Sony Sues Rootkit Maker

flyboy974 writes "Sony BMG Music Entertainment is suing the company that developed anti-piracy software for its CDs, claiming the technology was defective and cost the record company millions of dollars to settle consumer complaints and government investigations. The software in question is the MediaMax CD protection system, widely derided as a rootkit. Sony BMG is seeking to recover some $12 million in damages from the Phoenix-based technology company, according to court papers filed July 3."

Defective by Design

[Synchis]

Yet another great example of a Product with DRM being Defective by Design! Join the movement: Defective By Design [defectivebydesign.org]

Re:I bet they knew but didn't understand

[that IT girl]

That's the first thing that came to my mind--it's ridiculous for Sony to claim that they had no idea what it was going to do or that they actually thought nobody would care. Remember what Sony president Tony Hesse said about it back in late 2005?

http://www.betanews.com/article/Sony_President_Roo tkit_of_No_Concern/1131475197 [betanews.com]

Suuuuuure, Tony. That kind of flip attitude about it will not be exactly convincing.

Re:I bet they knew but didn't understand

[trudyscousin]

Though I like your link, I like this one [rinkworks.com] more, just because Hesse's infamous remark is now enshrined in a fitting place (bottom of page).

Re:Responsibility

[LintMan]

Sony is more than the distributor here. They are not Walmart selling the rootkit DRM to customers. Sony *contracted* those guys to create the DRM to their specifications, which almost certainly included requirements along the lines of "prevent users from disabling or removing the DRM or working around it". Surest solution: rootkit. It was probably pitched to Sony as "security features being embedded in the Windows kernel to prevent user tampering".

And I sincerely doubt, based on Sony's comments at the time, that Sony would have cared at that point if they had been told it was a "rootkit" and some users would be offended. I'm guessing that if there wasn't also the exploitable hole that made it a real security breach and made the story explode, the story would have blown over and Sony might still be using the crap.

So Sony might not be suing because it's rootkit software, but because it's a rootkit that leaves Sony open to being sued by anyone that got hacked. IOW, not that it's sleazy software, but that it's poorly made sleazy software. Yeah, Sony, that'll really be a PR boost for you.

Re:$12,000,000 is peanuts.

[Anonymous Coward]

The company behind the rootkit used to be based just up the road from me in Banbury uk. Before the company website was taken down there were some nice BIO's of the directors. Would you know it they were all Sony Directors as well.

This whole thing stinks big time

Re:Sony BMG does nothing to hurt their reputation

[Anonymous Coward]

As much as I hate DRM, they are legaly allowed to DRM their media. Macrovision Starforce protection for PC games have the exact same rootkits but they callit "authenticity check service" or something.

The rootkit fiasco came from the security breach allied with the inability to remove the program from the system. If they bought the product to protect their CDs from being copied, hijacking the user PCs and exposing it to virus was an "unrequested feature"(in microsoft lingo).

But yeah, I hope Sony loses and learn DRM is evil.

Oh, they saw it all right

[Anonymous Coward]

I know nothing of the DRM sales pitch made to Sony, but if I was making the sale, it would go like this:

When you are selling a product with a significant technical "issues", the standard practice is to use a technique I call "sell high". With this method, the salesperson seeks out the highest level "decision makers" they can find -- making an effort to go over the head of anyone with a technical background. The sales team typically consists of an MBA-type male who comes across as a golfing buddy to the decision making group. The other person is usually an attractive woman who demonstrates the product in such a way that the suits are watching her instead of thinking. The sales pitch is based entirely on things the suits understand -- the problem, the need for a solution, the cost, and perceived benefits. Dirty little details like technical issues are left for the "little people" to figure out later. It's not all that hard to get a roomful of MBAs to cheerleading the "project". Even better if the whole thing is instigated by a CEO or senior manager who has issued some kind of directive to "do something" about piracy. The ultimate weapon of such a sales force is the golf trip. By the time the group reaches the 19th hole, it's a done deal.

At my old company, we had a level of management that made decisions and commitments without consideration of technical matters. We referred to them as "the golfers". The products and projects we got stuck with were referred to as "golfware".

My guess is that by the time anyone at Sony with a technical background was involved, they complained. But it was too late to convince the MBA cheerleaders that the technology they just bought was worse than worthless.

Works for me

[phorm]

I really doubt it will help Sony's PR any to do this. Those that actually know about the rootkits will know that Sony is at fault. Those that don't will remain clueless. A rootkit maker will either be sued out of existence or tied up in court. Finally, it will probably make many think twice about doing business with Sony in the future, since nobody wants to end up as their new scapegoat.

Sounds like a good plan to me, take careful aim at that foot, Sony!

Re:I'm confused

[riceboy50]

I do not want to buy a song from iTunes for a buck that I already have on disk, just to listen to it on my iPod, or better yet, I don't have an iPod, so iTunes is useless to me

I am tired of this argument. It is just plain incorrect.

1. You do not have to buy music from the iTunes store in order to listen to it on your iPod. If you rip the music into iTunes from your CD, it will be in the AAC/MP4 standard sans DRM.
2. iTunes does not require an iPod or the iTunes store in order to be a useful application. It is just a media jukebox that can rip and burn CDs. However, it can also purchase music from the iTunes store and copy files onto an iPod.

When are people going to stop deriding iTunes and the iPod on these grounds?

Chain of Commerce

[Kozar_The_Malignant]

>I hope SunnComm (now called The Amergence Group), as despicable as its own efforts were, totally owns Sony BMG.

In dealing with product liability claims, which this is, you have the right, generally, to go after anyone in the chain of commerce you want. If they think someone else is at fault, they can cross-complain. This provision is good consumer protection.

For example, let's say you bought one of the famous inferno model Mr. Coffee makers at Sears. You take it home, take it out of the box, plug it in, make coffee, and go off to the movies. The Mr. Coffee malfunctions and burns up your kitchen and maybe the rest of your house. You can make a claim for damages against Sears, where you bought it. Their defense is that they "bought it in a box and sold it in a box," made no modifications, and so have no liability. It is up to them, however, to tender the claim to Mr. Coffee. They aren't off the hook until Mr. Coffee steps in.

This can be really important if you are dealing with an overseas manufacturer. You go to Sears and buy an electronic device manufactured by a South Korean company using parts from Malaysia, Taiwan, and Bangladesh. One of those parts malfs and burns down your house. Who do you want to go after? You go to Sears and make it their problem.

In the case of Sony, the same rules apply. Now whether they knew or should have known that the product was defective is a matter for the courts to decide, but the basic rules still apply.