Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Sony Sues Rootkit Maker

Posted by kdawson on Thu Jul 12, 2007 08:35 AM
from the still-trying-to-recover dept.
Sony Government Media Music Security The Courts News
flyboy974 writes "Sony BMG Music Entertainment is suing the company that developed anti-piracy software for its CDs, claiming the technology was defective and cost the record company millions of dollars to settle consumer complaints and government investigations. The software in question is the MediaMax CD protection system, widely derided as a rootkit. Sony BMG is seeking to recover some $12 million in damages from the Phoenix-based technology company, according to court papers filed July 3."
+ -
story

Related Stories

[+] News: Music Industry Backlash Against Sony Rootkit 400 comments
Foobar of Borg writes "The Associated Press describes how backlash from Sony's Rootkit CDs is causing problems for the music industry. The problem is two-fold: (1) the inherent technological problem of trying to prevent anyone from copying anything and (2) letting lawyers make technical decisions when (from the article) 'Lawyers don't have any better understanding of technology than a cow does algebra.'" More from the article: "'I think they've set back audio CD protection by years,' said Richard M. Smith, an Internet privacy and security consultant. 'Nobody will want to pull a Sony now.' Phil Leigh, analyst for Inside Digital Media, said the debacle shows just how reluctant the labels are to change their business model to reflect the distribution powers -- good and bad -- of the Internet. He believes that rather than adopting technological methods to try to stop unauthorized copying of music, record companies need to do more to remove the incentive for piracy."
[+] IT: Sony RootKit Still A Problem? 268 comments
XMilkProject writes "Current research indicates that some "350,000 networks--many belonging to the military and government--contain computers affected by [Sony's rootkit]." This is down from over half a million last month. "The security researcher worked from a list of 9 million domain-name servers.. asking each to look up whether an address used by the XCP software--in this case, xcpimages.sonybmg.com--was in the systems' caches." Will Sony face future repercussions for this potentially long-term damage?"
[+] Sony Rootkit Settlement Gets Judge's Approval 187 comments
Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "
[+] Sony Settles With FTC Over Rootkits 133 comments
The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Sony Sues Rootkit Maker 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Sony BMG does nothing to hurt their reputation (Score:4, Interesting)

    by trudyscousin (258684) * on Thursday July 12 2007, @08:37AM (#19837055)
    The rootkit software was developed by First 4 Internet (now called Fortium Technologies). I suppose that an inability to sue straight can now be added to Sony BMG's portfolio of stupidity and arrogance. I hope SunnComm (now called The Amergence Group), as despicable as its own efforts were, totally owns Sony BMG.

    With all these name changes, I wonder when Macrovision is going to change theirs?
    • With all these name changes, I wonder when Macrovision is going to change theirs. Probably on the day DRM is renamed as DCE as per recent industry execs suggestions. Digital Consumer Enablement.
    • Well, seeing as Sony did not have direct business dealings with Fortium, how would they have standing to sue them?

      Sony made the purchase from Amergence -- they are claiming, among other things, that Amergence delivered a product that did not operate as described.

      If Amergence wants to sue Fortium along the same reasoning, they are welcome to -- though I think they'd have a hard time of it.

      Who originally wrote the rootkit is of no relevance. What matters is whether Amergence falsely represented the product they sold to Sony.
    • First off, Sony will likely win, but as always, it will depend on the specifics of the contractual relationship.

      It's probably understandable that technologists would assume that the original author of the software would be the correct target of the lawsuit. This is not so. Sony is not suing over the failure of the code (the code worked relatively correctly), but over the fact that the software was sold to them as a means of controlling their market, and it not only failed to do so, but cause serious injury to their business as a result. That's the fault of the people who represented this software to Sony as a viable solution with acceptable risk.

    • Re:Sony BMG does nothing to hurt their reputation (Score:5, Insightful)

      by gsslay (807818) on Thursday July 12 2007, @10:05AM (#19838045)

      The rootkit software was developed by First 4 Internet (now called Fortium Technologies)
      Which is a totally irrelevant fact. Sony BMG's contract was with The Amergence Group Inc. If your phone didn't work, would you sue Alexander Bell or your phone company? Guess who you'd have more success suing?

