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.

Re:Wow! A replacement CD!

Well hopefully this settlement will only be taken by people who weren't actually harmed by the rootkit (except for having to expend effort to remove the rootkit). Were there any actual attacks made through the rootkit? I'd like to see some big companies coming in and sueing for real damages. (Or even for the cost of having their tech guys clean every single PC in the building.)

Re:Wow! A replacement CD!

[TheJediGeek]

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case. At least this will put record companies off this kind of behaviour.

I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

A replacement CD, and a few DRM's music files doesn't exactly make up for the huge amounts of time it has taken and will take to fix their damage.
I know of a few computers just in my family that had this rootkit on it. My youngest brother is in college and the school provides a laptop to every student that the school maintains through an IT dept. They had to reimage his system when things got screwed up. My dad has a couple computers at work that got this thing. He had to reload everything on one and IT had to reload the other one. That was just from one CD that had been played on those computers.

There are countless people that have had to spend many many hours fixing what Sony did. What they did was illegal and very damaging. All they have to do is replace some CDs.

Re:Wow! A replacement CD!

['nother+poster]

Well, maybe the company doesn't have any rules against playing music at your workstation for personal enjoyment. Some places aren't quite as backward and draconian as you seem to be, and probably expect music CDs to simply, oh I don't know, play music?.

Re:Wow! A replacement CD!

[tomhudson]

Nothing is preventing you from filing a claim against them. From the court settlement notice:
http://www.sonybmgcdtechsettlement.com/Notice.htm

EXCLUDE YOURSELF: Get no XCP exchange program, cash or free music download settlement benefits. This is the only option that allows you to ever be part of any other lawsuit against the Defendants about the legal claims being resolved in this case. See Question 13 below.

OBJECT: Write to the Court about why you don't like the settlement.

GO TO A HEARING: Ask to speak in Court about the fairness of the settlement.

DO NOTHING: Get no XCP exchange program, cash or free music download settlement benefits. Give up certain rights. You will retain the right to sue the Defendants for any consequential damage to your computer or network that may have resulted from interactions between XCP software or MediaMax software and other software or hardware installed on your computer or network.

NOTE: the "Do Nothing" option is also for anyone who didn't buy the CD, whose computer was damaged because someone else loaded the CD onto their machine, etc. (for example, a temp office worker decided to listen to the CD and infected a PC). Write Sony, state your claim (number of pcs affected, time lost) and that you are not part of the class settlement and would like to know what they're offering you to avoid court action.

Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

Re:Wow! A replacement CD!

[Lave]

Well said.

Re:Wow! A replacement CD!

hahahaha!

Looks like wmf has a fan! *tickles AC* Isn't s/he cute?

(and inspite of the fact that noone will read the response, the AC will just have to reply)

Re:Wow! A replacement CD!

[Traiklin]

*Hands a government official a breifcase with $500,000 inside* I see we have come to an agreement for you to stop pressuring us.

gotta love buisness in the good ol US of A.

Re:Wow! A replacement CD!

[jacksonj04]

Technically it wasn't a real Digital Music CD.

Re:Wow! A replacement CD!

[markov_chain]

Man, I wish I bought their rootkitted CD :)

Re:Wow! A replacement CD!

[TheDawgLives]

Well, that would be a seperate class action lawsuit. This lawsuit was brought by the people who purchased the CDs. A second lawsuit should be brought on behalf of people who were affected by the rootkit. The lawsuit should demand compensation for the time it took to remove the rootkit and also for the damage due to loss caused by the rootkit.

Re:Wow! A replacement CD!

[Whiney+Mac+Fanboy]

OK, my options for a lawsuit that will likely cost me far more in money, time & effort then I will recieve back are not limited. Great.

Do you think its OK that no government has gone after sony for distributing hundreds of thousands of rootkits, compromising hundred of thousands of computers?

Re:Wow! A replacement CD!

[bhtooefr]

Small claims is cheap. If nothing else, go for the maximum that you can in small claims. ;)

Re:Wow! A replacement CD!

[lgw]

It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

If this were the only action taken, sure. Fortunately, however, the *really* scary thing for Sony happened very early on: the DHS said they're choosing not to enforce the law on this basically because it was the first time any company had made this mistake, so they'll give the company the benefit of the doubt that it wasn't a deliberate attack. This one time.

Sony broke federal law (section 1030) many thousands of times, and the Feds noticed. Installing a rootkit on a computer owned by the government (one not for public use) is a crime even if you never use that rootikit for anything, and Sony was using it for profit. The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

This court settlement was nothing; the threat that Sony would no longer have a US division was everyhting.

Re:Wow! A replacement CD!

[gfxguy]

I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.

Re:Wow! A replacement CD!

[Whiney+Mac+Fanboy]

I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.

I'm still not clear on what you're saying - do you think I should blame the secretary in my hypothetical scenario rather then sony?

Re:Wow! A replacement CD!

[BecomingLumberg]

That depends on whether or not she intentionally decided to give you VD for profit...

Re:Wow! A replacement CD!

['nother+poster]

I believe he is saying that the fact that a company had to expend time and effort to clean a machine was because an employee used company property for a non-company function, so that employee should be blamed, not Sony. Regardless of whether the employee was misappropriating/misusing company property or not, the rootkit is Sonys fault.

Where I work the handbook specificaly says that I can listen to music CDs on my workstations PC as long as I use headphones and the CD is an original. Under no circumstances is any non-authorized media player software to be installed. This is to keep the company out of licensing/copyright issues apparently.

Re:Wow! A replacement CD!

What kind of bullshit company do you work for that does not let you listen to music on "their" equipment? Any place that I spend the majority of my day had better concede even that little to me if they expect to get good work. Why should it be that companies can demand so much and yet give so very little?

I have NEVER worked for a company that would even think of doing that. Employee morale would plummet for the price of allowing someone to us a CD drive.

OMFG. WTF.

Re:Wow! A replacement CD!

[Whiney+Mac+Fanboy]

I believe he is saying that the fact that a company had to expend time and effort to clean a machine was because an employee used company property for a non-company function, so that employee should be blamed, not Sony.

I don't know a single workplace that bans the playing of music cds (and I've worked in plenty).

Where I work the handbook specificaly says that I can listen to music CDs on my workstations PC as long as I use headphones and the CD is an original.

So, presumably (if you have windows admin access), if you played a sony CD, it would install the rootkit.

Would you deserve the blame?

Honestly, if a company made exploding teabags, and my company got blown up after the recpetionist made a cup of tea using a tea bag from home, gfxguy would come along saying 'if the receptionist hadn't bought tea from home and made it using company resources, this would never have happened'.

Its a stupid, victim blaming argument to follow.

Re:Wow! A replacement CD!

[Nikker]

Why not blame the receptionist for wasted hours of work? One could argue the temp's intentions were to kill a bit of time or tap their foot while sorting files, likely did not know about malicious software being installed. The company that sold the cd (Sony) did know about the software its intension. Why not blame/charge the temp for possibly violating company policies and Sony for cleaning the computer? Many companies and IT wouldn't really consider playing a CD a mass grievance as most audio cd's are playable at the hardware level and take up minimal system resources. The idea of using the little guy as a scape goat doesn't appeal to me personally, YMMV and each party if is going to be put on the rack then they should be responsible for their contribution.

Then again if I sent you a WMF while the sploit was around and you viewed it in your web browser what part of the situation should you be accountable for?

Re:Wow! A replacement CD!

"the AC will just have to reply"

Sure, but only to point out that

A) You're Whiney posting AC and that's fucking pathetic

B) I did this exact thing to you yesterday Whiney.

C) I take days off.

On top of the fact that you're a sad bag of crap posting AC and pretending not to, you're too stupid to even come up with your own gag.

God, it's gets more embarrassing for you every time you respond.

"inspite of the fact that noone (it's two words not one moron) will read the response"

I agree, Whiney, you are no one

Re:Wow! A replacement CD!

[wealthychef]

The problem here is the same problem as in all corporate misdeeds. No one person or small group in the company is accountable. What might actually work is to say, look here, somebody authorized this illegal action. Who was it? Find that person and punish him or her. With jail and a felony rap, like any poor kid from the ghetto who "makes a mistake" and steals a car stereo. "Punishing" a corporation makes very little sense. It all gets abstracted into a spreadsheet and nobody has the fear of reprisal for their misdeeds. Nowadays, the "the buck stops here" has been perverted into "the buck rules here."

Re:Wow! A replacement CD!

Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?

OK, leaving aside your fairly wild assumption that people who read slashdot get to meet women, let alone have sex*...

Your analogy fails to take into consideration that condoms should have been used in that situation. But that's the point, isn't it? Nobody thought that they'd have to take anti-rootkit precautions in order to listen to a music CD from Sony. One bought from a dodgy flee market from a shifty-looking bloke in a big coat who "only takes cash, mate", yes. But a major distributor?

