Slashdot Mirror
Sony Settles With FTC Over Rootkits
The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.
I am an Aussie, this means nothing to anyone outside the USA, it would be good to see Sony pay US$150 to everyone they infected with their shite.
How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.
I understand why stores require reciepts to return stuff, but when it comes to CDs which are non-returnable once that plastic wrap is taken off, who the hell bothers to save the reciept ?
How are they going to know when the CD was purchased ?
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers. Also, for those who would like to see Sony hurt worse for this, do remember that that this is more than enough. Any company pulling a stunt like that again will be ignorant, not unconcerned.
So when are desktop OS's going to come installed inside a secure virtual machine OS that is capable of detecting rootkits and possibly doing a little extra scanning on the side? That is long overdue.
-- http://thegirlorthecar.com funny dating game for guys
Isn't that a little unfair?
So say we all
If so, then Sony would have to prove it was not in that period. Mind you, since they were supposed to have cleared up the rootkit by then, Sony would be open to another new suit (as a repeat offender too!) if they did so prove.
The terms of the settlement actually seem pretty good for the consumer. You can claim up to 10 times the price of a CD for damages, you can exchange existing CDs for unencumbered ones, and Sony has to deal with the embarrassment of advertising this fiasco on its website. And more importantly, this will hopefully send enough of a message to other DRM providers and users to make them pause before throwing more malware into their products.
The only thing I'd like to see added onto there is a clause requiring Sony to pay the legal defense fees of anyone sued by the RIAA. I can dream.
From TFA
Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.
Maybe some folkes can send the invoices for lost time and consultancy hours spent on fixing their systems.
I'm sure that will be just a bit over $150...
To Terminate, or not to Terminate, that's the question - SCSIROB
....same thing, their asses would be in the slammer in no time. Sony souldn't be treated any different. This was a computer crime, plain and simple.
How About you realise that this is Sony BMG - e.g. a partnership between Sony and Bertelssman. The rootkit would have been 100% BMG's idea. The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.
Karem
When all is said and done, nothing changes...
Without a receipt for repair services the most that you can qualify for is $25 dollars, at their discretion.
If you removed the unlawful hack yourself, no matter how much pain and suffering it caused, there is every probability that they will compensate you exactly nothing.
(I mean nothing but the opportunity to exchange your defective CD for a slightly less defective one or a DRM-laden download.)
I think the kicker is that this is one of those fancy federal consent-decrees -- like the one that was used to "break" the Microsoft monopoly way back when. They agree not to be such meanies and in exchange, they receive total immunity from prosecution on any related federal charges and all state laws that conflict with the federal decision are automatically superseded.
I'm so glad that the feds are looking out for me. With punishment like that, Sony surely KNOWS they've been naughty. It's certain that they won't do anything like THAT again.
This kind of shit shouldn't be just marked 'offtopic', it's spam and spam should be deleted. This goes also for the first post idiots and the goatse boys.
These are part of the answer why most internet publicists don't allow the public to comment the news. Which is a shame since some readers do have something interesting to say.
You must be new here...
The claim form you need to fill out for recompensation is at this link.
One of the questions is as follows:
7. Briefly describe the type of harm / damage / problem you experienced and the steps that you
took in response:
What kinds of problems, other than the pain of removing it, did people have? Was any actual damage done? Did anyone's computer get taken over? I'm just curious what a valid response would be to this, for when I fill out the form.
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
Most of the Vista DRM that we hear about involves applications requesting from Vista that the quality of audio/video be crippled unless the user has special DRM hardware and special DRM ("signed by microsoft") drivers installed. It's difficult to envisage how that functionality could be useful to malware, but there also must be more to Vista's DRM than just that. If it were nothing more than I just described, someone wanting to crack the system could disassemble the application being used to play DRM-encumbered media, remove the DRM-requesting code, and then happily use unsigned drivers to collect the decrypted audio/video. This suggests that there must be some way in which Vista prevents tampering of such programs.