      Which is not to say that Sony BMG's case has any merit. But then I, and everyone else here, do not know what the contractual arrangement between the two companies was and how the rootkit was presented to Sony.

        • Re:I'm confused (Score:5, Funny)

          by Craig Maloney (1104) * on Thursday July 12 2007, @09:54AM (#19837945) Homepage
          I believe the formula works like this:

          Sony releases DRM protected discs = -5,000 pts.
          DRM Discs contain rootkit = -10,000 pts.
          Sony denies any wrongdoing = -60,000 pts.
          Sony realizes mistake = +100 pts.
          Sony releases patch = +1,000 pts.
          Public realizes cure worse than the disease = -5,000 pts.
          Sony recalls discs = +10,000 pts.
          Sony releases BluRay and PS3 = 0 pts.
          Sony sues DRM Manufacturer = + 1pts.

          So, in total, Sony is 68,899 points in the hole. I think its safe to say they're still pariahs here.

            • Re:I'm confused (Score:5, Insightful)

              by networkBoy (774728) on Thursday July 12 2007, @10:18AM (#19838213) Homepage Journal

              A company to hate
              I think that's microsoft around here, though Sony is up there too I guess.

              Nothing wrong with preventing copy
              yes there is something wrong. I do not want to buy a song from iTunes for a buck that I already have on disk, just to listen to it on my iPod, or better yet, I don't have an iPod, so iTunes is useless to me, and AllOfMP3 is shuttered so I can't get MP3's there, thus they have to come from my CD or from file-sharing as my only two choices.

              The company they hired pushed faulty software
              Actually I think this was a different company than the root kit, but since most everyone who understands the media's goal with DRM agrees it's defective by design, then yes I agree.

              As a person who has used sony programs and devices for years
              ditto, though no more and never again if at all avoidable

              I can attest that normally their EULA's are in your face and pretty annoying. This case just seems out of character for the company.
              betamax licensing was just as bad, no it's not that far out of character. Just in the consumers face nowdays.
              The Sony I used to love is dead. Management changes have turned it from a pioneering company into a slogging lumbering hulk that only wants more money, not customers' loyalty.
              -nB

              • Re:I'm confused (Score:5, Informative)

                by riceboy50 (631755) on Thursday July 12 2007, @11:36AM (#19839315)

                I do not want to buy a song from iTunes for a buck that I already have on disk, just to listen to it on my iPod, or better yet, I don't have an iPod, so iTunes is useless to me
                I am tired of this argument. It is just plain incorrect.
                1. You do not have to buy music from the iTunes store in order to listen to it on your iPod. If you rip the music into iTunes from your CD, it will be in the AAC/MP4 standard sans DRM.
                2. iTunes does not require an iPod or the iTunes store in order to be a useful application. It is just a media jukebox that can rip and burn CDs. However, it can also purchase music from the iTunes store and copy files onto an iPod.
                When are people going to stop deriding iTunes and the iPod on these grounds?

  • $12,000,000 is peanuts. (Score:5, Insightful)

    by Anonymous Coward on Thursday July 12 2007, @08:38AM (#19837065)
    Being able to pass the blame to someone else is priceless.

    • Re: (Score:3, Insightful)

      by B'Trey (111263)
      $12,000,000 is peanuts to Sony, perhaps, but it isn't necessarily peanuts to the other players involved. Personally, regardless of how I feel about Sony, I think this is a wonderful development. I suspect that a lot of DRM technology companies will reconsider how they do business based on this. Anything which might give them pause is a Good Thing in my book.

      • Re:$12,000,000 is peanuts. (Score:5, Insightful)

        by miro f (944325) on Thursday July 12 2007, @09:12AM (#19837463)
        maybe Sony should sue themselves? =)

        I don't think Sony should be the ones suing them, they contracted the software, and it was delivered to their specifications. Sony can't blame the people who wrote the software for doing what was asked.

