Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Sony Rootkit Settlement Gets Judge's Approval

Posted by Zonk on Tue May 23, 2006 09:06 AM
from the yay-free-music dept.
Sony Government The Courts Media Music News
Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "
+ -
story

Related Stories

[+] Sony, Amazon Detail Rootkit CD Buybacks 240 comments
An anonymous reader writes "Washingtonpost.com is reporting that Sony BMG today detailed a program that should allow customers who bought one of the 52 titles known to be tainted with the company's deeply flawed anti-piracy software to exchange them for CDs of the same title, sans rootkit of course. Oddly enough, Sony is offering those who want to return the CDs the chance to download MP3 versions of the discs, but only after Sony has received the returned discs. Amazon.com also is sending out e-mails to customers who bought the discs, offering to replace or refund them at no cost."
[+] IT: Sony DRM Installs a Rootkit? 801 comments
An anonymous read writes "SysInternals.com guru Mark Russinovich has a detailed investigation of a rootkit from Sony Music. It's installed with a DRM-encumbered music CD, Van Zant's "Get Right with the Man". (Mmmm, delicious irony!) The rootkit introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. Russinovich also identifies several programming bugs in the method it uses to hook system calls, and chronicles the painful steps he had to take to 'exorcise the daemon' from his system." This house is clear.
[+] Sony Rootkit may Lead to Regulation 266 comments
An anonymous reader writes "Computerworld has a story about DHS officials meeting with Sony to read them the riot act, following the rootkit fiasco. From the story: 'A U.S. Department of Homeland Security (DHS) official warned today that if software distributors continue to sell products with dangerous rootkit software, as Sony BMG Music Entertainment recently did, legislation or regulation could follow.'"
[+] EFF Pushes Consumers to Claim Rootkit Compensation 189 comments
An anonymous reader writes "'It's time for music fans who bought Sony BMG CDs loaded with harmful XCP or MediaMax copy protection to claim their settlement benefits', says the EFF's Derek Slater in an awareness campaign that is urging those inflicted with one of Sony BMG's rootkit infected CDs to collect what is due to them. The compensation is a DRM-free version of the original CD, $7.50, and album downloads from iTunes, Sony Connect, and others."
[+] Entertainment: Canadian Sony Rootkit Settlement Stirs Controversy 96 comments
An anonymous reader writes "Canadian law professor Michael Geist is reporting that Sony BMG Canada has quietly kept a key legal document secret as part of its class action settlement over last year's rootkit case. The document, which is not on the Sony settlement site but has now been posted on Geist's site (pdf), contains a series of bogus arguments about why Canadians are receiving far less than U.S. consumers."
[+] Sony Settles With FTC Over Rootkits 133 comments
The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.
[+] Sony Sues Rootkit Maker 334 comments
flyboy974 writes "Sony BMG Music Entertainment is suing the company that developed anti-piracy software for its CDs, claiming the technology was defective and cost the record company millions of dollars to settle consumer complaints and government investigations. The software in question is the MediaMax CD protection system, widely derided as a rootkit. Sony BMG is seeking to recover some $12 million in damages from the Phoenix-based technology company, according to court papers filed July 3."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sony Rootkit Settlement Gets Judge's Approval 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • Imagine if after reading about the original rootkit & associated vulnerabilities, you check your DNS records & see that indeed, one or more PCs you're responsible for are infected. You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

    At the end of all your time, you still can't claim the replacement CD + download + patch, (let alone compensation for your lost time) because you didn't buy the offending CD (it was a temp receptionist).

    I really want to see someone go after Sony for a real settlement. For that matter, I'd like to see a government go after Sony. Corporations have the same rights as individuals, how about we give them the same responsibilities as well. I think a four or five years of community service for the entire company (say 20 hours a week), would be about what's deserved for a widespread crack attempt like this.
    • Yeah.

      Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

      </sarcasm>
      • Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

        You know, if I worked as a filing clerk, and got to do 20 hours / week cleaning the local church or helping old people or something whilst getting paid for and not doing my normal work I wouldn't consider it punishment.

        But, what I meant was Sony as a company, doing the equivilant of 20 hours community service per week per employee for four-five years. They could pay others to do it, pay their employee

        • Maybe they can hire someone who has to do community service anyway. Then they don't have to do it twice.

          Efficiency is God. I think I'll be a management consultant. Maybe Dogbert has a vacancy. I'll go and buy a slab of liver.

    • Re:Wow! A replacement CD! (Score:4, Insightful)

      by Lave (958216) on Tuesday May 23 2006, @09:14AM (#15386776)
      I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case.

      At least this will put record companies off this kind of behaviour.

      • Re:Wow! A replacement CD! (Score:5, Insightful)

        by TheJediGeek (903350) on Tuesday May 23 2006, @09:37AM (#15386913)
        I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case. At least this will put record companies off this kind of behaviour.

        I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

        A replacement CD, and a few DRM's music files doesn't exactly make up for the huge amounts of time it has taken and will take to fix their damage.
        I know of a few computers just in my family that had this rootkit on it. My youngest brother is in college and the school provides a laptop to every student that the school maintains through an IT dept. They had to reimage his system when things got screwed up. My dad has a couple computers at work that got this thing. He had to reload everything on one and IT had to reload the other one. That was just from one CD that had been played on those computers.

        There are countless people that have had to spend many many hours fixing what Sony did. What they did was illegal and very damaging. All they have to do is replace some CDs.

        • Re:Wow! A replacement CD! (Score:4, Insightful)

          by lgw (121541) on Tuesday May 23 2006, @10:11AM (#15387166) Journal
          It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

          If this were the only action taken, sure. Fortunately, however, the *really* scary thing for Sony happened very early on: the DHS said they're choosing not to enforce the law on this basically because it was the first time any company had made this mistake, so they'll give the company the benefit of the doubt that it wasn't a deliberate attack. This one time.

          Sony broke federal law (section 1030) many thousands of times, and the Feds noticed. Installing a rootkit on a computer owned by the government (one not for public use) is a crime even if you never use that rootikit for anything, and Sony was using it for profit. The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

          This court settlement was nothing; the threat that Sony would no longer have a US division was everyhting.
          • Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

            Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place. Even after it was revealed that this had been the prediction of estimates given to management before it made the decision. (The case was in Georgia, and I believe [with imperfect certainty] that the company was Dow Corning]. It involved the intentional poisoning of a town's water supply by illegally disposing of chemicals. It was a federal court.)
            • Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place.

              There's a difference between killing a few unimportant villagers and messing with the government's stuff.

              Sadly.

        • Re:Wow! A replacement CD! (Score:4, Insightful)

          by Asphalt (529464) on Tuesday May 23 2006, @07:08PM (#15390721)
          I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

          Not if you opted out. Which EVERYBODY should do to class action suits.

          The more people that opt of of class action suits, the less likely the punishment is to be a "slap on the wrist". The last thing Sony wants is a bunch of individuals out there with money hungry lawyers free from the confines of the class action settlement. It makes the class action settlement worthless.

          We enable the slaps on the wrists because 99.9% of us don't take the time/effort to opt out of class-action scams.

          As usual, the enablers of this nonsense is us.

    • Why don't you blame the temp receptionist for using her company computer for personal use?
      • Why don't you blame the temp receptionist for using her company computer for personal use?

        Let me rephrase your question.

        Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.
        • Technically it wasn't a real Digital Music CD.

          • jacksonj04 wrote:

            Technically it wasn't a real Digital Music CD.

            For me, this has become the saddest thing about the whole situation. I used to have confidence that a music CD was safe to use on all devices that could play standard CDs, whether it was a stand-alone player, a portable, or a computer. Due to this, I could walk into any CD store and, on impulse, by a CD without concern.

