Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Legal Analysis of the Sony BMG Rootkit Debacle

Posted by kdawson on from the bad-ideas-just-keep-on-coming dept.

YIAAL writes "Two lawyers from the Berkeley Center for Law and Technology look at the Sony BMG Rootkit debacle: 'The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.' Yes, under 'even the most charitable interpretation' it was a lousy idea. The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."

20 of 227 comments (clear)

  1. Nothing like... by ellenbee · · Score: 5, Insightful

    Good old greed..

  2. It's the wee hours... by explosivejared · · Score: 1, Insightful

    ... of the morning, so I'll bite. I'll admit that I only got as far as reading the abstract, so sue me. I really don't see the need for a journal published paper to dissect the situation. Sony got caught up in the zeitgeist over Napster and how digital distribution was going to destroy their business model, just like how Hollywood freaked over the VCR. I think paranoia and utter indifference to the customer pretty much sums up the whole situation. Other than that, I don't see the need to dredge up a two-year old incident with a published paper, other than it's pretty late.

    --
    I got a catholic block.
  3. Its a moral issue. by Anonymous Coward · · Score: 5, Insightful

    This shouldn't be about laws, its a moral issue.

    Laws don't and should not be the only guiding factor in the actions of people or corporations. It is not the case that anything specifically prevented by law is allowed. A person or corporation should also be a good citizen, and there are things you just should not do, such as inflict root kits on other people's computers.

    The question then is; how did somebody at Sony arrive at the conclusion that they should try to protect their IP right in this manner?

    Waas this a comittee decision where moral judgement went out the window in a corporate meeting? Or are people at Sony severely lacking personal moral judgement?

    I would like to know.

    1. Re:Its a moral issue. by arivanov · · Score: 5, Insightful

      The problem is that morals are specifically off the society book nowdays. Standalone (without religios tint) morals and how society functions are not something kids study in school or at home. At best they get a version which was skewed and slanted through the prism of their family religion. At worst they do not get anything. The situation is same all over US, UK and most of Europe. The rest of the world closely follows.

      Sigh... As usually Heinlein "Starship Troopers" is probably right. We need "History and Moral Philosophy" lessons in school. Though there is noone to teach them in the current generation.

      --
      Baker's Law: Misery no longer loves company. Nowadays it insists on it
      http://www.sigsegv.cx/
    2. Re:Its a moral issue. by phalse+phace · · Score: 4, Insightful

      "The question then is; how did somebody at Sony arrive at the conclusion that they should try to protect their IP right in this manner?"

      Seems like when it comes to protecting their a$$e$, they don't care about morals. Anything goes. It's sad to say, but it all comes down to the all mighty dollar for these companies/corporations.

      Then again, I'm a cynic.

    3. Re:Its a moral issue. by vtcodger · · Score: 2, Insightful
      ***Quite probably, but his main point, which that lesson was supposed to back up, was granting of franchise only on completion of public service. You'd never get that one through.***

      Eh, why not? The US political system accepts more peculiar stuff than that every year -- DMCA, prohibition, NAFTA, the War on Drugs, Guantanamo. A few TV ads; a couple of movies; an all out offensive on the talk shows; (and a grandfather clause for the current crop of reprobates). I think it'd be an easy sell.

      ***As much as I like that story, and its one of my all time favorite books, it starts with the premise that returning soldiers would essentially take over the world and everything would be wonderful thereafter. History has shown quite clearly that every time this occurs things go badly.***

      Actually, history pretty much neutral on the subject. Military men are not necessarily either authoritarian or pro-war. Witness Carter (he's an Annapolis graduate and served 7 years on active duty) or Colin Powell who seems to have been the only guy in the top rank of the Bush administration who tried to head off the Iraq fiasco. Not that military men are necessarily the best men to put in charge. Some -- Washington, Eisenhower -- did pretty well. Some didn't.

      As I recall, Heinlein was quite specific that public service was not limited to military service. OTOH, public service is not a guarantee of quality. I have trouble imagining either our current Dear Leader or his predecessor signing up for any job where their precious ass was likely to get shot at, but, I'm quite sure the Clinton at least would have found a (safe) way to check off the Public Service requirement.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  4. Auto-run is evil by 0123456 · · Score: 4, Insightful

    Of course this would be a non-issue if Windows didn't automatically run software when you put a CD in the drive; this is just another reason why auto-run is an insanely bad idea.

  5. Law by Archangel+Michael · · Score: 2, Insightful

    "The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."

    How about this, when an industry pushes legislative half assed measures and gets them passed in to law, they forfeit normal protections afforded every other group out there.