So it's more like meeting a guy in a bar who has a reputation for being responsible (indeed, for some reason it's implied that he is a responsible chap, though that level of analogy escapes me right now), who takes you back to his place, buggers you senseless (which is why you went back there), but who refuses to use a condom and then refuses to pay for your STD treatment on the grounds that if you hadn't known about the risk, you would have been quite happy, even though he was fully aware that he was infecting you at the time.

*With somebody else

Re:Wow! A replacement CD!

[Da_Weasel]

"The agreement covers anyone who bought, received or used CDs..."

It says it covers anyone who "received or used CDs" with the rootkit. That should cover you if your friend played a CD in your computer and infected it with the Sony Rootkit.

Re:Wow! A replacement CD!

[IngramJames]

I agree it seems innocuous, but she's using company equipment to do it.

If the company has a rule in place to prevent staff from using their CD players to play music, then she's done wrong. If that policy is in place specificaly to prevent rootkit and viral infections, and the staff are aware of this, then she can be blamed for the infection.

If it's just a "you can't listen to music" then she's not to blame for the rootkit, but would be subject to disciplinary action for breaking the "no music" rule. Which I doubt would be a major violation of policy.

If the company (as many, many do - mine included) allow their staff to listen to music (not thinking that listening to legally purchased music was likely to lead to having to reformat PCs), then the secretary is in no way to blame, not having done anything wrong to her (or her company's) knowledge at the time of the infection.

Re:Wow! A replacement CD!

Absolutely.

Small claims is (in my limited experience) nearly always free. It takes 30 minutes to do the research and write a letter. Do a bit of googling about the particulars of your state (IANAL, but I suspect they may be a little different). Essentially it comes down to where you would file if you were to file and who you should address the letter to. If you have a legitimate claim (and in this case you certainly do) and you're not asking for an unreasonable amount, the company will often be willing to settle individually-- their lawyers do all the work, all you have to do is read and sign. The last thing Sony wants to do is fly their lawyers to every little small claims court throughout the nation to handle cases that cost less than a plane ticket and hotel room.

Re:Wow! A replacement CD!

[Steve001]

jacksonj04 wrote:

Technically it wasn't a real Digital Music CD.

For me, this has become the saddest thing about the whole situation. I used to have confidence that a music CD was safe to use on all devices that could play standard CDs, whether it was a stand-alone player, a portable, or a computer. Due to this, I could walk into any CD store and, on impulse, by a CD without concern.

Since finding out about the problem with copy protection, I have stopped purchasing new music CDs. Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?" My reaction to the question has been to put the CD back on the rack and leave it there because I'm not confident that I can answer 'Yes' to the question. I have already passed on buying at least five recent discs because of this.

It is sad, but I may just have to settle for the music I already have since I don't want to purchase music in a compressed format. Due to this, I guess I will have to do research on any disc I wish to purchase to ensure that it is safe before I can buy it.

On impulse purchases of CDs, to quote Eric Carmen from "All By Myself:" Those days are gone.

Re:Wow! A replacement CD!

[rts008]

Wow, you must be in PHB training!
Crawl back under your rock, PHB's are not valued much here. ;)

Re:Wow! A replacement CD!

[Mister+Whirly]

You mean you aren't happy with the $5 off coupon for any Sony artist CD? (Which has thier "New and Improved" rootkit?)

Anyone remember the Iomega Zip drive "click of death" class action lawsuit?? If you bought any of Iomega's totatly craptacular products you were entitled to (*drum roll please*) a voucher for $X off of another of thier craptastic products. Ummm, I'll take the cash value please...

Re:Wow! A replacement CD!

[TheCarp]

So?

I mean seriously so fucking what. If she can do her job while listening to music, why not let her use the PC to do it? Its a perfectly reasonable thing to do with the PC. Its something that 99.999% of the time, in fact, every time UP TO THE RELEASE OF THIS CD, has never caused an issue. Its something people have, and rightfully so, become used to being able to do.

Punishing her for something that she had no way and couldn't have known there was an issue, is asinine. It is sony that broke everyones trust, and deserves to be punished. Seriously, if _I_ released a CD like this, I would likely be looking at jail time. Sony, on the other hand, is getting a minor tap on the wrist (barely a slap).

-Steve

Re:Wow! A replacement CD!

Forget about the settlement. Throw the Sony execs in JAIL for illegal computer crime!! Now that will set a good precedent.

Re:Wow! A replacement CD!

[tomhudson]

You didn't have to buy a CD to be entitled to a part of the settlement. Anyone who bought, used, or was affected by, the rootkit (in other words, if you were even peripherally affected, you can make a claim):

It's in the big text at the top of the settlement document: http://www.sonybmgcdtechsettlement.com/Faq.htm

ALL PEOPLE WHO BOUGHT, RECEIVED OR USED A SONY BMG MUSIC ENTERTAINMENT COMPACT DISC WITH CONTENT PROTECTION SOFTWARE

If you bought, received or used a Sony BMG Music Entertainment compact disc containing either XCP or MediaMax 3.0 or 5.0 content protection software, your rights may be affected by a class action settlement.

IOW, you or someone else only had to have inserted the CD in your computer for you to be eligible to file a claim under the class action.

Re:Wow! A replacement CD!

[tomhudson]

Its even better in my jurisdiction - in the interest of simplifying things, lawyers are barred from representing either party in a small claims court, so they have to be represented by a non-lawyer.

Re:Wow! A replacement CD!

[tomhudson]

Go the small claims route.

Print out all the stuff where its obvious that Sony is in the wrong, and then a summary of your time that was wasted fixing this (a reformat, reinstall, and then reinstall of all software, and restore data from backups) + filing fee, if any, for the small claims action, + postage for the demand letter.

Re:Wow! A replacement CD!

[gfxguy]

You blame the secretary, she's blames Sony.

What would happen is, if she doesn't sign onto the lawsuit, she is free to file her own claim because you fired her because of something Sony sneaked onto the CD.

You didn't fire her? That was nice... then this lawsuit does nothing for you, but since you weren't a party in it, you still have a claim against Sony with your own lawsuit, and now that Sony's lost this one, you'd have more ammo to win.

But I guess the point is that your company didn't join this lawsuit because it wasn't the company that bought a CD; so no, you don't get to ask Sony for compensation from this lawsuit, but you'd probably be legally entitled to get something from the secretary, if you were mean.

Re:Wow! A replacement CD!

[Red+Alastor]

Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?"

There's an easy way to find out. Can you find the Compact Disc logo ? If so, it's not crippled. If I'm not mistaken, it's due to Phillips, the co-owner of the Compact Disc trademark refusing that their trademark appear on non-red book compliant discs.

Re:Wow! A replacement CD!

[chrae]

Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

I like that idea but for most of us small claims and legal stuff is unknown territory. Most of us don't know what to do from start to finish because we haven't done anything like that before. I would like to see (as in, someone else do it :)) someone like Groklaw post templates and procedures for filing small claims specific to a case. e.g.: how to stick it to Sony in small claims.

All the research of what to do is too difficult and I'm lazy and a bit intimidated. If it were made easier, I would do it and I'm willing to bet a lot of others would too.

A thousand people each filing small claims at $500 a pop would be more potent then one lawyer representing a thousand people in a class action. Think "Slashdot Effect" in the legal sphere. It might even set a legal/business precedent: don't screw your customers so bad that they'll mobilize against you.

I'm willing to overcome my laziness and contribute, but I need help and direction. Others need it too.

Re:Wow! A replacement CD!

[gfxguy]

It's not about listening to music or not...

For the longest time you could use the same argument about just about anything - personal email, IM, even installing a game here and there.... just so long as you're doing your job, right?

Heck, I'm doing this from work right now! But if slashdot were to suddenly put something malicious on their website... well, I've been using slashdot for 10 years and haven't had a problem up until now...

Most of the people where I work have their own CD/MP3 players, bookshelf systems and so forth... it's very rare to see someone listening to a CD anymore at all, let alone using the computer to do it, but I think the company would have a valid complaint unless they explicitly stated that employees could listen to CDs on their work computers.

Re:Wow! A replacement CD!

[Reverend528]

Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.

Clearly it's her fault the rootkit was on the computer. She wouldn't have infected anything if she had just downloaded the CD like a normal person.

Re:Wow! A replacement CD!

['nother+poster]

Its a stupid, victim blaming argument to follow

Then we are in agreement concerning that. As far as I can see no matter what the circumstances, the blame for the rootkit being on ANY machine is Sonys.

Re:Wow! A replacement CD!

[markov_chain]

I know, but I was thinking more along the lines of filing a small claims suit to the tune of $5k for lost time, dealing with cleanup, reinstalling Windows, etc. (outside of the terms of the class action). Without having actually gotten or used the CD the claim wouldn't be very credible.

