Slashdot Log In
A Legal Analysis of the Sony BMG Rootkit Debacle
Posted by
kdawson
on Mon Dec 17, 2007 01:21 AM
from the bad-ideas-just-keep-on-coming dept.
from the bad-ideas-just-keep-on-coming dept.
YIAAL writes "Two lawyers from the Berkeley Center for Law and Technology look at the Sony BMG Rootkit debacle: 'The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.' Yes, under 'even the most charitable interpretation' it was a lousy idea. The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."
Related Stories
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Nothing like... (Score:5, Insightful)
Re: (Score:2)
Actually I think you really need to define what a root-kit is http://en.wikipedia.org/wiki/Rootkit [wikipedia.org] (I particularly like the part about "non-hostile rootkits") and in the case of the Sony-BMG root-kit it all boiled down to DRM and greed if you like which actually installed hidden files which were difficult to find by "normal" means. Ok this was not a good thing but
Re: (Score:3, Interesting)
Look at it this way. During the time you spend filling the tank in your H2, you will have made ten or twenty times the the money you will spend on the gas. You don't need to care about the money. It ended up being a pittance anyway. They effectively lost nothing. And consumers still flock to buy their stuff as fast as they can put it out. How much longer till someone discovers XCP v2.0? Rinse, repeat. v3...4...5 This won't stop until we vote their shills out of office and qu
Re: (Score:2)
They don't even care about money.
Look at it this way. During the time you spend filling the tank in your H2, you will have made ten or twenty times the the money you will spend on the gas. You don't need to care about the money. It ended up being a pittance anyway. They effectively lost nothing. And consumers still flock to buy their stuff as fast as they can put it out. SNIP
Sony doesn't care, They only have that end of the biz to offset the huge buckets of money they get from their electronics and movie side. Rock stars are whinny little bitches with attitudes. They make no money from Sony until the fourth album and most of their living comes off their concerts. Oh and Sony gets a nice slice of that too.
And nobody bothers with Payola anymore as they stations get a slice of the concerts that they promote. Maybe the DJs get some duckets from up and comers but self interest on t
Re: (Score:3, Informative)
It's the wee hours... (Score:2, Insightful)
Re: (Score:2, Interesting)
Any piece of solid, credible research that demonstrates the reality of the situation is welcomed by me; eventually - if enough of these sorts of things are
Its a moral issue. (Score:5, Insightful)
Laws don't and should not be the only guiding factor in the actions of people or corporations. It is not the case that anything specifically prevented by law is allowed. A person or corporation should also be a good citizen, and there are things you just should not do, such as inflict root kits on other people's computers.
The question then is; how did somebody at Sony arrive at the conclusion that they should try to protect their IP right in this manner?
Waas this a comittee decision where moral judgement went out the window in a corporate meeting? Or are people at Sony severely lacking personal moral judgement?
I would like to know.
Re:Its a moral issue. (Score:5, Insightful)
Sigh... As usually Heinlein "Starship Troopers" is probably right. We need "History and Moral Philosophy" lessons in school. Though there is noone to teach them in the current generation.
Parent
Re: (Score:2)
Quite probably, but his main point, which that lesson was supposed to back up, was granting of franchise only on completion of public service. You'd never get that one through.
As much as I like that story, and its one of my all time favorite books, it starts with the premise that returning soldiers would essentially take ov
Re:Its a moral issue. (Score:5, Interesting)
Except that they don't become "Citizens" until *after* they have served, and are no longer in the military. History has indeed shown that when the military takes over the government, then yes, bad things happen. But that's not the system that was described. It was civilians who had *previously* served in the military. Even today, one of the qualifications that many people look for in their elected leaders is previous military service.
History has shown that when citizens are ignorant of history, the means by which they both first gained and retain their freedoms, and by which their country remains free from attack, very bad things happen. Pearl Harbor happened because Japan saw that America after WW1 had shrunk their military to a fraction of its' previous strength, and the citizens and most of the government had a policy of isolationism and retreat from world conflict. Japan failed to take into account the American peoples' outrage and anger, and the sleeping industrial might America could bring to bear.
