California Class Action Suit Sony Over Rootkit DRM

carre4 writes "Lawyers in California have filed a class-action lawsuit against Sony and a second one may be filed today in New York. The lawsuit was filed Nov. 1 in Superior Court for the County of Los Angeles by Vernon, CA attorney Alan Himmelfarb. It asks the court to prevent Sony from selling additional CDs protected by the anti-piracy software, and seeks monetary damages for California consumers who purchased them. The suit alleges that Sony's software violates at least three California statutes, including the "Consumer Legal Remedies Act," which governs unfair and/or deceptive trade acts; and the "Consumer Protection against Computer Spyware Act," which prohibits -- among other things -- software that takes control over the user's computer or misrepresents the user's ability or right to uninstall the program. The suit also alleges that Sony's actions violate the California Unfair Competition law, which allows public prosecutors and private citizens to file lawsuits to protect businesses and consumers from unfair business practices. EFF has released a list of rootkit affected CD's and Slashdot user xtracto also has a list."

I understand the first two...

[RandoX]

But how did Sony's actions prevent people from suing? Was there a clause in the EULA that prohibited it? Since they're getting their asses sued off anyway, can't the judge throw this one right out?

"Nothing for you to see here. Please move along."

[KitesWorld]

bleh.

Anyway, It's good to see this happening. It's important to make sure that the major labels realise that while DRM is legal, there are limits to what people will tolerate - and damaging peoples machines is not something that people are going to tolerate.

Heck, with luck they might even water down Blu-Ray as a result. I can dream :)

Great, yet another reason ...

[LaughingCoder]

not to buy CDs. Like I needed more reasons. They are already too expensive and they force me to buy tracks I don't want just to get the 1 or 2 I want. I know Sony *thinks* they are *adding value* which will incent me to buy CDs, but obviously they miscalculated.

If only someone would offer a digital download service with CD quality content.

The mp3's have no DRM

[psergiu]

I used to buy a lot of music CDs. But after this wave of incompatible discs i just resorted to download mp3s as its sure that i can play them on whatever device i want.

Boycotting DRM *forever*

[snotclot]

I wonder if whichever genius Sony/BMG exec did this is fired already... surely the other Sony branches love this publicity. Do people think this will eventually harm or even dent Sony's brand image? As a fellow computer saavy user here on Slashdot I'm already trying to actively, personally boycott Sony and any company that is bent on using DRM. And you guys say, what if Intel and AMD both DRM there chips? Surely, I can't boycott computers in general can I? But there HAS to be a few clever electrical and computer engineers out there who will make a new company *specifically* to have non-drm chips. Sure, it costs millions in R&D. But at the time that DRM is in chips making a retro x86 compatabile CPU that can be fabbed in Taiwan/China shouldn't be too hard should it?

Serious work issue

[RoboProg]

This poses a potential problem for me, as I like to listen to my CDs at work (ripped to MP3 format, of course). Security is a real issue at work, to their credit. I can't have my music installing spyware on my employer's PC.

HELLO SONY! You are making your stuff unusable! Cease & desist, and all that.

Re:I understand the first two...

[canuck57]

can't the judge throw this one right out?

He probably could throw it out but I hope the opposite happens. Toss a big fine and bad publicity to Sony for this. DRM went too far with a root kit and two wrongs don't make a right. Sony is going to have to learn this. But the worst may yet come for Sony, I for one will no longer buy Sony products.

And of all things, to remove the root kit you have to run an Active-X control from an untrusted site. Just what we in the security business tell people for good reason not to do.

So I support dragging Sony through the mud on this.

DMCA defense?

[hrm]

I hope this goes to court and triggers Sony into mounting an DMCA based defense ("this is our copy protection system, and you don't mess with that shit even if does screw your PC"), then maybe people would get a better understanding of what a rotten law the DMCA actually is.

Comment removed

[account_deleted]

Comment removed based on user account deletion

I see stupid people.

[Phoenix]

And people wonder why I haven't bought a single CD in the past 5 years that didn't come from an independant artist. Sony will just have to lable me as a heathen devil commie mutant anti-social pirating slime bag since I now get all my music from other sources besides the traditional record industry. First it was a copy protection that killed my CD-Rom drive and my Car Stereo, now we have a major company turning into a @#$%ing hacker with intent on screwing up my system just to keep me from using thier music in THIER OWN MP3 PLAYER.