If Vista prevents tampering of programs, that would certainly be useful to malware. It could even make it immune to virus scanners. If an arbitrary program (aka a virus scanner) can be used to circumvent the DRM, that would make the DRM rather useless too, wouldn't it?
I'm speculating a lot. Could anyone who knows specific details shed some light, please?
Huh? "Reasonably difficult"? This damned thing broke Russinovich's machine, and he had to use several utilities he developed himself to get rid of it by looking deeper into the Windows OS than I think Microsoft ever intended (or wanted) anyone to look. How many
"Difficult to uninstall"? Right...
I'll never buy something from Sony again until they change their anti-consumer practices.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
Off topic, I know, but look how far /. has come. A million users! Well, probably most are not active, but still.
American citizens who read Slashdot might want to put in their two cents.
No, thats all wrong. Sony is supposed to pay out...
:(){
What's the betting that cost of this gets passed onto artists as deductions from royalties ?
Artist monthly statement:
Sales: $$$
Gross royalties (tiny%): $
Deductions:
[ blah blah blah ] $$
DRM legal costs $$
[new this month]
Net Royalties: -$$$
[NB: you won't have to pay us because we're nice like that, we'll just carry it forward]
I put goatse in my hosts file. It doesn't show up anymore.
I know, offtopic.. just feeding the trolls.
The truth shall set you free!
Revoke their corporate status - 1 month duration for each disc distributed. No money needs change hands here.
I can't download zips at work, but would the linked application still work for mapping out how widespread the infection still is more than a year after the initial spread?
If nothing else, it would make for pretty pictures to show in court.
How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.
Huh? "Reasonably difficult
Since when did unreasonably a synonym for reasonably?
Yes, but Sony is a company and this is the USA.
All the rights of an individual with hardly any of the responsibilities.
Sony's rootkit didn't just cloak itself, but everything else that knew how. And I think there was at least one trojan which used just that. And I think Sony's first attempt to "fix" it actually created a security hole of its own. So, yeah, the damned thing was a security risk, not just an inconvenience.
Plus, I don't know, I think the very act of installing a rootkit on someone's computer pretty much qualifies as "taking over" by itself. If someone installed a rootkit on your machine, I'm guessing you'd be a lot less than amused, regardless of whether they actually used it to do extra damage yet.
A polar bear is a cartesian bear after a coordinate transform.
You just got trolled, man. People are just going to continue doing that shit until you stop responding in ways they find hilarious (that is, at all - they want to waste people's time).
Quite - installing software without consumer consent is pretty much the legal definition of computer hacking. If I was to do that, I'd go to prison. If this is what they did, why isn't Sony's execs in prison?
Sony's rootkit (which my teenaged daughter installed; damn it I had autoplay shut off for a reason!!!) cost me the price of an SB Audigy since I couldn't find sound chip drivers, and XP since my video card mfg didn't have Win 98 drivers for download. Around $200 plus an afternoon of my time; reinstalling W98, then going to Circut City and installing XP (three fucking times - it didn't like my CD burning software and had a popup on boot saying XP had disabled it, but XP wouldn't let me uninstall it because it had disabled it. Then it updated my networking drivers which disabled the internet. Great product that XP).
After being yelled at for ruining my computer, she broke the CD and threw it away, and I've lost the receipts for the SB and XP.
I think a more fair settlement would have been to just have Sony give $500 to every man, woman, and child on the planet, and have its CEO spend as much time in a US federal assrape prison as anybody who would have done this to Sony's corporate computers would have, after being caned in Singapore. Then when he was released from US prison, have the Chinese execute him and bill his family for the bullet.
If you work for Sony in any capacity at all, I hate your fucking guts. Please die and take your God damned company with you.
Sorry for the rant.
It was the one armed man!
Eh? So BMG department put a gun to their head and made them do it! I think we need to get an internet petition up with something a kin to "free kevin."
Reality check, if they felt it was ethically or legally suspect they could have opted not to do it.