The surest way to get robbed in a big city is to look and act like a victim. The surest way to start a war is to appear conquerable to other nations with acceptable losses. That's precisely what the people who advocate unilateral disarmament, and also those who preach disengagement when targeted by terrorists, fail to understand.
As to the Sony/BMG rootkit incident, as long as the punishment for getting caught in bad corporate behavior is acceptable, expect to see such behavior repeated.
Cheers!
Strat
Parent
Minor correction (Score:5, Insightful)
"Even today, one of the qualifications that many people IN THE USA look for in their elected leaders is previous military service."
The US has a weird, hyper-patriotic society that a lot of Europeans find bizarre, brainwashing and militaristic.
And only giving the franchise to people who have previously served in the military? Screw you! What gives you the right to decide that? What gives those citizens the right to decide how everyone else gets to live? Nothing whatsoever.
Parent
Re: (Score:2, Troll)
That's a subject for debate, not proclamation, as is the rest of your nonsense about soviet satellites. Plus, given the Iraqi mess and the despicable things your country asks of its allies, I'm willing to say we don't want your sort of protection. And we don't need it.
"Plus, we're talking theoretically about a science fiction novel."
And people are proposing it as a good model and a natural one. It's not, it's only in the US that the military ar
Re:Minor correction (Score:4, Insightful)
That's a subject for debate, not proclamation...
I think Britain, France and Italy might might disagree. Without the USA's support, Britain would have been invaded by the Nazis. France and Italy were liberated.
And people are proposing it as a good model and a natural one. It's not, it's only in the US that the military are seen as some sort of gods.
I don't know whose post you're responding to here. I said nothing about anyone being gods nor does anyone I know in the USA think of the military in that way or even close. Nor was I seriously proposing the Starship Troopers society as an actual model. Just the un-arguable fact that a weak military invites attack from others that have expansionist aims.
Cheers!
Strat
Parent
Re: (Score:3, Insightful)
Without US support, France and Italy would likely have been "liberated" by the Russians.
Re: (Score:3, Insightful)
In my opinion, democracy is not participatory, it is not something you should choose to do. Participatory democracy falls to apathy, an
Re: (Score:3, Interesting)
Re:Its a moral issue. (Score:5, Interesting)
Not all the people who volunteered for public service ended up as soldiers - they simply ended up doing what their society thought it needed and they had the ability to do.
Heinlein actually wrote a bit about the "world" of Starship Troopers in Expanding Universe (in a retrospective on his literary career).
At the time when the events in the book take place, quite a lot of people were needed as soldiers - but due to the way we people are wired (with tight-nit social groups as soldiers), soldiers were usually the last to stop serving in public and thus the last to actually get to vote.
Yes, you didn't get the franchise until *after* you've stopped serving in that world.
I do agree that the premise is shaky - but the idea of not giving everyone franchise just because they were 18 years old and alive was one of the ideas Heinlein was toying with in that book.
Of course, he argued that clearly the founders of US of A never intended everyone to get the franchise either - his criterion were simply a bit more merit-based.
In Expanding Universe he did mention that the idea of having stable people with a stake in maintaining a working society as a rather good idea, and goes on arguing for removing the franchise from men and giving it to women who have born children, as they have a personal reason for being interested in having a society that works... and makes a rather convincing argument of it.
I can heartily recommend Expanding Universe if you are interested in what Heinlein said he was thinking when writing.
As with all things written down, of course, you must consider the source - but I got a lot of amusement out of his writings, and like his meritocratic views personally.
The book "Requiem" is also a good read, if a trifle sad at times - but it did contain his speeches at a few scifi conventions which I hadn't read - highly interesting for a person not born until the last years of the Red Scare.
(Sorry for pushing Heinlein, but I really liked those books and they represent a very enlightening perspective on what Heinlein professed to believe.)
Parent
Re: (Score:3, Insightful)
Eh, why not? The US political system accepts more peculiar stuff than that every year -- DMCA, prohibition, NAFTA, the War on Drugs, Guantanamo. A few TV ads; a couple of movies; an all out offensive on the talk shows; (and a grandfather clause for the current crop of reprobates). I think it'd be an easy sell.