            Since finding out about the problem with copy protection, I have stopped purchasing new music CDs. Now, when I pickup

            • Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?"
              There's an easy way to find out. Can you find the Compact Disc logo ? If so, it's not crippled. If I'm not mistaken, it's due to Phillips, the co-owner of the Compact Disc trademark refusing that their trademark appear on non-red book compliant discs.
    • "...a government go after Sony"

      TFA: "Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general."

      I've been trying to get Greg Abbott (TX's AG) to go after the antivirus companies, refuse to settle, and various other things that might keep this from getting swept under the rug. This was a devious and dangerous product that was released, not a minor technical flaw in a few CDs.

      That's why I take Major issue (below) with the phrase "flawed digital rig

    • Re:Wow! A replacement CD! (Score:5, Funny)

      by hotspotbloc (767418) on Tuesday May 23 2006, @09:32AM (#15386883) Homepage Journal
      Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?

    • Nothing is preventing you from filing a claim against them. From the court settlement notice:
      http://www.sonybmgcdtechsettlement.com/Notice.htm [sonybmgcdt...lement.com]

      EXCLUDE YOURSELF: Get no XCP exchange program, cash or free music download settlement benefits. This is the only option that allows you to ever be part of any other lawsuit against the Defendants about the legal claims being resolved in this case. See Question 13 below.

      OBJECT: Write to the Court about why you don't like the settlement.

      GO TO A HEARING: Ask to speak in Court about the fairness of the settlement.

      DO NOTHING: Get no XCP exchange program, cash or free music download settlement benefits. Give up certain rights. You will retain the right to sue the Defendants for any consequential damage to your computer or network that may have resulted from interactions between XCP software or MediaMax software and other software or hardware installed on your computer or network.

      NOTE: the "Do Nothing" option is also for anyone who didn't buy the CD, whose computer was damaged because someone else loaded the CD onto their machine, etc. (for example, a temp office worker decided to listen to the CD and infected a PC). Write Sony, state your claim (number of pcs affected, time lost) and that you are not part of the class settlement and would like to know what they're offering you to avoid court action.

      Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

      • Man, I wish I bought their rootkitted CD :)
      • OK, my options for a lawsuit that will likely cost me far more in money, time & effort then I will recieve back are not limited. Great.

        Do you think its OK that no government has gone after sony for distributing hundreds of thousands of rootkits, compromising hundred of thousands of computers?

      • Re:Wow! A replacement CD! (Score:5, Insightful)

        by chrae (159904) on Tuesday May 23 2006, @12:14PM (#15388138) Homepage
        Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

        I like that idea but for most of us small claims and legal stuff is unknown territory. Most of us don't know what to do from start to finish because we haven't done anything like that before. I would like to see (as in, someone else do it :)) someone like Groklaw post templates and procedures for filing small claims specific to a case. e.g.: how to stick it to Sony in small claims.

        All the research of what to do is too difficult and I'm lazy and a bit intimidated. If it were made easier, I would do it and I'm willing to bet a lot of others would too.

        A thousand people each filing small claims at $500 a pop would be more potent then one lawyer representing a thousand people in a class action. Think "Slashdot Effect" in the legal sphere. It might even set a legal/business precedent: don't screw your customers so bad that they'll mobilize against you.

        I'm willing to overcome my laziness and contribute, but I need help and direction. Others need it too.

        • This isn't much of a howto but more of a success story on how much of a pushover small claims can be:
          http://www.kuro5hin.org/story/2006/5/15/114512/034 [kuro5hin.org]

          I thought it was fairly informative even though there was a settlement.
        • Most small claims courts have brochures and web sites outlining the process.

          Up here, its very simple. You send them a letter by registered mail, explaining the problem and giving them 10 business days to get back to you. If you haven't heard from them in 3 weeks (the courts like it if you cut the defendant some slack), then you go down to where you file, and fill in a form (bring a copy of your demand letter).