Re:Wow! A replacement CD!

[Epyn]

This isn't much of a howto but more of a success story on how much of a pushover small claims can be:
http://www.kuro5hin.org/story/2006/5/15/114512/034

I thought it was fairly informative even though there was a settlement.

Re:Wow! A replacement CD!

[asuffield]

Yes, but...

This is normal for class actions. You get 'actual damages' for anything that can be proved to apply to everybody in the class. Not everybody who bought their crappy CD had to clean up the mess at considerable expense.

I really want to see someone go after Sony for a real settlement.

And that is exactly what you're supposed to do. If you were one of the smaller group who were severely impaired by Sony's reprehensible actions, you're supposed to take them to court and hit them for the whole thing. You just can't do that in a class action suit. Unfortunately this is less likely to happen, because Sony would fight a real lawsuit with everything they've got. They kinda surrendered for this class action because they knew it was just a slap on the wrist, but they really don't want to lose a case where they have to pay for the cleanup, because then everybody will sue them (after losing the case once, you tend to lose all the others quite quickly). So the first person to take them to court has an expensive battle to fight... so there probably won't be a first person.

They should really be hit with a criminal case too, but that's a political matter, and current US politics is heavily pro-corporation, so it probably won't happen.

The legal system is a nice idea but it costs too much for small players to be able to take on big ones. Big players like Sony get a free ride when it comes to treading on small ones.

Re:Wow! A replacement CD!

[bhtooefr]

It tends to be easier to actually GET the judgement if you file in the offender's home area.

According to this page, they're in New York, NY.

Read here. http://www.courts.state.ny.us/courts/nyc/smallclai ms/index.shtml

Re:Wow! A replacement CD!

[Teun]

Because it cheered up the whole department.

When you left.

Re:Wow! A replacement CD!

[TheCarp]

And I would say the same thing... if slashdot puts up malicous code, then they have broken the trust of the entire community. 10 years of built trust of doing the right thing, violated. It would be horrible, it would effect many of us.

Should we think more about trust relationships like this, probably. I think its something that people, in general, should be more midnful of. As introversion software pointed out in the subtitle of their game uplink: Trust is a Weakness.

Does the company have a legitimate complaint... yah in some light. However, I do think there is some value in forgiveness. Or as the dude put it

Walter: Am I wrong?
Dude: No Walter, your not wrong, your just an ASSHOLE

Remember, one of a companies biggests costs is turnover. A recent study showed that the average cost of replacing an employee to the company is 150% of their positions yearly salary.

When a person causes harm through what is otherwise completly understandable and normal actions, I think it behooves us to forgive them their trespasses. There is no real need to make a case for being an asshole.

-Steve

Re:Wow! A replacement CD!

[HiThere]

Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place. Even after it was revealed that this had been the prediction of estimates given to management before it made the decision. (The case was in Georgia, and I believe [with imperfect certainty] that the company was Dow Corning]. It involved the intentional poisoning of a town's water supply by illegally disposing of chemicals. It was a federal court.)

Re:Wow! A replacement CD!

[fobbman]

I don't think that you could you have possibly chosen a more obscure analogy for the /. crowd.

Re:Wow! A replacement CD!

[tomhudson]

Most small claims courts have brochures and web sites outlining the process.

Up here, its very simple. You send them a letter by registered mail, explaining the problem and giving them 10 business days to get back to you. If you haven't heard from them in 3 weeks (the courts like it if you cut the defendant some slack), then you go down to where you file, and fill in a form (bring a copy of your demand letter).

The important words to put at the top of your demand letter:

DEMAND LETTER
WITHOUT PREJUDICE

The whole "without prejudice" means that you're not limiting yourself to te claims you state in your demend letter - you aren't "prejudicing your rights" to take other action as well.

Have fun.

Re:Wow! A replacement CD!

[tomhudson]

Tort law is on your side (as is the wording of the class settlement). You suffered damages as a direct consequence of Sony's shipping a r00t kit. Same as if GM produced a vehicle with defective brakes and you were hit by that car ... its a reasonably foreseeable consequence of their actions.

As I point out elsewhere, the very top of the judgment includes people who didn't buy a CD but were nonetheless r00ted.

Re:Wow! A replacement CD!

[Archangel_Azazel]

I have this sinking feeling that it's where we are headed though. As I have gone through my work life, the companies that I have worked for have steadily valued their employees less. People are replaceable, what with the unemployment so high right now, I know a lot of companies that don't mind 70-80% turnover. In fact, one company I worked for LOVED that. It meant they didn't have to give benefits like insurance and whatnot.

We're creating a class of working slaves, mark my words.

A.A

Re:Wow! A replacement CD!

[greg_barton]

Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place.

There's a difference between killing a few unimportant villagers and messing with the government's stuff.

Sadly.

Re:Wow! A replacement CD!

[jhylkema]

I really want to see someone go after Sony for a real settlement.

You can. No one is bound by the class action settlement. You can opt out of the settlement and pursue your own independent damages claim against Sony.

Re:Wow! A replacement CD!

[MyOtherUIDis3digits]

Corporations have the same rights as individuals

You must not be in the US. Here, corporations have way more rights than individuals do!

Re:Wow! A replacement CD!

See now if you just stole all your software and media like a regular nerd there would be no problem. I don't see anything immoral about downloading music 'illegally'.
1) The artists themselves only recieve a SMALL percentage of the money from music sales.
2) Artists make too much money anyways, do you really need to make more than a high governmental worker. I'm sure musicians won't just all quit if they make less money... they have perks like roadies to keep them going.
3) Artists should do more concerts rather than having a greater than thou personality
4) If The big music companies were shot down the artists themselves could run there own site with music downloads for 10c cutting out the middle man and making more money.
5) More people get more music, do you think i would really have 50,000 songs if i had to pay for them? There is no way i could afford that. And i prefer not to support large corporations who suck the life out of artists
6) Anyways, musicians always seem to thrive when they are miserable. :p

Re:Wow! A replacement CD!

I would *STRONGLY* encourage you to convince your brother's school AND father's company to sue SONY for damages. And try to make it class action. And keep in mind the penalties that they have used against "real" crackers (Mitnic, etc) for "damages". If those cases are used as precident for damages (not sure if this is legally possible), then SONY will pay through the nose, AS THEY SHOULD.

Re:Wow! A replacement CD!

[jhylkema]

The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

This decision was made, of course, after some money changed hands behind the scenes. You know, a little bribe^H^H^H^H^H campagin contribution. If you think the Bush administration would have put Sony out of business for this, I'd really like a toke off of whatever it is you're smoking. Doing so is, after all, bad for business and bad for the economy, and if we do things that are bad for corporate bottom lines^W^W^W the economy, then the terrorists have already won.

Re:Wow! A replacement CD!

In Canada it used to be the case (dunno if it still is), that a woman could file a rape charge and have it stick, even after consensual sex, if she was not satisfied.

Re:Wow! A replacement CD!

[Billly+Gates]

Actually yes

Thats how it works in the military when someone screws up. Remember the secretaries boss hired her and his boss hired him and so on. So in actuality its all their fault.

This is why interviews are difficult to conduct and be a part of. You need to filter the bad apples out and enforce policy within your company.

Re:Wow! A replacement CD!

[lgw]

Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

Against a *foreign* company, putting rootkits on government computers? Sure. There are guys who have spent their whole lives waiting for such an opportunity.

Re:Wow! A replacement CD!

[TheJediGeek]

here's an easy way to find out. Can you find the Compact Disc logo ? If so, it's not crippled. If I'm not mistaken, it's due to Phillips, the co-owner of the Compact Disc trademark refusing that their trademark appear on non-red book compliant discs.

Basically, yeah. Flip the case over and look at the back. If you don't see the "Compact Disc Digital Audio" logo, look for an asterisk followed by a disclaimer that says something like, "This disc does not meet the technical standards for an audio CD." I don't remember exactly what it says, but I've seen it enough on CDs that there's VERY little mainstream music I'll buy (or listen to) now.

Re:Wow! A replacement CD!

[Asphalt]

I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

Not if you opted out. Which EVERYBODY should do to class action suits.

The more people that opt of of class action suits, the less likely the punishment is to be a "slap on the wrist". The last thing Sony wants is a bunch of individuals out there with money hungry lawyers free from the confines of the class action settlement. It makes the class action settlement worthless.

We enable the slaps on the wrists because 99.9% of us don't take the time/effort to opt out of class-action scams.

As usual, the enablers of this nonsense is us.

Re:Wow! A replacement CD!

[Asphalt]

Man, I wish I bought their rootkitted CD :)

It's not too late, i'm sure there are still some circulating somewhere.

Seriously, though. This is one reason why I don't buy CD's anymore. I have been afraid of the CD's ever since the late 90's when a KRS-One CD installed AOL on my computer from the Autorun feature of Windows 95.