Nope, they did and this is their punishment. Corporations are much like toddlers with respect to the law. They will test their limits and see what they can do.
Obviously, this little one is getting a spanking and now it understands it cannot install software on a consumers computer without permission. (Just like scribbling on the neighbors walls)
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
Sony BMG should have to pay each infected person the amount of money that it would take to replace their infected system plus the money they lost from not being able to pull all of their data out of the fire. For the average user, this malware probably made their computer totally unsalvagable, so this seems reasonable.
This space reserved for administrative use.
All those companies are subsidiaries of Sony Group.
If Wal-Mart split off the shoe department as Wal-Mart Shoe Company but still controlled it, it would still just be the shoe department.
So it took them this much longer to achieve exactly the same settlement, lawyers billing their time all along the way. That's government in action for you.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Don't be. You earned the right to it.
Now if your computer is old enough to be running Win98 (mine is as well), consider it's time to upgrade. Try to get XP installed by the factory, since you'll likely like Vista even less, and give the old computer to the daughter. After that, if she stuffs it up, it's her problem, not yours.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Lots of people talk about blaming the CEOs for this type of behavior. But as a programmer, I think of the people who actually implemented this. Somewhere, there is some employee or contractor who wrote a rootkit for Sony. Maybe a few people. And somebody was paid to make an ISO image containing music tracks and a rootkit. I would love to know what they thought when he made that ISO image. Did he call his boss and say "Hey! There's a rootkit on here!" or not? How about the team of testers who had to compromise their machines and verify what information was sent back? Did any of them think that maybe this wasn't such a good idea?
There are a lot of people responsible for this type of thing. Is corporate-group-think so powerful that these people didn't even realize what they were doing was wrong? Or did they hold their tongues out of fear? Or were they malicious?
I'm just happy to know that even though I never bought one of the millions of CDs that included this rootkit, at the end of the day, sony loses $130 for every CD sold with it. Honestly I think it should be more, but between that, the battery recalls, blue-ray, the shoddy PS3 sales, I think it's time for new management in Sony and they really need to turn themselves around as a company. In my mind right now, they are worse than Microsoft.
"You had this look that of an angel, it was such a bad disguise" --Dishwalla
Here is how you file a claim if you did the work yourself....
/. can figure out how to get paid for legitimate work they did. Sony is being an ass for not reimbursing DIYers.
1. Create an invoice for the work you did. Probably better to name the company on the invoice some other name than your full name. Your initials would work well. An LLC or corp works even better (but pay attention to tax impact - this is revenue for the invoicer).
2. Document a payment to said company reflecting the amount you should be reimbursed for
3. Create a receipt for payment (if you can't do step 2 above, write a receipt for cash)
The object, of course, is to show that you hired a company to clean your PC. They do not need to know that the company and you are the same person. And if you can't do that, just "hire" a friend to do the work for you. Just make sure you have the same pieces of paper I described above.
This isn't that hard. Surely the smart people on
Why? If you don't like it, browse at level 2 or 3.
I'll grant that it's a bit crude, but many teens, esp. geeks, have been treated rather roughtly in the name of J.C., and aren't clever about expressing their anger. Their JUSTIFIED anger.
Personally, I feel that church should be totally separated from state. Meaning NO TAX BREAKS!! I consider powerful organized religions to be socially harmful. I'm only against outlawing them because any law I can think of that would do the job would have even worse social effects. (Care to make a suggestion?)
I think we've pushed this "anyone can grow up to be president" thing too far.
A legally blind friend found that the Sony rootkit, when finally removed, triggered the licensing checks of his screen reader and accessibility software. He had to pay some hundreds of dollars (forget the exact amount) to the unsympathetic accessibility software makers (a whole other issue) to relicense so he could use the computer. Then, he had to re-install all his MS Office and other software to re-register them with the screen reader software.
Total cost to him: $140 for the removal service and $200+ to relicense the screen reader stuff and 4.5 days of home business down time.
