×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Rootkit Settlement Gets Judge's Approval

Zonk posted more than 7 years ago | from the yay-free-music dept.

187

Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

187 comments

Wow! A replacement CD! (4, Interesting)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15386737)

Imagine if after reading about the original rootkit & associated vulnerabilities, you check your DNS records & see that indeed, one or more PCs you're responsible for are infected. You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

At the end of all your time, you still can't claim the replacement CD + download + patch, (let alone compensation for your lost time) because you didn't buy the offending CD (it was a temp receptionist).

I really want to see someone go after Sony for a real settlement. For that matter, I'd like to see a government go after Sony. Corporations have the same rights as individuals, how about we give them the same responsibilities as well. I think a four or five years of community service for the entire company (say 20 hours a week), would be about what's deserved for a widespread crack attempt like this.

Re:Wow! A replacement CD! (4, Insightful)

TheSpoom (715771) | more than 7 years ago | (#15386769)

Yeah.

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

</sarcasm>

Re:Wow! A replacement CD! (1, Insightful)

Anonymous Coward | more than 7 years ago | (#15386795)

He said "entire company," not "all employers" - in other words, everyone who owns Sony stock, either directly or indirectly via a mutual fund. If you're making money from Sony, you should be made to pay for Sony's actions.

Re:Wow! A replacement CD! (2, Interesting)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15386821)

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

You know, if I worked as a filing clerk, and got to do 20 hours / week cleaning the local church or helping old people or something whilst getting paid for and not doing my normal work I wouldn't consider it punishment.

But, what I meant was Sony as a company, doing the equivilant of 20 hours community service per week per employee for four-five years. They could pay others to do it, pay their employees to do it or whatever.

Re:Wow! A replacement CD! (1)

morie (227571) | more than 7 years ago | (#15386882)


Maybe they can hire someone who has to do community service anyway. Then they don't have to do it twice.

Efficiency is God. I think I'll be a management consultant. Maybe Dogbert has a vacancy. I'll go and buy a slab of liver.

Re:Wow! A replacement CD! (3, Insightful)

Lave (958216) | more than 7 years ago | (#15386776)

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case.

At least this will put record companies off this kind of behaviour.

Re:Wow! A replacement CD! (5, Insightful)

TheJediGeek (903350) | more than 7 years ago | (#15386913)

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case. At least this will put record companies off this kind of behaviour.

I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

A replacement CD, and a few DRM's music files doesn't exactly make up for the huge amounts of time it has taken and will take to fix their damage.
I know of a few computers just in my family that had this rootkit on it. My youngest brother is in college and the school provides a laptop to every student that the school maintains through an IT dept. They had to reimage his system when things got screwed up. My dad has a couple computers at work that got this thing. He had to reload everything on one and IT had to reload the other one. That was just from one CD that had been played on those computers.

There are countless people that have had to spend many many hours fixing what Sony did. What they did was illegal and very damaging. All they have to do is replace some CDs.

Re:Wow! A replacement CD! (3, Insightful)

lgw (121541) | more than 7 years ago | (#15387166)

It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

If this were the only action taken, sure. Fortunately, however, the *really* scary thing for Sony happened very early on: the DHS said they're choosing not to enforce the law on this basically because it was the first time any company had made this mistake, so they'll give the company the benefit of the doubt that it wasn't a deliberate attack. This one time.

Sony broke federal law (section 1030) many thousands of times, and the Feds noticed. Installing a rootkit on a computer owned by the government (one not for public use) is a crime even if you never use that rootikit for anything, and Sony was using it for profit. The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

This court settlement was nothing; the threat that Sony would no longer have a US division was everyhting.

established precedent (1)

Tired_Blood (582679) | more than 7 years ago | (#15387306)

Lave (958216) writes: I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable.

Whiney Mac Fanboy (963289) writes: You spend hundreds of hours following it up, removing the PCs from the network, checking to see there were no secondary malware infections, etc, etc, etc.

A blackhat would have been prosecuted for causing over $1 million worth of damage, easily. Such damage costs are mostly attributed to labor and downtime, so that's probably a fair claim.

Comparing to the extent of this fiasco, jail time for the admitted blackhat would be certain.

My question: Who approved of this project and authorized the release of this malware?

Re:Wow! A replacement CD! (2, Insightful)

gfxguy (98788) | more than 7 years ago | (#15386816)

Why don't you blame the temp receptionist for using her company computer for personal use?

Re:Wow! A replacement CD! (5, Insightful)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15386893)

Why don't you blame the temp receptionist for using her company computer for personal use?

Let me rephrase your question.

Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.

Re:Wow! A replacement CD! (1)

jacksonj04 (800021) | more than 7 years ago | (#15387012)

Technically it wasn't a real Digital Music CD.

Re:Wow! A replacement CD! (3, Insightful)

Steve001 (955086) | more than 7 years ago | (#15387681)

jacksonj04 wrote:

Technically it wasn't a real Digital Music CD.

For me, this has become the saddest thing about the whole situation. I used to have confidence that a music CD was safe to use on all devices that could play standard CDs, whether it was a stand-alone player, a portable, or a computer. Due to this, I could walk into any CD store and, on impulse, by a CD without concern.

