Texas Sues Sony BMG over Rootkit 703
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
In other news (Score:5, Informative)
Attorney General's Press Release (Score:5, Informative)
http://www.oag.state.tx.us/oagNews/release.php?id
They even have an online complaint form. Be the first on your block to get in on the lawsuit!
Link to the lawsuit & the official press relea (Score:5, Informative)
(cough [slashdot.org]
The EFF Suit (Score:4, Informative)
If you have been damaged in any way, shape or form, it's time to call their bluff!
Re:Scotch Tape (Score:5, Informative)
Using a bit of tap to do it is just grandstanding.
Re:Scotch Tape (Score:5, Informative)
Congratulations, you just violated the DMCA.
The lawyers can forget it... (Score:2, Informative)
Re:george dubya? (Score:4, Informative)
Everyday I learn something new about r00tkits... (Score:5, Informative)
So basically, the rootkit would install itself on your PC even if you clicked NO on the popup that appears after inserting the disk? Wow... Now re-read this (different article, posted on Slashdot earlier):
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" the head of Sony BMG's global digital business, Thomas Hesse, told National Public Radio.
I don't know... So they are counting on tricking gullible PC users into installing something which will ultimately harm their PC, which is heinous in itself, but somewhat legally "murky" enough for them to get away with it. But when your answer to the EULA actually has no effect whatsoever on whether the r00tkit is installed or not, that is beyond words. It shows how much these corporations disrespect their customers. We are sheep. With cash they gave us for working for them... and they want it back.
Re:Way to go (Score:3, Informative)
In fact the upper limit (assuming conservativly only 1 infected PC per CD) is:
2,000,000,000,000 or 2 trillion dollars. Of course what percent are provably installed in Texas? is it Five percent? even if it's two percent that's $50,000,000,000 or 50 Billion dollars.
Lets take a conservative estimate.
In the 2000 census, Texas had a population of 20,851,820 http://en.wikipedia.org/wiki/Texas [wikipedia.org]
and the whole US has a population of 281,421,906. http://en.wikipedia.org/wiki/United_States [wikipedia.org]
So Texas had 7.4% of the US population.
Sony claims that all DRM disks where sold domestically, but lets be kind and say that 80% of the disks were sold domestically so 19,200,000 disks in the US.
Lets assume that the consumers in all states have similar buying habits.
So 7.4% of 19,200,000 US disks is 1,420,800 Texas sold disks.
1,420,000 times $100,000 max fine per disk is: $142,100,000,000 or 142 Billion Dollars.
I have seen estimates as low as 500,000 DRM infected disks sold in the US.
That number is much lower.
500,000 * 80% * 7.4% * 100,000 max fine is: 2,960,000,000 or 2.96 Billion dollars.
Any way you spin it, this is going to get ugly for Sony.
Re:Texas law on lethal force in protecting propert (Score:3, Informative)
So the spyware has to be pretty deadly!
Comment removed (Score:5, Informative)
Insightful? Really? (Score:3, Informative)
From http://www.oag.state.tx.us/ [state.tx.us]
Yeah, this guy's really a shark. Stupid frickin lawyers always screwing everything up enforcing laws. God dammit. Imagine how great the world would be without lawyers making sure everyone follows the rules. </sarcasm>
Re:Word is Spreading (Score:5, Informative)
"Sony intentionally infected that CD with DRM. It is infected with DRM. It will take over your computer." I just told this to a friend of mine who is a huge fan of Imogen Heap and was about to buy her recent US release of Speak for Yourself through Sony.
Sony infected this CD with DRM for the Mac, and maybe Windows, too.
My friend has spoken with Immi before and is writing her to tell her why, although he supports her and goes to her shows when possible (the hotel/cafe tour for example), he will not be buying the album.
He will not be buying it because It is INFECTED with DRM.
Whomever came up with this brilliant strategy, please feel free to take credit in a reply here. I can't find the original comment.
Re:Texan way..... (Score:5, Informative)
The news conference video (Score:2, Informative)
Here's a torrent of the news conference video [soijabanaani.net].
And it should be noted (Score:4, Informative)
Re:Everyday I learn something new about r00tkits.. (Score:5, Informative)
No, this sentence refers to SunnComm MediaMax, not First4Internet XCP. MediaMax doesn't use a rootkit, but installs even if you reject the EULA, phones home when you play a CD, does not include a functioning uninstaller--but if you jump through a bunch of hoops, SunnComm will give you an ActiveX uninstaller that opens a huge security hole on your computer, kind of like XCP's.
Sony recalled XCP CDs but didn't say a word about MediaMax. The EFF is pressuring them to recall those CDs as well, which have been on the market for two years and number at least ten times as many as XCP.
The charges (Score:5, Informative)
- Using random or deceptive filenames to make it difficult for the consumer to find and uninstall the program, in violation of CPACSA 48.053(5).
- Inducing the consumer to install software by falsely claiming that it is necessary to play the media, in violation of CPACSA 48.055(1).
Seems pretty weak, but I imagine they'll tack on additional charges once they've had the chance to do some discovery.Re:The EFF Suit (Score:4, Informative)
But you are right. The odds of you going to jail are inversely proportional to your wealth and directly proportional to the blackness of your skin, so they won't be getting any jail time, let alone maximum security or forced labor.
