Forgot your password?
typodupeerror
Sony Government Media Music Security The Courts News Your Rights Online

Sony Sues Rootkit Maker 334

Posted by kdawson
from the still-trying-to-recover dept.
flyboy974 writes "Sony BMG Music Entertainment is suing the company that developed anti-piracy software for its CDs, claiming the technology was defective and cost the record company millions of dollars to settle consumer complaints and government investigations. The software in question is the MediaMax CD protection system, widely derided as a rootkit. Sony BMG is seeking to recover some $12 million in damages from the Phoenix-based technology company, according to court papers filed July 3."
This discussion has been archived. No new comments can be posted.

Sony Sues Rootkit Maker

Comments Filter:
  • by Anonymous Coward on Thursday July 12, 2007 @09:38AM (#19837065)
    Being able to pass the blame to someone else is priceless.
  • Responsibility (Score:5, Insightful)

    by fastest fascist (1086001) on Thursday July 12, 2007 @09:38AM (#19837069)
    Seems to me like the responsibility for the functioning of a product should fall upon the distributor. Of course, you could ask if Sony is suing more for the money or as a PR measure to try to shrug off some of the blame for the whole debacle.
  • by Dan East (318230) on Thursday July 12, 2007 @09:39AM (#19837091) Homepage Journal
    The enemy of our enemy is still our enemy. In this case let them fight it out, and hopefully in the future all parties involved (content producers, technology developers, etc) will be too scared of financial damages to do something this stupid again.

    This is actually a very good thing, because no-one involved will be immune to the consequences.

    Dan East
  • Why stop there? (Score:3, Insightful)

    by elrous0 (869638) * on Thursday July 12, 2007 @09:40AM (#19837095)
    To bad they can't sue the guys who made AACS [wikipedia.org] (since they're part of the consortium). I wonder if they'll be able to sue the people who developed BD+ [cryptography.com], once that gets owned.
  • by jschroering (611063) on Thursday July 12, 2007 @09:40AM (#19837105)
    I fully believe Sony knew what they were getting in to with this company. Sony also knew that if anything went wrong (like it did), they'd be able to easily sue this company which is a fraction of it's size.

    Sony isn't earning any points back with me on this one..
  • by DoofusOfDeath (636671) on Thursday July 12, 2007 @09:41AM (#19837107)
    I want both Sony and MediaMax to suffer greatly. (It's ok for Sony to survive imho, but MediaMax should probably die and have its fields salted.)

    But isn't this a bit like a bank robber who shoots a cop suing Smith and Wesson? E.g., it sounds like Sony knew (or should have known) exactly what it was putting on their CDs.
  • There's an idea! (Score:5, Insightful)

    by Rob T Firefly (844560) on Thursday July 12, 2007 @09:42AM (#19837127) Homepage Journal
    All those landmines I buried in my front lawn made me look like a total psychopath when they blew up all those postal carriers, girl scouts, and neighborhood cats. Apparently, I can restore my status as a fine upstanding member of the community by simply suing the manufacturer of said landmines!
  • Re:Responsibility (Score:5, Insightful)

    by AvitarX (172628) <me@brandywinehund[ ].org ['red' in gap]> on Thursday July 12, 2007 @09:44AM (#19837155) Journal
    Sony was responsible for distribution to the public.

    Now they are trying to hold someone responsible for distributing to them.
  • by erroneus (253617) on Thursday July 12, 2007 @09:45AM (#19837169) Homepage
    ...that they do not warrant nor guarantee this software to be suitable for any function or use, especially for that which it was designed? That they agree to indemnify (love that word, it means you can't sue or hold responsible) the seller or maker of the software for any reason at all?
  • Re:Responsibility (Score:5, Insightful)

    by toleraen (831634) on Thursday July 12, 2007 @09:49AM (#19837221)
    It was Sony's responsibility. Hence they were sued by the consumers for it. However, if the company provided Sony with software that was not fully functional (overly functional?) without disclosing it, it's definitely court time. The PR certainly doesn't hurt though.
  • Your post indicates that you think I equate Bush & Kim Il. I dont. I just hope they both lose (in a celebrity deathmatch).
  • Re:Responsibility (Score:2, Insightful)

    by cbreaker (561297) on Thursday July 12, 2007 @09:54AM (#19837279) Journal
    That seems proper if you ask me.
  • Re:Responsibility (Score:3, Insightful)

    by jbreckman (917963) on Thursday July 12, 2007 @09:54AM (#19837287)

    It seems like they are bringing to the public light again. Most people I know have forgotten about this debacle (or never knew about it to begin with). If I was Sony, I'd try to bury the rootkit fiasco as much as possible, not have a large public lawsuit.