Since finding out about the problem with copy protection, I have stopped purchasing new music CDs. Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?" My reaction to the question has been to put the CD back on the rack and leave it there because I'm not confident that I can answer 'Yes' to the question. I have already passed on buying at least five recent discs because of this.

It is sad, but I may just have to settle for the music I already have since I don't want to purchase music in a compressed format. Due to this, I guess I will have to do research on any disc I wish to purchase to ensure that it is safe before I can buy it.

On impulse purchases of CDs, to quote Eric Carmen from "All By Myself:" Those days are gone.

Re:Wow! A replacement CD! (1)

gfxguy (98788) | more than 7 years ago | (#15387206)

I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.

Re:Wow! A replacement CD! (1)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15387276)

I agree it seems innocuous, but she's using company equipment to do it. If she was listening to her own radio or discman or something, there'd be nothing to discuss and there wouldn't have been a problem.

I'm still not clear on what you're saying - do you think I should blame the secretary in my hypothetical scenario rather then sony?

Re:Wow! A replacement CD! (1)

'nother poster (700681) | more than 7 years ago | (#15387378)

I believe he is saying that the fact that a company had to expend time and effort to clean a machine was because an employee used company property for a non-company function, so that employee should be blamed, not Sony. Regardless of whether the employee was misappropriating/misusing company property or not, the rootkit is Sonys fault.

Where I work the handbook specificaly says that I can listen to music CDs on my workstations PC as long as I use headphones and the CD is an original. Under no circumstances is any non-authorized media player software to be installed. This is to keep the company out of licensing/copyright issues apparently.

Re:Wow! A replacement CD! (1)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15387478)

I believe he is saying that the fact that a company had to expend time and effort to clean a machine was because an employee used company property for a non-company function, so that employee should be blamed, not Sony.

I don't know a single workplace that bans the playing of music cds (and I've worked in plenty).

Where I work the handbook specificaly says that I can listen to music CDs on my workstations PC as long as I use headphones and the CD is an original.

So, presumably (if you have windows admin access), if you played a sony CD, it would install the rootkit.

Would you deserve the blame?

Honestly, if a company made exploding teabags, and my company got blown up after the recpetionist made a cup of tea using a tea bag from home, gfxguy would come along saying 'if the receptionist hadn't bought tea from home and made it using company resources, this would never have happened'.

Its a stupid, victim blaming argument to follow.

Re:Wow! A replacement CD! (1)

IngramJames (205147) | more than 7 years ago | (#15387630)

I agree it seems innocuous, but she's using company equipment to do it.

If the company has a rule in place to prevent staff from using their CD players to play music, then she's done wrong. If that policy is in place specificaly to prevent rootkit and viral infections, and the staff are aware of this, then she can be blamed for the infection.

If it's just a "you can't listen to music" then she's not to blame for the rootkit, but would be subject to disciplinary action for breaking the "no music" rule. Which I doubt would be a major violation of policy.

If the company (as many, many do - mine included) allow their staff to listen to music (not thinking that listening to legally purchased music was likely to lead to having to reformat PCs), then the secretary is in no way to blame, not having done anything wrong to her (or her company's) knowledge at the time of the infection.

Re:Wow! A replacement CD! (1)

'nother poster (700681) | more than 7 years ago | (#15386941)

Well, maybe the company doesn't have any rules against playing music at your workstation for personal enjoyment. Some places aren't quite as backward and draconian as you seem to be, and probably expect music CDs to simply, oh I don't know, play music?.

Re:Wow! A replacement CD! (0)

Anonymous Coward | more than 7 years ago | (#15387460)

What kind of bullshit company do you work for that does not let you listen to music on "their" equipment? Any place that I spend the majority of my day had better concede even that little to me if they expect to get good work. Why should it be that companies can demand so much and yet give so very little?

I have NEVER worked for a company that would even think of doing that. Employee morale would plummet for the price of allowing someone to us a CD drive.

OMFG. WTF.

Re:Wow! A replacement CD! (1)

Nikker (749551) | more than 7 years ago | (#15387493)

Why not blame the receptionist for wasted hours of work? One could argue the temp's intentions were to kill a bit of time or tap their foot while sorting files, likely did not know about malicious software being installed. The company that sold the cd (Sony) did know about the software its intension. Why not blame/charge the temp for possibly violating company policies and Sony for cleaning the computer? Many companies and IT wouldn't really consider playing a CD a mass grievance as most audio cd's are playable at the hardware level and take up minimal system resources. The idea of using the little guy as a scape goat doesn't appeal to me personally, YMMV and each party if is going to be put on the rack then they should be responsible for their contribution.

Then again if I sent you a WMF while the sploit was around and you viewed it in your web browser what part of the situation should you be accountable for?

What a Lumbergh (0, Flamebait)

spun (1352) | more than 7 years ago | (#15387511)

Oh suck it, ya fascist. Unless company policy specifically forbids listening to music at work, this shouldn't be an issue. I sincerely hope you don't have authority over anyone you work with, you sound like a perfect Lumbergh. I've got your TPS report right here, buddy, just bend over a little and you can see it...

