Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Sony Rootkit Settlement Gets Judge's Approval 187

Posted by Zonk
from the yay-free-music dept.
Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "
This discussion has been archived. No new comments can be posted.

Sony Rootkit Settlement Gets Judge's Approval

Comments Filter:
  • by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Tuesday May 23, 2006 @09:07AM (#15386737) Homepage Journal
    Imagine if after reading about the original rootkit & associated vulnerabilities, you check your DNS records & see that indeed, one or more PCs you're responsible for are infected. You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

    At the end of all your time, you still can't claim the replacement CD + download + patch, (let alone compensation for your lost time) because you didn't buy the offending CD (it was a temp receptionist).

    I really want to see someone go after Sony for a real settlement. For that matter, I'd like to see a government go after Sony. Corporations have the same rights as individuals, how about we give them the same responsibilities as well. I think a four or five years of community service for the entire company (say 20 hours a week), would be about what's deserved for a widespread crack attempt like this.
    • by TheSpoom (715771) * <slashdot@NOSpAM.uberm00.net> on Tuesday May 23, 2006 @09:13AM (#15386769) Homepage Journal
      Yeah.

      Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

      </sarcasm>
      • Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

        You know, if I worked as a filing clerk, and got to do 20 hours / week cleaning the local church or helping old people or something whilst getting paid for and not doing my normal work I wouldn't consider it punishment.

        But, what I meant was Sony as a company, doing the equivilant of 20 hours community service per week per employee for four-five years. They could pay others to do it, pay their employee

        • Maybe they can hire someone who has to do community service anyway. Then they don't have to do it twice.

          Efficiency is God. I think I'll be a management consultant. Maybe Dogbert has a vacancy. I'll go and buy a slab of liver.
        • why not just fine sony (number of employees)*(mean salary)*(hours of community service expected) and then tax everyone else less, providing the same social services?
      • Actually yes

        Thats how it works in the military when someone screws up. Remember the secretaries boss hired her and his boss hired him and so on. So in actuality its all their fault.

        This is why interviews are difficult to conduct and be a part of. You need to filter the bad apples out and enforce policy within your company.
    • by Lave (958216) on Tuesday May 23, 2006 @09:14AM (#15386776)
      I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case.

      At least this will put record companies off this kind of behaviour.

      • by TheJediGeek (903350) on Tuesday May 23, 2006 @09:37AM (#15386913)
        I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case. At least this will put record companies off this kind of behaviour.

        I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

        A replacement CD, and a few DRM's music files doesn't exactly make up for the huge amounts of time it has taken and will take to fix their damage.
        I know of a few computers just in my family that had this rootkit on it. My youngest brother is in college and the school provides a laptop to every student that the school maintains through an IT dept. They had to reimage his system when things got screwed up. My dad has a couple computers at work that got this thing. He had to reload everything on one and IT had to reload the other one. That was just from one CD that had been played on those computers.

        There are countless people that have had to spend many many hours fixing what Sony did. What they did was illegal and very damaging. All they have to do is replace some CDs.

        • by lgw (121541) on Tuesday May 23, 2006 @10:11AM (#15387166) Journal
          It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

          If this were the only action taken, sure. Fortunately, however, the *really* scary thing for Sony happened very early on: the DHS said they're choosing not to enforce the law on this basically because it was the first time any company had made this mistake, so they'll give the company the benefit of the doubt that it wasn't a deliberate attack. This one time.

          Sony broke federal law (section 1030) many thousands of times, and the Feds noticed. Installing a rootkit on a computer owned by the government (one not for public use) is a crime even if you never use that rootikit for anything, and Sony was using it for profit. The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

          This court settlement was nothing; the threat that Sony would no longer have a US division was everyhting.
          • by HiThere (15173) * <{ten.knilhtrae} {ta} {nsxihselrahc}> on Tuesday May 23, 2006 @12:59PM (#15388376)
            Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

            Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place. Even after it was revealed that this had been the prediction of estimates given to management before it made the decision. (The case was in Georgia, and I believe [with imperfect certainty] that the company was Dow Corning]. It involved the intentional poisoning of a town's water supply by illegally disposing of chemicals. It was a federal court.)
            • Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place.

