Texas Sues Sony BMG over Rootkit 703
Mr. Sketch writes "According to Yahoo!, Texas Attorney General Greg Abbott 'filed a civil lawsuit on Monday against Sony BMG Music Entertainment for including "spyware" software on its media player designed to thwart music copying. [...] Texas is seeking civil penalties of $100,000 per violation of the state's Consumer Protection Against Computer Spyware Act, which was enacted earlier this year. "Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said in a statement.'"
Texan way..... (Score:3, Funny)
Texas law on lethal force in protecting property.. (Score:5, Interesting)
Re:Texas law on lethal force in protecting propert (Score:3, Informative)
So the spyware has to be pretty deadly!
Comment removed (Score:5, Informative)
Re:Texas law on lethal force in protecting propert (Score:5, Funny)
Re:Texas law on lethal force in protecting propert (Score:5, Funny)
Unfortunately, that only works if killing them will prevent your property from getting damaged/stolen. Inapplicable in this case.
Perhaps one could argue deterrment value? I'll bet a few Sony execs getting shot would shure make them think twice about doing it again!
Its the ol' 'Hang 'em. It'll teach 'em a lesson" (Score:4, Insightful)
Re:Texas law on lethal force in protecting propert (Score:5, Funny)
Re:Texas law on lethal force in protecting propert (Score:5, Funny)
Sounds like a John Lennon song...
except for the killin' part.
Re:Texan way..... (Score:4, Funny)
Mods: Do what you will, but please don't mod this (my) post as funny. Ironic, yes, but this is not funny.
Re:Texan way..... (Score:5, Funny)
Re:Texan way..... (Score:5, Informative)
Mods, I forbid you to moderate this post informative.
Re:Texan way..... (Score:4, Interesting)
The little thug Cantu isn't a innocent - the little car-theif confessed to shooting somebody in a pool hall. That somebody turned out to be a cop - and Cantu probably got a bit more attention after that.
Payback's a bitch.
Re:Texan way..... (Score:3)
Re:Texan way..... (Score:5, Insightful)
So we can blame the state for:
You can blame the one guy for refusing to stand in their way - are you sure you would have had that courage ?
Re:Texan way..... (Score:3, Funny)
Re:Texan way..... (Score:5, Informative)
Re:Texan way..... (Score:4, Funny)
Re:Texan way..... (Score:3, Funny)
Re:Texan way..... (Score:5, Insightful)
Anywho, personally I can't wait to see Sony go down in flames over this. Some part of me is almost disappointed that a couple of adolescents with an axe to grind
Re:Texan way..... (Score:4, Insightful)
It's not. It's in New Jersey, despite what the Supreme Court likes to think.
Re:Texan way..... (Score:4, Funny)
Mmmmmm. Tough call that one.
Bush ain't a Texan ;-) (Score:5, Informative)
Texas did however produce Ann Richards, the democrat governor of Texas prior Bush and David Cobb, 2004's Green Party candidate.
Sorry -- I know the above was an attempt at humor, but I do get sick of the assumption that everyone in Texas is far-flung Bush-lovin' right wingers.
Re:Texan way..... (Score:5, Funny)
Well, those who believe #1 and #2 must believe in #3, how else would they explain how Bush won in the last election despite #1 and #2?
Re:Texan way..... (Score:4, Funny)
Re:Texan way..... (Score:5, Funny)
Re:Texan way..... (Score:5, Funny)
The only people who see Sony as the victim... (Score:4, Insightful)
Europe has traditionally taken a very strong stance against corporations who abuse their power. While I suspect you may be trying to incite Republicans with your anti-European sentiment, the fact of the matter remains that Europe has the guts to stand up to corporations who want no-good.
They're the only ones who had the balls to truly take on Microsoft, for instance. They also had the guts to say "No!" to the manufactured war in Iraq.
Re:The only people who see Sony as the victim... (Score:4, Insightful)
Your world view is entirely moronic. One or two businessmen in one or two countries may have felt that way, but not "Europe opposed because...". We don't have the fascist government/corporation linking that rules US politics; our leaders aren't tied to these businessmen. Most of us opposed it because it was based on lies and done entirely for profit. Go check my posting history on any political topic if you don't believe me. We said it was wrong, a bad idea and we were 100% right. Your (and my) children will pay the price when the second generation of Iraqi orphans fly planes into our buildings in retaliation for the horror yours and my (UK) country have inflicted on them. We've already had our first homeland islamic terrorism ever as a direct result of this. And we are doing this to make the world "safer"? You actually buy that?
