California Class Action Suit Sony Over Rootkit DRM 508
carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law,
which allows public prosecutors and private citizens to file lawsuits
to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."
Sony's DRM is Good (Score:3, Informative)
Install Sony DRM protected CD
Re-Name your favorite CD ripping program to $SYS$filename.exe
Now your CD ripper is hidden from Sony's DRM
It can also be used to hide cheat programs from various games.
Re:I understand the first two... (Score:5, Informative)
NO SONY BMG PARTY SHALL BE LIABLE FOR ANY LOSS OR DAMAGE, EITHER DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR OTHERWISE, ARISING OUT OF THE BREACH OF ANY EXPRESS OR IMPLIED WARRANTY, TERM OR CONDITION, BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY MISREPRESENTATION, FAILURE OF ANY REMEDY TO ACHIEVE ITS ESSENTIAL PURPOSE OR ANY OTHER LEGAL THEORY ARISING OUT OF, OR RELATED TO, THIS EULA OR YOUR USE OF ANY OF THE LICENSED MATERIALS (SUCH DAMAGES INCLUDE, BUT ARE NOT LIMITED TO, LOSS OF PROFITS, LOSS OF REVENUE, LOSS OF DATA, LOSS OF USE OF THE PRODUCT OR ANY ASSOCIATED EQUIPMENT, DOWN TIME AND USER'S TIME), EVEN IF THE SONY BMG PARTY CONCERNED HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY CASE, THE ENTIRE LIABILITY OF THE SONY BMG PARTIES, COLLECTIVELY, UNDER THE PROVISIONS OF THIS EULA SHALL BE LIMITED TO FIVE US DOLLARS (US $5.00). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CERTAIN INSTANCES, SO THE ABOVE EXCLUSION MAY NOT APPLY TO YOU. THIS ARTICLE WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY DESPITE THE FOREGOING DISCLAIMER, EXCLUSION AND LIMITATION.
And this little bit too
Article 10. GOVERNING LAW AND WAIVER OF TRIAL BY JURY 1. THE VALIDITY, INTERPRETATION AND LEGAL EFFECT OF THIS EULA SHALL BE GOVERNED BY, AND CONSTRUED IN ACCORDANCE WITH, THE LAWS OF THE STATE OF NEW YORK APPLICABLE TO CONTRACTS ENTERED INTO AND PERFORMED ENTIRELY WITHIN THE STATE OF NEW YORK (WITHOUT GIVING EFFECT TO ANY CONFLICT OF LAW PRINCIPLES UNDER NEW YORK LAW). THE NEW YORK COURTS (STATE AND FEDERAL), SHALL HAVE SOLE JURISDICTION OF ANY CONTROVERSIES REGARDING THIS AGREEMENT; ANY ACTION OR OTHER PROCEEDING WHICH INVOLVES SUCH A CONTROVERSY SHALL BE BROUGHT IN THOSE COURTS IN NEW YORK COUNTY AND NOT ELSEWHERE. THE PARTIES WAIVE ANY AND ALL OBJECTIONS TO VENUE IN THOSE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS. 2. YOU HEREBY WAIVE ALL RIGHTS AND/OR ENTITLEMENT TO TRIAL BY JURY IN CONNECTION WITH ANY DISPUTE THAT ARISES OUT OF OR RELATES IN ANY WAY TO THIS EULA OR THE SOFTWARE.
So yeah, they tried to get out of their corperate liabilities.
Misleadings, expansions, and lawsuits abound (Score:5, Informative)
First, right now it isn't "California" as a whole suing Sony. An attorney has filed a class action lawsuit, and California citizens (and the world as a whole) will benefit. It would be nice if the California Attorney General would lend the government's support in an amicus curiae brief, but in media-rich California that isn't likely to happen. The representatives of the people of California haven't really weighed in on the matter yet, sadly.
Second, a New York law firm will be next to join the bandwagon. Things are heating up faster than the article summary indicates
Third, all of these lawsuits are going to hit Sony *hard*, right in the wallet. Any financial benefit they might have gained from their DRM will be lost unless the lawyers involved immediately drop their cases.
Finally, Sony really doesn't have any solid defense against the charge that they violated the Consumer Protection Against Consumer Spyware Act, *unless* the act specifies that spyware can only be classified as such if it submits personally identifiable information back to the authors or a third party. I'm not too clear on that regard- anyone have information they can add on that count?
Aim at foot, pull trigger (Score:5, Informative)
From the article: "Sony's move is the latest effort by the entertainment companies to rely on controversial 'digital rights management' (DRM) technologies to reverse a steady drop in sales that the industry attributes in large part to piracy facilitated by online music and movie file-sharing networks like Kazaa and Limewire."