              There's a difference between killing a few unimportant villagers and messing with the government's stuff.

              Sadly.
            • Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

              Against a *foreign* company, putting rootkits on government computers? Sure. There are guys who have spent their whole lives waiting for such an opportunity.
          • The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

            This decision was made, of course, after some money changed hands behind the scenes. You know, a little bribe^H^H^H^H^H campagin contribution. If you think the Bush administration would have put Sony out of business for this, I'd really like a toke off of whatever it is you're smoking. Doing so is, after all, bad for business and bad for the economy, and if
        • by Asphalt (529464) on Tuesday May 23, 2006 @07:08PM (#15390721)
          I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

          Not if you opted out. Which EVERYBODY should do to class action suits.

          The more people that opt of of class action suits, the less likely the punishment is to be a "slap on the wrist". The last thing Sony wants is a bunch of individuals out there with money hungry lawyers free from the confines of the class action settlement. It makes the class action settlement worthless.

          We enable the slaps on the wrists because 99.9% of us don't take the time/effort to opt out of class-action scams.

          As usual, the enablers of this nonsense is us.

      • Lave (958216) writes: I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable.

        Whiney Mac Fanboy (963289) writes: You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

        A blackhat would have been prosecuted for causing over $1 million worth of damage, easily. Such damage costs are mostly attributed to labor and downtime, so that's probably a fair claim.

        Comparing
    • by gfxguy (98788)
      Why don't you blame the temp receptionist for using her company computer for personal use?
      • by Whiney Mac Fanboy (963289) * <whineymacfanboy@gmail.com> on Tuesday May 23, 2006 @09:33AM (#15386893) Homepage Journal
        Why don't you blame the temp receptionist for using her company computer for personal use?

        Let me rephrase your question.

        Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.
        • Technically it wasn't a real Digital Music CD.
          • jacksonj04 wrote:

            Technically it wasn't a real Digital Music CD.

            For me, this has become the saddest thing about the whole situation. I used to have confidence that a music CD was safe to use on all devices that could play standard CDs, whether it was a stand-alone player, a portable, or a computer. Due to this, I could walk into any CD store and, on impulse, by a CD without concern.

            Since finding out about the problem with copy protection, I have stopped purchasing new music CDs. Now, when I pickup

            • Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?"
              There's an easy way to find out. Can you find the Compact Disc logo ? If so, it's not crippled. If I'm not mistaken, it's due to Phillips, the co-owner of the Compact Disc trademark refusing that their trademark appear on non-red book compliant discs.
        • I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.
          • I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.

            I'm still not clear on what you're saying - do you think I should blame the secretary in my hypothetical scenario rather then sony?
            • You blame the secretary, she's blames Sony.

              What would happen is, if she doesn't sign onto the lawsuit, she is free to file her own claim because you fired her because of something Sony sneaked onto the CD.

              You didn't fire her? That was nice... then this lawsuit does nothing for you, but since you weren't a party in it, you still have a claim against Sony with your own lawsuit, and now that Sony's lost this one, you'd have more ammo to win.

              But I guess the point is that your company didn't join this lawsuit b
          • I agree it seems innocuous, but she's using company equipment to do it.

            If the company has a rule in place to prevent staff from using their CD players to play music, then she's done wrong. If that policy is in place specificaly to prevent rootkit and viral infections, and the staff are aware of this, then she can be blamed for the infection.

            If it's just a "you can't listen to music" then she's not to blame for the rootkit, but would be subject to disciplinary action for breaking the "no music" rule. Which
          • So?

            I mean seriously so fucking what. If she can do her job while listening to music, why not let her use the PC to do it? Its a perfectly reasonable thing to do with the PC. Its something that 99.999% of the time, in fact, every time UP TO THE RELEASE OF THIS CD, has never caused an issue. Its something people have, and rightfully so, become used to being able to do.