Speaking of which, 9/11 was the US's only taste of conflict on your homeland. How did it feel? Did you like it? That was just a taster of WAR, something you guys cannot seem to grasp. War is like 9/11 everyday, for a few years. That feeling of fear, never knowing what's next? Oh yes, that's war. Europe on the other hand KNOWS war; we've seen enough of it. I just have to look out of my lounge window to see the impact of WW2; new out-of-place buildings, bunkers etc, they are all there. Europe opposed the war because we know what war is. The US seems to think it's all a movie or a video game, something you can just change the channel on when you are bored.
And the main reason they're against corporations raping the people is because they think that's the job of the government.
Right....
So, um... (Score:5, Funny)
Re:So, um... (Score:5, Funny)
First Prime Factorization Post (Score:5, Funny)
Re:First Prime Factorization Post (Score:4, Funny)
Good thing Texas hasn't been teaching "intelligent math" (the theory that big numbers are too BIG to ever come from little numbers) else they'd never figure out how much sony's penalities will be.
Re:First Prime Factorization Post (Score:3, Interesting)
Scotch Tape (Score:5, Interesting)
from the link:
Can anyone verify this on their own disks?
Re:Scotch Tape (Score:5, Informative)
Using a bit of tap to do it is just grandstanding.
Re:Scotch Tape (Score:5, Informative)
Congratulations, you just violated the DMCA.
Re:Scotch Tape (Score:3, Insightful)
Whoever thought that running unverified code from a cd automatically without warning the user was a good idea should be shot.
Re:Scotch Tape (Score:5, Insightful)
Re:Scotch Tape (Score:5, Insightful)
Tons of people got suckered into installing this because they trusted Sony. The CD won't play without Sony's player installed, so most people would have browsed into the CD and found an installer if they had autorun disabled. In a trusted computing world, Sony would have had a valid signature, so their software would have been "trusted" by the OS, so it would install just fine. If it prompted users for their Administrator password, most people would supply it, because it's generally needed to install software. Mark Russinovich even fell prey to this, although he was smart enough to figure out that he had been rooted, and how. The issue certainly isn't about users being too dumb, because Mark is not dumb, it's about companies taking advantage of the implicit trust that comes with their being viewed as a "legitimate" company.
The trust issue goes much, much deeper, as Bruce Schneier points out on his blog. Where were the anti-virus companies during all of this? Where was Microsoft during all of this? It has the appearance that they were all colluding with Sony. A question that should be asked of each of those companies is "were they in on it, or were they just incompetent?" Either way, it's not encouraging.
george dubya? (Score:4, Funny)
Re:george dubya? (Score:3, Funny)
Do you have any idea how much trouble the designers went through to make sure people couldn't fall off a Segway?
I'm less worried about what would happen if he got on the band wagon than what would happen if he tried to get off.
Re:george dubya? (Score:4, Informative)
In other news (Score:5, Informative)
That takes balls.... (Score:5, Funny)
Unfortunately, his opponent in the next election can back the Brinks truck up to Sony HQ at his convenience.
Attorney General's Press Release (Score:5, Informative)
http://www.oag.state.tx.us/oagNews/release.php?id
They even have an online complaint form. Be the first on your block to get in on the lawsuit!
Civil? Where are the criminal penalties? (Score:5, Insightful)
Of course, the correct answer is both.
Call me naive, but I'm just not seeing action on the criminal side of things. Whatever happened to "equal protection under the law" principal where I would face jail time if I did this, even if I did it through my own 1-man consulting corporation?
Summary: (Score:5, Funny)
Texas Lawyers: "Pardner, yer full o' bull puckey."
Sony BMG: "Can't you sue any better than that?"
Consumers: Yeah, you can all go screw yourselves. Give us some cash.
It's nice to hear... (Score:5, Insightful)
It's a good feeling when it doesn't even take a month for a major state's state government to sue over a consumer issue that has so many people I know riled up. No, it's not just us getting ourselves worked up, it really was that slimy and abusive a thing for Sony to have done.
Let the floodgates open! (Score:5, Insightful)
[*] Technically it's not "great news", it's simply the just application of the law. But when a mega-corporation such as Sony is the spyware distributer, it doesn't take a cynic to fear that justice come second to capital, as was the case for a certain monopolist...
Link to the lawsuit & the official press relea (Score:5, Informative)
(cough [slashdot.org]
The EFF Suit (Score:4, Informative)
If you have been damaged in any way, shape or form, it's time to call their bluff!
Re:The EFF Suit (Score:5, Interesting)
Which is irrelevant. If I were to get my rootkit installed on Sony's machines, even if I didn't do any damage, I can't imagine they wouldn't go after me like Star Jones after the last Snackwell.