Yeah, because installing secretive, privacy-invading software on your computer is sure to stimulate CD sales.
And the uninstall process [sysinternals.com] is a privacy invasion too... you gotta fill out an online form, check your email for a URL to ANOTHER online form, then get the uninstaller. And while the uninstaller gets rid of the XCP2 Aurora [xcp-aurora.com], it simultaneously installs another DRM (MediaJam). Nice. Sony, how I love thee. You're so sinister.
mod parent up (Score:2, Informative)
Re:I understand the first two... (Score:5, Informative)
I believe the term is "exculpatory", and the way my legal environment professor explained it was this: "If clauses like that worked, we'd all be driving around with signs on the front of our cars that say, 'Not responsible if I hit you'." (IANAL, of course.)
Nice list of CDs.. (Score:2, Informative)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia)
Apart from Celine and The Coral, I've never heard of any of them. Maybe they should spend money on trying to market and sell these, rather than trying to piss people off?
Re:Serves them right (Score:5, Informative)
Thomas Hesse, President of Sony BMG's global digital business division, showed up on NPR to try and sweep the entire thing under the rug.
Pathetic
in similar news (Score:5, Informative)
I actually bought one of these... (Score:3, Informative)
Besides putting a personal ban on buying any more Sony junk, and doing my best to avoid buying any albums on their label, I will also be writing to the artist and urging others to do the same.
Re:I understand the first two... (Score:5, Informative)
Re:Buying a new computer (Score:3, Informative)
I bought a high end sony laptop (for £1900 in Aug 2001) and had no end of problems.
Mobo died after 4 months, and the default warranty didn't cover it. ( I was in Aus, I bought it in the UK. So much for an "international" company, which was one of the reasons I bought the VAIO in the first place.)
I git it repaired 7 months later on a return trip to the UK, leaving me with 1 month warranty.
The screen backlight died 3 months later. Sony told me it would cost over AU$1000 to replace the screen (which is 16.1" UXGA 1600x1200 res), as the backlight and ascreen are all one unit.
I eventually found a local guy in Sydney that could dissasemble the screen & replace the neon tube. Cost:200.
I bought a mem upgrade, to kick ram up to 512Mb. 5 months later,I am back to 256Mb again - but it's not the ram, it's the second controller or something - both sticks work, when put in slot one.
Oh, and this laptop was the *second* Vaio I bought. The first I bought from a reputable online shop in the UK. It arrived and died within 15 minutes of firing it up. I sent it back, only to find it would take 3 months to get my full refund, because Sony won't refund the vendor until they have done a full check etc. on the laptop themselves. I wasnt interested in getting it repaired - I just wanted a full refund, so I could go to a bricks and mortar shop and buy a different laptop that would actually work for more than 15 minutes before it had to be repaired under warranty. Unfortunately I still thought Sony was good, and that the first dodgy laptop was just bad luck.
Get a dell or compaq or something. I hear they suck less.
Re:"Nothing for you to see here. Please move along (Score:5, Informative)
http://patft.uspto.gov/netacgi/nph-Parser?Sect1=P
For short version, see this story;
http://www.joystiq.com/entry/1234000420067137/ [joystiq.com]
(Sony is patenting a method for games console discs to be tied to the console unit they're first ran on. No second hand game sales or loaning of games...)
Get Immunity! (Score:2, Informative)
Quick way to get around it: boot up a copy of Slax [linux-live.org] using the cheatcode slax copy2ram, swap the CD, cd into your hard disk {it'll be under
# for i in *wav; do lame -h $i; done
or
# for i in *wav; do lame -h $i && rm $i; done
if you don't care about keeping the wav files.
Re:Misleadings, expansions, and lawsuits abound (Score:3, Informative)
Re:Sony's DRM is Good (Score:3, Informative)
On the other hand, intentionally infecting oneself with this spyware in order to avoid other companies' DRM is simply genius, and is a sweet example of how multiple companies' competing DRM schemes will never be successful. Sony's DRM has made it possible to cheat in at least one MMORPM without recourse.
Re:Sony's DRM is Good (Score:4, Informative)
Besides, you still have their shitty security-compromising, phone-homing, CPU cycle eating rootkit installed! So what if there's some way of working around it to rip the CD, it needs eradicating completely or better yet to not be installed to begin with.
Better method :
- Disable autorun, or hold down shift whilst you insert and explore the CD
- Run ripper as normal, the rootkit isn't installed so there's nothing it can do
Best method :
- Don't buy the "CD" to begin with, write to the artist and Sony telling them why.