    In this case DMCA law prohibits the consumer from doing all sorts of things, in an effort to protect a particular industry. Since Sony installed, without permission, software that effectively broke computers, they'd held to a HIGHER standard than any other organization.

    In this case the law should have revoked the corporate charter surrendered all assets to the government. Since the Corporation is a "legal" entity, the same as a person, the government should treat it exactly like a person caught doing the same thing.

    My $.02

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  6. Re:Left hand, meet right hand by otomo_1001 · · Score: 5, Insightful

    And now meet what I like to call handcuffs.

    An easy solution to this problem, and it would only take a few instances, would be to seize all assets of the company in question and begin prosecution. If corporations are damn near treated like real humans, then let them see the other side of the coin. Make every failure in process hurt them where it matters, I guarantee we won't have this happen again. Or we end up with less corporations willing to "risk" product release in the US.

    As it stands companies can seemingly get away with whatever they want to protect their business model.

  7. I don't quite buy it by Anonymous Coward · · Score: 1, Insightful

    I know Sony acted like a jackass, but it was more ignorance than malice. They didn't write the rootkit, they bought it from somebody else. And if they knew what a rootkit was, the people who wrote it didn't tell Sony it was a rootkit, and likely did not consider it to be a rootkit. They advertise the software as preventing users from making copies, and I'm guessing Sony considered the software on that criterion alone.

    Much like the average sysadmin doesn't consider the privacy implications of leaving a backup tape in a car, the average music exec doesn't consider the privacy implications of some piece of copy protection software.

    My point is that Sony didn't know what they were doing, nor were they competant enough to realize that they didn't know what they were doing.

    dom

  8. Re:what their saying (reformated better) by mpe · · Score: 3, Insightful

    The only security and privacy that they care about is their own. These concepts don't exist for people who are not executives in the company. Especially customers.

    Add "copyrights" to the list. Since there are several cases showing how little the "entertainments" industry cares about other people's copyrights.

    The only changes that our legal department will allow the US politicians to pass will be ones that increase the criminal penalties for possession of music.

    Unless someone can get the changes sneaked past. e.g. something tacked onto the end on an anti-terrorism bill :)

  9. Remember Sony/BMG and Sony Corp aren't the same by Boycott+BMG · · Score: 5, Insightful

    The rootkit was put on those CDs by Sony/BMG, which is a separate entity that is 50/50 owned by Sony and Bertelsmann (BMG stands for Bertelsmann Music Group). Furthermore, the people at the top, who make all of the important decisions are all from the BMG side. So, if either company is more to blame, it is Bertelsmann. Does this mean you should boycott Bertelsmann? It does seem a bit silly to boycott Random House (major book publisher and Bertelsmann subsidiary) over what happened to some music CDs, and yet that is what some are doing w.r.t. Sony Vaio, Sony cameras, etc. My suggestion would be to boycott the product that Sony/BMG puts out-their music CDs.

  10. Re:Islam will bring morality back to Europe by Hal_Porter · · Score: 2, Insightful

    Islam certainly teaches a system of morality. Whether it is the one you want taught is another matter.

    http://humanists.net/alisina/islamic_morality.htm

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  11. Re:Islam will bring morality back to Europe by arivanov · · Score: 2, Insightful

    Read my post again. The bit about "prism of religion". In fact Islam and the Evangelicals was exactly what I meant there. Sigh...

    --
    Baker's Law: Misery no longer loves company. Nowadays it insists on it
    http://www.sigsegv.cx/
  12. Minor correction by Nursie · · Score: 4, Insightful

    "Even today, one of the qualifications that many people look for in their elected leaders is previous military service."

    "Even today, one of the qualifications that many people IN THE USA look for in their elected leaders is previous military service."

    The US has a weird, hyper-patriotic society that a lot of Europeans find bizarre, brainwashing and militaristic.

    And only giving the franchise to people who have previously served in the military? Screw you! What gives you the right to decide that? What gives those citizens the right to decide how everyone else gets to live? Nothing whatsoever.

    1. Re:Minor correction by BlueStrat · · Score: 3, Insightful

      "It's the USAs' military might that saved Europe in WW1 and WW2"

      That's a subject for debate, not proclamation...

      I think Britain, France and Italy might might disagree. Without the USA's support, Britain would have been invaded by the Nazis. France and Italy were liberated.

      And people are proposing it as a good model and a natural one. It's not, it's only in the US that the military are seen as some sort of gods.

      I don't know whose post you're responding to here. I said nothing about anyone being gods nor does anyone I know in the USA think of the military in that way or even close. Nor was I seriously proposing the Starship Troopers society as an actual model. Just the un-arguable fact that a weak military invites attack from others that have expansionist aims.

      Cheers!

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Minor correction by Nursie · · Score: 1, Insightful

      "Europe has had the hyper-patriotic societies that led the world to war."