Putting a commercially packaged CD into your Windows computer is like opening an attachment from an unknown sender.

I've no idea why someone would pay for the priviledge.

Let the artists starve until they come up with a sensible distribution method. If we are truly taking money out of their pockets, then let them put the screws to the label. I don't have time to protect everyone's interests. It's time for them to do something for themselves.

Hey Brittney, it ain't my fault you and Kevin can't afford forumla for little Shitney Jr. I don't feel like rolling the dice on the new "Whoops I did it yet again" CD. If i'm curious i'll download it.

Unless you are going to come over and personally re-install my OS ... which I doubt.

Time to look out for the fan's interests ....

Re:Wow! A replacement CD!

[gg3po]

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

Why not? If you're going to work for a corrupt company, you're a cog in the wheel that is contributing to the problem. It would certainly make people think twice about working for "the Man." I would agree that those directly responsible should be the hardest hit. This is only fair. Maybe only stockholding employees should be held accountable. The hours of community service/jail time required would be directly proportional to the number of shares they own. That would certainly give a significant incentive for stockholders to speak up and take measures to ensure nothing like this happens in the first place. It might even make them more careful who they appoint to executive positions (only people that won't get us all in trouble down the road). If a large corporation were to appoint someone to be an exec that had a history of questionable ethics (even though they "get results") people would sell off their stock like a hot potato, and the corp would lose $$$ -- better not appoint him.

Re:Wow! A replacement CD!

[Asphalt]

Here is a PDF link to the settlement:

http://www.sunbelt-software.com/ihs/alex/sonysettl eme23423423434nt.pdf

Read page 17.

Only 1,000 people have to opt-out to preserve individual consumer rights for legal redress.

We can only hope that 1,000 people did so.

Re:Wow! A replacement CD!

[edwdig]

A lot of CDs don't have the CD logo on them even if they are compliant. Usually the more effort that was put into designing the cover art, the less likely it is that the CD logo is present. Sometimes the more artistic ones have the logo inside the case, but not always. I haven't spent more than a few seconds looking at copy protected CDs, so I have no idea if they really do withhold the CD logo from them.

Re:Wow! A replacement CD!

dude, you know Lara Bezich too? tell her hi for me.

Re:Wow! A replacement CD!

[Lave]

OK, you guys totally won me over - this result is nowhere near enough.

Probably doesn't warrant another comment - but I think you should admit when people won an argument or convinced you to change your mind.

Re:Wow! A replacement CD!

[Steve001]

Red Alastor wrote and included with the post:

Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?"

There's an easy way to find out. Can you find the Compact Disc logo ? If so, it's not crippled. If I'm not mistaken, it's due to Phillips, the co-owner of the Compact Disc trademark refusing that their trademark appear on non-red book compliant discs.

I have checked the discs for the official CD logo, and on some discs it is not there. I agree that that having the logo on the CD would be a great help, as long as it means the disc is in complete compliance with the Red Book Standard for CDs. If it is on CDs that are not in compliance with that standard, then the value of the logo is degraded.

Although the CD logo might be left off of the cover for artistic purposes, I wonder if the UPC was also left off of the disc too for the same reason. I pulled a few discs from my collection and found that many of them did not have the official logo even though there was plenty of room for it, and it would not have disrupted the art design.

What would help is if the official logo was put on a specific place on Red Book CDs. A good place would be on the lower right corner of the back cover. It would not have to be large, just be there. It could even be a selling point for the disc, telling us "This disc is safe for use."

Re:Wow! A replacement CD!

[Red+Alastor]

Red book compliant CD players share the same algorithm to recover data from scratches and other damage. Many CD are sold pre-crippled in a way that the CD player will still play the intended sound by following its algorithm. The point is to make ripping harder (futile attempt).

Those CDs aren't red book compliant either and can't show the logo even if they don't contain malware.

Re:Wow! A replacement CD!

[Zerathdune]

I think it would be more accurate to leave out the sorry part. She also has to have known that she had VD, and that she would give it to you.

Re:Wow! A replacement CD!

The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

So, figure that someone that wrote a virus that accidently released into the wild would have gotten some sort of jail time or community service. Why not take all of Sony BMG's profits for some equivalent period of time. Say 3-6 months profits from that division or subsidiary. Seems that is the only way to make corporations pay the same respect to laws as individuals would given the same potential loss of income.

Re:Wow! A replacement CD!

[Steve001]

Red Alastor wrote:

Red book compliant CD players share the same algorithm to recover data from scratches and other damage. Many CD are sold pre-crippled in a way that the CD player will still play the intended sound by following its algorithm. The point is to make ripping harder (futile attempt).

Those CDs aren't red book compliant either and can't show the logo even if they don't contain malware.

I've read of this being done on some discs for this reason (to make copying harder). Essentially, it means the disc is relying on the error-correction ability of the player itself to compensate for intentional errors on the disc.

Due to this the player essentially has to guess what the correct information is, and it reduces the sound accuracy of the audio (since it is guessing, how can we be sure that it is guessing correctly?). In the audio book of Being Digital by Nicholas Negroponte, he mentions that a large amount of the data on a music CD is there for the purpose of error correction.

I see the unlocked nature of the CD format as a reason that it will survive for the foreseeable future. From what I can see, all future audio/video/gaming formats are going to highly locked down with copy protection, and this will be a strong disincentive for people to move to a new format.

Another disincentive is the "good enough" factor. I think that for the average consumer the sound quality of CD is good enough. As shown by the success of compressed audio formats, many people find that sound quality that is less than CD is acceptable for their use.

Re:Wow! A replacement CD!

[ScentCone]

Maybe only stockholding employees should be held accountable.

So, you'd be against the routine types of suits and prosecutions that occur when stockholders are lied to by corporate employees, consultants, accounting firms, etc? The whole point of holding a person responsible for their own actions is to allow things like business investment to proceed without all 100 million people who own a share of Sun or MS to not have to pay attention to the minutes from every meeting between every one of tens of thousands of employees.

Do you really think that some grandma that owns a few shares of Sony in her mutual fund should need to have the ability to know that the British company that was given the contract to handle the DRM technology in question was about to make a really bad decision on behalf of Sony? Are you that sure you want to make it that impossible for people to invest their money and keep the economy moving? If a particular employee in a large company wakes up one morning and decides to do something criminal, you'd rather that everyone in the company, and everyone who invested money to help grow the company pay the price (rather than the person who decided, that day, to do something criminal while on the clock)?

Your version of the world would have no companies large enough to produce reliable antibiotics, efficient refridgerators, or high speed video boards. Grow up.

Opt-in website

[TheSpoom]

Here's the claim filing website for the Sony BMG settlement, since I didn't see a link to it in the article.

The solutions given almost don't seem worth it, but I'll probably opt-in anyway just so that little bit of money gets drained from Sony so they don't do this again.

Re:Opt-in website

[eln]

What makes you think that giving you a replacement CD or allowing you to download music is going to cost them anything? Giving you a CD will only cost them the actual cost of stamping the CD, which is probably less than 10 cents. Allowing you to download a music file from them will cost them nothing.

Sony is getting away with basically paying nothing here. Sure, they'll put it on their books as having cost so many millions in lost revenue or whatever for tax purposes, but the actual cost is pretty much zero.

Re:Opt-in website

[LunaticTippy]

I'm staying far away from this one. I do not want Sony taking a particular interest in my activities.

Re:Opt-in website

Make them post the CD somewhere overseas. Look up the phonebook, and say Manager, XYC Hotel, YourName or Occupant of room 21 - you get the drift. Iran, Iraq, Nth Korea and Pitcairn Islands , or a research station at the North pole or Antartica are prime candidates, or Japan, where it stands a good chance of being returned at huge expense, and upsetting the local pigopoly. If it does not arrive, get them to re-post, India, Pakistan and Sth American destinations often have mail insurance issues.

Re:Opt-in website

[TheSpoom]

That's why you go for the payment of $7.50. As I said, almost not worth it, but it adds up if enough people choose the cash option.

Flawed?

[Mateo_LeFou]

I believe the software did exactly what it was supposed to do. Shouldn't there be mention of a flawed *DRM *strategy being foisted upon consumers?

Re:flawed?

[pxuongl]

i think what bothers me most is that nowhere at anytime, even in this notice, does Sony say sorry, we f'd up. the hubris of these guys...

If...

[Lord+Kano]

If a 15 year old script kiddie had done the kind of damage that Sony did with its rootkit, he'd be spending a couple of years in a "Federal PMITA prison" why does Sony get off this lightly?

Someone should be incarcerated over this.

LK

Re:If...

[pete6677]

Because the script kiddie was too stupid to form a corporation first. It worked for many other virus writers, like Kazaa and Gator.

Re:If...