        If Sony didn't know what the software was doing then it's their own stupid fault.

        If the software was illegal, then it's surely a matter for criminal court, and surely Sony shouldn't be awarded damages for being stupid enough to have this software written in the first place

        • Re:$12,000,000 is peanuts. (Score:5, Insightful)

          by pluther (647209) <plutherNO@SPAMusa.net> on Thursday July 12 2007, @09:47AM (#19837839) Homepage

          ...they contracted the software, and it was delivered to their specifications. Sony can't blame the people who wrote the software for doing what was asked.

          I think they probably missed one important specification:

          It was supposed to do it without anybody knowing about it.

        • Re:$12,000,000 is peanuts. (Score:5, Insightful)

          by Red Flayer (890720) on Thursday July 12 2007, @09:48AM (#19837863) Journal

          I don't think Sony should be the ones suing them, they contracted the software, and it was delivered to their specifications.
          RTFA. One of Sony's claims is that it was not delivered to specifications.

          If the software was illegal, then it's surely a matter for criminal court, and surely Sony shouldn't be awarded damages for being stupid enough to have this software written in the first place
          Sony settled with various governments to avoid a lengthy legal process. If one of their suppliers was responsible for the illegal code, and falsely represented to Sony that the code was completely legal, then Sony sure as hell has both standing and reason to sue to be recompensed for those damages.

          Yes, Sony was responsible for releasing the rootkit on their CDs. However, it is quite possible that Amergence should be held responsible for misleading Sony if that is in fact what happened.
          • One of Sony's claims is that it was not delivered to specifications.

            They should have said that a year ago. And bent over backward to fix the problem. Instead, you may recall, one of their public statements was to shrug it off and say "Most people don't even know what a rootkit is." As if somehow that was the salient point.

            I can't understand how anybody who does understand what they did would ever do business with them again, just as a matter of principle.

              • Of course they are the least likely company to do something like this again. After this lawsuit anyone that Sony tries to contract to write the software again would be a fool to take the job. Do you really want to go contract work for someone who has a history of suing its contractors?

          • Re:$12,000,000 is peanuts. (Score:4, Insightful)

            by AdmiralWeirdbeard (832807) on Thursday July 12 2007, @11:06AM (#19838887)
            Yes, but I believe what the gp was saying is that this claim of "software wasnt delivered to specifications" is clearly a post hoc piece of garbage that they are alleging to try to pass the buck. They fought too hard and long saying that there was nothing wrong with the rootkits and that it was necessary to protect their IP blah blah blah blah, for any kind of *collarpull* "oh we totally didnt ask for the software to do these things" to be given any credence whatsoever.

            What do you think went down? Sony asked for a noninvasive piece of monitoring software that could be easily detected and removed or blocked from being installed, and then they were delivered a fucking rootkit instead and they went "Dur, look fine to us" and ran with it? Fuck no. They tested it, inspected it, decided it was exactly what they wanted, and then ran with it. And they deserve every penny lost because of their actions.

            • Re: (Score:3, Interesting)

              by Red Flayer (890720)
              Well, there're a couple other factors, one would be whether Amergence represented the rootkit as being completely legal. Another would be the fact that it contained GPL code without attribution and release of the source code, opening Sony up to copyright violation suits.

              I agree with you, this does not let Sony off the hook -- however, there may be culpability at Amergence as well, and I would like that to be determined and consequences levied. What I would really like to see is Sony being fined an addit

  • Responsibility (Score:5, Insightful)

    by fastest fascist (1086001) on Thursday July 12 2007, @08:38AM (#19837069)
    Seems to me like the responsibility for the functioning of a product should fall upon the distributor. Of course, you could ask if Sony is suing more for the money or as a PR measure to try to shrug off some of the blame for the whole debacle.