The Sony executives responsible for releasing this thing into the wild should get the exact same punishment any other criminal would get for distributing millions of copies of a trojan into the wild. Maybe if that were to happen (dream on!) - maybe if a few corporate execs were put in Federal Pound Me In The Ass Prison, forbidden from using a phone or a computer - treated like the criminals they are - people would rethink this crap...
Nah. They have money. Money > Justice.
Re:The EFF Suit (Score:4, Informative)
But you are right. The odds of you going to jail are inversely proportional to your wealth and directly proportional to the blackness of your skin, so they won't be getting any jail time, let alone maximum security or forced labor.
Word is Spreading (Score:5, Interesting)
Well today I felt a bit better about the situation. First my wife asked me about it which surprised me. She hasn't shown much interest in stuff like this in the past. And then a little later on when I went over to Stars and Stripes to read todays news they had a story [estripes.com] about the rootkit and that they are pulling them out of the BX/PX's.
The more word of this gets out the more DRM will come to light. Eventually most people will know how bad DRM is and maybe, just maybe Sony and the rest will start to feel some pressure to stop trying to push it on us.
Re:Word is Spreading (Score:5, Informative)
"Sony intentionally infected that CD with DRM. It is infected with DRM. It will take over your computer." I just told this to a friend of mine who is a huge fan of Imogen Heap and was about to buy her recent US release of Speak for Yourself through Sony.
Sony infected this CD with DRM for the Mac, and maybe Windows, too.
My friend has spoken with Immi before and is writing her to tell her why, although he supports her and goes to her shows when possible (the hotel/cafe tour for example), he will not be buying the album.
He will not be buying it because It is INFECTED with DRM.
Whomever came up with this brilliant strategy, please feel free to take credit in a reply here. I can't find the original comment.
Re:Word is Spreading (Score:3, Insightful)
It's possible your co-workers were losing interest because you were pushing an agenda rather than explaining facts.
Sony did the wrong thing here by installing a root-kit on their customers PC's, not by using DRM.
Re:Word is Spreading (Score:4, Informative)
This isn't EXACTLY a virus, but it's VERY close, so call it that.
You're not enough of a salesperson. You're trying to be exact and precise about what you say--instead, give them a term they understand that is close to reality.
"Sony distributed a virus on their CD's in an attempt to break your CD drive so that it cannot copy their CD's. In addition, it opens your computer up so that it can get many other viruses, and it has the ability to report your usage back to Sony at any time."
That'll sell, and it's true.
Holy shit! - Do the math (Score:5, Funny)
Re:Holy shit! - Do the math (Score:5, Insightful)
Re:Holy shit! - Do the math (Score:5, Funny)
Re:Holy shit! - Do the math (Score:5, Funny)
(Oblig: pinky to mouth...)
Re:Holy shit! - Do the math (Score:5, Interesting)
Someone at Arstechnica pointed out that 'per incidence' meant the creation of the master CD, so however many different master CDs had been created with it installed would be the liability number. I think it 16 or so CDs. So 1.6 million.
Canada should sue too (Score:5, Interesting)
Re:Canada should sue too (Score:5, Funny)
Or, this being Canada, a stern talking-to.
Re:Canada should sue too (Score:3, Funny)
Everyday I learn something new about r00tkits... (Score:5, Informative)
So basically, the rootkit would install itself on your PC even if you clicked NO on the popup that appears after inserting the disk? Wow... Now re-read this (different article, posted on Slashdot earlier):
"Most people, I think, don't even know what a rootkit is, so why should they care about it?" the head of Sony BMG's global digital business, Thomas Hesse, told National Public Radio.
I don't know... So they are counting on tricking gullible PC users into installing something which will ultimately harm their PC, which is heinous in itself, but somewhat legally "murky" enough for them to get away with it. But when your answer to the EULA actually has no effect whatsoever on whether the r00tkit is installed or not, that is beyond words. It shows how much these corporations disrespect their customers. We are sheep. With cash they gave us for working for them... and they want it back.
Re:Everyday I learn something new about r00tkits.. (Score:5, Informative)
No, this sentence refers to SunnComm MediaMax, not First4Internet XCP. MediaMax doesn't use a rootkit, but installs even if you reject the EULA, phones home when you play a CD, does not include a functioning uninstaller--but if you jump through a bunch of hoops, SunnComm will give you an ActiveX uninstaller that opens a huge security hole on your computer, kind of like XCP's.
Sony recalled XCP CDs but didn't say a word about MediaMax. The EFF is pressuring them to recall those CDs as well, which have been on the market for two years and number at least ten times as many as XCP.