[cdogbert]

clout Pronunciation Key (klout)
n.

1. Influence; pull: "Women in dual-earner households are gaining in job status and earnings... giving them more clout at work and at home" (Sue Shellenbarger).
2. Power; muscle.

Re:If...

[Rogue+Eve]

A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation. He was 18 but still did not receive jail time so I am not surprised that Sony got off so easily. White-collar crime just doesn't receive harsh punishment.

Re:If...

[pryonic]

Tell that to the British Hacker who hacked into NASA looking for evidence of UFOs, and is now being extradited to the USA and may end up in Guantanamo Bay on terrorism charges.

From a technical point of view his methods sound rubbish, and I've seen him on tv- he's an idiot. But the US government is treating him like he's murdered 2000 people, not 'hacked' into a computer system...

Re:If...

[Overzeetop]

Sony installs a rootkit on (potentially) hundreds of thousand computers, and not a single person is on probation. I think community service for Sony USA executives would be a very worthwhile punishment for the humans who should be watching what their company is doing, and a stiff financial fine - say 10% of gross '05 earnings (just like a $3000 fine for a regular guy who makes $30k/yr) - for the corporation, with 6 years probation. Should Sony be found in violation of the terms of the settlement (to be negotiated by the plaintiffs attorney and the judge), Sony loses it's corporate status in the US.

Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

Oh, and while I'm at it, I'd like world peace, too.

Re:If...

nasa (gov) != sony (incorporated business)

Re:If...

[Foobar+of+Borg]

I only ask that Sony be held to the same standard.

That will only happen when Sony can no longer purchase the US government.

Oh, and while I'm at it, I'd like world peace, too.

"We're the United States Government. We don't do that sort of thing!" - from Sneakers

:-p

Re:If...

A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation

And a criminal record that will follow him for the rest of his life, procluding him from many jobs, a common legal excuse for denying rental housing, etc. Plus (since he's in a scary place like Texas) if he screws up in the least little way he could get tossed in a cell for a long while (like 16 years for stealing a candy bar).

http://news.bbc.co.uk/1/hi/world/americas/704922.s tm
http://www.commondreams.org/headlines/040700-01.ht m

So when the only job your friend can get is pushing shopping carts around and living in a leaky trailer away from anything normal remember how "light" his sentance was. It's Texas, unless you're white and connected no one get's off "light". BTW, during the next huricane evacuation don't bother looking for your friend since Texas plans to "segregate" convicted criminals away from the "good" people.

Simply put: unless your friend gets his conviction sealed he'll wear a scarlet "C" on him forever. Meanwhile Sony execs still enjoy their multimillion dollar paycheck and no conviction.

Welcome to amerika.

Re:If...

[thePowerOfGrayskull]

This was a settlement to a civil suit, which won't ever include criminal penalties. As far as I knowthere has not been a criminal suit filed.

Re:If...

[aztec+rain+god]

You forgot two tickets to Tahiti.

Re:If...

[hackstraw]

Someone should be incarcerated over this.

The problem is that a _company_ did the bad thing, not a "person". Can't put a company in prison, now can you?

Now, you can fine a company. I don't remember who, but if I remember correctly, a second company, not Sony, actually wrote and packaged the rootkit for Sony, and Sony was only wrong in that they did business with said company. We all know it was an innocent mistake, right?

The thing is that I don't hear anything about the company that created the thing, and what has been done to them, and what kind of precedent has been set if some other company tries to do the same thing.

That is what I want to know.

Re:If...

[dr_dank]

Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

Not to excuse Sony's sleezy actions and subsequent pat on the wrist, I think you're comparing apples to oranges. If you don't do your job as an engineer properly, people can die (structural collapses, vehicle malfunctions, etc etc). Sony's worst rootkit nightmare will waste lots of time and resources, but won't come close to inflicting the kind of harm that a misplaced decimal point would in a blueprint.

Re:If...

[Dunbal]

Can't put a company in prison, now can you?

      No, that's what the board of directors is for.

Re:If...

[brufleth]

1. The root kit makes your computer vulnerable to attack/infection/whatever you want to call it.

2. All someone has to do is write something that changes the position of decimal places on infected systems.

3. Deaths

This world is run by managers sitting on the shoulders of engineers and scientists. When it hits the fan the managers come out smiling but engineers and scientists are often not so lucky.

Re:If...

[pete6677]

Here's a little secret of the justice system: most convictions for non-violent offences, particularly first-timers, can be expunged after a year or so. By the time this guy is out of school, he'll have a clean record. All it takes is some lawyer fees.

Re:If...

[Overzeetop]

It's not as bad as people dying from things I personally screw up. As the principal in charge, I can (and likely will) be held responsible for anything anyone does in my organization. That includes simply the loss of time and money due to errors which simply result in, say, leaky roofs or blown fuses or mold due to poor air exchanges or humidity controls. If the damage is large enough - say, affecting 100,000 people and costing tens of millions of dollars in lost productivity to correct - I could lose my license, even if it was a registered engineer at my firm who did the work. The fact is that, as the principal in charge, I'm responsible. People don't have to die for me to be in trouble.

The fact is that Sony management allowed this rootkit to be distributed to their customers. Whether is was through lack of proper oversight or an intentional act may change the severity of the punishment, but it is only a particular degree. Either way, this is gross negligence on their part. If the top execs end up having to fit 1000 hours of community service into their lives, I'm guessing that the heads who were closest to the decision will roll. And that's as it should be - A judge shouldn't be telling Sony who to fire - that should be the job of the top brass, just as its the job of the top brass to make sure their underlings don't do stupid shit like this in the first place.

Re:If...

[Tal0n]

And a pony!

Re:If...

[TheKingAdrock]

Last time I checked, companies were run by people. Someone somewhere in Sony made the final call on doing this.

Re:If...

[Aceticon]

Because the script kiddie was too stupid to form a corporation first. It worked for many other virus writers, like Kazaa and Gator.

This shouldn't be moderated Funny, it should be moderated Insightful

Re:If...

[Lord+Kano]

The problem is that a _company_ did the bad thing, not a "person". Can't put a company in prison, now can you?

You can put executives in jail, look at Enron.

If the officers of a company gave their official endorsement of criminal activity, they can and should be held criminally liable.

The thing is that I don't hear anything about the company that created the thing, and what has been done to them, and what kind of precedent has been set if some other company tries to do the same thing.

The third party didn't put the software onto the discs and then distribute them. Same as how Smith & Wesson may have made the pistol but it was the criminal who used it to shoot someone.

LK

I'm sorry, but that's not enough

[Gizzmonic]

If some young "cranker" released this type of virus out in the wild, he or she would be looking at serious jail time. But as is normally the case with corporations, no one is expected to be personally responsible. Just a few dollars that amounts to jack shit for a huge corporation.

Just like when Ford and Bridgestone decided to go ahead and release the exploding tires. Sure a few people got killed, but we can't press criminal charges! These are our captains of the industry! Reason #122,234 that this country is seriously messed up.

Re:I'm sorry, but that's not enough

[sgant]

Easy, the "cracker" should have formed a corporation first with the intent of being a "security consultation firm".

"Hey, the worm we were developing to track down...um...terrorists...got away from us and got released to the net. Sorry about that. Hey, we'll bankrupt the company ok? We'll dissolve it and go on our merry way....oh, can we get some venture capital cash from you government types so we can continue our...um...research? Yeah yeah, national security and all that."

See, bullshit your way out of it and act just like a real company like Sony.

Re:I'm sorry, but that's not enough

[MichailS]

Well, I'd rather blame the whole concept of public limited stock corporations - or whatever the correct term is in the country where you are.

The idea that the ownership should be distributed over a faceless mass who hardly even know they own stock (through investment funds) and even less know or care what their money does - combined with a board of directors that have no personal responsibility for the corporation - is a contemporary societal disease that hopefully the future generations will snort and roll their eyes about, the same way that we do when we hear about slavery, letters of indulgence, child marriage and such tales of past eras.

Future people! I apologize for this era when we burned all the petroleum and created humongous corporations that devoured everything!

You who will live without this fantastic material known as "plastic" and will be born into serfdom and branded with company logotypes in the forehead at birth, know that some of us were sorry!

From the understatement-of-the-year dept.

[cdogbert]

CDs containing what was revealed to be flawed digital rights management (DRM) software

I hope it's a really, really big settlement!

[Rob+T+Firefly]

If Sony pays me a sufficiently huge wad of cash, I might be able to afford to give it back to them in exchange for a PS3.

How much $$ did the lawyers get?

[rabun_bike]

Usually in a class action lawsuit those harmed get a coupon or replacement product that's pretty much worthless. The lawyers get millions of dollars in fees in the name of "protecting consumers." So, how much did the attorneys get in this case?

Re:How much $$ did the lawyers get?

