Forgot your password?
typodupeerror
Security Sony Your Rights Online

A Legal Analysis of the Sony BMG Rootkit Debacle 227

Posted by kdawson
from the bad-ideas-just-keep-on-coming dept.
YIAAL writes "Two lawyers from the Berkeley Center for Law and Technology look at the Sony BMG Rootkit debacle: 'The Article first addresses the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy. After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures, the Article examines law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, and argues that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict these harms on the public.' Yes, under 'even the most charitable interpretation' it was a lousy idea. The article also suggests some changes to the DMCA to protect consumers from this sort of intrusive, and security-undermining, technique in the future."
This discussion has been archived. No new comments can be posted.

A Legal Analysis of the Sony BMG Rootkit Debacle

Comments Filter:
  • Precedent. (Score:5, Interesting)

    by Raindance (680694) * <johnsonmx@gm a i l . c om> on Monday December 17, 2007 @02:49AM (#21723078) Homepage Journal
    It was a push on legal norms. The recording industry has done it before, and more successfully.

    A quote from Lessig's Free Culture:

    After Vivendi purchased MP3.com, Vivendi turned around and filed a malpractice lawsuit against the lawyers who had advised it that they had a good faith claim that the service they wanted to offer would be considered legal under copyright law. This lawsuit alleged that it should have been obvious that the courts would find this behavior illegal; therefore, this lawsuit sought to punish any lawyer who had dared to suggest that the law was less restrictive than the labels demanded.


    Legal norms are not just about judicial precedent.
  • by Simonetta (207550) on Monday December 17, 2007 @02:57AM (#21723100)
    ...the market-based rationales that likely influenced Sony BMG's deployment of these DRM systems...
      That's pretty simple. They thought that there was a vast network of 13-year-old superhackers that were going to destroy the company by sharing files of music recordings. Then some schmuck (names? anyone who knows?) in the firmware special projects department told some marketing manager that he knew how to keep 13-year-old superhackers from copying music from CDs by simply adding a little piece of code. ...demonstrates a failure to adequately value security and privacy.
      The only security and privacy that they care about is their own. These concepts don't exist for people who are not executives in the company. Especially customers.

    ... then-existing technological environment that both encouraged and enabled the distribution of these protection measures...
      "Since we own the music on the disk that is placed into a computer CD drive, we, by the simple and obvious extension of corporate logic, thereby own the computer and all of the data inside it." If you want to become a corporate executive, you need to start thinking like one. ... flawed protection measures...
      If it keeps ordinary people from copying stupid pop songs from our CDs, then it is not flawed. If it destroys or corrupts the data on user's PC, we don't care. Serves them right as they are supposed to only be listening to CDs on a real Sony CD player. After all, we invented the CD so we can set the terms on its use. ... contract, intellectual property, and consumer protection law... ...is whatever the hell Sony's legal department says it is. And we have many, many millions of dollars, euro, UK pounds, or yen to prove it. Without the cash, talk is trash.

    ... Yes, under 'even the most charitable interpretation' it was a lousy idea...
    Next year's rootkit software will work. And the first thing that it will do is send your name and address to our lawyer's office who will prepare a standardized form charging you with theft of intellectual property (which is some illiterate junkie thug under Sony corporate contract moaning 'baby, baby, baby' over and over). Our bot software will then serve this to anyone who puts a Sony music CD into any device with internet access (unless, of course, the device is a $999 Sony model DRM-XKE CD player with hi-def 2-inch LCD screen and wireless internet access). After all, we invented the CD so we can set the terms on its use.

    suggests some changes to the DMCA ...
        The only changes that our legal department will allow the US politicians to pass will be ones that increase the criminal penalties for possession of music. This will happen when Sony completes its corporate merger with Wackenhut and CCA and completes the vast network of corporate prisons being built in distant lands. These will be needed to hold the vast number of unemployed former American college students who not only illegally listened to music, but also fell behind on their student loan payments.
  • Re:Nothing like... (Score:3, Interesting)

    by iminplaya (723125) <iminplaya.gmail@com> on Monday December 17, 2007 @03:08AM (#21723142) Journal
    They don't even care about money.