    • Re:Responsibility (Score:5, Insightful)

      by AvitarX (172628) <{me} {at} {brandywinehundred.org}> on Thursday July 12 2007, @08:44AM (#19837155) Journal
      Sony was responsible for distribution to the public.

      Now they are trying to hold someone responsible for distributing to them.

        • Re:Responsibility (Score:4, Insightful)

          by ookabooka (731013) on Thursday July 12 2007, @09:44AM (#19837811)
          I just thought of a counterpoint to my argument, and then figured out a counterpoint to that. . .so I'm gonna post both as a reply:

          Counterpoint:Sony is still ultimately responsible for what goes on their disks.
          Counter-counterpoint:If Sony sends a software engineering firm a description for a project and the firm gives them a finished project, expecting Sony to have software engineers of its own to go over and affirm it is built to spec is a bit hard to swallow. They might have well just built it themselves in the first place. I'm sure you could think of a million examples, like a mobo manufacturer that orders capacitors that are faulty. . .whos responsibility is it? The mobo manufacturer because they are last in line before consumers?

          Alright, before I go I'll say one more thing: How does this compare to Firestone v. Ford blowouts. Discuss.

    • Re:Responsibility (Score:5, Insightful)

      by toleraen (831634) on Thursday July 12 2007, @08:49AM (#19837221)
      It was Sony's responsibility. Hence they were sued by the consumers for it. However, if the company provided Sony with software that was not fully functional (overly functional?) without disclosing it, it's definitely court time. The PR certainly doesn't hurt though.

    • Re: (Score:3, Insightful)

      by jbreckman (917963)

      It seems like they are bringing to the public light again. Most people I know have forgotten about this debacle (or never knew about it to begin with). If I was Sony, I'd try to bury the rootkit fiasco as much as possible, not have a large public lawsuit.

      Seems like really bar PR. But then again, it IS Sony.

      • Re:Responsibility (Score:4, Insightful)

        by badasscat (563442) <basscadet75@yah o o . c om> on Thursday July 12 2007, @09:54AM (#19837939) Homepage
        Either way I'd expect a company of Sony's scale to put in the due diligence to ensure the products they buy are without legal issues.

        That's not really the way it works, in any company.

        Too many deals are done for a large company to scrutinize every single product they buy. That's the whole point of using outside vendors; if they're going to put in the time to fully examine all the code, they may as well just develop the DRM themselves. Instead, the contracts are worded in such a way that it puts the onus on the provider of the product. That way, it's in the best interests of the provider of the product to ensure that what they're providing meets specifications and adheres to the letter of the contract. Otherwise, they know they're at risk of a lawsuit like this.

        I doubt the contract here was any exception, which means Sony most definitely has the upper hand. And they really have to file a lawsuit in order to preserve their leverage against all of their other technology providers. This is how they ensure they get what they're contracting for.
  • I'd be prepared to put money on Sony losing this case. I'm sure we've all seen this sort of thing before. Media Max will have warned Sony that the approach had problems, they will have a mail chain demonstrating that, but Sony's management will have bullishly insisted on the security features it offered while ignoring or not bothering to understand the warnings it contained about the risks. What are the chances even their own technical advisors internally warned against it?

  • The enemy of our enemy... (Score:5, Insightful)

    by Dan East (318230) on Thursday July 12 2007, @08:39AM (#19837091) Homepage
    The enemy of our enemy is still our enemy. In this case let them fight it out, and hopefully in the future all parties involved (content producers, technology developers, etc) will be too scared of financial damages to do something this stupid again.

    This is actually a very good thing, because no-one involved will be immune to the consequences.

    Dan East

  • Why stop there? (Score:3, Insightful)

    by elrous0 (869638) * on Thursday July 12 2007, @08:40AM (#19837095)
    To bad they can't sue the guys who made AACS [wikipedia.org] (since they're part of the consortium). I wonder if they'll be able to sue the people who developed BD+ [cryptography.com], once that gets owned.
  • In a recent development the lawyers of Sony were bewildered. None of the documents they had on their computers relating to the contract and negotiations with MediaMax could be found in their computers. The lawyes were muttering, "cant believe it. I know I saved those emails and pdfs right in the hard disk. Where the hell could they be hiding?".