      Why do you think that looking at the US concerns us so?

      "you don't even know what the words "hyper" and "patriotic" mean."

      Hmmm, lets look at some definitions. "Hyper" - prefix meaning excessive, above, or beyond, eg, hyperactive.
      "Patriotic" - Inspired by love for you country.

      So, hyper-patriotic would be "excessively inspired by love for your country", which is exactly what I meant. The flag worship, the daily pledge recitations, the "GAWD BLESS AMERICA!", the reverence for the military. All very prominent parts of US culture.

      "If a nation were hyper-patriotic, it would not tolerate dissent."

      That would depend exactly _how_ excessive the patriotism was. As it is now there seems to be a large proportion of US society that refuses to question the government and a large portion that, as long as they're told there's a crisis on, will go along with any sort of behaviour (internment, torture) simply because it's the good ol' US of A doing it. And doing it to "bad" people who want to hurt america.

      It's excessive enough that the phrase "anti-american" exists and is slung around. Maybe it just doesn't have the same asonance, but nobody says "anti-British" or "anti-French" as far as I know.

      That is more than enough to qualify as excessively patriotic to many people.

      "You are European and lump everyone in the U.S. together as one amorphous blob."

      Nope, just looking at the overall impression of the society. Any society is made of individuals, yet countries can still have a character.

      "You probably believe the U.S. is a police state that represses free speech or something."

      No, but I think it has some weird soldier and flag worship issues.

      "Europeans are so often tiresome. So many believe they are superior, but in trying to demonstrate it show how lacking they are."

      Says the guy who clearly has no idea of the meaning of the words hyper and patriotic, which perfectly fit my original usage. By the way - nowhere did I claim that my society was superior (go on, show me where I did that, can't can you), just that yours isn't perfect and that the assumptions of the original poster (that people naturally choose military leadership) are not necessarily correct outside of the US.

    3. Re:Minor correction by coolGuyZak · · Score: 2, Insightful
      Well, my ideas don't preclude you from voicing an opinion during service, albeit I realize that's how our military works at present. I hadn't thought of that particular ramification, though. I'll have to ponder it for a while.

      But make it a legal one and you're crossing the line to something other than participatory democracy and the right of man to self determination, IMHO.

      In my opinion, democracy is not participatory, it is not something you should choose to do. Participatory democracy falls to apathy, and the state of my country is a testament to that. Most people bitch about our two party system, bitch about the incompetence of our leaders, but don't have the cojones to back up their words. They don't care enough to reach for the polls, or investigate how duplicitous the media is. This is due partly to our educational system(s), but it's also because these people have never made a difference themselves, or at least seen the effects of it.

      For example: I live in Philadelphia, Pennsylvania, USA. I love this city, but it has a great deal of problems. Recently, we've been hitting the news for our murder rate, the amount of refuse in the streets, and other such things. If each person in the city worked for 2 hours a week (that's 12 million man-hours a month) on community service projects, we could change the city around in short order. Just living in the city would be a testament to your efforts, and the whole community would improve as a result. Better digs, better self-esteem.

      It builds community, as the means of coordination require teamwork, etc. It increases work-ethic, because you're required to put in time & you see results. It could increase health, depending upon your role in the project. Finally, it will increase the attraction of the city, and justify our motto--what better says "The city of brotherly love" than working together to improve it? If it were instituted only on a local level, you still get your choice--if you don't like it, move.

      It's a pity that it's not a pragmatic solution. Try to institute mandatory community service and you'd see a riot.

    4. Re:Minor correction by ucblockhead · · Score: 2, Insightful

      The Battle of Britain, in which Britain gained air superiority thus dooming any invasion attempt, occurred before the US entered the war. At best, US support prevented Britain from suing for peace, which it probably would have been forced to do without American supplies, but it would have likely retained its independence.

      Without US support, France and Italy would likely have been "liberated" by the Russians.

      --
      The cake is a pie
  13. Hardware vs Software by TTURabble · · Score: 2, Insightful

    The way I see it, my computer is my property much like my house is also my property. They both have "doors" to the outside world, but that doesn't mean that anyone can just walk in and have a beer. I guess my favorite analogy is buying a new TV. What if you went out and bought a new TV that had a hidden camera in it, but you didn't know about the hidden camera, and it was broadcasting a signal to anyone who wanted to watch. Would you keep the TV? Would you litigate against the company that made the TV? The camera in the TV is much like the Rootkit in a CD/DVD/etc...They are both there "To make sure you aren't breaking any laws" but they are also massive invasions of privacy into a place that they entered without permission. It would be clear cut if it was a hardware camera, why is it different because it is a software camera?