    Seems like really bar PR. But then again, it IS Sony.

  • IT'S DEFECTIVE (Score:3, Insightful)

    by Opportunist (166417) on Thursday July 12, 2007 @10:05AM (#19837399)
    I think Sony has a case there. It was supposed to be a rootkit, and rootkits are usually impossible to find. Some "hackers" found it, so it obviously has to be defective. If it was working as advised, nobody would've found it.

    Wait, did anyone here think Sony complained that it was a rootkit, and that this was the defect? Get real.
  • by lilomar (1072448) <lilomar2525@gmail.com> on Thursday July 12, 2007 @10:10AM (#19837435) Homepage
    You had me until:

    There would be no hollywood stars, or media or celebrity watch,
    At which point I start thinking about acceptable trade-offs...

    [/joke]
  • by miro f (944325) on Thursday July 12, 2007 @10:12AM (#19837463)
    maybe Sony should sue themselves? =)

    I don't think Sony should be the ones suing them, they contracted the software, and it was delivered to their specifications. Sony can't blame the people who wrote the software for doing what was asked.

    If Sony didn't know what the software was doing then it's their own stupid fault.

    If the software was illegal, then it's surely a matter for criminal court, and surely Sony shouldn't be awarded damages for being stupid enough to have this software written in the first place
  • by ArsenneLupin (766289) on Thursday July 12, 2007 @10:13AM (#19837475)

    if you pay someone to write you some software and it fucks up, whose fault is it? Theirs for not testing it, or yours for not testing it again?
    This would be relevant for unintentional errors. But this rootkit, as far as I understood, performed just as designed. It was an intentional nastiness, and that nasty intention was shared by both Sony and the software company.

    A better analogy would be: if you pay a hitman to rid you of your nemesis, and he gets caught, who will go to jail? The answer: both you and the hitman...

  • by staticneuron (975073) on Thursday July 12, 2007 @10:22AM (#19837571)
    The are suing who they purchased from. Why are you critizing a point that isn't even important.
  • by Red Flayer (890720) on Thursday July 12, 2007 @10:41AM (#19837781) Journal
    Well, seeing as Sony did not have direct business dealings with Fortium, how would they have standing to sue them?

    Sony made the purchase from Amergence -- they are claiming, among other things, that Amergence delivered a product that did not operate as described.

    If Amergence wants to sue Fortium along the same reasoning, they are welcome to -- though I think they'd have a hard time of it.

    Who originally wrote the rootkit is of no relevance. What matters is whether Amergence falsely represented the product they sold to Sony.
  • Re:Responsibility (Score:4, Insightful)

    by ookabooka (731013) on Thursday July 12, 2007 @10:44AM (#19837811)
    I just thought of a counterpoint to my argument, and then figured out a counterpoint to that. . .so I'm gonna post both as a reply:

    Counterpoint:Sony is still ultimately responsible for what goes on their disks.
    Counter-counterpoint:If Sony sends a software engineering firm a description for a project and the firm gives them a finished project, expecting Sony to have software engineers of its own to go over and affirm it is built to spec is a bit hard to swallow. They might have well just built it themselves in the first place. I'm sure you could think of a million examples, like a mobo manufacturer that orders capacitors that are faulty. . .whos responsibility is it? The mobo manufacturer because they are last in line before consumers?

    Alright, before I go I'll say one more thing: How does this compare to Firestone v. Ford blowouts. Discuss.
  • by pluther (647209) <pluther.usa@net> on Thursday July 12, 2007 @10:47AM (#19837839) Homepage

    ...they contracted the software, and it was delivered to their specifications. Sony can't blame the people who wrote the software for doing what was asked.

    I think they probably missed one important specification:

    It was supposed to do it without anybody knowing about it.

  • by Red Flayer (890720) on Thursday July 12, 2007 @10:48AM (#19837863) Journal

    I don't think Sony should be the ones suing them, they contracted the software, and it was delivered to their specifications.
    RTFA. One of Sony's claims is that it was not delivered to specifications.

    If the software was illegal, then it's surely a matter for criminal court, and surely Sony shouldn't be awarded damages for being stupid enough to have this software written in the first place
    Sony settled with various governments to avoid a lengthy legal process. If one of their suppliers was responsible for the illegal code, and falsely represented to Sony that the code was completely legal, then Sony sure as hell has both standing and reason to sue to be recompensed for those damages.