Re:Wow! A replacement CD! (1)

rts008 (812749) | more than 7 years ago | (#15387849)

Wow, you must be in PHB training!
Crawl back under your rock, PHB's are not valued much here. ;)

Re:Wow! A replacement CD! (2, Interesting)

Mateo_LeFou (859634) | more than 7 years ago | (#15386845)

"...a government go after Sony"

TFA: "Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general."

I've been trying to get Greg Abbott (TX's AG) to go after the antivirus companies, refuse to settle, and various other things that might keep this from getting swept under the rug. This was a devious and dangerous product that was released, not a minor technical flaw in a few CDs.

That's why I take Major issue (below) with the phrase "flawed digital rights management (DRM) software". It is as though someone sold microwave ovens that secretly (by design) emitted chloroform and put you to sleep when someone at a remote location pushed a button, so they could come rob you. And it is as though someone figure this out, and the nice rich guys came to a settlement with the other nice rich guys over "flawed microwave oven buttons"

Re:Wow! A replacement CD! (1)

johnfatz (868269) | more than 7 years ago | (#15386855)

Is it just me or are courts completely unable to fine companies proparly? If someone steals they get jail. If a big company does anything they are told to stop and go home because they are very naughty indeed!

Whoever came up with this scam should be jailed for what they did. They did the same thing what hackers do (i know its crackers - ya know what i mean!) and hackers get jail time so why not the person behind this? Oh wait.... their rich! - I forgot!

Re:Wow! A replacement CD! (0)

Anonymous Coward | more than 7 years ago | (#15386898)

Well hopefully this settlement will only be taken by people who weren't actually harmed by the rootkit (except for having to expend effort to remove the rootkit). Were there any actual attacks made through the rootkit? I'd like to see some big companies coming in and sueing for real damages. (Or even for the cost of having their tech guys clean every single PC in the building.)

Re:Fines (1)

mpapet (761907) | more than 7 years ago | (#15387777)

This kind of thing is most likely is a kind of "white collar" crime.

The worst case scenario for white collar crimes is your Martha Stewart incarceration with a felony conviction. You have to really screw many things up to get penalized like her though.

No one is ever going to jail over this one or anything like it because the corporation is the "individual" being prosecuted. Individuals within a corporation rarely get penalized. It's your average American "win-win."

Take them to small claims, it's absolutely worth the effort.

In America, the corporation owns you!

Re:Wow! A replacement CD! (4, Funny)

hotspotbloc (767418) | more than 7 years ago | (#15386883)

Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?

Re:Wow! A replacement CD! (0)

Anonymous Coward | more than 7 years ago | (#15387589)

Yeah, it's kinda like meeting a girl, having at best poor sex, catching VD and all she can do to say sorry is to offer you another round at bat. No thanks but how about paying my medical bill?

OK, leaving aside your fairly wild assumption that people who read slashdot get to meet women, let alone have sex*...

Your analogy fails to take into consideration that condoms should have been used in that situation. But that's the point, isn't it? Nobody thought that they'd have to take anti-rootkit precautions in order to listen to a music CD from Sony. One bought from a dodgy flee market from a shifty-looking bloke in a big coat who "only takes cash, mate", yes. But a major distributor?

So it's more like meeting a guy in a bar who has a reputation for being responsible (indeed, for some reason it's implied that he is a responsible chap, though that level of analogy escapes me right now), who takes you back to his place, buggers you senseless (which is why you went back there), but who refuses to use a condom and then refuses to pay for your STD treatment on the grounds that if you hadn't known about the risk, you would have been quite happy, even though he was fully aware that he was infecting you at the time.

*With somebody else

Re:Wow! A replacement CD! (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15386916)

"I think a four or five years of community service for the entire company (say 20 hours a week), would be about what's deserved for a widespread crack attempt like this."

Of course you don't, you're just whoring. What's new. Say something ridiculous that no one but an imbecile could actually believe, not because it's true or reasonable, but because you'll get your little points.

OOOH!! Someone finally likes you! (so you think, it's not true) They modded you up, so you're not a useless waste of life.

Except that's not true either. If it were you'd be doing instead of wasting time here talking. I can't wait for the lies you're going to try to pass off about how you are doing, despite the fact that you're here EVERY day all day long. That certainly leaves time for you to act on the suggestions you made...

I think running you over with a steamroller will cure AIDS. As soon as you endorse my plan, I'll pretend to be as stupid as you and endorse yours.

Re:Wow! A replacement CD! (0)

Anonymous Coward | more than 7 years ago | (#15386971)

hahahaha!

Looks like wmf has a fan! *tickles AC* Isn't s/he cute?

(and inspite of the fact that noone will read the response, the AC will just have to reply)

Re:Wow! A replacement CD! (0)

Anonymous Coward | more than 7 years ago | (#15387537)

"the AC will just have to reply"

Sure, but only to point out that

A) You're Whiney posting AC and that's fucking pathetic

B) I did this exact thing to you yesterday Whiney.

C) I take days off.

On top of the fact that you're a sad bag of crap posting AC and pretending not to, you're too stupid to even come up with your own gag.

God, it's gets more embarrassing for you every time you respond.