Yes, I love the fact that Sony wants to sell me a MP3 player and MP3 compatable CD and DVD players, but doesn't want me to actually USE the damn things to listen to thier music.

Go Figure.

The other stupid thing is the simple fact that there is no copy protection that has lasted more than 2 weeks before it was cracked, and at times in the most embarrasing way imaginable.

The one that cost millions to develop and was cracked using a $1.25 Sharpie marker jumps to mind.

Frankly I hope the music industry dies. I'm just so utterly sick to death about the whole goddamn thing I want it gone.

Phoenix

Re:"Nothing for you to see here. Please move along

[Dogtanian]

t's important to make sure that the major labels realise that while DRM is legal, there are limits to what people will tolerate - and damaging peoples machines is not something that people are going to tolerate.

It's not simply a question of tolerance or not; some DRM may be "legal", but (IANAL) installing a root-kit on someone's machine without notification or permission almost certainly isn't. If they get away with this, it'll be because they have better lawyers, not because by any reasonable judgement it is "legal".

Of course, I hope it kicks up a stink for Sony too, but that's beside the point.

Re:Serves them right

[pfrCalif]

That's a good quote, would be work well for my buddy:

"Most of the girls I've been with don't even know what rapid spreading gonorrhea is, so why should they care about it?"

Now it's safer to Pirate?

[concord]

I find it interesting that Sony has violating consumer's rights in order to protect their own rights. Now for the first time it is actually safer to download and listen to pirated music then it is to purchase and use compact disks and dvds. Piracy will become a matter of self-preservation.

Also, the new shadowy status of $sys$ prepended files opens the door for all kinds of malware - these programs will use this "hole" to create hidden processes on people's home and workplace computer systems - a serious security threat to all the nations of the world. In essence Sony has facilitated a whole new class of malware, virus and worm propagation by assisting them in denying detection.

Being sued should be the least of Sony's worries.

Re:I understand the first two...

[jimbolauski]

Lawyers like to pile extra stuff on just in case they can convince the judge of wrong doing. The EULA has a clause that attempts to protect sony from their liability, but fortatnly most good lawyers can argue that the EULA was not disclosed before the purchase, so the EULA is just there to discourage/intimidate customers from suing sony. Sony better hope that this issue dosn't get put before a jury because it will be real easy to scare them into thinking sony was being malicious.

Re:Now they done it.

[div_2n]

You can piss off . . . the geeks

I know you are being funny, but this is just a REALLY bad idea for a company that produces technology driven products. Who do family members turn to when they are considering dropping money on expensive technology products for advice? I know mine turn to me. Guess what I'm going to say from now on when they ask? "Whatever you do, don't buy a Sony product." Mine listen to me implicitly when I give such direct advice especially if I have suggestions to offer.

Sony has made a mistake of epic proportions. Watch their sales numbers. I bet dollars to doughnuts it takes a drammatic drop.

Re:No more DRM discs from Sony!

[malchus842]

and just in California

Except that CA is so huge that to market a disc in CA that was different than the rest of the US just wouldn't be worth the cost. Especially since CDs are bought online, etc. No, if CA wins, Sony will end up dropping THIS particular DRM method. And others will be less likely to do something like it.

Also, CA isn't the only state with such consumer protections. Others will follow suit if this one works, or even before.

Re:Serves them right

[geoff lane]

Did it work?

Are Sony CDs distinquished by appearing less often on rips?

The end of democracy

[tomcres]

The California suit is really nothing when you look at the big picture. The reality is that we have surrendered our freedom, in fact, surrendered our supposedly democratic government, to rich people with capital interests in restricting our liberty. A lot of this has to do with the invention of incorporation, the idea that a company can be viewed as a "person" under the law. But just take a look at who makes up our government and what kind of laws they enact. You almost have to be a millionaire political party contributor or fundraiser to be nominated for office, and once in office, the politicians are not representing the will of the people, but the will of the lobbyist and big money contributors. If laws like DMCA or any other copyright or patent legislation were put to public referendum, they'd be defeated _easily_. However, because RIAA and MPAA and their associates put billions of dollars into the Republicans' and Democrats' pockets, they enact legislation that absolutely no one outside of those industries wants!

Re:Serves them right

[iainl]

Most division presidents don't even know what their precise bank balance is, so why should they care if a fraudster helps themselves to a couple of hundred?