    Yes, Sony was responsible for releasing the rootkit on their CDs. However, it is quite possible that Amergence should be held responsible for misleading Sony if that is in fact what happened.
  • by B'Trey (111263) on Thursday July 12, 2007 @10:52AM (#19837905)
    $12,000,000 is peanuts to Sony, perhaps, but it isn't necessarily peanuts to the other players involved. Personally, regardless of how I feel about Sony, I think this is a wonderful development. I suspect that a lot of DRM technology companies will reconsider how they do business based on this. Anything which might give them pause is a Good Thing in my book.
  • by ajs (35943) <ajs@nOsPam.ajs.com> on Thursday July 12, 2007 @10:54AM (#19837937) Homepage Journal
    First off, Sony will likely win, but as always, it will depend on the specifics of the contractual relationship.

    It's probably understandable that technologists would assume that the original author of the software would be the correct target of the lawsuit. This is not so. Sony is not suing over the failure of the code (the code worked relatively correctly), but over the fact that the software was sold to them as a means of controlling their market, and it not only failed to do so, but cause serious injury to their business as a result. That's the fault of the people who represented this software to Sony as a viable solution with acceptable risk.
  • Re:Responsibility (Score:4, Insightful)

    by badasscat (563442) <basscadet75NO@SPAMyahoo.com> on Thursday July 12, 2007 @10:54AM (#19837939)
    Either way I'd expect a company of Sony's scale to put in the due diligence to ensure the products they buy are without legal issues.

    That's not really the way it works, in any company.

    Too many deals are done for a large company to scrutinize every single product they buy. That's the whole point of using outside vendors; if they're going to put in the time to fully examine all the code, they may as well just develop the DRM themselves. Instead, the contracts are worded in such a way that it puts the onus on the provider of the product. That way, it's in the best interests of the provider of the product to ensure that what they're providing meets specifications and adheres to the letter of the contract. Otherwise, they know they're at risk of a lawsuit like this.

    I doubt the contract here was any exception, which means Sony most definitely has the upper hand. And they really have to file a lawsuit in order to preserve their leverage against all of their other technology providers. This is how they ensure they get what they're contracting for.
  • by gsslay (807818) on Thursday July 12, 2007 @11:05AM (#19838045)

    The rootkit software was developed by First 4 Internet (now called Fortium Technologies)
    Which is a totally irrelevant fact. Sony BMG's contract was with The Amergence Group Inc. If your phone didn't work, would you sue Alexander Bell or your phone company? Guess who you'd have more success suing?

    Which is not to say that Sony BMG's case has any merit. But then I, and everyone else here, do not know what the contractual arrangement between the two companies was and how the rootkit was presented to Sony.
  • Re:Responsibility (Score:1, Insightful)

    by Anonymous Coward on Thursday July 12, 2007 @11:06AM (#19838061)

    like a mobo manufacturer that orders capacitors that are faulty. . .whos responsibility is it? The mobo manufacturer because they are last in line before consumers?

    Absolutely! It's the motherboard manafacturer's responsibility to ensure their product is in working condition before selling it to consumers, which means if they get a shipment of faulty capacitors (and they catch that) then they should go get non-faulty replacements before shipping the product to consumers.

    Sony should have checked the software for obvious faults that would arise from general use before incorporating it into their product. Now that's assuming the software was faulty. What the software did and what I think Sony would have wanted it do (based on previous observations of Sony's behaviour and attitude) seem to line up perfectly. I guess it's up to Sony now to prove that it didn't want a 'rootkit' that could potentially compromise a system.
  • by king-manic (409855) on Thursday July 12, 2007 @11:15AM (#19838181)
    All those landmines I buried in my front lawn made me look like a total psychopath when they blew up all those postal carriers, girl scouts, and neighborhood cats. Apparently, I can restore my status as a fine upstanding member of the community by simply suing the manufacturer of said landmines!

    If you hired a security company to burglar proof your home and were not present for the installation of land mines then you might have a case.
  • Re:I'm confused (Score:5, Insightful)

    by networkBoy (774728) on Thursday July 12, 2007 @11:18AM (#19838213) Homepage Journal

    A company to hate
    I think that's microsoft around here, though Sony is up there too I guess.

    Nothing wrong with preventing copy
    yes there is something wrong. I do not want to buy a song from iTunes for a buck that I already have on disk, just to listen to it on my iPod, or better yet, I don't have an iPod, so iTunes is useless to me, and AllOfMP3 is shuttered so I can't get MP3's there, thus they have to come from my CD or from file-sharing as my only two choices.