            Punishing her for something that she had no way and couldn't have known there was an issue, is asinine. It is sony that broke everyones trust,
            • It's not about listening to music or not...

              For the longest time you could use the same argument about just about anything - personal email, IM, even installing a game here and there.... just so long as you're doing your job, right?

              Heck, I'm doing this from work right now! But if slashdot were to suddenly put something malicious on their website... well, I've been using slashdot for 10 years and haven't had a problem up until now...

              Most of the people where I work have their own CD/MP3 players, bookshelf sys
        • Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.

          Clearly it's her fault the rootkit was on the computer. She wouldn't have infected anything if she had just downloaded the CD like a normal person.

      • Why not blame the receptionist for wasted hours of work? One could argue the temp's intentions were to kill a bit of time or tap their foot while sorting files, likely did not know about malicious software being installed. The company that sold the cd (Sony) did know about the software its intension. Why not blame/charge the temp for possibly violating company policies and Sony for cleaning the computer? Many companies and IT wouldn't really consider playing a CD a mass grievance as most audio cd's are
      • Because it cheered up the whole department.

        When you left.

    • "...a government go after Sony"

      TFA: "Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general."

      I've been trying to get Greg Abbott (TX's AG) to go after the antivirus companies, refuse to settle, and various other things that might keep this from getting swept under the rug. This was a devious and dangerous product that was released, not a minor technical flaw in a few CDs.

      That's why I take Major issue (below) with the phrase "flawed digital rig

    • by hotspotbloc (767418) on Tuesday May 23, 2006 @09:32AM (#15386883) Homepage Journal
      Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?
      • I don't think that you could you have possibly chosen a more obscure analogy for the /. crowd.

    • by tomhudson (43916) < ... <nosduh.arabrab>> on Tuesday May 23, 2006 @09:42AM (#15386953) Journal

      Nothing is preventing you from filing a claim against them. From the court settlement notice:
      http://www.sonybmgcdtechsettlement.com/Notice.htm [sonybmgcdt...lement.com]

      EXCLUDE YOURSELF: Get no XCP exchange program, cash or free music download settlement benefits. This is the only option that allows you to ever be part of any other lawsuit against the Defendants about the legal claims being resolved in this case. See Question 13 below.

      OBJECT: Write to the Court about why you don't like the settlement.

      GO TO A HEARING: Ask to speak in Court about the fairness of the settlement.

      DO NOTHING: Get no XCP exchange program, cash or free music download settlement benefits. Give up certain rights. You will retain the right to sue the Defendants for any consequential damage to your computer or network that may have resulted from interactions between XCP software or MediaMax software and other software or hardware installed on your computer or network.

      NOTE: the "Do Nothing" option is also for anyone who didn't buy the CD, whose computer was damaged because someone else loaded the CD onto their machine, etc. (for example, a temp office worker decided to listen to the CD and infected a PC). Write Sony, state your claim (number of pcs affected, time lost) and that you are not part of the class settlement and would like to know what they're offering you to avoid court action.

      Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

      • Man, I wish I bought their rootkitted CD :)
        • You didn't have to buy a CD to be entitled to a part of the settlement. Anyone who bought, used, or was affected by, the rootkit (in other words, if you were even peripherally affected, you can make a claim):

          It's in the big text at the top of the settlement document: http://www.sonybmgcdtechsettlement.com/Faq.htm [sonybmgcdt...lement.com]

          ALL PEOPLE WHO BOUGHT, RECEIVED OR USED A SONY BMG MUSIC ENTERTAINMENT COMPACT DISC WITH CONTENT PROTECTION SOFTWARE

          If you bought, received or used a Sony BMG Music Entertainment compact dis

          • I know, but I was thinking more along the lines of filing a small claims suit to the tune of $5k for lost time, dealing with cleanup, reinstalling Windows, etc. (outside of the terms of the class action). Without having actually gotten or used the CD the claim wouldn't be very credible.
            • Tort law is on your side (as is the wording of the class settlement). You suffered damages as a direct consequence of Sony's shipping a r00t kit. Same as if GM produced a vehicle with defective brakes and you were hit by that car ... its a reasonably foreseeable consequence of their actions.