[Kohath]

The amount hasn't been decided on yet. (I read the agreement.)

This story should probably have waited until the attorney's fees were decided, since that's what these lawsuits are about.

Re:How much $$ did the lawyers get?

Feel free to file your own suits. Class action lawsuits take a lot of money and willpower to run and execute to completion. They aren't always succesful either. Nothing is preventing you from suing them on your own, go ahead. The concept of class action suits isn't so much to get reparations for those effected but to punish the offender for a multitude of individual torts without having to file individual cases.

While it may offend you that the lawyers take the cake, they do the work. Nothing's stopping you from persuing it on your own.

Re:How much $$ did the lawyers get?

[rabun_bike]

Spoken like a true lawyer.

Re:How much $$ did the lawyers get?

[rabun_bike]

Spoken like a true lawyer. Is this why class action cases are all certified in pretty much a single class action friendly state? Yes, lawyers have to put up money to make serious money back. Are they helping society? 90% of the time, no. Do they pretend they do? Yes! I was not harmed by the Sony root kit. I have no bone to pick in this fight other than class action lawsuits do not benefit those harmed. They just don't. Read the agreement. Show me the evidence where those harmed by Sony get a good settlement. You can't because the system is broken. How many people do you think you need for a class action case? In Texas, you one need one. How is that a class/ Am I offened that lawyers took away so much? No. Why? Because I know several class and personal injury attorneys. They make lots of money but they still can't quite come to terms that they really are not the savors they try to convince people they are. It is as simple as that.

Re:How much $$ did the lawyers get?

[marklyon]

All totaled, they are asking for $4M. Sony and the "class counsel", however, want to limit the EFF's portion of the fees (which was requested at around $2M) to no more than $100,000.

You can read more about it here: http://sonysuit.com/

Re:How much $$ did the lawyers get?

[marklyon]

Actually, you can't file your own suit now. The judge entered and order certifying the class, and making it virtually impossible to get out. You can either get the compensation from this settlement, or get nothing.

Worthless!

[Luscious868]

As others have noted, this is a joke. Those users who were affected are entitled to a replacement CD, free downloads of the music on the CD in question (in who knows what format) or a cash settlement. So someone spends hours cleaning up the mess that Sony made and they get what amounts to $15 to $20 bucks. Most people who are affected probaby won't even bother to claim anything so Sony isn't really hurt by this. It seems to me that the lawyers who brought the class action suit are the only ones who really benefit here.

Re:Worthless!

Nothing is forcing you to opt into these settlements...you're free to pursue your own actions against Sony. File a small-claims court case against them. If > 100,000 others did the same, that could amount to millions that Sony has to pay.

Class actions only work for lawyers and, provided there is a legitimate gripe, corporations (otherwise, just lawyers). Thousands of individual suits are a far more effective way of sending a message to a company...the only problem being that nearly everybody is too apathetic to bother filling out the paperwork.

You are Living in a Empire, get over it.

[hackus]

Welcome to the Empire of the United States of America.

While you serve the sufferance of the 5% of the families in this empire that own 95% of everything here, please be advised that you do not and cannot own:

Any sort of source code, any sort of music, any sort of transportation, any energy source.

You can however, license it from said 5% of the population here that own 95% of everything else.

You may buy a "rights" upgrade to your license to do as you please here, if you get caught violating the law. But bear in mind, sometimes we have to not accept your cash so we can calm the masses and throw them a "justice bone". In that instance should it happen, your "rights" license is null and void.

Above all else, while you are here please be advised that any government official can be purchased for a limited time depending on how much cash you have, and how much influence you want.

Just do not make it obvious and please use foreign banks to make sure transactions are not traceable.

Thank You and enjoy your stay!

-The Empire USA

That was fast!

[brouski]

As scandals go, it seems like it took no time at all to go from exposure to out of court settlement. What do people make of that?

Re:That was fast!

That the people in power are more worried about Bill Clinton getting a bit of head than a whole lot of people getting shafted?

fix

Is there any software available to fix and/or remove the rootkit? I played a Velvet Revolver CD on my PC, I believe on of the first CD to have this malware. How do I know if the rootkit was install?

Quid pro quo

[Opportunist]

Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

Sounds fair.

Re:Quid pro quo

[The_REAL_DZA]

I dunno, have you heard some of the crap the "artists" are recording these days? $14.95 for a disk full of it seems like a "fantastic amount of money" to me...

Re:Quid pro quo

Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

Well, since technically they're not "buying" the CDs in the first place, but just making more copies of them to give away (at wholesale blank cd prices!), I'd say if you make a copy of all the disks you ripped and gave it to them.... -that- would be fair.

Re:Quid pro quo

[Opportunist]

Of course, only of music you have. I doubt Sony pays you anything if you didn't buy their rootkit.

from TFA

[Foobar+of+Borg]

from TFA: These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

Now, at least we know which CDs to avoid and if Sony keeps including any kind of copy protection software, their sales will plummet even more than they already have. The only thing left now is the drawing and quartering of the CEO and other upper-level officers, along with the dissolution of Sony's articles of incorporation, and I would say that justice was served.

But, I'm not holding my breath.

What about the $1000?

I'm surprised nobody's mentioned the incentive payment for each plaintiff.

C. Plaintiffs Class Counsel will request that the Court award an incentive payment, not to exceed $1,000, to each of the Plaintiffs in the Action and the named plaintiffs in the Non-S.D.N.Y. Actions. Defendants shall not oppose any such requests, and will pay $1,000 or such lesser amounts as the Court may direct to each of the specified individuals within ten (10) business days after the Effective Date.

Does this mean Sony pays $1,000 to each person that bought an infected CD? I should have bought one.

Re:What about the $1000?

[Fallen+Kell]

These payments go to the "named" parties in the lawsuit, i.e. the people who origionally went and found lawyers who then took on the case(s), which then recieved class status.

Who will get the money?

[hsmith]

The Lawyers and the Gov't, the people who were actually harmed will get a small, pathetic amount back. Yay for tort laws!

I believe it didn't

[Moraelin]

Unless you mean that Sony actually wanted to:

1. stealthily put a general-purpose rootkit interface on your computer, that leaves it wide open for any script kiddie to hide their malware with,

2. utterly break your computer if you try to uninstall it, even after you no longer own the CD or are interested in listening to the music on it

3. have exploitable bugs in both the original rootkit and in the "solution" to the problem they created

then no, it didn't do exactly what it was supposed to do. Pushing DRM on the consumers is a worthy discussion in its own right, but this crap went beyond that.

If you just buy an iPod with Apple's "fair play" DRM on it, or a Creative Zen with MS's DRM on it, or when you download the latest Media Player or Real One, that's DRM-ed. When then discover it can limit what I do with my music... that's DRM. And it does just what it's supposed to do, and nothing more: it just applies those rights to the DRM'ed music you bought, if you load it on that device. Nothing more. And if you uninstall that player or sell that iPod, then that DRM goes with it.

But Sony's heavy-handed crap was more like breaking into your house when you're away, and bugging your VCR to be sure you don't play some copied tape. And in the process leaving your front door lock broken, making any thief's job easier. And, oh, if you un-bug your VCR, it'll weld your garrage door shut.

I do believe that that's no longer "just DRM", that's a whole new level of crap. In fact the kind of crap that should be outright considered criminal. DRM or no DRM, that doesn't give them a carte blanche to stealthily install a rootkit on someone's computer.

It's the kind of Wild West vigilante justice that's just not Sony's business to enforce in a republic ruled by the law. We're no longer in the days where you'd just get a posse and go kick the Joneses' door in to see if they're the ones who stole your branded cow. So Sony has no business doing the same to the Joneses' computer. Plain and simple.

Re:I believe it didn't

[Mister+Whirly]

To break it down... Sony had no problem committing felonies to stop their consumers from infinging on their copyrights. Sony does not even recieve a superficial "slap on the wrist" - but instead gets a get out of jail free card from the DHS. Classic!

You'd give a temp secretary root access?

In order for that to have happened, you would have needed to allow the temp receptionist root access on a machine. If you did that, you deserved what you got! The rootkit installs a security hole, but it can't install at all without administrator access.

Actually, they're rather unrepentent

I work for a media company and recently met with the global "head" of SonyBMG's digial licensing group. I brought up the rootkit thing and asked how that was going to affect them going forward. He seemed suprised that I had even heard about the issue and basically said "I can't believe these people are making such a fuss over it. People are going to eventually get used to it." (not a verbatim quote, but that was the gist)

So I wouldn't consider this much of a "win" at all. Next time they'll just make damn sure they're more stealthy about it. I bet a vanishingly small number of people actually apply for their "relief" so this isn't likely to be a very expensive lesson.

Posting anonymously since I don't think they'd think twice about yanking our license...

Close, but not quite.