***As much
Re: (Score:2, Insightful)
http://humanists.net/alisina/islamic_morality.htm [humanists.net]
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
It has nothing to do with the original message from the novel. The novel had a number of very powerful messages regarding social structure, moral, etc. These are all absent from the film. And in the novel the enemy was anything but low tech.
What is this morality you speak of? (Score:2)
Re:Its a moral issue. (Score:5, Insightful)
Seems like when it comes to protecting their a$$e$, they don't care about morals. Anything goes. It's sad to say, but it all comes down to the all mighty dollar for these companies/corporations.
Then again, I'm a cynic.
Parent
Re: (Score:2)
In other words, laws enforce society's idea of moral behaviour.
Re: (Score:2)
"Let's put it this way: if you need to ask a lawyer whether what you do is "right" or not, you are morally corrupt. Let's not go there. We don't base our morality on law."
-- Linus Torvalds
Re:Its a moral issue. (Score:5, Interesting)
This is probably not best discussed in terms of "protecting IP rights" but rather in terms of:
Someone at Sony was charged with "doing something" and "making the piracy problem go away". They were desperate. They also wanted something to show for their efforts, namely, an ability to exercise power on user desktops. (Recall, the copyright terrorists have long wanted "self-help" capabilities that amount to sabotaging users' property at will.)
Spyware must have seemed like a perfect solution: it doesn't just "do something" about the pirates, it accomplishes a long-standing goal of seizing greater control of the medium. It is not at all about "IP rights"; it's about power -- in this case, about ripping power out of the users' hands.
Parent
Re: (Score:2, Informative)
[06:52] gotcha: MyMiniCity is designed to capture information from all its visitors. thank you for your participation.
Precedent. (Score:5, Interesting)
A quote from Lessig's Free Culture:
Legal norms are not just about judicial precedent.
Auto-run is evil (Score:5, Insightful)
Re: (Score:2)
Re:Auto-run is evil (Score:4, Informative)
One quick trick prevents Autorun attacks [windowssecrets.com]
Parent
Re: (Score:2, Informative)
http://www.phdcc.com/shellrun/autorun.htm [phdcc.com]
And actually from the same link -
I'll try one more time (Score:5, Funny)
what they are really saying is... (Score:2, Redundant)
what their saying (reformated better) (Score:5, Interesting)
That's pretty simple. They thought that there was a vast network of 13-year-old superhackers that were going to destroy the company by sharing files of music recordings. Then some schmuck (names? anyone who knows?) in the firmware special projects department told some marketing manager that he knew how to keep 13-year-old superhackers from copying music from CDs by simply adding a little piece of code.
The only security and privacy that they care about is their own. These concepts don't exist for people who are not executives in the company. Especially customers.
"Since we own the music on the disk that is placed into a computer CD drive, we, by the simple and obvious extension of corporate logic, thereby own the computer and all of the data inside it." If you want to become a corporate executive, you need to start thinking like one.
If it keeps ordinary people from copying stupid pop songs from our CDs, then it is not flawed. If it destroys or corrupts the data on user's PC, we don't care. Serves them right as they are supposed to only be listening to CDs on a real Sony CD player. After all, we invented the CD so we can set the terms on its use.
Next year's rootkit software will work. And the first thing that it will do is send your name and address to our lawyer's office who will prepare a standardized form charging you with theft of intellectual property (which is some illiterate junkie thug under Sony corporate contract moaning 'baby, baby, baby' over and over). Our bot software will then serve this to anyone who puts a Sony music CD into any device with internet access (unless, of course, the device is a $999 Sony model DRM-XKE CD player with hi-def 2-inch LCD screen and wireless internet access). After all, we invented the CD so we can set the terms on its use.
suggests some changes to the DMCA
The only changes that our legal department will allow the US politicians to pass will be ones that increase the criminal penalties for possession of music. This will happen when Sony completes its corporate merger with Wackenhut and CCA and completes the vast network of corporate prisons being built in distant lands. These will be needed to hold the vast number of unemployed former American college students who not only illegally listened to music, but also fell behind on their student loan payments.
Re:what their saying (reformated better) (Score:4, Insightful)
Add "copyrights" to the list. Since there are several cases showing how little the "entertainments" industry cares about other people's copyrights.