  • Taking responsibility (Score:3, Insightful)

    by DoofusOfDeath (636671) on Thursday July 12 2007, @08:41AM (#19837107)
    I want both Sony and MediaMax to suffer greatly. (It's ok for Sony to survive imho, but MediaMax should probably die and have its fields salted.)

    But isn't this a bit like a bank robber who shoots a cop suing Smith and Wesson? E.g., it sounds like Sony knew (or should have known) exactly what it was putting on their CDs.

  • There's an idea! (Score:5, Insightful)

    by Rob T Firefly (844560) on Thursday July 12 2007, @08:42AM (#19837127) Homepage Journal
    All those landmines I buried in my front lawn made me look like a total psychopath when they blew up all those postal carriers, girl scouts, and neighborhood cats. Apparently, I can restore my status as a fine upstanding member of the community by simply suing the manufacturer of said landmines!

    • Re:There's an idea! (Score:4, Insightful)

      by king-manic (409855) on Thursday July 12 2007, @10:15AM (#19838181)
      All those landmines I buried in my front lawn made me look like a total psychopath when they blew up all those postal carriers, girl scouts, and neighborhood cats. Apparently, I can restore my status as a fine upstanding member of the community by simply suing the manufacturer of said landmines!

      If you hired a security company to burglar proof your home and were not present for the installation of land mines then you might have a case.

  • Worms. vs Birds (Score:3, Interesting)

    by neoshroom (324937) on Thursday July 12 2007, @08:42AM (#19837137) Homepage
    New York-based Sony BMG, a joint venture of Sony Corp. and Bertelsmann AG, declined to elaborate on the suit. Sony BMG is home to names such as Bruce Springsteen, Carrie Underwood and Modest Mouse.

    Modest Mouse
    Worms. vs Birds

    Self pity me, it's so pitiful
    You can see that birds and worms don't get along
    Self-righteous me, it's so wrong and
    You can see that we don't have to get along
    Self pity me, it's so pitifull
    You can see that birds and worms do not agree
    And we will crawl
    (Will crawl)

  • Defective by Design (Score:5, Informative)

    by Synchis (191050) on Thursday July 12 2007, @08:44AM (#19837157) Homepage Journal
    Yet another great example of a Product with DRM being Defective by Design! Join the movement: Defective By Design [defectivebydesign.org]

  • But didn't they read the Click-through EULA? (Score:5, Insightful)

    by erroneus (253617) on Thursday July 12 2007, @08:45AM (#19837169) Homepage
    ...that they do not warrant nor guarantee this software to be suitable for any function or use, especially for that which it was designed? That they agree to indemnify (love that word, it means you can't sue or hold responsible) the seller or maker of the software for any reason at all?

  • Let me be the first to say... (Score:5, Interesting)

    by CastrTroy (595695) on Thursday July 12 2007, @08:45AM (#19837181) Homepage
    Let me be the first to say that this is completely stupid. Nobody forced Sony to put that software on the CDs, and I wouldn't doubt that Sony knew exactly what they were doing when they put that software on the CDs. If they didn't, well then, it's their own fault. Having them pass the blame on to the company that made this software just make me hate Sony even more. Sony has done so many braindead things in the past couple of years that it's no wonder that Nintendo stock rose above theirs, if only for a short while. From rootkits, to $600+ consoles, to sueing the people who sold them the rootkit, I just can't imagine what they'll do next.

    Disclaimer: I'm not saying I hate them because they released a $600+ console ( + because it's even more expensive once you buy a game and a second controller) but what I'm saying is that it's a really boneheaded idea, and I don't know how they ever thought it would have mass appeal, no matter how good the graphics are.

  • I hope Sony read the EULA... (Score:5, Funny)

    by sjs132 (631745) on Thursday July 12 2007, @08:54AM (#19837289) Journal

    "Section 938.334 Sub W.