[crhylove]

You're very wrong about one thing. It's reason NUMBER ONE. This is the PRIMARY problem we and our progeny are going to face.

Where can I find a complete list of CD's that...

had the DRM on them? I know a few of my friends who have Sony CD's who might have used them in their PC's. I'm just curious how many different albums did include the protection.

Well, yeah.

[Mateo_LeFou]

I'm 100% in agreement; see my other comments for clarification. My point is that mainstream press is talking about this like it's an inadvertent error/flaw that somehow got into the product. Like faulty wiring in a toaster. In fact, this "flaw" was a design decision, arising from the fact that the provider's interests are contrary to the customers' interests.

established precedent

[Tired_Blood]

Lave (958216) writes: I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable.

Whiney Mac Fanboy (963289) writes: You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

A blackhat would have been prosecuted for causing over $1 million worth of damage, easily. Such damage costs are mostly attributed to labor and downtime, so that's probably a fair claim.

Comparing to the extent of this fiasco, jail time for the admitted blackhat would be certain.

My question: Who approved of this project and authorized the release of this malware?

Justice

[suv4x4]

Big corporations: pissing on our constitutions.

Attorney's Fees and an Appeal Still Pending

[marklyon]

SonySuit.com notes that attorney's fees are still in dispute, and that there is an appeal of the case still pending.

Where's the criminal prosecution?

[SecurityGuy]

I really don't care about the free CDs, or any other fine that would be levied against Sony. They're huge, and they aren't going to be hurt by this.

What I want is criminal prosecution of the people in Sony's management who directed that this be done, and directed that this malware be distributed. I can't imagine that if I, Mr. John Q. Public, recorded some of my own songs and packaged them with a rootkit of my own, that I'd be prosecuted for it. More than that, I can't imagine that if some employees of Sony burned the CD and took it to work to listen to, where it then installed itself on their computers, that Sony wouldn't quickly rack up the requisite amount in damages and I'd shortly have the FBI on my doorstep.

Is there any valid reason they're not being prosecuted for this? Is it as simple as the DoJ isn't bothered by it? $DIETY knows, I'll never buy another Sony anything if I can help it, but that's not enough. It's well past time that corporations learn they aren't above the law, even if they do write and pay for it.

Re:Where's the criminal prosecution?

[deadhammer]

What I want is criminal prosecution of the people in Sony's management who directed that this be done, and directed that this malware be distributed.
You'd be surprised how many low-level interns end up being responsible for key corporate decisions.

I can't imagine that if I, Mr. John Q. Public, recorded some of my own songs and packaged them with a rootkit of my own, that I'd be prosecuted for it.
See, there you go. Record your own songs! Preposterous! Of course you'd be prosecuted. We must keep the natural order of things, after all!

Is there any valid reason they're not being prosecuted for this?
Do you even need to ask at this point?

It's well past time that corporations learn they aren't above the law, even if they do write and pay for it.
Apparently you do need to ask, if you think that's ever going to happen.

How about a Replacement Computer??

[AngryNick]

Giving out unprotected CDs and free downloads implies that the error in Sony's ways was in their attempt at DRMing the CDs. So now you can rip your CD and make MP3 for all your friends...who cares?

It seems to me that the issue was their choice of HOW they enabled DRM. Installing a hidden rootkit that opened up millions of computers to hacks was the real damage they inflicted. How will a new CD secure these computers and remedy those affected in an appropriate way? It's like saying, "I'm sorry for smashing into your car. Please accept this tank of gas as compensation for my poor driving."

I guess it doesn't matter anyway...I'm no longer buying Sony products. They no longer exist to me.

What a Lumbergh

[spun]

Oh suck it, ya fascist. Unless company policy specifically forbids listening to music at work, this shouldn't be an issue. I sincerely hope you don't have authority over anyone you work with, you sound like a perfect Lumbergh. I've got your TPS report right here, buddy, just bend over a little and you can see it...

Re:Where can I find a complete list of CD's that..

[Singer4096]

There is a complete list of the cds covered by the Settlement here.

Re:Fines

[mpapet]

This kind of thing is most likely is a kind of "white collar" crime.

The worst case scenario for white collar crimes is your Martha Stewart incarceration with a felony conviction. You have to really screw many things up to get penalized like her though.

No one is ever going to jail over this one or anything like it because the corporation is the "individual" being prosecuted. Individuals within a corporation rarely get penalized. It's your average American "win-win."

Take them to small claims, it's absolutely worth the effort.

In America, the corporation owns you!

OH the irony...

[minuszero]

I wonder if the judge realised the irony
in allowing Sony to give out free downloads of DRM-laden music files
to people who's computer(s) they made vunerable with their DRM software...

Flawed, my ass

[poena.dare]

"flawed digital rights management"

Flawed, my ass

If I get caught burning Sony Music's HQ to the ground than that's a "flawed" bonfire.

Bought a Sony CD? Get Compensated

[jambarama]

I bought one of the copy protection discs; if hadn't been running Debian I'd have been hit by it too. In February I just got a notice in the mail informing me that I can claim damages from this lawsuit. I wasn't infected but as long as I return the disk I can get awarded damages. Lets make this as expensive for Sony as we can (to deter behavior like this in the future). If you purchased either of these two copy protection schemes, the details below tell what you need to do to recieve compensation. Please get compensated. It isn't much, but if enough people get compensated it may just stop/slow this from happening again!

If you aren't sure if you've got a CD that qualifies, here is a list of the infected cds: with XCP and Mediamax.

Great job to the EFF, one of the few organizations looking out for Joe Sixpack (and everyone else). The email is as follows

***IMPORTANT LEGAL NOTICE/SOFTWARE UPDATE NOTICE***PLEASE READ*** (Please do not respond to this email. Responses will not be read.)

If You Bought, Received or Used a SONY BMG Music Entertainment CD Containing Either XCP or Media Max Content Protection Software, Your Rights May Be Affected By a Class Action Settlement, And You Should Download Updates For That Software.

What is this about?
A settlement has been proposed in a lawsuit brought against SONY BMG Music Entertainment, Inc., SunnComm International Inc., and First 4 Internet, Ltd. ("Defendants"). The lawsuit, In re SONY BMG CD Technologies Litigation, Case No. 1:05-cv-09575-NRB, is pending in the United States District Court for the Southern District of New York and relates to XCP and MediaMax content protection software installed on certain SONY BMG music CDs.

The Settlement resolves claims that the Defendants manufactured and sold CDs containing XCP and MediaMax software without adequately disclosing the limitations the software imposes on the use of the CDs and the security vulnerabilities it creates. The Defendants have denied that they did anything wrong.

Who Is Included, And What Does The Settlement Provide?
The settlement provides relief for persons who bought, received or used SONY BMG CDs with either XCP or MediaMax software. Under the settlement, any person in possession of an XCP CD can exchange it for a replacement CD, an MP3 download of the same album, and either (a) cash payment of $7.50 and one (1) free album download from a list of 200 albums, or (b) three (3) free album downloads from that list. Purchasers of CDs containing MediaMax 5.0 software will receive a free MP3 download of the same album and one (1) additional free album download. Purchasers of CDs containing MediaMax 3.0 software will receive a free MP3 download of the same album.

The settlement also requires the Defendants to stop manufacturing SONY BMG CDs with XCP or MediaMax 3.0 and 5.0 software and, until 2008: (1) make available updates to fix all known security vulnerabilities caused by XCP and MediaMax software; (2) provide software programs to uninstall XCP and MediaMax software safely; (3) fix any future security vulnerabilities discovered in MediaMax and any other content protection software placed on SONY BMG CDs; (4) provide independent verification that personal information about users of SONY BMG CDs has not and will not be collected through XCP or MediaMax; (5) waive certain provisions of the end user license agreements for XCP and MediaMax software; and (6) ensure that any other content protection software will be clearly disclosed, independently tested and readily uninstalled.

At 9:15a.m. on May 22, 2006, the Court will hold a hearing at the United States District Court, Daniel Patrick Moynihan United States Courthouse, 500 Pearl Street, Courtroom 21A, New York, New York 10007-1312, to decide whether to approve the settlement and the class attorneys' fees and costs.

How Do I P

These CD's are still out there

[snoig]

The worst part is that the so called recall was only for the large retailers. I work in a friends shop that sells CD's. He still has these CD's sitting on the shelf. When I told my friend about this fiasco he talked to his CD distributor about the recall and they knew nothing.

flawed?

[critical_v]

The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. I think "malicious" might have been a more accurate word than "flawed."