              As I point out elsewhere, the very top of the judgment includes people who didn't buy a CD but were nonetheless r00ted.

      • OK, my options for a lawsuit that will likely cost me far more in money, time & effort then I will recieve back are not limited. Great.

        Do you think its OK that no government has gone after sony for distributing hundreds of thousands of rootkits, compromising hundred of thousands of computers?
      • by chrae (159904) on Tuesday May 23, 2006 @12:14PM (#15388138) Homepage
        Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

        I like that idea but for most of us small claims and legal stuff is unknown territory. Most of us don't know what to do from start to finish because we haven't done anything like that before. I would like to see (as in, someone else do it :)) someone like Groklaw post templates and procedures for filing small claims specific to a case. e.g.: how to stick it to Sony in small claims.

        All the research of what to do is too difficult and I'm lazy and a bit intimidated. If it were made easier, I would do it and I'm willing to bet a lot of others would too.

        A thousand people each filing small claims at $500 a pop would be more potent then one lawyer representing a thousand people in a class action. Think "Slashdot Effect" in the legal sphere. It might even set a legal/business precedent: don't screw your customers so bad that they'll mobilize against you.

        I'm willing to overcome my laziness and contribute, but I need help and direction. Others need it too.

        • by Epyn (589398)
          This isn't much of a howto but more of a success story on how much of a pushover small claims can be:
          http://www.kuro5hin.org/story/2006/5/15/114512/034 [kuro5hin.org]

          I thought it was fairly informative even though there was a settlement.
        • Most small claims courts have brochures and web sites outlining the process.

          Up here, its very simple. You send them a letter by registered mail, explaining the problem and giving them 10 business days to get back to you. If you haven't heard from them in 3 weeks (the courts like it if you cut the defendant some slack), then you go down to where you file, and fill in a form (bring a copy of your demand letter).

          The important words to put at the top of your demand letter:

          DEMAND LETTER
          WITHOUT PREJUDICE

    • Giving out unprotected CDs and free downloads implies that the error in Sony's ways was in their attempt at DRMing the CDs. So now you can rip your CD and make MP3 for all your friends...who cares?

      It seems to me that the issue was their choice of HOW they enabled DRM. Installing a hidden rootkit that opened up millions of computers to hacks was the real damage they inflicted. How will a new CD secure these computers and remedy those affected in an appropriate way? It's like saying, "I'm sorry for smashi

    • The problem here is the same problem as in all corporate misdeeds. No one person or small group in the company is accountable. What might actually work is to say, look here, somebody authorized this illegal action. Who was it? Find that person and punish him or her. With jail and a felony rap, like any poor kid from the ghetto who "makes a mistake" and steals a car stereo. "Punishing" a corporation makes very little sense. It all gets abstracted into a spreadsheet and nobody has the fear of reprisal
    • Yes, but...

      This is normal for class actions. You get 'actual damages' for anything that can be proved to apply to everybody in the class. Not everybody who bought their crappy CD had to clean up the mess at considerable expense.

      I really want to see someone go after Sony for a real settlement.

      And that is exactly what you're supposed to do. If you were one of the smaller group who were severely impaired by Sony's reprehensible actions, you're supposed to take them to court and hit them for the whole thing. Yo
    • I really want to see someone go after Sony for a real settlement.

      You can. No one is bound by the class action settlement. You can opt out of the settlement and pursue your own independent damages claim against Sony.
    • Corporations have the same rights as individuals

      You must not be in the US. Here, corporations have way more rights than individuals do!
  • Opt-in website (Score:5, Informative)

    by TheSpoom (715771) * <slashdot@NOSpAM.uberm00.net> on Tuesday May 23, 2006 @09:11AM (#15386759) Homepage Journal
    Here's the claim filing website for the Sony BMG settlement [sonybmgcdt...lement.com], since I didn't see a link to it in the article.