"inspite of the fact that noone (it's two words not one moron) will read the response"

I agree, Whiney, you are no one

Re:Wow! A replacement CD! (4, Informative)

tomhudson (43916) | more than 7 years ago | (#15386953)

Nothing is preventing you from filing a claim against them. From the court settlement notice:
http://www.sonybmgcdtechsettlement.com/Notice.htm [sonybmgcdt...lement.com]

EXCLUDE YOURSELF: Get no XCP exchange program, cash or free music download settlement benefits. This is the only option that allows you to ever be part of any other lawsuit against the Defendants about the legal claims being resolved in this case. See Question 13 below.

OBJECT: Write to the Court about why you don't like the settlement.

GO TO A HEARING: Ask to speak in Court about the fairness of the settlement.

DO NOTHING: Get no XCP exchange program, cash or free music download settlement benefits. Give up certain rights. You will retain the right to sue the Defendants for any consequential damage to your computer or network that may have resulted from interactions between XCP software or MediaMax software and other software or hardware installed on your computer or network.

NOTE: the "Do Nothing" option is also for anyone who didn't buy the CD, whose computer was damaged because someone else loaded the CD onto their machine, etc. (for example, a temp office worker decided to listen to the CD and infected a PC). Write Sony, state your claim (number of pcs affected, time lost) and that you are not part of the class settlement and would like to know what they're offering you to avoid court action.

Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

Re:Wow! A replacement CD! (1, Insightful)

Whiney Mac Fanboy (963289) | more than 7 years ago | (#15387096)

OK, my options for a lawsuit that will likely cost me far more in money, time & effort then I will recieve back are not limited. Great.

Do you think its OK that no government has gone after sony for distributing hundreds of thousands of rootkits, compromising hundred of thousands of computers?

Re:Wow! A replacement CD! (1)

bhtooefr (649901) | more than 7 years ago | (#15387133)

Small claims is cheap. If nothing else, go for the maximum that you can in small claims. ;)

Re:Wow! A replacement CD! (1)

Anonymous Coward | more than 7 years ago | (#15387672)

Absolutely.

Small claims is (in my limited experience) nearly always free. It takes 30 minutes to do the research and write a letter. Do a bit of googling about the particulars of your state (IANAL, but I suspect they may be a little different). Essentially it comes down to where you would file if you were to file and who you should address the letter to. If you have a legitimate claim (and in this case you certainly do) and you're not asking for an unreasonable amount, the company will often be willing to settle individually-- their lawyers do all the work, all you have to do is read and sign. The last thing Sony wants to do is fly their lawyers to every little small claims court throughout the nation to handle cases that cost less than a plane ticket and hotel room.

Re:Wow! A replacement CD! (0, Flamebait)

Traiklin (901982) | more than 7 years ago | (#15387009)

*Hands a government official a breifcase with $500,000 inside* I see we have come to an agreement for you to stop pressuring us.

gotta love buisness in the good ol US of A.

Re:Wow! A replacement CD! (1)

TheDawgLives (546565) | more than 7 years ago | (#15387021)

Well, that would be a seperate class action lawsuit. This lawsuit was brought by the people who purchased the CDs. A second lawsuit should be brought on behalf of people who were affected by the rootkit. The lawsuit should demand compensation for the time it took to remove the rootkit and also for the damage due to loss caused by the rootkit.

You'd give a temp secretary root access? (0)

Anonymous Coward | more than 7 years ago | (#15387159)

In order for that to have happened, you would have needed to allow the temp receptionist root access on a machine. If you did that, you deserved what you got! The rootkit installs a security hole, but it can't install at all without administrator access.

Actually, they're rather unrepentent (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15387184)

I work for a media company and recently met with the global "head" of SonyBMG's digial licensing group. I brought up the rootkit thing and asked how that was going to affect them going forward. He seemed suprised that I had even heard about the issue and basically said "I can't believe these people are making such a fuss over it. People are going to eventually get used to it." (not a verbatim quote, but that was the gist)

So I wouldn't consider this much of a "win" at all. Next time they'll just make damn sure they're more stealthy about it. I bet a vanishingly small number of people actually apply for their "relief" so this isn't likely to be a very expensive lesson.

Posting anonymously since I don't think they'd think twice about yanking our license...

How about a Replacement Computer?? (1)

AngryNick (891056) | more than 7 years ago | (#15387473)

Giving out unprotected CDs and free downloads implies that the error in Sony's ways was in their attempt at DRMing the CDs. So now you can rip your CD and make MP3 for all your friends...who cares?

It seems to me that the issue was their choice of HOW they enabled DRM. Installing a hidden rootkit that opened up millions of computers to hacks was the real damage they inflicted. How will a new CD secure these computers and remedy those affected in an appropriate way? It's like saying, "I'm sorry for smashing into your car. Please accept this tank of gas as compensation for my poor driving."

I guess it doesn't matter anyway...I'm no longer buying Sony products. They no longer exist to me.

Re:Wow! A replacement CD! (1)

wealthychef (584778) | more than 7 years ago | (#15387560)

The problem here is the same problem as in all corporate misdeeds. No one person or small group in the company is accountable. What might actually work is to say, look here, somebody authorized this illegal action. Who was it? Find that person and punish him or her. With jail and a felony rap, like any poor kid from the ghetto who "makes a mistake" and steals a car stereo. "Punishing" a corporation makes very little sense. It all gets abstracted into a spreadsheet and nobody has the fear of reprisal for their misdeeds. Nowadays, the "the buck stops here" has been perverted into "the buck rules here."