Yeah, it's being used to cloak several cheat programs like the WoW auto-fisher. If I were head of one of their publishers I'd have my team of vicious attack lawyers looking for some legal grounds to sue Sony for loss of earnings / financial harm, I know there probably there aren't any but it's worth a try.
Re:Trial By Jury (Score:0, Informative)
Re:Buying a new computer (Score:3, Informative)
in the end i went for an eurocom. it's somewhat heavy, but does a damn good job
Re:I understand the first two... (Score:5, Informative)
Exculpatory/Hold Harmless/Indemnity agreement is/are the correct term(s).
Exculpatory agreements are those contracts that attempt to create a pretext of blamelessness when a party might otherwise be typically held liable for damages in the event of some sort of failing on their part.
They're generally challenged at a state level and taken before the state supreme court. Generally speaking, the track record of such agreements is dismal. Wisconsin, for example, has recently heard some six or so cases involving exculpatory agreements, including the one provided along with Atkins. In each case, the court ruled that the agreements were unenforcable. Here's the Supreme Court's overturn of the trial court's finding of indemnity:
http://www.gklaw.com/publication.cfm?publication_
They're not always ruled unenforceable, but because they tend to be so overbroad, they're highly subject to being ruled that way. Generally speaking, this type of agreement is used mainly to frighten people away from lawsuits. The handful of people who will actually challenge them and the cost they create for a company is usually much smaller than if the company actually had to pay out when they did some harm.
Re:Copyright infringement? (Score:2, Informative)
i hate the rootkit, but the LGPL shouldnt have that much power over this situation.
Re:Yeah, but... (Score:3, Informative)
As I recall my Business Law textbook stating "the court frowns on disclaimers of responsibility". You see such disclaimers all over the place, signs on stores and parking lots, purchase agreements, and eulas. However there is established criteria that a company or private owner must apply due diligence [jurisdictionary.com] to make sure their actions/product do not injure others and is generally determined in court by the "reasonable man" [jurisdictionary.com] test. "Injure" includes not only physical injuries to persons but financial, reputation etc "injuries".
Exploit claimed for Sony rootkit (Score:5, Informative)
[bitdefender.com]http://www.bitdefender.com/VIRUS-1000058-en--Backd oor.IRC.Snyd.A.html [bitdefender.com]
Naturally, they are promoting their software as protection.
Re:Buying a new computer (Score:5, Informative)
Of course that damage wasn't covered by my warranty, but the repair was covered by the other guy's insurance company. Their only clause for paying for it was this: any replaced parts needed to be shipped to them by me (I guess they wanted to make sure I wasn't trying to scam them and get myself a new computer).
When I got the repair authorization from Dell, and fronted the $800 cost, I told the tech on the phone that I needed the replaced parts returned to me (the mobo needed to be replaced). He said no problem, I just needed to attach a note to the laptop, and they'd ship the parts back with the repaired laptop.
I attached a note to the laptop to the effect (taped it securely to the back of the screen so it would be seen when the box was opened). After the laptop came back, it didn't have the old mobo, and the bill clearly stated that the mobo had been replaced. But there was no old mobo in the box.
When I called support to ask about it, the first guy I talked to said Dell had a policy of never returning bad parts, but instead they destroy them in an environmentally friendly fashion. I explained I'd been told I could get the parts back, and needed the parts back to get reimbursed for it by insurance, he sent me to level 2. Level 2 said they do have a policy that they'll return those parts, but that I needed to tell the guy who issued my RMA in the first place. I explained I had done so, and he said, "I don't see any note on your RMA for that, you must not have done so, perhaps if you'd attached a note." I explained I had also attached a note, because that's what I was instructed to do by the RMA issuer. He checked the unpacking logs, and said no mention was made of a note.
In the end I ended up talking to about a dozen different people in the returns area, almost every one had a different idea about how I'd have to have made sure I got the parts back, including some who told me that there's a 25% surcharge on getting the parts back (!).
They wouldn't provide a partial or full refund for the work completed, they wouldn't ship me another mobo (I told them I didn't care if it was smashed into 100 pieces), and they didn't care that I was out the costs of this repair without the original parts. I climbed all the way up the supervisor chain to the director of out of warranty repairs, and no one cared, and no one was 1) willing to admit that any mistake had been made on their end (I had a PHOTO of the laptop in the shipping package, with my note attached to it, clearly readable, they claimed I could have done that after the fact), nor 2) willing to take any steps to placate me as an unhappy customer.
So the insurance company wouldn't reimburse me, I spent $800 repairing a laptop that was not really worth that much (guess the insurance company should have totaled it), and it's all Dell's fault. They honestly didn't care.