The only changes that our legal department will allow the US politicians to pass will be ones that increase the criminal penalties for possession of music.
Unless someone can get the changes sneaked past. e.g. something tacked onto the end on an anti-terrorism bill
Parent
Left hand, meet right hand (Score:2)
Sony has a huge image problem (especially among the geek elite) due to this effect, and due to the fact that its goals do not seem to align with the geeks of Slash
Re:Left hand, meet right hand (Score:5, Insightful)
An easy solution to this problem, and it would only take a few instances, would be to seize all assets of the company in question and begin prosecution. If corporations are damn near treated like real humans, then let them see the other side of the coin. Make every failure in process hurt them where it matters, I guarantee we won't have this happen again. Or we end up with less corporations willing to "risk" product release in the US.
As it stands companies can seemingly get away with whatever they want to protect their business model.
Parent
Re: (Score:2)
That's not why I hate the PS3. It's just that, well, I like to have f
Law (Score:3, Insightful)
How about this, when an industry pushes legislative half assed measures and gets them passed in to law, they forfeit normal protections afforded every other group out there.
In this case DMCA law prohibits the consumer from doing all sorts of things, in an effort to protect a particular industry. Since Sony installed, without permission, software that effectively broke computers, they'd held to a HIGHER standard than any other organization.
In this case the law should have revoked the corporate charter surrendered all assets to the government. Since the Corporation is a "legal" entity, the same as a person, the government should treat it exactly like a person caught doing the same thing.
My $.02
Legal solution? (Score:2)
I don't hit my hand with a hammer, even though no law that restrains me from doing it. Is there a role for government in keeping folks from hitting their hand with a hammer?
Re: (Score:2)
Oh, wait, that's not what happened at all. Here's what happened - outside of a few geeks and a couple of other unlucky folks nobody cared. And even of those that did care, only a few geeks still do. Everyone else either didn't hear about it, didn't understand it, didn't care about it, or forgot. That's the way of the world.
Remember Sony/BMG and Sony Corp aren't the same (Score:5, Insightful)
Re: (Score:2)
Why does that seem silly? I say boycott both Sony and Bertelsmann, and all their subsidiaries. Give a clear signal to those in charge that you don't want to put up with BS like this: vote with your money and shop somewhere else.
Re: (Score:2)
Or maybe that's just what's needed. A bit of collateral damage to cause corporations to tell other corporations to lay off the bad moves. Because so far just having a bunch of customers doing it hasn't worked.
Re: (Score:2)
The rootkit was put on those CDs by Sony/BMG, which is a separate entity that is 50/50 owned by Sony and Bertelsmann (BMG stands for Bertelsmann Music Group).
I was going to mod you down, but here goes.
Even though Sony/BMG is a separate entity it still has the Sony name. It's in their to make sure their name does not get sullied. It's not our job to find out exactly which part belongs to whom.
Also why do corporations not investigate which aspect of a person failed to pay their credit card bill. I'm talking about universal default here (not the best example though). They don't care. As long as your name appears somewhere you are in trouble
An excellent article ! (Score:3, Interesting)
Not just because of the conclusions ("Part III examines potential market-based rationales that influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy.") but also because of the rant-free and very lucid and illuminating analysis of the factors involved.
To me, the best part was: "After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures in Part IV, we examine law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, in Part V. We argue that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict such harms on the public.".
Those who have hopes for political action to amend the current crop of laws may be interested to read: "Finally in Part VI, we present two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, we suggest that Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and anti trafficking provisions in order to enable security research and the dissemination of tools to remove harmful protection measures. Second, we offer promising ways to leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers."
Oh yes, It's just you. (Score:2)
Sony products are everywhere. I saw lines of people taking away sony tvs when they were on offer at a supermarket in the UK the other day.
PS3 outsells xBox 360 in the EU.
It's currently outselling the Wii in Japan.
They aren't going anywhere.
Re: (Score:2)
They also make great TVs that not only perform well but are finished and styled well too.
Face it - they make good stuff and relatively few people heard of or care about this issue. And even if they did care, there's not many folks in the world that actually engage their brain when spending money.