    By agreeing to use this product to proctect your music CD's from piracy you also agree to hold us immune from any lawsuits, incurred directly or indirectly, due to your customers not liking this product."

    oops... Guess they should read those EULA's VERY CAREFULLY...

    At least that is what these companies would say to us...

    ":{ Grr...

  • IT'S DEFECTIVE (Score:3, Insightful)

    by Opportunist (166417) on Thursday July 12 2007, @09:05AM (#19837399)
    I think Sony has a case there. It was supposed to be a rootkit, and rootkits are usually impossible to find. Some "hackers" found it, so it obviously has to be defective. If it was working as advised, nobody would've found it.

    Wait, did anyone here think Sony complained that it was a rootkit, and that this was the defect? Get real.

  • Have you guys actually been boycotting Sony? (Score:3, Interesting)

    by Micah (278) on Thursday July 12 2007, @09:28AM (#19837621) Homepage Journal
    Just a question I've been wanting to ask for a while. How much has this whole rootkit debacle caused you to avoid Sony products?

    Shortly after it happened, I promised myself I would buy nothing with a Sony brand for at least a year. To my knowledge, I complied with that (though they do have tentacles in more things than you think, so who knows). I figured I need to end the boycott after a year, or else there wouldn't be any incentive for them to change anyway. I still haven't bought anything major from Sony -- the very name SONY screams to me "infected millions of PCs with rootkits, and tries to take away my Freedom!" But enough time has passed that I would probably consider buying a Sony product if it really were the right one for me.

    How about you?

  • Works for me (Score:3, Informative)

    by phorm (591458) on Thursday July 12 2007, @10:28AM (#19838387) Homepage Journal
    I really doubt it will help Sony's PR any to do this. Those that actually know about the rootkits will know that Sony is at fault. Those that don't will remain clueless. A rootkit maker will either be sued out of existence or tied up in court. Finally, it will probably make many think twice about doing business with Sony in the future, since nobody wants to end up as their new scapegoat.

    Sounds like a good plan to me, take careful aim at that foot, Sony!

  • If there is any justice they will get a coupon (Score:4, Interesting)

    by bigbigbison (104532) on Thursday July 12 2007, @10:34AM (#19838475) Homepage
    The results of the class action lawsuit against Sony was that you could either get $7.50 and download an album or download 3 albums. Like every class action lawsuit I've ever been a part of from Sony all the way back to when Kodak brought out their own version of a Polaroid-style camera, the only people that ever benefit are the lawyers. The rest of us just get coupons for more crap from the company that caused the problem in the first place.

    If there is any justice then Sony will just get a coupon for more rootkits from the company and not any actual money.

    • Re: (Score:3, Interesting)

      by Rik Sweeney (471717)
      Step 5. Make sure your Killzone 2 E3 trailer very closely matches the 2005 CGI trailer.

      In all seriousness though, if you pay someone to write you some software and it fucks up, whose fault is it? Theirs for not testing it, or yours for not testing it again?

      Maybe we'll see another article in a couple of days:

      Rootkit Maker sues QA company...

      • Re: (Score:3, Insightful)

        by ArsenneLupin (766289)

        if you pay someone to write you some software and it fucks up, whose fault is it? Theirs for not testing it, or yours for not testing it again?

        This would be relevant for unintentional errors. But this rootkit, as far as I understood, performed just as designed. It was an intentional nastiness, and that nasty intention was shared by both Sony and the software company.

        A better analogy would be: if you pay a hitman to rid you of your nemesis, and he gets caught, who will go to jail? The answer: both you and the hitman...

    • Re: (Score:3, Interesting)

      by The Cisco Kid (31490) *
      Only one slight nitpick - hampering DRM isn't about reducing the effectiveness of copyright. Its about preventing distributors from overstepping the rights they have with copyright, and taking rights away from recipients of the distributed materials that copyright says they are allowed to have.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.