    Look at it this way. During the time you spend filling the tank in your H2, you will have made ten or twenty times the the money you will spend on the gas. You don't need to care about the money. It ended up being a pittance anyway. They effectively lost nothing. And consumers still flock to buy their stuff as fast as they can put it out. How much longer till someone discovers XCP v2.0? Rinse, repeat. v3...4...5 This won't stop until we vote their shills out of office and quit buying their "crappy" products, from them and from any other company in their portfolio.
  • by qzjul (944600) on Monday December 17, 2007 @03:44AM (#21723264) Homepage
    My immediate thoughts upon reading it were quite the opposite actually: Having a journal article written about this might make these issues more difficult for congress to ignore or dismiss as sensationalism; if they actually take note, those who are not already in the pockets of the recording industry may find it more difficult to follow those who are.

    Any piece of solid, credible research that demonstrates the reality of the situation is welcomed by me; eventually - if enough of these sorts of things are published - the weight of the evidence may become too overbearing for even the recording industry to buy off elected officials.
  • by BlueStrat (756137) on Monday December 17, 2007 @06:19AM (#21723656)
    As much as I like that story, and its one of my all time favorite books, it starts with the premise that returning soldiers would essentially take over the world and everything would be wonderful thereafter. History has shown quite clearly that every time this occurs things go badly.

    Except that they don't become "Citizens" until *after* they have served, and are no longer in the military. History has indeed shown that when the military takes over the government, then yes, bad things happen. But that's not the system that was described. It was civilians who had *previously* served in the military. Even today, one of the qualifications that many people look for in their elected leaders is previous military service.

    History has shown that when citizens are ignorant of history, the means by which they both first gained and retain their freedoms, and by which their country remains free from attack, very bad things happen. Pearl Harbor happened because Japan saw that America after WW1 had shrunk their military to a fraction of its' previous strength, and the citizens and most of the government had a policy of isolationism and retreat from world conflict. Japan failed to take into account the American peoples' outrage and anger, and the sleeping industrial might America could bring to bear.

    The surest way to get robbed in a big city is to look and act like a victim. The surest way to start a war is to appear conquerable to other nations with acceptable losses. That's precisely what the people who advocate unilateral disarmament, and also those who preach disengagement when targeted by terrorists, fail to understand.

    As to the Sony/BMG rootkit incident, as long as the punishment for getting caught in bad corporate behavior is acceptable, expect to see such behavior repeated.

    Cheers!

    Strat
  • by lareader (1191563) on Monday December 17, 2007 @06:29AM (#21723686)
    Just a minor thing on Starship Troopers:
    Not all the people who volunteered for public service ended up as soldiers - they simply ended up doing what their society thought it needed and they had the ability to do.

    Heinlein actually wrote a bit about the "world" of Starship Troopers in Expanding Universe (in a retrospective on his literary career).
    At the time when the events in the book take place, quite a lot of people were needed as soldiers - but due to the way we people are wired (with tight-nit social groups as soldiers), soldiers were usually the last to stop serving in public and thus the last to actually get to vote.
    Yes, you didn't get the franchise until *after* you've stopped serving in that world.

    I do agree that the premise is shaky - but the idea of not giving everyone franchise just because they were 18 years old and alive was one of the ideas Heinlein was toying with in that book.
    Of course, he argued that clearly the founders of US of A never intended everyone to get the franchise either - his criterion were simply a bit more merit-based.

    In Expanding Universe he did mention that the idea of having stable people with a stake in maintaining a working society as a rather good idea, and goes on arguing for removing the franchise from men and giving it to women who have born children, as they have a personal reason for being interested in having a society that works... and makes a rather convincing argument of it.

    I can heartily recommend Expanding Universe if you are interested in what Heinlein said he was thinking when writing.
    As with all things written down, of course, you must consider the source - but I got a lot of amusement out of his writings, and like his meritocratic views personally.
    The book "Requiem" is also a good read, if a trifle sad at times - but it did contain his speeches at a few scifi conventions which I hadn't read - highly interesting for a person not born until the last years of the Red Scare.

    (Sorry for pushing Heinlein, but I really liked those books and they represent a very enlightening perspective on what Heinlein professed to believe.)
  • by golodh (893453) on Monday December 17, 2007 @06:38AM (#21723712)
    This article really was a pleasure to read (although it took me most of a day).