    The solutions given almost don't seem worth it, but I'll probably opt-in anyway just so that little bit of money gets drained from Sony so they don't do this again.
    • Re:Opt-in website (Score:5, Insightful)

      by eln (21727) on Tuesday May 23, 2006 @10:20AM (#15387243) Homepage
      What makes you think that giving you a replacement CD or allowing you to download music is going to cost them anything? Giving you a CD will only cost them the actual cost of stamping the CD, which is probably less than 10 cents. Allowing you to download a music file from them will cost them nothing.

      Sony is getting away with basically paying nothing here. Sure, they'll put it on their books as having cost so many millions in lost revenue or whatever for tax purposes, but the actual cost is pretty much zero.
    • I'm staying far away from this one. I do not want Sony taking a particular interest in my activities.
  • Flawed? (Score:5, Insightful)

    by Mateo_LeFou (859634) on Tuesday May 23, 2006 @09:14AM (#15386775) Homepage
    I believe the software did exactly what it was supposed to do. Shouldn't there be mention of a flawed *DRM *strategy being foisted upon consumers?
    • Unless you mean that Sony actually wanted to:

      1. stealthily put a general-purpose rootkit interface on your computer, that leaves it wide open for any script kiddie to hide their malware with,

      2. utterly break your computer if you try to uninstall it, even after you no longer own the CD or are interested in listening to the music on it

      3. have exploitable bugs in both the original rootkit and in the "solution" to the problem they created

      then no, it didn't do exactly what it was supposed to do. Pushing DRM on t
      • I'm 100% in agreement; see my other comments for clarification. My point is that mainstream press is talking about this like it's an inadvertent error/flaw that somehow got into the product. Like faulty wiring in a toaster. In fact, this "flaw" was a design decision, arising from the fact that the provider's interests are contrary to the customers' interests.
  • If... (Score:5, Insightful)

    by Lord Kano (13027) on Tuesday May 23, 2006 @09:18AM (#15386797) Homepage Journal
    If a 15 year old script kiddie had done the kind of damage that Sony did with its rootkit, he'd be spending a couple of years in a "Federal PMITA prison" why does Sony get off this lightly?

    Someone should be incarcerated over this.

    LK
    • Re:If... (Score:4, Funny)

      by pete6677 (681676) on Tuesday May 23, 2006 @09:24AM (#15386830)
      Because the script kiddie was too stupid to form a corporation first. It worked for many other virus writers, like Kazaa and Gator.
    • Re:If... (Score:2, Funny)

      by cdogbert (964753)
      clout Pronunciation Key (klout)
      n.

      1. Influence; pull: "Women in dual-earner households are gaining in job status and earnings... giving them more clout at work and at home" (Sue Shellenbarger).
      2. Power; muscle.
    • Re:If... (Score:3, Insightful)

      by Rogue Eve (831308)
      A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation. He was 18 but still did not receive jail time so I am not surprised that Sony got off so easily. White-collar crime just doesn't receive harsh punishment.
      • Tell that to the British Hacker [bbc.co.uk] who hacked into NASA looking for evidence of UFOs, and is now being extradited to the USA and may end up in Guantanamo Bay [bbc.co.uk] on terrorism charges.

        From a technical point of view his methods sound rubbish, and I've seen him on tv- he's an idiot. But the US government is treating him like he's murdered 2000 people, not 'hacked' into a computer system...

      • Re:If... (Score:5, Insightful)

        by Overzeetop (214511) on Tuesday May 23, 2006 @09:50AM (#15387016) Journal
        Sony installs a rootkit on (potentially) hundreds of thousand computers, and not a single person is on probation. I think community service for Sony USA executives would be a very worthwhile punishment for the humans who should be watching what their company is doing, and a stiff financial fine - say 10% of gross '05 earnings (just like a $3000 fine for a regular guy who makes $30k/yr) - for the corporation, with 6 years probation. Should Sony be found in violation of the terms of the settlement (to be negotiated by the plaintiffs attorney and the judge), Sony loses it's corporate status in the US.

        Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

        Oh, and while I'm at it, I'd like world peace, too.
        • Re:If... (Score:3, Funny)

          I only ask that Sony be held to the same standard.

          That will only happen when Sony can no longer purchase the US government.

          Oh, and while I'm at it, I'd like world peace, too.

          "We're the United States Government. We don't do that sort of thing!" - from Sneakers

          :-p

        • Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

          Not to excuse Sony's sleezy actions and subsequent pat on the wrist,
          • Re:If... (Score:2, Insightful)

            by brufleth (534234)
            1. The root kit makes your computer vulnerable to attack/infection/whatever you want to call it.

            2. All someone has to do is write something that changes the position of decimal places on infected systems.

            3. Deaths

            This world is run by managers sitting on the shoulders of engineers and scientists. When it hits the fan the managers come out smiling but engineers and scientists are often not so lucky.
          • It's not as bad as people dying from things I personally screw up. As the principal in charge, I can (and likely will) be held responsible for anything anyone does in my organization. That includes simply the loss of time and money due to errors which simply result in, say, leaky roofs or blown fuses or mold due to poor air exchanges or humidity controls. If the damage is large enough - say, affecting 100,000 people and costing tens of millions of dollars in lost productivity to correct - I could lose my
    • Re:If... (Score:2, Insightful)

      This was a settlement to a civil suit, which won't ever include criminal penalties. As far as I knowthere has not been a criminal suit filed.
    • Someone should be incarcerated over this.

      The problem is that a _company_ did the bad thing, not a "person". Can't put a company in prison, now can you?

      Now, you can fine a company. I don't remember who, but if I remember correctly, a second company, not Sony, actually wrote and packaged the rootkit for Sony, and Sony was only wrong in that they did business with said company. We all know it was an innocent mistake, right?

      The thing is that I don't hear anything about the company that created the thing, and
      • Can't put a company in prison, now can you?

              No, that's what the board of directors is for.
  • by Gizzmonic (412910) on Tuesday May 23, 2006 @09:24AM (#15386834) Homepage Journal
    If some young "cranker" released this type of virus out in the wild, he or she would be looking at serious jail time. But as is normally the case with corporations, no one is expected to be personally responsible. Just a few dollars that amounts to jack shit for a huge corporation.

    Just like when Ford and Bridgestone decided to go ahead and release the exploding tires. Sure a few people got killed, but we can't press criminal charges! These are our captains of the industry! Reason #122,234 that this country is seriously messed up.
    • Easy, the "cracker" should have formed a corporation first with the intent of being a "security consultation firm".

      "Hey, the worm we were developing to track down...um...terrorists...got away from us and got released to the net. Sorry about that. Hey, we'll bankrupt the company ok? We'll dissolve it and go on our merry way....oh, can we get some venture capital cash from you government types so we can continue our...um...research? Yeah yeah, national security and all that."

      See, bullshit your way out of it a
    • You're very wrong about one thing. It's reason NUMBER ONE. This is the PRIMARY problem we and our progeny are going to face.
  • If Sony pays me a sufficiently huge wad of cash, I might be able to afford to give it back to them in exchange for a PS3.
  • Usually in a class action lawsuit those harmed get a coupon or replacement product that's pretty much worthless. The lawyers get millions of dollars in fees in the name of "protecting consumers." So, how much did the attorneys get in this case?
  • Worthless! (Score:5, Insightful)

    by Luscious868 (679143) on Tuesday May 23, 2006 @09:31AM (#15386872)
    As others have noted, this is a joke. Those users who were affected are entitled to a replacement CD, free downloads of the music on the CD in question (in who knows what format) or a cash settlement. So someone spends hours cleaning up the mess that Sony made and they get what amounts to $15 to $20 bucks. Most people who are affected probaby won't even bother to claim anything so Sony isn't really hurt by this. It seems to me that the lawyers who brought the class action suit are the only ones who really benefit here.
  • by hackus (159037) on Tuesday May 23, 2006 @09:39AM (#15386928) Homepage
    Welcome to the Empire of the United States of America.