Not enough time

[danelav]

We accept unjust settlements and rights infringments not because we don't care, but because we don't have time to do anything about it. People work 40, 50, 60+ hours a week just to make ends meet. Add in 5 to 10 hours of commuting, and the result is very little spare time. I have very little inclination to spend my precious off-hours studying a convolted legal system, promoting a political justice in the community, and organizing a defense against perpetators of injustice. But I also recognize that no one will defend my rights for me, and if I don't defend them myself they will be taken from me. So what can I do? Decrease my living costs rather than increase my income--increasing income always requires an increased expenditure in time, and time is the real resource, the resource that is needed to pursue legal defense and community organization. I believe the largest single expenditure for most Americans is 30-year mortgage or an infinite-year monthy rent payment. If I can use alternative building techniques and piecewise home construction (reducing or eliminating interest, which doubles or triples the cost of a thirty-year mortgage), then expenditures go down, requisite work time goes down, and active time devoted to useful pursuits goes up. We'll see how it goes.

Re:Not enough time

[danelav]

I'm sorry, here's the link: calearth.org. Let's see if that works.

This is a bullshit settlement

[c0d3h4x0r]

Sony contracted the writing of, and performed distribution of, malware that risked the security of countless systems and generated IT costs for businesses and individuals alike. They should get the same level of punishment that Kevin Mitnick got: the Sony execs should be held in prison for years pending trial, and they should be barred from going anywhere near a computer. And, they should have to pay compensation to all the businesses for all the damage they caused.

Anything less than that isn't holding them accountable for the extent of their evil.

Dammit!

[DVega]

I was hoping to get a "I Love Playstation 3" t-shirt at a special discount price.

Re:Dammit!

What do you mean? $200 for a PS3 t-shirt is a discount price!

Re:Bought a Sony CD? Get Compensated

[pxuongl]

an MP3 download of the same album
free mp3 version of the album, eh? so does that mean sony's gonna dole out mp3's? if so, wouldn't they in effect be supporting piracy, as the whole music believes mp3's are the source of all evil?

The Wet Noodle

[peterfa]

What a puny settlement. Sony got off so scott free it's unreal. One of those CDs can bring down a corporate network and screw them out of millions really fucking easily. All one of the employees has to do is play that song in one of their computers and then, with computers connected to the Internet and running around as admin all the time, that box is going to be a Worm Server 2003. That will just bring down the whole network with spyware and viruses. Anyone who's cleaned spyware knows that spyware clearly believes in safety in numbers, as they come by the hundreds.

then

[themusicgod1]

why not just fine sony (number of employees)*(mean salary)*(hours of community service expected) and then tax everyone else less, providing the same social services?

Re:then

[thirdrock]

I found my girlfriend through Slashdot

That's nice.

Where did you lose her?

Re:then

[TheSpoom]

Stranger things have happened; I found my girlfriend on Yohoho! Puzzle Pirates.

You gotta be kidding!!

[pottymouth]

"Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments "

At the same time they collect $150K for every song someone downloads without their permission. Oh yeah, that sounds fair...

How about this, Sony has to pay $1 billion to every customer that had this root kit installed without their knowledge. Yeah, that's a nice fair figure factoring from the $150K now considered reasonable for illegal downloading a single song or movie. Ooops, I forgot, that would hurt BUSINESS (Vs hurting those pesky people). Gotta protect those poor businesses. Wouldn't want them to have to pay for their behavior.... Now way Josey....

The Socialist Republic of Canuckistan

[renehollan]

Welcome to Canuckistan!

Note that if you chose to become a citizen or landed immigrent and become ill, you are forbidden to pay a doctor for treatment. You must stand in line, and wait your turn for state medical care. We are not responsible for your death in this case.

Welcome to Canuckistan!

If you chose to accept state medical care, you may not leave your province of residence. To do so requires reimbursing the province for any medical care received, at the rates the province prescribes.

Welcome to Canuckistan!

Yeah...

[Greyfox]

But if you wrapped your CD in lubricated latex you probably wouldn't catch a virus from it either.

I don't do Windows or Sony music CDs and wasn't paying a whole lot of attention to the whole debacle. Did the rootkit still install if you had the windows auto-play-CD thingy turned off? Did it install corectly if you weren't running Windows in admin mode? It seems like the first couple of things someone administering a big Windows network should do is to turn off the CD autoplay and require all the users to use non-admin accounts... If the OS is still subverted after that, THEN sue Microsoft and Sony for damages. Not that you'll get any, since the EULA says your'e on your own.

I just hope people learned something

[Sloppy]

I'm not really defending Sony, and I'm glad they got their slap on the wrist, but the victims in this case made some really, really bad decisions. It would never occur to me to run code from a music CD, and if someone did give me the idea, I would have decided against it. But that's because I'm a computer-dork and think about such things.

Maybe this case's high visibility will cause laymen to start thinking, too. If they come to the foolish conclusion that "well, I can still run software given to me by people who do not share my interests, because if something bad happens, I'll just sue" then I forsee more unhappy times for them. It won't matter whose fault the courts say it is; what matters is who suffers. Don't be that person.

LOL

[Greego]

What moron modded up this obviously offtopic post? BTW, I love this kind of asinine reply to a flamebait-y post... "err, well America sucks but.. hmm, here's a problem in this other country!" :)

Re:LOL

[renehollan]

I love this kind of asinine reply to a flamebait-y post... "err, well America sucks but.. hmm, here's a problem in this other country!"

Perhaps some of us find American "suckage" to be of a significantly lesser degree than that of other places. The U.S. has treated me far, far, better as a foreigner than Canada ever did as a citizen. And that's including the very few xenophobes I meet.

Ask yourself this: If the U.S. is so horrible, why do so many want in?

Re:Bought a Sony CD? Get Compensated

How'd they know who to send a letter to? Did you sign up for the lawsuit, or is there some scary database linking CD purchases and addresses?

I don't need no steenkin' lawyers ...

[Lou57]

Sure, I could jump in on this "settlement", but I don't need to. What I NEED to do is to protect myself and my clients, period.

So for me, Sony loses. I buy and recommend a great deal of products that Sony has in their product lines. I no longer buy ANYTHING made by Sony. I won't trust them again. I don't have to, and I don't feel like I am limiting myself.

We're going to see this happen again. Perhaps from Sony, perhaps from someone else. Sony wasn't the only one that believed that this was a legitimate business practice. Microsoft and Symantec were both aware of what Sony was doing, and chose to allow it in their antispyware product lines. It wasn't until well AFTER Russinovich's expose that they started doing something about it.

So for me, it's just business. I don't trust them, and I don't have to. I have choices.

Would you put one of their DVDs into your computer to watch the movie you paid for? Would you tomorrow?

Incorporate to hack and get away with it!

[Money+for+Nothin']

Seriously, if an individual did what Sony has, that person would be doing either community service or time in a federal pound-me-in-the-ass prison. And Sony?

Slap on the wrist, and no more.

I'm going to start a hacking corporation that runs a music industry as our legitimate, customer-facing front. We'll release rootkits on CDs of horrible music, and rip off as much privately-owned information from our unsuspecting users as we can. Of course, we won't get it directly -- we'll use elements of the non-corporate community to help us out; to help make us money by proxy...

OK, seriously, if the rule-of-law is to be consistent and thus mean anything in this country, Sony should be forced to send those responsible in the company to U.S. federal pound-me-in-the-ass prison. Why isn't this happening? Well, this was a civil case brought by the EFF. So what about the criminal case? The EFF says they're unaware of any such cases.

i feel bad for the people who bought any of those

[Myopic]

i feel bad for the people who bought any of those albums, because they all suck

i except, possibly, Trey Anastasio, though without the rest of Phish, i don't give him much benefit of doubt

Steelement Not Acceptable

Sony BMG cost my company over $10,000 in damage and lost productivity, and we get butt kiss!? If this had been some teenager he'd be facing criminal charges! but Nnnoooo, we don't want to pis off our international trading partners.

ONE: I'm asking our legal department to seek damages.
TWO: It's time to throw the carpetbaggers out of Washington. This is Bu|| $hit.
THREE: Count on me to look the other way when my employees pirate Sony products. As long as they keep it off my network!

I'm off to put the DVD Copier in the lunch room now....

Where's the list?

Where is the list of affected CD's? I looked over the settlement PDF, nothing there. I want to check and see if I own any of these CD's.
Can someone please post the url for the list?, and maybe someone from Slashdot can update the story with that url...

the real punishment

[jjustus]

Sony's real punishment comes in the form of antipathy from customers. Previously I didn't have anything against Sony. After this mess, merely seeing their logo makes me feel a bit sick. I definitely won't buy anything made by Sony in the near future (probably at least a few years), even if the product has nothing to do with their music division. Maybe ordinary people (non-Slashdot readers) don't feel quite as strongly about it, but even so, this incident will cost Sony a lot in terms of lost sales and damage to their corporate image.

Re:Bought a Sony CD? Get Compensated

[jambarama]

I signed up for the patch when it first hit the fan. I hadn't been infected, but I thought my wife's computer might have been so I wanted the instructions on how to remove it. As such I gave them my email address.