Re:Wow! A replacement CD! (1)

Da_Weasel (458921) | more than 7 years ago | (#15387603)

"The agreement covers anyone who bought, received or used CDs..."

It says it covers anyone who "received or used CDs" with the rootkit. That should cover you if your friend played a CD in your computer and infected it with the Sony Rootkit.

1st (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#15386754)

post

Opt-in website (4, Informative)

TheSpoom (715771) | more than 7 years ago | (#15386759)

Here's the claim filing website for the Sony BMG settlement [sonybmgcdt...lement.com], since I didn't see a link to it in the article.

The solutions given almost don't seem worth it, but I'll probably opt-in anyway just so that little bit of money gets drained from Sony so they don't do this again.

Re:Opt-in website (4, Insightful)

eln (21727) | more than 7 years ago | (#15387243)

What makes you think that giving you a replacement CD or allowing you to download music is going to cost them anything? Giving you a CD will only cost them the actual cost of stamping the CD, which is probably less than 10 cents. Allowing you to download a music file from them will cost them nothing.

Sony is getting away with basically paying nothing here. Sure, they'll put it on their books as having cost so many millions in lost revenue or whatever for tax purposes, but the actual cost is pretty much zero.

Flawed? (4, Insightful)

Mateo_LeFou (859634) | more than 7 years ago | (#15386775)

I believe the software did exactly what it was supposed to do. Shouldn't there be mention of a flawed *DRM *strategy being foisted upon consumers?

I believe it didn't (1)

Moraelin (679338) | more than 7 years ago | (#15387125)

Unless you mean that Sony actually wanted to:

1. stealthily put a general-purpose rootkit interface on your computer, that leaves it wide open for any script kiddie to hide their malware with,

2. utterly break your computer if you try to uninstall it, even after you no longer own the CD or are interested in listening to the music on it

3. have exploitable bugs in both the original rootkit and in the "solution" to the problem they created

then no, it didn't do exactly what it was supposed to do. Pushing DRM on the consumers is a worthy discussion in its own right, but this crap went beyond that.

If you just buy an iPod with Apple's "fair play" DRM on it, or a Creative Zen with MS's DRM on it, or when you download the latest Media Player or Real One, that's DRM-ed. When then discover it can limit what I do with my music... that's DRM. And it does just what it's supposed to do, and nothing more: it just applies those rights to the DRM'ed music you bought, if you load it on that device. Nothing more. And if you uninstall that player or sell that iPod, then that DRM goes with it.

But Sony's heavy-handed crap was more like breaking into your house when you're away, and bugging your VCR to be sure you don't play some copied tape. And in the process leaving your front door lock broken, making any thief's job easier. And, oh, if you un-bug your VCR, it'll weld your garrage door shut.

I do believe that that's no longer "just DRM", that's a whole new level of crap. In fact the kind of crap that should be outright considered criminal. DRM or no DRM, that doesn't give them a carte blanche to stealthily install a rootkit on someone's computer.

It's the kind of Wild West vigilante justice that's just not Sony's business to enforce in a republic ruled by the law. We're no longer in the days where you'd just get a posse and go kick the Joneses' door in to see if they're the ones who stole your branded cow. So Sony has no business doing the same to the Joneses' computer. Plain and simple.

Well, yeah. (1)

Mateo_LeFou (859634) | more than 7 years ago | (#15387281)

I'm 100% in agreement; see my other comments for clarification. My point is that mainstream press is talking about this like it's an inadvertent error/flaw that somehow got into the product. Like faulty wiring in a toaster. In fact, this "flaw" was a design decision, arising from the fact that the provider's interests are contrary to the customers' interests.

If... (5, Insightful)

Lord Kano (13027) | more than 7 years ago | (#15386797)

If a 15 year old script kiddie had done the kind of damage that Sony did with its rootkit, he'd be spending a couple of years in a "Federal PMITA prison" why does Sony get off this lightly?

Someone should be incarcerated over this.

LK

Re:If... (3, Funny)

pete6677 (681676) | more than 7 years ago | (#15386830)

Because the script kiddie was too stupid to form a corporation first. It worked for many other virus writers, like Kazaa and Gator.

Re:If... (2, Funny)

cdogbert (964753) | more than 7 years ago | (#15386869)

clout Pronunciation Key (klout)
n.

1. Influence; pull: "Women in dual-earner households are gaining in job status and earnings... giving them more clout at work and at home" (Sue Shellenbarger).
2. Power; muscle.

Re:If... (3, Insightful)

Rogue Eve (831308) | more than 7 years ago | (#15386902)

A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation. He was 18 but still did not receive jail time so I am not surprised that Sony got off so easily. White-collar crime just doesn't receive harsh punishment.

Re:If... (1)

pryonic (938155) | more than 7 years ago | (#15386961)

Tell that to the British Hacker [bbc.co.uk] who hacked into NASA looking for evidence of UFOs, and is now being extradited to the USA and may end up in Guantanamo Bay [bbc.co.uk] on terrorism charges.