Re:Everyday I learn something new about r00tkits.. (Score:4, Funny)
Since he doesn't know what they do, he shouldn't really care about it, right?
Companies disallow CD playing on computers? (Score:5, Interesting)
Sony Employee Yule Gift? (Score:5, Funny)
I heard Sony management got a great deal on this book: Rootkits : Subverting the Windows Kernel [amazon.com].
That recommendation is just... the glazing on the pig
Sweet. (Score:5, Funny)
Why no criminal charges? (Score:5, Insightful)
I will never, never ever buy another product that says SONY on it again.
Re:Why no criminal charges? (Score:4, Insightful)
Because Sony isn't a person. You can't throw Sony in jail for 3 to 5. What you can do is fine the hell out of them, which is basically what this lawsuit is.
You could try and go after Sony's exectuives for signing off on this, but that's gonna be very hard to do. Especially since they will set up some mid-level fall guy as the one who made the decision instead of the senior execs who actually made the decision.
It's vastly easier to prove Sony as a company did this, instead of proving that specific individuals at Sony did this.
Re:Why no criminal charges? (Score:3, Insightful)
If the copyright-holder(s) of LAME and whatever other product they stole from actually files charges, then they are in really deep sh*t. Bringing a civil suit against Sony for copyright infridgement (and - as it seems to be industry standard - as
Re:Why no criminal charges? (Score:5, Insightful)
(although since they contracted out the creation of the program, they arguably didn't steal code from LAME but rather encouraged another company to do so. That's really for a lawyer or ten and a judge to decipher...)
Re:Why no criminal charges? (Score:4, Informative)
NPR Covered the story which pleased me. They started it off like this:
"Today's vocabulary word is 2 words: ROOT KIT"
A decent 5 minute segment on it.
Re:Why no criminal charges? (Score:3, Insightful)
Last Post? (Score:3, Funny)
The charges (Score:5, Informative)
- Using random or deceptive filenames to make it difficult for the consumer to find and uninstall the program, in violation of CPACSA 48.053(5).
- Inducing the consumer to install software by falsely claiming that it is necessary to play the media, in violation of CPACSA 48.055(1).
Seems pretty weak, but I imagine they'll tack on additional charges once they've had the chance to do some discovery.Sony's lawyers are under-qualified and over-paid! (Score:4, Insightful)
Just Say NO to This Crap (Score:5, Informative)
After refreshing his memory, and in turn having the family involved talk among themselves for a while, it turned out that some Sony BMG [sonybmg.com] discs HAD been played in that machine, and some of the remaining questionable files had Sony all over them even though the family didn't own a Sony [sonybmg.com] camera, Sony music player or any other Sony device that they could think of. Finally someone remembered that the little girl in the family HAD played, or ripped, or SOMETHING some music CDs in the machine and off they rushed to find them. In the mean time I was looking for the list [sonybmg.com] of Sony BMG [sonybmg.com] discs affected, originally numbered 20 and widely circulated at that count, but subsequently updated to 50, and listed [sonybmg.com] on a Sony website. I found the list of 50 at about the same time that they found their played/ripped/inserted/whatever CDs and sure enough, several of them had the Sony BMG [sonybmg.com] label on them. Now the catch was that (a) none of the CDs they had found were on the list [sonybmg.com] and (b) none of the CDs they had found had the warning that they contained copyright protection software, and my understanding was that the affected discs did contain such a warning.
Well, by getting rid of the Sony BMG [sonybmg.com] stuff they seemed to be back to a clean machine, and they swore to never insert a music CD into their machine again or to buy a CD from Sony [sonybmg.com]. So, congratulations should go out to Sony BMG [sonybmg.com] and First4Internet [first4internet.com] for accomplishing their objectives. Now to round out the picture:
(1) I suspect that Sony BMG [sonybmg.com], Sony [sonybmg.com] alone, and BMG [sonybmg.com] alone have in the past used other protection schemes and while they haven't been vocal about it, other companies are doing the same experimentation. All of these programs have their own ways and means of hiding themselves and controlling what YOU do with YOUR PC. But NONE of them have exhaustively looked into the legal, much less technical ramifications of what they do. They think that by merely relying on third party companies like First4Internet [first4internet.com] they can claim ignorance of the consequences.
(2) Rumor has it that by the time you are asked for your permission to install software when you insert these disks SOME software has already been installed.
(3) Sony/BMG [sonybmg.com] isn't the only company doing this, they are just the only company that has been caught.
(4) These discs have been out for a year, and some people say two years, or maybe more.
