Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Settles With FTC Over Rootkits

kdawson posted more than 7 years ago | from the wrist-slap dept.

Sony 133

The FTC has struck a deal with Sony punishing Sony for the rootkits it included on millions of CDs in 2005. The deal is exactly like the Texas and California settlements — $150 a rootkit. The settlement isn't final yet. There will be a 30-day public consultation. American citizens who read Slashdot might want to put in their two cents. Comments will be accepted through March 1 at: FTC, Office of the Secretary, Room H-135, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580 (snail mail only). Here is the FTC page announcing the settlement.

cancel ×

133 comments

Sorry! There are no comments related to the filter you selected.

first post! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17825558)

first post!

What about OS????/ (3, Informative)

threeofnine (813056) | more than 7 years ago | (#17825560)

I am an Aussie, this means nothing to anyone outside the USA, it would be good to see Sony pay US$150 to everyone they infected with their shite.

Re:What about OS????/ (0)

gbobeck (926553) | more than 7 years ago | (#17825572)

I really wish that part of the settlement would have included a provision where the executives of Sony BMG would get one swift kick in the ass for each installed copy of the rootkit.

Re:What about OS????/ (2, Interesting)

bcraigen (766330) | more than 7 years ago | (#17825718)

I was under the impression that these CD's were only sold in America??

Re:What about OS????/ (2, Informative)

grimJester (890090) | more than 7 years ago | (#17825906)

This site [doxpara.com] has maps of the spread of the rootkit. It looks like they were sold in the US and western Europe, with stray copies spread around the wordl.

This gives me an idea! (1)

grimJester (890090) | more than 7 years ago | (#17826314)

I can't download zips at work, but would the linked application [nyud.net] still work for mapping out how widespread the infection still is more than a year after the initial spread?

If nothing else, it would make for pretty pictures to show in court.

Vaginas for Jesus (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17825582)

Please consider donating your portion of this settlement to support our worthy convent, Vaginas for Jesus.

We are a group of holy nuns who have dedicated our vaginas and virginity to our Lord and Savior, Jesus H. Christ.

Please support our mission and give freely to our divine cause!

Re:Vaginas for Jesus: Nice real nice, REMOVE IT (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17825918)

This kind of shit shouldn't be just marked 'offtopic', it's spam and spam should be deleted. This goes also for the first post idiots and the goatse boys.

These are part of the answer why most internet publicists don't allow the public to comment the news. Which is a shame since some readers do have something interesting to say.

Re:Vaginas for Jesus: Nice real nice, REMOVE IT (0)

Anonymous Coward | more than 7 years ago | (#17825976)

You must be new here...

Re:Vaginas for Jesus: Nice real nice, REMOVE IT (1)

Technician (215283) | more than 7 years ago | (#17826258)

I put goatse in my hosts file. It doesn't show up anymore.

I know, offtopic.. just feeding the trolls.

Re:Vaginas for Jesus: Nice real nice, REMOVE IT (1)

eMbry00s (952989) | more than 7 years ago | (#17826858)

You just got trolled, man. People are just going to continue doing that shit until you stop responding in ways they find hilarious (that is, at all - they want to waste people's time).

Re:Vaginas for Jesus (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17826168)

You're an idiot...everyone knows Jesus is gay, what would he want with nun vagina?!? Idiot.

150? If by 150 you mean 150ml (5, Funny)

Cocoshimmy (933014) | more than 7 years ago | (#17825600)

How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.

How About... (3, Interesting)

Anonymous Coward | more than 7 years ago | (#17825738)

How About you realise that this is Sony BMG - e.g. a partnership between Sony and Bertelssman. The rootkit would have been 100% BMG's idea. The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.

Re:How About... (4, Insightful)

ObsessiveMathsFreak (773371) | more than 7 years ago | (#17826482)

The CEO of Sony has gone on the record as saying he thinks online music sales are too expensive and should be close to the 25c mark.
What a great guy. Going on record saying what he sees as fit instead of actually running the company the way he sees fit.

Why are they even paying this man?

Re:How About... (1, Insightful)

Anonymous Coward | more than 7 years ago | (#17827060)

Why are they even paying this man?
Because he doesn't run the company as he sees fit.

If he did, the shareholders would fire him. That, incidentally, is why corporations are more evil than any individual.

Re:How About... (2, Insightful)

Rycross (836649) | more than 7 years ago | (#17826846)

I'm sure Sony's PR department is grinning from ear to ear that people are falling for this shit.

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.

Re:How About... (0)

Anonymous Coward | more than 7 years ago | (#17827022)

I'm sure Sony's PR department is grinning from ear to ear that people are falling for this shit.

I'm so glad someone pointed this out.

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.

Sony as a whole has pissed me off quite a bit over the last few years. First, I had a Sony car CD deck that had difficulty playing CD-R discs a few years ago. Then there's the way that Sony has to invent their own wheel every time, rather than using established standards (see Mini-Disc, Memory Stick, UMD Discs (PSP), etc). Sure Sony has in the past cooperated in the creation of some standards (Beta video cassettes, the Compact Disc) they also have the tendency to establish (and exclusively support) their own formats.