    Not just because of the conclusions ("Part III examines potential market-based rationales that influenced Sony BMG's deployment of these DRM systems and reveals that even the most charitable interpretation of Sony BMG's internal strategizing demonstrates a failure to adequately value security and privacy.") but also because of the rant-free and very lucid and illuminating analysis of the factors involved.

    To me, the best part was: "After taking stock of the then-existing technological environment that both encouraged and enabled the distribution of these protection measures in Part IV, we examine law, the third vector of influence on Sony BMG's decision to release flawed protection measures into the wild, in Part V. We argue that existing doctrine in the fields of contract, intellectual property, and consumer protection law fails to adequately counter the technological and market forces that allowed a self-interested actor to inflict such harms on the public.".

    Those who have hopes for political action to amend the current crop of laws may be interested to read: "Finally in Part VI, we present two recommendations aimed at reducing the likelihood of companies deploying protection measures with known security vulnerabilities in the consumer marketplace. First, we suggest that Congress should alter the Digital Millennium Copyright Act (DMCA) by creating permanent exemptions from its anti-circumvention and anti trafficking provisions in order to enable security research and the dissemination of tools to remove harmful protection measures. Second, we offer promising ways to leverage insights from the field of human computer interaction security (HCI-Sec) to develop a stronger framework for user control over the security and privacy aspects of computers."

  • by Frater 219 (1455) on Monday December 17, 2007 @06:42AM (#21723728) Journal

    The question then is; how did somebody at Sony arrive at the conclusion that they should try to protect their IP right in this manner?

    This is probably not best discussed in terms of "protecting IP rights" but rather in terms of:

    1. Individual decision-makers in the organization trying to protect their own personal interests (cover your ass, look busy, do something!);
    2. An interest in seizing control (squatting, adverse possession, invasion) of the user's desktop, in order to use that as a foothold to greater control over the medium;
    3. High-pressure and deceptive sales tactics by the spyware makers.

    Someone at Sony was charged with "doing something" and "making the piracy problem go away". They were desperate. They also wanted something to show for their efforts, namely, an ability to exercise power on user desktops. (Recall, the copyright terrorists have long wanted "self-help" capabilities that amount to sabotaging users' property at will.)

    Spyware must have seemed like a perfect solution: it doesn't just "do something" about the pirates, it accomplishes a long-standing goal of seizing greater control of the medium. It is not at all about "IP rights"; it's about power -- in this case, about ripping power out of the users' hands.

  • Re:Nothing like... (Score:2, Interesting)

    by NeoSkink (737843) on Monday December 17, 2007 @11:56AM (#21725722)
    This won't stop until we vote their shills out of office and quit buying their "crappy" products, from them and from any other company in their portfolio.

    And I'd love to! I really would! But how do you find independent music?

    Labels provide advertisement and exposure. I know what artists I like because I hear them on the radio, in movies and coke commercials. I'd like to switch to supporting independent artists (because like all of Slashdot, the labels really piss me off) but I don't know how to find them.

    So I need suggestions: What is the best way to be exposed to independent artists? Is there a search engine, maybe a site with radio streams organized by genre?

    I want to kick the RIAA habit, but I can't do it alone.
  • by elrous0 (869638) * on Monday December 17, 2007 @05:10PM (#21730872)
    I'm sorry, but I grew up a military brat. Most of the soldiers that I knew, both active and retired, were close-minded, mean-spirited dolts too damn stupid for college and in too much trouble for any other job. Sorry if that sounds harsh, but it's the truth. The term "G.I." was all but a curse word among civilians where I grew up (around Army bases). I know I'm supposed to be all like "our brave, noble, men and women in uniform" and all that, but it's nothing like that in real life living around those people.

    It scares me enough that most of them were even allowed to vote at all, much less vote exclusively. Take a good hard look at any military town; in its tattoo parlors, bars, and strip clubs; and tell me THOSE are the people you want deciding our country's future.

    And my Dad was career military and so was my grandfather. And you had better believe me when I tell you to thank your lucky stars THEY weren't in charge of the country. These were guys who got together at VFW meetings and debated whether all reporters should be shot or just imprisoned--and MEANT it. We still can't let my Dad watch the news without him accusing the reporters of being Communists (I'm not joking, the man broke a TV set one time).

Nothing is impossible for the man who doesn't have to do it himself. -- A.H. Weiler

Working...