(5) There is no quick and easy way to uninstall these programs, either from Sony BMG [sonybmg.com] or the s
The Proper Punishment (Score:5, Insightful)
In related news... (Score:5, Funny)
This is crap.. (Score:5, Insightful)
Look, Texas has hick parts. There's strong concentrations of them in East Texas around the Louisiana border and also in West Texas starting from Abilene west and north. But, it is unfair to characterize this entire state as being uncultured cowboy gun slingers, nor is it fair to generalize people who live in the more rural parts as hicks. This state is as cultured as any others, and when it comes to the South, we stand far and above. We have the largest and one of the most prestigious university systems in the world, we represent one of the most diverse cultural melting pots in the country, we have probably the best music and independent film communities outside of New York and LA, and the list goes on.
What disturbs me most is that not one person from Texas wants to dispute any of that bullshit the rest of these comments are flinging about. And it's not that there aren't Texan
As far as the AG sueing Sony, hats off to him. It's not exactly a secret that this state is pretty damn laissez-faire. That was a damn impressive move.
Also, by the way, you know that Texan accent that you have been using mentally to read this post? Stop that... now.
Re:Wow, that's gonna be a nice check.. (Score:4, Insightful)
Re:Wow, that's gonna be a nice check.. (Score:5, Insightful)
But the State of Texas (you know, the State Attorney General, in representation of the State of Texas and its citizens) is suing Sony. If the lawsuit is won, than the money goes into the coffers of the state of Texas, which will result in an increase in public works, which *does* benefit us.
Sometimes
And it should be noted (Score:4, Informative)
Re:Wow, that's gonna be a nice check.. (Score:4, Insightful)
*except, of course, for the inherent stupidity in building roads instead of rails, when we really need to be transitioning towards electric-powered transportation
Re:Wow, that's gonna be a nice check.. (Score:5, Interesting)
They're prosecutors.
When the NY Attorney General's office nailed Song BMG for "payola" the settelement included a $10 million grant to the Rockefeller Philanthropy Advisors to New York State, a non profit, to promote music education.
The EFF has also filled a rootkit suit against Sony BMG in LA. I guess you can decide for yourself whether these guys are just after a big paycheck.
KFG
Insightful? Really? (Score:3, Informative)
From http://www.oag.state.tx.us/ [state.tx.us]
Re:Wow, that's gonna be a nice check.. (Score:3, Insightful)
Loose change? They should be so lucky. They'll probably just get lots of unwanted CDs [cdfreaks.com] again. Only these will be more unwanted than ever before.
Re:Wow, that's gonna be a nice check.. (Score:5, Funny)
And the ironic part would be... (Score:5, Informative)
But then, this IS Slashdot, afterall...
Re:Way to go (Score:5, Interesting)
Re:Way to go (Score:5, Insightful)
Re:Way to go (Score:3, Informative)
In fact the upper limit (assuming conservativly only 1 infected PC per CD) is:
2,000,000,000,000 or 2 trillion dollars. Of course what percent are provably installed in Texas? is it Five percent? even if it's two percent that's $50,000,000,000 or 50 Billion dollars.
Lets take a conservative estimate.
I
Re:Way to go (Score:3, Insightful)
I have two hunches that would put the number well below that:
1) Most people aren't going to play it on their computer, and
2) There are going to be more instances of one computer having multiple CDs played on it than instances of one CD infecting multiple computers. In the case of multiple CDs on one computer, almost certainly that would only count as one violation.
I'd put the number probably at 1/10 of an infected PC per CD.
Though t
Re:Way to go (better math this time) (Score:4, Interesting)
24 Million times 1000000 is 2.4 Trillion not 2 Trillion.
But that is irrelevant because I did more/better research and the lower bound is 568,000 CDs (based on Dan Kaminsky's network DNS cache analysis) http://www.doxpara.com/?q=sony [doxpara.com]
A good conservitive higher bound is 2.1 Million sold (based on Sony's statements)http://www.nytimes.com/2005/11/14/busi
The revised maximum fine numbers would then be $3,362,560,000 to $14,208,000,000.
So its just $3 to $14 Trillion in potential fines.
Sony has total corporate value (Market Cap) of $36,358,000,000. http://money.cnn.com/quote/quote.html?shownav=tru
My guess is that having a fine of (approx) 40% of your net worth hanging over your head is not gonna be good. Of course this is just Texas we're talking about here, 49 more states to go (and many many countries).
Re:Way to go (Score:5, Insightful)
The proof is in the computers themselves, not in anything on paper. The number of infractions will likely be estimated. I'm not familiar with the details of the rootkit--does it phone home? If it does phone home then they can subpoena the "phone home records" and determine which connections originated from Texas.