Re:Not only it is Lame, it contains.... (Score:5, Informative)
*** IMPORTANT NOTE ***
The decoding functions provided in LAME use the mpglib decoding engine which is under the GPL. They may not be used by any program not released under the GPL unless you obtain such permission from the MPG123 project (www.mpg123.de).
Re:Buying a new computer (Score:4, Informative)
A body shop pulled a similar stunt with my car after I was in an accident. The repairs that they made were of poor quality, and the insurance company refused to do anything since I didn't tow the car 50 miles to the nearest authorized center.
Fortunately, I charged it to my amex blue card, and wrote them a letter describing the situation in detail. There was some back and forth with the body shop, but the end result was a $3,000 chargeback which allowed me to get the shoddy work replaced.
Re:By the way, here's another interesting tidbit.. (Score:3, Informative)
Re:Buying a new computer (Score:3, Informative)
Re:I understand the first two... (Score:5, Informative)
Lawyers have to be careful online about giving out legal advice because of ethical standards, so they frequently disclaim their statements (whether it means anything or not) with "this does not constitute legal advice". Providing certain advice could be construed as creating an attorney-client relationship. At that point, you could also be automatically in breach of attorney-client privilege because you would be posting your new client's advice on a public forum.
There's actually a significant amount of debate on the matter. By simply pointing out that you're not providing legal advice, does your advice become any less legal?
Disclaiming is sort of like those statements at the bottom of corporate emails that say if you receive a message by mistake you're obligated to destroy it immediately. Well, of course you're not unless you have a contract with the company that says otherwise. If I get a private email from somebody with damaging corporate details, I'm in no way, shape, or form obligated to destroy it, and I'm entirely free to share it with other people so long as I'm not breaking other laws by doing so (e.g. - committing fraud, espionage, etc.).
Re:Not only it is Lame, it contains.... (Score:3, Informative)
*sigh*
As has been pointed out before, the static strings that are compiled into the program are just parts of the program that are LOOKING FOR LAME. It doesn't have any part of lame in it, it's making sure that you don't use lame to encode this CD. It's part of the so-called "protection". It's looking for a whole list of files and applications that it knows about in order to prevent them from being used to extract the audio from this CD.
No LGPL violation. Move along.
Re:I understand the first two... (Score:4, Informative)
Because in many jurisdictions, offering certain types of advice (typically legal, financial or medical) as if you're knowledgable on a subject, but without the professional qualifications, insurance etc. to match, can get you in a whole heap of trouble if the advice turns out to be wrong. There's nothing wrong with discussing these issues anywhere, AFAIK, as long as it's clear that it's a personal opinion and not professional advice.
AIUI, the disclaimers are actually more relevant for those who are practising professionals. For example, if a lawyer gives some general legal advice randomly on the Internet, they probably wouldn't want it to be treated the same way as advice they gave in confidence to a client whose exact situation they knew. A couple of fairly regular Slashdotters have a sig that says something like "I am a lawyer, but I'm not your lawyer, and this is not my legal advice to you".
Of course, the most important disclaimer is that if you get your legal advice from Slashdot, you probably deserve whatever consequences befall you anyway...
Re:I understand the first two... (Score:3, Informative)
However, if the whole document is in caps and the magic provision thus isn't differentiated from the rest of the text, then there's a pretty good argument that it's not "conspicuous," and there's a good chance a judge interested in the fine points of the law would find that clause unenforceable.
Re:I understand the first two... (Score:3, Informative)
These factors give it a higher velocity relative to your car, making them more dangerous the longer it's been since they left the truck. Hence, if you were greatly concerned about damage from the gravel, you're less likely to encounter damage if you *are* tailgaiting the truck. Unless it's a very tall truck losing gravel at the top, in which case that may be similar in relative velocity, though most trucks will lose gravel 4-5 feet off the road (at the bottom of their flatbed, or the bottom of their dump truck's rear panel).
Re:Boycotting DRM *forever* - EBAY! (Score:4, Informative)
There are already 10's of millions of non-TPC computers in the world. You should be able to live the rest of your life buying cheap used computers off of eBay to use.
Re:I understand the first two... (Score:3, Informative)
It's because on /. we often assume the law should reflect our own common sense of how things should work. There is in reality no connection. Every day hundreds of disappointed litigants leave courts scratching their heads on how the law came up with such a screwy result against common sense and all decency.
'IANAL' is a nod to the way things really work. 'IANAL' says, 'Here's my common sense, but it means nothing in a court of law.'
Re:Why all the attention on Sony? (Score:4, Informative)
PS. iTunes for Windows will turn on auto-run if you have it disabled.