Neither his family nor my family will every by Sony products again and this little settlement does not change that.
That's the kind of stuff that needs to go to the FTC comments on this case. Encourage your friend (and he to any of his friends who might also have gone through the same deal) to write in what happened to them. This, in his case now, became part of accessibility laws, he is being discriminated against because of the extra cost and hassle of having to use that particular software, yet the settlement makes no provisions for that. Use that angle.
Why exactly can a corporation just throw money at any crime, that when otherwise committed by an individual would result in jail time?
I lol'd
slashdot reported that 40% of all music consumers have pirated music http://slashdot.org/article.pl?sid=05/06/21/223825 6&from=rss
:-)
people who had the rootkit are music consumers (since they bought the cds) therefore 40% of the affected people have pirated music
now sony only has to sue EVERYONE who claims his 150$
because of the first and second statement, sony will win twice in every five cases (those two have at least 1 pirated song, so they have to pay at least 700$) which means:
for paying 5 times 150$ (5*150$=750$) they get at least 2*700$=1400$ which means
SONY GETS A PROFIT
yes, I love math
The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
That if I get caught planting rootkits on peoples' computers that it's only going to cost me $150 per offense, with no jail time?
Some Sony executives should be serving time. Isn't planting a rootkit on someone's machine a felony in the US?
Don't you mean "OZ"?
If we are going to blame the CEO of Sony BMG as the person ultimately responsible, we should really consider Sony BMG's board of directors (who are responsible for oversight of the CEO and other officers). They in turn should be overseen by their shareholders (in this case Sony and BMG) which each in turn have officers (CEOs) and boards and shareholders.
Ultimately shareholders in a limited liability corporation do not press the boards of the companies whose shares they hold into good governance and preventing exactly this type of behaviour.
Moreover, shares trade hands often, and shareholders who know of forthcoming liabilities can sell their shares on to some poor schmuck who does not (or who will pay a discounted price).
Institutional investors are good at this, and certainly the ones investing in Enron were well aware of the irregularities at Enron long before its collapse.
If subsequently revealed liabilities could follow previous shareholders who knew about them, there would be much more shareholder activism with respect to corporate governance, especially if liability also affected investers in mutual funds, unit trusts, and similar shareholding organizations.
So, it's not just the Sony BMG staff who made the decision to distribute rootkits who should suffer (they might...), or Sony BMG's top management (less likely still...), or Sony BMG's board (unlikely) or its shareholders in the joint venture (ha -- only because Sony was dumb enough to licence the JV its precious brand identity). Sony and BMG execs and members of their respective boards of directors also did not do enough to require oversight of the JV. Finally, individual shareholders (direct and indirect) should take a hit.
Market theory is that the mistake will be reflected in a hit to the equity value of each share.
Unfortunately the hit has some hysteresis, there are frictions in the market, and information asymmetries.
Consequently, the shareholders who did know about the rootkits or who should have known about the rootkits or who simply should have insisted on corporate governance to avoid this type of behaviour (and attendant liability) likely escaped all punishment through hedging and early sales of Sony or BMG shares.
Those shareholders who honestly did not have the information any earlier than the market could adapt and reprice Sony's and BMG's shares were simply unwise investors and should take a hit.
However, the other shareholders -- greedy or deliberately lazy -- should absorb the hit themselves, even if -- especially if -- they have already sold their shares on.
That is, if you are a former shareholder of Sony or BMG and did not press the respective board of directors to govern these companies properly, you should be contributing to the fine personally.
LIkewise, amoral former shareholders of corporations which polluted the environment, damaged people's health or property, should have to pay for any cleanup.
It should not be possible to transfer your guilt away simply by selling your stock.
If markets worked correctly, it should not be possible to transfer your guilt away at all. Unfortunately market forces do not sufficiently price in restitution.
Consequently, society should consider regulatory and legislative means for current securities holders to claim damages from previous holders who were simply in it for the money, either through completely passive investment or through active encouragement of liability-incurring behaviours by the corporations in question.