    The company they hired pushed faulty software
    Actually I think this was a different company than the root kit, but since most everyone who understands the media's goal with DRM agrees it's defective by design, then yes I agree.

    As a person who has used sony programs and devices for years
    ditto, though no more and never again if at all avoidable

    I can attest that normally their EULA's are in your face and pretty annoying. This case just seems out of character for the company.
    betamax licensing was just as bad, no it's not that far out of character. Just in the consumers face nowdays.
    The Sony I used to love is dead. Management changes have turned it from a pioneering company into a slogging lumbering hulk that only wants more money, not customers' loyalty.
    -nB
  • Re:Responsibility (Score:2, Insightful)

    by Paradise Pete (33184) on Thursday July 12, 2007 @11:21AM (#19838257) Journal
    If Sony gave a vague description, then I think both would be to blame. If Sony gave a very verbose description, and all the offending stuff was added by the firm for whatever reason, then sure I think they should sue. If, however, the firm built it to Sony's description, then obviously they have next to no liability (maybe accessory to crime or negligence).

    What happened was criminal. If it was Sony's specification, then whoever specified and authorized should go to prison, just as would have happened if this were some individual "hacker." If the contractor did it on their own then some of them should go to prison, just as would have happened if this were some individual.

    In hopes of avoiding a series of "you must be new here" and "welcome to America" replies, I'm not saying I'm surprised nobody was punished. I'm just saying that's what *should* have happened.

  • by AdmiralWeirdbeard (832807) on Thursday July 12, 2007 @12:06PM (#19838887)
    Yes, but I believe what the gp was saying is that this claim of "software wasnt delivered to specifications" is clearly a post hoc piece of garbage that they are alleging to try to pass the buck. They fought too hard and long saying that there was nothing wrong with the rootkits and that it was necessary to protect their IP blah blah blah blah, for any kind of *collarpull* "oh we totally didnt ask for the software to do these things" to be given any credence whatsoever.

    What do you think went down? Sony asked for a noninvasive piece of monitoring software that could be easily detected and removed or blocked from being installed, and then they were delivered a fucking rootkit instead and they went "Dur, look fine to us" and ran with it? Fuck no. They tested it, inspected it, decided it was exactly what they wanted, and then ran with it. And they deserve every penny lost because of their actions.
  • by Nalarik (181576) on Thursday July 12, 2007 @12:34PM (#19839287)
    DCE - Digital Consumer Enslavement
  • by davinc (575029) on Thursday July 12, 2007 @02:10PM (#19840623)
    Really it will come down the exact wording of the contracts. Either Sony did or didn't get what they asked for, and they did or didn't give the appropriate sign-off.
  • Re:I'm confused (Score:3, Insightful)

    by HiThere (15173) <charleshixsn&earthlink,net> on Thursday July 12, 2007 @02:59PM (#19841227)
    I you want to make that distinction, go ahead. They're both paying money into the same pockets, however.

    Personally, I don't currently intend to ever purchase anything from Sony again. I suppose that they *could* change my mind, but not without understanding just how evil it is to put rootkits in people's computers. After realizing that, then they'd need to decide to provide genuine, as opposed to symbolic, recompense. Then they'd have to actually do the deed. That would bring them back close to neutral. At that point I'd start considering them again. Then I'd reject them because I don't like DRM. Currently I reject them for being treacherous backstabbing sleaze mongers who make equipment that can't be trusted because they either think rootkits are good or have neither morals nor ethics.

    Once they recover their status to just being DRM vendors, then I can consider them. They'll still probably lose out against the competition, because I don't like DRM and won't pay extra to support it, but they'll have a possibility of a sale if they provide superior equipment at a good price, and if non-DRM software isn't discriminated against. But they'll need to prove that latter.

  • Re:I'm confused (Score:3, Insightful)

    by Paradoks (711398) on Thursday July 12, 2007 @04:43PM (#19842529) Homepage
    IANAL, either, but if I recall correctly, the DMCA doesn't have a fair-use exemption. So, sure, you can make all the fair-use copies you want from any of your copy-protected CDs or DVDs. It's just that, while exercising your fair-use rights, you'd be circumventing DRM, which is illegal under the DMCA.

    Which is why those who support that portion of the DMCA are enemies of freedom.

    So to speak.

Real programmers don't write in BASIC. Actually, no programmers write in BASIC after reaching puberty.

Working...