From a technical point of view his methods sound rubbish, and I've seen him on tv- he's an idiot. But the US government is treating him like he's murdered 2000 people, not 'hacked' into a computer system...

Re:If... (0)

Anonymous Coward | more than 7 years ago | (#15387025)

nasa (gov) != sony (incorporated business)

Re:If... (4, Insightful)

Overzeetop (214511) | more than 7 years ago | (#15387016)

Sony installs a rootkit on (potentially) hundreds of thousand computers, and not a single person is on probation. I think community service for Sony USA executives would be a very worthwhile punishment for the humans who should be watching what their company is doing, and a stiff financial fine - say 10% of gross '05 earnings (just like a $3000 fine for a regular guy who makes $30k/yr) - for the corporation, with 6 years probation. Should Sony be found in violation of the terms of the settlement (to be negotiated by the plaintiffs attorney and the judge), Sony loses it's corporate status in the US.

Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

Oh, and while I'm at it, I'd like world peace, too.

Re:If... (2, Funny)

Foobar of Borg (690622) | more than 7 years ago | (#15387060)

I only ask that Sony be held to the same standard.

That will only happen when Sony can no longer purchase the US government.

Oh, and while I'm at it, I'd like world peace, too.

"We're the United States Government. We don't do that sort of thing!" - from Sneakers

:-p

Re:If... (1)

dr_dank (472072) | more than 7 years ago | (#15387635)

Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

Not to excuse Sony's sleezy actions and subsequent pat on the wrist, I think you're comparing apples to oranges. If you don't do your job as an engineer properly, people can die (structural collapses, vehicle malfunctions, etc etc). Sony's worst rootkit nightmare will waste lots of time and resources, but won't come close to inflicting the kind of harm that a misplaced decimal point would in a blueprint.

Re:If... (2, Insightful)

brufleth (534234) | more than 7 years ago | (#15387770)

1. The root kit makes your computer vulnerable to attack/infection/whatever you want to call it.

2. All someone has to do is write something that changes the position of decimal places on infected systems.

3. Deaths

This world is run by managers sitting on the shoulders of engineers and scientists. When it hits the fan the managers come out smiling but engineers and scientists are often not so lucky.

Re:If... (1, Informative)

Anonymous Coward | more than 7 years ago | (#15387120)

A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation

And a criminal record that will follow him for the rest of his life, procluding him from many jobs, a common legal excuse for denying rental housing, etc. Plus (since he's in a scary place like Texas) if he screws up in the least little way he could get tossed in a cell for a long while (like 16 years for stealing a candy bar).

http://news.bbc.co.uk/1/hi/world/americas/704922.s tm [bbc.co.uk]
http://www.commondreams.org/headlines/040700-01.ht m [commondreams.org]

So when the only job your friend can get is pushing shopping carts around and living in a leaky trailer away from anything normal remember how "light" his sentance was. It's Texas, unless you're white and connected no one get's off "light". BTW, during the next huricane evacuation don't bother looking for your friend since Texas plans to "segregate" convicted criminals away from the "good" people.

Simply put: unless your friend gets his conviction sealed he'll wear a scarlet "C" on him forever. Meanwhile Sony execs still enjoy their multimillion dollar paycheck and no conviction.

Welcome to amerika.

Re:If... (2, Insightful)

thePowerOfGrayskull (905905) | more than 7 years ago | (#15387238)

This was a settlement to a civil suit, which won't ever include criminal penalties. As far as I knowthere has not been a criminal suit filed.

Re:If... (1)

hackstraw (262471) | more than 7 years ago | (#15387364)

Someone should be incarcerated over this.

The problem is that a _company_ did the bad thing, not a "person". Can't put a company in prison, now can you?

Now, you can fine a company. I don't remember who, but if I remember correctly, a second company, not Sony, actually wrote and packaged the rootkit for Sony, and Sony was only wrong in that they did business with said company. We all know it was an innocent mistake, right?

The thing is that I don't hear anything about the company that created the thing, and what has been done to them, and what kind of precedent has been set if some other company tries to do the same thing.

That is what I want to know.

Re:If... (1)

Dunbal (464142) | more than 7 years ago | (#15387748)

Can't put a company in prison, now can you?

      No, that's what the board of directors is for.

I'm sorry, but that's not enough (5, Insightful)

Gizzmonic (412910) | more than 7 years ago | (#15386834)

If some young "cranker" released this type of virus out in the wild, he or she would be looking at serious jail time. But as is normally the case with corporations, no one is expected to be personally responsible. Just a few dollars that amounts to jack shit for a huge corporation.

Just like when Ford and Bridgestone decided to go ahead and release the exploding tires. Sure a few people got killed, but we can't press criminal charges! These are our captains of the industry! Reason #122,234 that this country is seriously messed up.

Re:I'm sorry, but that's not enough (2, Insightful)

sgant (178166) | more than 7 years ago | (#15386907)

Easy, the "cracker" should have formed a corporation first with the intent of being a "security consultation firm".

"Hey, the worm we were developing to track down...um...terrorists...got away from us and got released to the net. Sorry about that. Hey, we'll bankrupt the company ok? We'll dissolve it and go on our merry way....oh, can we get some venture capital cash from you government types so we can continue our...um...research? Yeah yeah, national security and all that."