Re:I understand the first two...

[pendor17]

Isn't that (making it hard to read) exactly the point? I think that many companies write their EULA so that you don't WANT to read it, and writing in CAPS (which many people construe as "shouting") is certainly a "turn-off". In much the same way, many manufacturers setup their rebate programs so that you forget to send in the rebates in by the deadline. After all, this is capitalism - a corporation like Sony isn't looking out for YOU...

Howto: Get an apology from Sony..

[wraith0x29a]

Take the word 'Sony', slice the 'n' vertically down the middle and flip the right-hand half on it's vertical axis - you'll end up with the word 'Sorry'.

After their response to my e-mail complaint when this issue first arose it's the only apology anyone can expect from them. Oh well, I use Linux anyway and all the CDs on the blacklist are either utter pish or by people I've never heard of but, still, the whole thing stinks like 3-week old Sushi.

Re:"Nothing for you to see here. Please move along

[192939495969798999]

So within a few weeks, someone will have a machine that when you put the protected disc in, it copies it on the first run and removes said flags. Sony will in effect build an even stronger incentive to hack and hack well. If you can pull it off, you'll be the hero beating evil Sony's "run once, run nowhere else" strategy, plus you'll be a great coder who wrote software that has to work right the first try.

Re:I understand the first two...

[Anonymous Coward]

But why do people put heavy desclaimers when giving legal opinion?

IANAL, if you want legal advice etc. etc..

I never heard anyone say I am not a computer scientist when they happily criticize code?

I am not an american, is this an amercan law or something?

Re:Buying a new computer

[ad0gg]

Umm.. if its not your insurance company, you don't have to follow their rules. Remember it was the others guys fault. Its there responsibility to pay for the damages they caused, they should be the ones calling dell to get the old parts. They want to be dicks about it, i'd say i'm starting to have neck problems and tell them i'm seeing a chiropracter. They'll settle right on the spot.

Re:I understand the first two...

[Phroggy]

Actually I don't think you even need the bumper sticker. IIRC in PA (and probably other states), if you rear end someone you're at fault, unless you can manage to prove that the other car cut you off. You are responsible for keeping a safe distance between you and the car in front of you.

As far as I know, this is correct.

I've heard of people turning on their headlights (which also lights up the taillights) to scare the person behind them by making them think they're seeing brake lights, without actually slowing down. Personally I always drive with my headlights on, because it makes me more visible to other drivers (even during the day in good weather), and my brake lights are very sensitive (they come on as soon as my foot touches the brake pedal).

However, when someone is following you that closely, the best thing you can do (assuming you're not already in the rightmost lane) is to maintain speed, turn on your right turn signal, wait for a safe opportunity to do so, and change lanes. Remember, it's not a race; you don't get a prize for crossing the finish line before the other guy. Other drivers are idiots - let them be idiots, and stay out of their way.

Cool insightful geeky traffic stuff here [amasci.com]

Re:I understand the first two...

[timeOday]

If you agree to not hold someone responsible for anything that they do to you, well, you're a moron who practically deserves to get taken advantage of.

I don't think this is true, and a lot hinges on it. The problem is that in today's world there's practically no way to know what you're "agreeing" to.

First, you may never see the contract. Maybe you are tearing the shrinkwrap off a box of software with some disclaimers hidden somewhere inside. Maybe you're sitting down to use software installed by somebody else along time ago.

Second, the contracts are too long and complicated. It would be impossible for a company to conduct business if every customer who came in to spend $20 had their own unique multiple-page legal document that had to be scrutinized and accepted by a company lawyer. Not because companies are lazy or stupid but because it's economically infeasible. Yet somehow that's what we demand of private individuals (with no legal training) in dealing with dozens of companies every week. It's simply not workable, and gives the upper hand to businesses which conduct all end-customer transactions under the same contract (their own).

Third, even if you know all the jargon and have all the time in the world to read the contracts, you really can't interpret them without knowing the entire legal framework. Which parts are actually enforceable by law, and which are just wishful thinking by a company lawyer? Do you know all the applicable state regulations? How about for all 50 states, or do you never order things from another state?

The enticing ideal of two parties with mutual understanding entering a contract simply isn't very applicable to the myriad of little transactions we carry out on a day to day basis, and yet we pretend it is. That's why its such a mess.