All together, I remember Sony used to make great receivers in the late 70's, and my Sony Cybershot digital camera works great even 7 years after I bought it. But overall, Sony has a reputation (since the mid 90's) of manufacturing crap. Their camcorders have common issues (capacitors dry out); car CD players tend to be quite limited (even the newer XPLOD series); and again their tendency to create their own standards such as the Memory Stick rather than use existing technology (like SD cards).

On the other hand, though I did lump Sony as a whole together, I have to admit the PlayStation division has done quite a few things right. Full 100% backward compatibility, and the PSP is quite advanced (you have to play with one to understand)....

Re:How About... (2, Informative)

Anonymous Coward | more than 7 years ago | (#17827420)

Yay, more Intarweb stupidity...

Listen.... it doesn't matter that they're separate departments. Its. The. Same. Company. Saying "Oh its just the music department, all those other departments are ok," is just a cop-out. At least be honest that you don't really care.
You seemed have missed some fundamental facts. IT'S NOT THE SAME COMPANY! IT"S NOT A DEPARTMENT! IT'S A SEPARATE COMPANY! There's a *reason* it's called "Sony BMG" instead of "Sony Music Entertainment" (here's a hint, Sony doesn't own all of it), just like MSNBC is called "MSNBC" instead of "Microsoft Cable News" or some sillyness like that...

Then there's the way that Sony has to invent their own wheel every time, rather than using (see Mini-Disc, Memory Stick, UMD Discs (PSP), etc)established standards
What "established standard" should Sony have used instead of developing MiniDisc? There were no optical recordable disc standards, nor standards for perceptual lossy audio codecs (MPEG1 wasn't even a paper spec yet).

again their tendency to create their own standards such as the Memory Stick rather than use existing technology (like SD cards).
Uhhh, how could Sony have used SD when at the time Memory Stick was introduced SD didn't exist yet?

BS (1)

missing000 (602285) | more than 7 years ago | (#17828466)

All those companies are subsidiaries of Sony Group.

If Wal-Mart split off the shoe department as Wal-Mart Shoe Company but still controlled it, it would still just be the shoe department.

It wasn't me... (0)

Anonymous Coward | more than 7 years ago | (#17827014)

It was the one armed man!

Eh? So BMG department put a gun to their head and made them do it! I think we need to get an internet petition up with something a kin to "free kevin."

Reality check, if they felt it was ethically or legally suspect they could have opted not to do it.

Nope, they did and this is their punishment. Corporations are much like toddlers with respect to the law. They will test their limits and see what they can do.

Obviously, this little one is getting a spanking and now it understands it cannot install software on a consumers computer without permission. (Just like scribbling on the neighbors walls)

Re:150? If by 150 you mean 150ml (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17825846)

It's "mL", not "ml".

(You must be an American)

Re:150? If by 150 you mean 150ml (3, Informative)

GringoCroco (889095) | more than 7 years ago | (#17825922)

From wikipedia

Originally, the only symbol for the litre was l (lowercase letter l), following the SI convention that only those unit symbols that abbreviate the name of a person start with a capital letter.
In many English-speaking countries, the most common shape of a handwritten Arabic digit 1 is just a vertical stroke, that is it lacks the upstroke added in many other cultures. Therefore, the digit 1 may easily be confused with the letter l. On some typewriters, particularly older ones, the l key had to be used to type the numeral 1. Further, in some typefaces the two characters are nearly indistinguishable. This caused some concern, especially in the medical community. As a result, L (uppercase letter L) was accepted as an alternative symbol for litre in 1979. The United States National Institute of Standards and Technology now recommends the use of the uppercase letter L, a practice that is also widely followed in Canada and Australia. In these countries, the symbol L is also used with prefixes, as in mL and L, instead of the traditional ml and l used in Europe. In Britain and Ireland, lowercase l is used with prefixes, though whole litres are often written in full (so, "750 ml" on a wine bottle, but often "1 litre" on a juice carton).
Prior to 1979, the symbol (script small l, U+2113), came into common use in some countries; for example, it was recommended by South African Bureau of Standards publication M33 in the 1970s. This symbol can still be encountered occasionally in some English-speaking countries, but it is not used in most countries and not officially recognised by the BIPM, the International Organization for Standardization, or any national standards body.
so Europeans that use "l" instead if "L" are American, you say ...

Re:150? If by 150 you mean 150ml (1)

DemoFish (1051816) | more than 7 years ago | (#17826090)

In Soviet Russia...
Rookits take YOUR blood.

Re:150? If by 150 you mean 150ml (1)

mpe (36238) | more than 7 years ago | (#17826354)

How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.

Since Sony are ment to be in the entertainment business how about a "reality show" where viewers can vote for which executive gets fed to the vampire...

Re:150? If by 150 you mean 150ml (1)

Dersaidin (954402) | more than 7 years ago | (#17826402)

Well... don't just post it here, send your suggestion into the public consultation!