          The important words to put at the top of your demand letter:

          DEMAND LETTER
          WITHOUT PREJUDICE

  • Opt-in website (Score:5, Informative)

    by TheSpoom (715771) * <slashdot AT uberm00 DOT net> on Tuesday May 23 2006, @09:11AM (#15386759) Homepage Journal
    Here's the claim filing website for the Sony BMG settlement [sonybmgcdt...lement.com], since I didn't see a link to it in the article.

    The solutions given almost don't seem worth it, but I'll probably opt-in anyway just so that little bit of money gets drained from Sony so they don't do this again.

    • Re:Opt-in website (Score:5, Insightful)

      by eln (21727) on Tuesday May 23 2006, @10:20AM (#15387243) Homepage
      What makes you think that giving you a replacement CD or allowing you to download music is going to cost them anything? Giving you a CD will only cost them the actual cost of stamping the CD, which is probably less than 10 cents. Allowing you to download a music file from them will cost them nothing.

      Sony is getting away with basically paying nothing here. Sure, they'll put it on their books as having cost so many millions in lost revenue or whatever for tax purposes, but the actual cost is pretty much zero.
    • I'm staying far away from this one. I do not want Sony taking a particular interest in my activities.

  • Flawed? (Score:5, Insightful)

    by Mateo_LeFou (859634) on Tuesday May 23 2006, @09:14AM (#15386775) Homepage
    I believe the software did exactly what it was supposed to do. Shouldn't there be mention of a flawed *DRM *strategy being foisted upon consumers?
    • Unless you mean that Sony actually wanted to:

      1. stealthily put a general-purpose rootkit interface on your computer, that leaves it wide open for any script kiddie to hide their malware with,

      2. utterly break your computer if you try to uninstall it, even after you no longer own the CD or are interested in listening to the music on it

      3. have exploitable bugs in both the original rootkit and in the "solution" to the problem they created

      then no, it didn't do exactly what it was supposed to do. Pushing DRM on t

  • If... (Score:5, Insightful)

    by Lord Kano (13027) on Tuesday May 23 2006, @09:18AM (#15386797) Homepage Journal
    If a 15 year old script kiddie had done the kind of damage that Sony did with its rootkit, he'd be spending a couple of years in a "Federal PMITA prison" why does Sony get off this lightly?

    Someone should be incarcerated over this.

    LK

    • Re:If... (Score:4, Funny)

      by pete6677 (681676) on Tuesday May 23 2006, @09:24AM (#15386830)
      Because the script kiddie was too stupid to form a corporation first. It worked for many other virus writers, like Kazaa and Gator.
    • clout Pronunciation Key (klout)
      n.

      1. Influence; pull: "Women in dual-earner households are gaining in job status and earnings... giving them more clout at work and at home" (Sue Shellenbarger).
      2. Power; muscle.
    • A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation. He was 18 but still did not receive jail time so I am not surprised that Sony got off so easily. White-collar crime just doesn't receive harsh punishment.
      • Tell that to the British Hacker [bbc.co.uk] who hacked into NASA looking for evidence of UFOs, and is now being extradited to the USA and may end up in Guantanamo Bay [bbc.co.uk] on terrorism charges.

        From a technical point of view his methods sound rubbish, and I've seen him on tv- he's an idiot. But the US government is treating him like he's murdered 2000 people, not 'hacked' into a computer system...

      • Re:If... (Score:5, Insightful)

        by Overzeetop (214511) on Tuesday May 23 2006, @09:50AM (#15387016) Journal
        Sony installs a rootkit on (potentially) hundreds of thousand computers, and not a single person is on probation. I think community service for Sony USA executives would be a very worthwhile punishment for the humans who should be watching what their company is doing, and a stiff financial fine - say 10% of gross '05 earnings (just like a $3000 fine for a regular guy who makes $30k/yr) - for the corporation, with 6 years probation. Should Sony be found in violation of the terms of the settlement (to be negotiated by the plaintiffs attorney and the judge), Sony loses it's corporate status in the US.

        Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

        Oh, and while I'm at it, I'd like world peace, too.
        • I only ask that Sony be held to the same standard.

          That will only happen when Sony can no longer purchase the US government.

          Oh, and while I'm at it, I'd like world peace, too.

          "We're the United States Government. We don't do that sort of thing!" - from Sneakers

          :-p

  • I'm sorry, but that's not enough (Score:5, Insightful)

    by Gizzmonic (412910) on Tuesday May 23 2006, @09:24AM (#15386834) Homepage Journal
    If some young "cranker" released this type of virus out in the wild, he or she would be looking at serious jail time. But as is normally the case with corporations, no one is expected to be personally responsible. Just a few dollars that amounts to jack shit for a huge corporation.

    Just like when Ford and Bridgestone decided to go ahead and release the exploding tires. Sure a few people got killed, but we can't press criminal charges! These are our captains of the industry! Reason #122,234 that this country is seriously messed up.
    • Easy, the "cracker" should have formed a corporation first with the intent of being a "security consultation firm".

      "Hey, the worm we were developing to track down...um...terrorists...got away from us and got released to the net. Sorry about that. Hey, we'll bankrupt the company ok? We'll dissolve it and go on our merry way....oh, can we get some venture capital cash from you government types so we can continue our...um...research? Yeah yeah, national security and all that."

      See, bullshit your way out of it a
  • If Sony pays me a sufficiently huge wad of cash, I might be able to afford to give it back to them in exchange for a PS3.
  • Usually in a class action lawsuit those harmed get a coupon or replacement product that's pretty much worthless. The lawyers get millions of dollars in fees in the name of "protecting consumers." So, how much did the attorneys get in this case?

  • Worthless! (Score:5, Insightful)

    by Luscious868 (679143) on Tuesday May 23 2006, @09:31AM (#15386872)
    As others have noted, this is a joke. Those users who were affected are entitled to a replacement CD, free downloads of the music on the CD in question (in who knows what format) or a cash settlement. So someone spends hours cleaning up the mess that Sony made and they get what amounts to $15 to $20 bucks. Most people who are affected probaby won't even bother to claim anything so Sony isn't really hurt by this. It seems to me that the lawyers who brought the class action suit are the only ones who really benefit here.

  • You are Living in a Empire, get over it. (Score:5, Insightful)

    by hackus (159037) on Tuesday May 23 2006, @09:39AM (#15386928) Homepage
    Welcome to the Empire of the United States of America.

    While you serve the sufferance of the 5% of the families in this empire that own 95% of everything here, please be advised that you do not and cannot own:

    Any sort of source code, any sort of music, any sort of transportation, any energy source.

    You can however, license it from said 5% of the population here that own 95% of everything else.

    You may buy a "rights" upgrade to your license to do as you please here, if you get caught violating the law. But bear in mind, sometimes we have to not accept your cash so we can calm the masses and throw them a "justice bone". In that instance should it happen, your "rights" license is null and void.

    Above all else, while you are here please be advised that any government official can be purchased for a limited time depending on how much cash you have, and how much influence you want.

    Just do not make it obvious and please use foreign banks to make sure transactions are not traceable.

    Thank You and enjoy your stay!

    -The Empire USA
  • As scandals go, it seems like it took no time at all to go from exposure to out of court settlement. What do people make of that?
  • Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

    Sounds fair.
  • from TFA: These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

    Now, at least we know which CDs to avoid and if Sony keeps including any kind of copy protection software, their sales will plummet even more than they already have. The only thing left now is the drawing and quartering of the CEO and other upper-level officers, along with the dissolution of Sony's artic

  • The Lawyers and the Gov't, the people who were actually harmed will get a small, pathetic amount back. Yay for tort laws!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.