See, bullshit your way out of it and act just like a real company like Sony.

Re:I'm sorry, but that's not enough (1)

MichailS (923773) | more than 7 years ago | (#15386908)

Well, I'd rather blame the whole concept of public limited stock corporations - or whatever the correct term is in the country where you are.

The idea that the ownership should be distributed over a faceless mass who hardly even know they own stock (through investment funds) and even less know or care what their money does - combined with a board of directors that have no personal responsibility for the corporation - is a contemporary societal disease that hopefully the future generations will snort and roll their eyes about, the same way that we do when we hear about slavery, letters of indulgence, child marriage and such tales of past eras.

Future people! I apologize for this era when we burned all the petroleum and created humongous corporations that devoured everything!

You who will live without this fantastic material known as "plastic" and will be born into serfdom and branded with company logotypes in the forehead at birth, know that some of us were sorry!

Close, but not quite. (1)

crhylove (205956) | more than 7 years ago | (#15387189)

You're very wrong about one thing. It's reason NUMBER ONE. This is the PRIMARY problem we and our progeny are going to face.

From the understatement-of-the-year dept. (1)

cdogbert (964753) | more than 7 years ago | (#15386852)

CDs containing what was revealed to be flawed digital rights management (DRM) software

I hope it's a really, really big settlement! (1)

Rob T Firefly (844560) | more than 7 years ago | (#15386859)

If Sony pays me a sufficiently huge wad of cash, I might be able to afford to give it back to them in exchange for a PS3.

How much $$ did the lawyers get? (2, Interesting)

rabun_bike (905430) | more than 7 years ago | (#15386870)

Usually in a class action lawsuit those harmed get a coupon or replacement product that's pretty much worthless. The lawyers get millions of dollars in fees in the name of "protecting consumers." So, how much did the attorneys get in this case?

Re:How much $$ did the lawyers get? (2, Informative)

Kohath (38547) | more than 7 years ago | (#15386919)

The amount hasn't been decided on yet. (I read the agreement.)

This story should probably have waited until the attorney's fees were decided, since that's what these lawsuits are about.

Re:How much $$ did the lawyers get? (0)

Anonymous Coward | more than 7 years ago | (#15387103)

Feel free to file your own suits. Class action lawsuits take a lot of money and willpower to run and execute to completion. They aren't always succesful either. Nothing is preventing you from suing them on your own, go ahead. The concept of class action suits isn't so much to get reparations for those effected but to punish the offender for a multitude of individual torts without having to file individual cases.

While it may offend you that the lawyers take the cake, they do the work. Nothing's stopping you from persuing it on your own.

Re:How much $$ did the lawyers get? (1)

rabun_bike (905430) | more than 7 years ago | (#15387309)

Spoken like a true lawyer. Is this why class action cases are all certified in pretty much a single class action friendly state? Yes, lawyers have to put up money to make serious money back. Are they helping society? 90% of the time, no. Do they pretend they do? Yes! I was not harmed by the Sony root kit. I have no bone to pick in this fight other than class action lawsuits do not benefit those harmed. They just don't. Read the agreement. Show me the evidence where those harmed by Sony get a good settlement. You can't because the system is broken. How many people do you think you need for a class action case? In Texas, you one need one. How is that a class/ Am I offened that lawyers took away so much? No. Why? Because I know several class and personal injury attorneys. They make lots of money but they still can't quite come to terms that they really are not the savors they try to convince people they are. It is as simple as that.

Re:How much $$ did the lawyers get? (1)

marklyon (251926) | more than 7 years ago | (#15387497)

Actually, you can't file your own suit now. The judge entered and order certifying the class, and making it virtually impossible to get out. You can either get the compensation from this settlement, or get nothing.

Re:How much $$ did the lawyers get? (3, Informative)

marklyon (251926) | more than 7 years ago | (#15387465)

All totaled, they are asking for $4M. Sony and the "class counsel", however, want to limit the EFF's portion of the fees (which was requested at around $2M) to no more than $100,000.

You can read more about it here: http://sonysuit.com/ [sonysuit.com]

Worthless! (4, Insightful)

Luscious868 (679143) | more than 7 years ago | (#15386872)

As others have noted, this is a joke. Those users who were affected are entitled to a replacement CD, free downloads of the music on the CD in question (in who knows what format) or a cash settlement. So someone spends hours cleaning up the mess that Sony made and they get what amounts to $15 to $20 bucks. Most people who are affected probaby won't even bother to claim anything so Sony isn't really hurt by this. It seems to me that the lawyers who brought the class action suit are the only ones who really benefit here.

You are Living in a Empire, get over it. (4, Insightful)

hackus (159037) | more than 7 years ago | (#15386928)

Welcome to the Empire of the United States of America.

While you serve the sufferance of the 5% of the families in this empire that own 95% of everything here, please be advised that you do not and cannot own:

Any sort of source code, any sort of music, any sort of transportation, any energy source.

You can however, license it from said 5% of the population here that own 95% of everything else.

You may buy a "rights" upgrade to your license to do as you please here, if you get caught violating the law. But bear in mind, sometimes we have to not accept your cash so we can calm the masses and throw them a "justice bone". In that instance should it happen, your "rights" license is null and void.

