Sony Settles With FTC Over Rootkits

The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.

Drawing parallels

[rumith]

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

Hmm. Perhaps they would fine Microsoft too, based on this exact reason? ;)

Meanwhile, RIAA wants $750 per song...

[Zaatxe]

Isn't that a little unfair?

Re:Drawing parallels

[Anonymous Coward]

When we'll see malware using Vista DRM "features" so even a user with admin privileges won't be able to get rid of it, maybe we should seriously consider that question.

Not bad

[Anonymous Coward]

The terms of the settlement actually seem pretty good for the consumer. You can claim up to 10 times the price of a CD for damages, you can exchange existing CDs for unencumbered ones, and Sony has to deal with the embarrassment of advertising this fiasco on its website. And more importantly, this will hopefully send enough of a message to other DRM providers and users to make them pause before throwing more malware into their products.

The only thing I'd like to see added onto there is a clause requiring Sony to pay the legal defense fees of anyone sued by the RIAA. I can dream.

By that rationale...

[GapingHeadwound]

From TFA

The US regulator said the anti-piracy software wrongly limited the devices on which music could be played to those made by Sony or Microsoft.

Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.

If someone in their basement pulled the exact.....

[Anonymous Coward]

....same thing, their asses would be in the slammer in no time. Sony souldn't be treated any different. This was a computer crime, plain and simple.

Re:how does this multiply out?

[Don_dumb]

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers.

I wonder how many people have these CDs and dont even realise that their CDs are or have been infected? This did make the mainstream media, but wasn't a huge story. I imagine there are thousands of people who still have no idea.

Wouldn't a better punishment be that Sony is made to stand up and publicize (using such mediums as MTV) the particular CDs that were infected and educate people as to how they can protect against malware. - It openly damages them to those who aren't aware about this (thereby acting as a deterant for anyone else thinking about doing somthing like this), informs the masses as to the lengths DRM goes to (generating more widespread disapproval for DRM) and helps to fight malware through educating the yoot.

Re:Save your reciept ?

[zlogic]

These things could sell pretty well on eBay - buy a $75 rootkit CD and sell it to Sony for $150!

Re:By that rationale...

[grimJester]

Hey, your comment actually made me RTFA. Congratulations!

The proposed settlement requires Sony BMG to clearly disclose limitations on consumers' use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software.

From the summary, I thought this was about the rootkit, not the DRM functionality it was meant to protect. Why does the settlement require things that the law already requires? If the above is just a clarification of how the law was interpreted in this case, this might really have serious implications for the current crop of DRM. iTunes' DRM limits use to Apple products, PCP limits content playback to licensed hardware, Vista (probably) doesn't come with clear disclosure of what the DRM does etc.

Hell, I bet not one DRM'd cd/dvd or DRM-limited piece of hardware has any visible warning label spelling out what restrictions it imposes compared to what the customer might reasonably expect.

Re:Vaginas for Jesus: Nice real nice, REMOVE IT

[Anonymous Coward]

This kind of shit shouldn't be just marked 'offtopic', it's spam and spam should be deleted. This goes also for the first post idiots and the goatse boys.

These are part of the answer why most internet publicists don't allow the public to comment the news. Which is a shame since some readers do have something interesting to say.

Understatement of the year...

[Panaqqa]

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

Huh? "Reasonably difficult"? This damned thing broke Russinovich's [technet.com] machine, and he had to use several utilities he developed himself to get rid of it by looking deeper into the Windows OS than I think Microsoft ever intended (or wanted) anyone to look. How many /. denizens would have looked for this little gem using named pipes [wikipedia.org] to communicate?

"Difficult to uninstall"? Right...

Wonder who really gets to pay...

[ray-auch]

What's the betting that cost of this gets passed onto artists as deductions from royalties ?

Artist monthly statement:

Sales: $$$
Gross royalties (tiny%): $
Deductions:

      [ blah blah blah ] $$
      DRM legal costs $$
      [new this month]

Net Royalties: -$$$

[NB: you won't have to pay us because we're nice like that, we'll just carry it forward]

Re:How About...

[ObsessiveMathsFreak]

The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.

What a great guy. Going on record saying what he sees as fit instead of actually running the company the way he sees fit.

Why are they even paying this man?

Re:If someone in their basement pulled the exact..

[jimicus]

Yes, but Sony is a company and this is the USA.

All the rights of an individual with hardly any of the responsibilities.

Re:How About...

[Rycross]

I'm sure Sony's PR department is grinning from ear to ear that people are falling for this shit.

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.

Re:How About...

[Anonymous Coward]

Why are they even paying this man?

Because he doesn't run the company as he sees fit.

If he did, the shareholders would fire him. That, incidentally, is why corporations are more evil than any individual.

The REAL point of a class action lawsuit

[elrous0]

Here's a little breakdown of how class action suits *really* work:

• Suing lawyer gets $5 million
• Corporation gets protection from individual lawsuits
• Consumer gets a meaningless coupon

-Eric

Re:Not bad

[MrNiceguy_KS]

I definitely agree about this being labeled Malware. Sony should be required to make a detection program available that users could run to see if their system is infected, and provide information to antivirus vendors so that it can be added to their detection signatures. They should make it's removal part of the next update to Microsoft's "Malicious Program Removal Tool" or whatever it's called.

Also, their player program that shipped with the rootkit CDs had a 'phone-home' function that loaded a banner from the web. It didn't actually provide Sony any personal data other than the user's IP address, but Sony should be required to track down anyone still running the rootkit player and assist them in removing their software. If they can track down file-sharers using an IP address they should be required to do the same to clean up their mess.