Re:Word is Spreading (Score:4, Informative)
This isn't EXACTLY a virus, but it's VERY close, so call it that.
You're not enough of a salesperson. You're trying to be exact and precise about what you say--instead, give them a term they understand that is close to reality.
"Sony distributed a virus on their CD's in an attempt to break your CD drive so that it cannot copy their CD's. In addition, it opens your computer up so that it can get many other viruses, and it has the ability to report your usage back to Sony at any time."
That'll sell, and it's true.
Just Say NO to This Crap (Score:5, Informative)
After refreshing his memory, and in turn having the family involved talk among themselves for a while, it turned out that some Sony BMG [sonybmg.com] discs HAD been played in that machine, and some of the remaining questionable files had Sony all over them even though the family didn't own a Sony [sonybmg.com] camera, Sony music player or any other Sony device that they could think of. Finally someone remembered that the little girl in the family HAD played, or ripped, or SOMETHING some music CDs in the machine and off they rushed to find them. In the mean time I was looking for the list [sonybmg.com] of Sony BMG [sonybmg.com] discs affected, originally numbered 20 and widely circulated at that count, but subsequently updated to 50, and listed [sonybmg.com] on a Sony website. I found the list of 50 at about the same time that they found their played/ripped/inserted/whatever CDs and sure enough, several of them had the Sony BMG [sonybmg.com] label on them. Now the catch was that (a) none of the CDs they had found were on the list [sonybmg.com] and (b) none of the CDs they had found had the warning that they contained copyright protection software, and my understanding was that the affected discs did contain such a warning.
Well, by getting rid of the Sony BMG [sonybmg.com] stuff they seemed to be back to a clean machine, and they swore to never insert a music CD into their machine again or to buy a CD from Sony [sonybmg.com]. So, congratulations should go out to Sony BMG [sonybmg.com] and First4Internet [first4internet.com] for accomplishing their objectives. Now to round out the picture:
(1) I suspect that Sony BMG [sonybmg.com], Sony [sonybmg.com] alone, and BMG [sonybmg.com] alone have in the past used other protection schemes and while they haven't been vocal about it, other companies are doing the same experimentation. All of these programs have their own ways and means of hiding themselves and controlling what YOU do with YOUR PC. But NONE of them have exhaustively looked into the legal, much less technical ramifications of what they do. They think that by merely relying on third party companies like First4Internet [first4internet.com] they can claim ignorance of the consequences.
(2) Rumor has it that by the time you are asked for your permission to install software when you insert these disks SOME software has already been installed.
(3) Sony/BMG [sonybmg.com] isn't the only company doing this, they are just the only company that has been caught.
(4) These discs have been out for a year, and some people say two years, or maybe more.
(5) There is no quick and easy way to uninstall these programs, either from Sony BMG [sonybmg.com] or the s
Re:Companies disallow CD playing on computers? (Score:2, Informative)
The rootkit can't install unless you have rights to do it -- Domain Admins in our case
Massachusetts to Sue Sony Also? (Score:1, Informative)
And the ironic part would be... (Score:5, Informative)
But then, this IS Slashdot, afterall...
Re:Why no criminal charges? (Score:4, Informative)
NPR Covered the story which pleased me. They started it off like this:
"Today's vocabulary word is 2 words: ROOT KIT"
A decent 5 minute segment on it.
Re:Scotch Tape (Score:2, Informative)
so, there you go windows is not in violation of the DMCA, every poster on every fourm/blog/etc telling people of this 'method' is violating the DMCA. but don't worry, with as many laws as the united states has on the books you're sure to have violated at least one of them in the past week.
Re:Why no criminal charges? (Score:2, Informative)
Re:Texan way..... (Score:2, Informative)
Btw I have nothing against Brits. I just hate mindless jingoism fueled by ignorance and hypocrisy. I bet your bigotry began right about the time of ``freedom fries'' and other such anti-French nonsense fueled by rightful opposition to what is now clearly an illegal war?
Re:Way to go (Score:1, Informative)
It opens a connection to connected. sonymusic. com (IIRC), and apparently transmits the ID of the CD. Sony claimed this didn't happen, but a simple packet sniffer is all it takes - the connection opens the instant you tell the player to start.
Bush ain't a Texan ;-) (Score:5, Informative)
Texas did however produce Ann Richards, the democrat governor of Texas prior Bush and David Cobb, 2004's Green Party candidate.
Sorry -- I know the above was an attempt at humor, but I do get sick of the assumption that everyone in Texas is far-flung Bush-lovin' right wingers.
Re:Way to go (better math this time) (Score:3, Informative)
$3,362,560,000 ($3 billion, 362 million, 560 thousand, 000.00)
Just thought I'd clear that up, since you made the mistake twice in your post.
Of course, I may be wrong...if the whole counting thing was changed recently.
Re:Texan way..... (Score:5, Informative)
Mods, I forbid you to moderate this post informative.
Re:Texan way..... (Score:1, Informative)
It's not. It's in New Jersey, despite what the Supreme Court likes to think.
http://www.nps.gov/stli/ [nps.gov]
Re:Disproportionate fines for the win (Score:3, Informative)
Indeed. Live by the ridiculously high fine; die by the ridiculously high fine.
And, today's PSA:
Copyright Office Taking DMCA Comments [copyright.gov]. Clearly, the rules need to make it 100% unambiguously clear that, yes, it's legal to remove malware from your computer.