Above all else, while you are here please be advised that any government official can be purchased for a limited time depending on how much cash you have, and how much influence you want.

Just do not make it obvious and please use foreign banks to make sure transactions are not traceable.

Thank You and enjoy your stay!

-The Empire USA

That was fast! (2, Insightful)

brouski (827510) | more than 7 years ago | (#15386965)

As scandals go, it seems like it took no time at all to go from exposure to out of court settlement. What do people make of that?

fix (0)

Anonymous Coward | more than 7 years ago | (#15386977)

Is there any software available to fix and/or remove the rootkit? I played a Velvet Revolver CD on my PC, I believe on of the first CD to have this malware. How do I know if the rootkit was install?

Quid pro quo (1)

Opportunist (166417) | more than 7 years ago | (#15387027)

Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

Sounds fair.

Re:Quid pro quo (1)

The_REAL_DZA (731082) | more than 7 years ago | (#15387406)

I dunno, have you heard some of the crap the "artists" are recording these days? $14.95 for a disk full of it seems like a "fantastic amount of money" to me...

Re:Quid pro quo (0)

Anonymous Coward | more than 7 years ago | (#15387496)

Does that mean that from now on, people infringing copyrights won't be sued for fantastic amounts of money but that they just have to buy a CD for every CD they ripped?

Well, since technically they're not "buying" the CDs in the first place, but just making more copies of them to give away (at wholesale blank cd prices!), I'd say if you make a copy of all the disks you ripped and gave it to them.... -that- would be fair.

from TFA (1)

Foobar of Borg (690622) | more than 7 years ago | (#15387040)

from TFA: These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

Now, at least we know which CDs to avoid and if Sony keeps including any kind of copy protection software, their sales will plummet even more than they already have. The only thing left now is the drawing and quartering of the CEO and other upper-level officers, along with the dissolution of Sony's articles of incorporation, and I would say that justice was served.

But, I'm not holding my breath.

What about the $1000? (0)

Anonymous Coward | more than 7 years ago | (#15387093)

I'm surprised nobody's mentioned the incentive payment for each plaintiff.
C. Plaintiffs Class Counsel will request that the Court award an incentive payment, not to exceed $1,000, to each of the Plaintiffs in the Action and the named plaintiffs in the Non-S.D.N.Y. Actions. Defendants shall not oppose any such requests, and will pay $1,000 or such lesser amounts as the Court may direct to each of the specified individuals within ten (10) business days after the Effective Date.
Does this mean Sony pays $1,000 to each person that bought an infected CD? I should have bought one.

Re:What about the $1000? (1)

Fallen Kell (165468) | more than 7 years ago | (#15387310)

These payments go to the "named" parties in the lawsuit, i.e. the people who origionally went and found lawyers who then took on the case(s), which then recieved class status.

Who will get the money? (1)

hsmith (818216) | more than 7 years ago | (#15387107)

The Lawyers and the Gov't, the people who were actually harmed will get a small, pathetic amount back. Yay for tort laws!

Where can I find a complete list of CD's that... (0)

Anonymous Coward | more than 7 years ago | (#15387228)

had the DRM on them? I know a few of my friends who have Sony CD's who might have used them in their PC's. I'm just curious how many different albums did include the protection.

Re:Where can I find a complete list of CD's that.. (2, Informative)

Singer4096 (134206) | more than 7 years ago | (#15387726)

There is a complete list of the cds covered by the Settlement here [sonybmgcdt...lement.com].

Attorney's Fees and an Appeal Still Pending (1)

marklyon (251926) | more than 7 years ago | (#15387437)

SonySuit.com [sonysuit.com] notes that attorney's fees are still in dispute, and that there is an appeal of the case still pending.

Where's the criminal prosecution? (1, Insightful)

SecurityGuy (217807) | more than 7 years ago | (#15387443)

I really don't care about the free CDs, or any other fine that would be levied against Sony. They're huge, and they aren't going to be hurt by this.

What I want is criminal prosecution of the people in Sony's management who directed that this be done, and directed that this malware be distributed. I can't imagine that if I, Mr. John Q. Public, recorded some of my own songs and packaged them with a rootkit of my own, that I'd be prosecuted for it. More than that, I can't imagine that if some employees of Sony burned the CD and took it to work to listen to, where it then installed itself on their computers, that Sony wouldn't quickly rack up the requisite amount in damages and I'd shortly have the FBI on my doorstep.

Is there any valid reason they're not being prosecuted for this? Is it as simple as the DoJ isn't bothered by it? $DIETY knows, I'll never buy another Sony anything if I can help it, but that's not enough. It's well past time that corporations learn they aren't above the law, even if they do write and pay for it.

OH the irony... (2, Funny)

minuszero (922125) | more than 7 years ago | (#15387833)

I wonder if the judge realised the irony
in allowing Sony to give out free downloads of DRM-laden music files
to people who's computer(s) they made vunerable with their DRM software...

Flawed, my ass (2, Funny)

poena.dare (306891) | more than 7 years ago | (#15387902)

"flawed digital rights management"

Flawed, my ass

If I get caught burning Sony Music's HQ to the ground than that's a "flawed" bonfire.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...