    While you serve the sufferance of the 5% of the families in this empire that own 95% of everything here, please be advised that you do not and cannot own:

    Any sort of source code, any sort of music, any sort of transportation, any energy source.

    You can however, license it from said 5% of the population here that own 95% of everything else.

    You may buy a "rights" upgrade to your license to do as you please here, if you get caught violating the law. But bear in mind, sometimes we have to not accept your cash so we can calm the masses and throw them a "justice bone". In that instance should it happen, your "rights" license is null and void.

    Above all else, while you are here please be advised that any government official can be purchased for a limited time depending on how much cash you have, and how much influence you want.

    Just do not make it obvious and please use foreign banks to make sure transactions are not traceable.

    Thank You and enjoy your stay!

    -The Empire USA
    • Welcome to Canuckistan!

      Note that if you chose to become a citizen or landed immigrent and become ill, you are forbidden to pay a doctor for treatment. You must stand in line, and wait your turn for state medical care. We are not responsible for your death in this case.

      Welcome to Canuckistan!

      If you chose to accept state medical care, you may not leave your province of residence. To do so requires reimbursing the province for any medical care received, at the rates the province prescribes.

      Welcome to C

  • That was fast! (Score:2, Insightful)

    by brouski (827510)
    As scandals go, it seems like it took no time at all to go from exposure to out of court settlement. What do people make of that?
  • Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

    Sounds fair.
  • from TFA: These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

    Now, at least we know which CDs to avoid and if Sony keeps including any kind of copy protection software, their sales will plummet even more than they already have. The only thing left now is the drawing and quartering of the CEO and other upper-level officers, along with the dissolution of Sony's artic

  • The Lawyers and the Gov't, the people who were actually harmed will get a small, pathetic amount back. Yay for tort laws!
  • Big corporations: pissing on our constitutions.
  • SonySuit.com [sonysuit.com] notes that attorney's fees are still in dispute, and that there is an appeal of the case still pending.
  • I really don't care about the free CDs, or any other fine that would be levied against Sony. They're huge, and they aren't going to be hurt by this.

    What I want is criminal prosecution of the people in Sony's management who directed that this be done, and directed that this malware be distributed. I can't imagine that if I, Mr. John Q. Public, recorded some of my own songs and packaged them with a rootkit of my own, that I'd be prosecuted for it. More than that, I can't imagine that if some employees of S
  • I wonder if the judge realised the irony
    in allowing Sony to give out free downloads of DRM-laden music files
    to people who's computer(s) they made vunerable with their DRM software...
  • "flawed digital rights management"

    Flawed, my ass

    If I get caught burning Sony Music's HQ to the ground than that's a "flawed" bonfire.
  • I bought one of the copy protection discs; if hadn't been running Debian I'd have been hit by it too. In February I just got a notice in the mail informing me that I can claim damages from this lawsuit. I wasn't infected but as long as I return the disk I can get awarded damages. Lets make this as expensive for Sony as we can (to deter behavior like this in the future). If you purchased either of these two copy protection schemes, the details below tell what you need to do to recieve compensation. Please g
  • The worst part is that the so called recall was only for the large retailers. I work in a friends shop that sells CD's. He still has these CD's sitting on the shelf. When I told my friend about this fiasco he talked to his CD distributor about the recall and they knew nothing.
  • Not enough time (Score:2, Interesting)

    by danelav (906834)
    We accept unjust settlements and rights infringments not because we don't care, but because we don't have time to do anything about it. People work 40, 50, 60+ hours a week just to make ends meet. Add in 5 to 10 hours of commuting, and the result is very little spare time. I have very little inclination to spend my precious off-hours studying a convolted legal system, promoting a political justice in the community, and organizing a defense against perpetators of injustice. But I also recognize that no one w

When you don't know what you are doing, do it neatly.

Working...