Re:150? If by 150 you mean 150ml (0)

Anonymous Coward | more than 7 years ago | (#17826648)

How about 150ml of the Sony CEO's blood per rootkit. If they run out, then start taking blood from the rest of the executives in a hierarchical fashion.
Well, that about sums it up. Slashdotters want blood.

Sure, what they did sucks big time and they deserve to get smacked around for it, but lets face it, isn't this post a metaphor for the exaggerated exuberance of the Slashdot crowd?

If you're Microsoft, Sony or SCO, you can do you right. If you manage to anyway, we'll ignore it. If you screw up to any extent will treat it like it was major. If you screw up in a big way, we'll treat it like it was mass murder.

If you're Apple, Nintendo or Linux, you can do no wrong. Blah, blah, blah.

Isn't it time for a change?

Re:150? If by 150 you mean 150ml (1)

Arancaytar (966377) | more than 7 years ago | (#17827138)

> Apple, Nintendo

I deny that that is the case! I bash Apple and Nintendo as vigorously as the others!
Now if you'd said Google...

----

(This, for the unaware, was an attempt to be +1 Funny, not -1 Moron.)

Drawing parallels (3, Insightful)

rumith (983060) | more than 7 years ago | (#17825608)

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.
Hmm. Perhaps they would fine Microsoft too, based on this exact reason? ;)

Re:Drawing parallels (3, Insightful)

Anonymous Coward | more than 7 years ago | (#17825674)

When we'll see malware using Vista DRM "features" so even a user with admin privileges won't be able to get rid of it, maybe we should seriously consider that question.

Could malware use Vista's DRM functionality? (1, Interesting)

babbling (952366) | more than 7 years ago | (#17826012)

Most of the Vista DRM that we hear about involves applications requesting from Vista that the quality of audio/video be crippled unless the user has special DRM hardware and special DRM ("signed by microsoft") drivers installed. It's difficult to envisage how that functionality could be useful to malware, but there also must be more to Vista's DRM than just that. If it were nothing more than I just described, someone wanting to crack the system could disassemble the application being used to play DRM-encumbered media, remove the DRM-requesting code, and then happily use unsigned drivers to collect the decrypted audio/video. This suggests that there must be some way in which Vista prevents tampering of such programs.

If Vista prevents tampering of programs, that would certainly be useful to malware. It could even make it immune to virus scanners. If an arbitrary program (aka a virus scanner) can be used to circumvent the DRM, that would make the DRM rather useless too, wouldn't it?

I'm speculating a lot. Could anyone who knows specific details shed some light, please?

Re:Could malware use Vista's DRM functionality? (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17826146)

Yes, exactly. A virus that makes that request any time audio or video is played, and makes it multiple times. Your system would be ddos'ing itself and anything you hear, and any video you watch, would be of degraded quality. Oh crap, probably shouldn't have given them the idea for their next rootkit...

Except that windows is easy to uninstall (-1)

Anonymous Coward | more than 7 years ago | (#17826880)

Windows is easy to uninstall:

Make Linux the first disk on your IDE bus and the windows disk the second disk,
reboot to linux then, as root at the command line:

# mount -t ntfs /dev/hdb1 /mnt
# rm -rf /mnt

See, easy ;-)

Save your reciept ? (5, Interesting)

Joebert (946227) | more than 7 years ago | (#17825626)

Under the settlement, Sony BMG must allow consumers to exchange affected CDs bought before 31 December 2006, and reimburse them up to $150 (£76) to repair damage to their computers.

I understand why stores require reciepts to return stuff, but when it comes to CDs which are non-returnable once that plastic wrap is taken off, who the hell bothers to save the reciept ?
How are they going to know when the CD was purchased ?

Does it have the rootkit? (0)

Anonymous Coward | more than 7 years ago | (#17825672)

If so, then Sony would have to prove it was not in that period. Mind you, since they were supposed to have cleared up the rootkit by then, Sony would be open to another new suit (as a repeat offender too!) if they did so prove.

Re:Save your reciept ? (2, Insightful)

zlogic (892404) | more than 7 years ago | (#17825820)

These things could sell pretty well on eBay - buy a $75 rootkit CD and sell it to Sony for $150!

Re:Save your reciept ? (1)

poser101 (982233) | more than 7 years ago | (#17826922)

I immediately searched eBay for affected CD's after reading this post. I'm finding it somewhat hard to determine which were "original" rootkitted CD's and which ones are the newer non-rootkitted CD's. If I knew for sure, I would buy a bunch and make some money. Someone should mod parent up.

Re:Save your reciept ? (1)

jimicus (737525) | more than 7 years ago | (#17826532)

Don't know about the US, but here in the UK if a product is not fit for its purpose, you are entitled to a refund/replacement (at your discretion, though some stores don't know that bit), and it doesn't matter whether or not it's been unwrapped. You just have to return it in a "reasonable" timeframe. Technically you don't even need a receipt, but it can save arguments at the counter.

The biggest problems I've had returning things have been when the item was technically fine - it met the manufacturer's specifications to the letter - but it had a design flaw which left it utterly worthless and unfit for purpose. AFAIK, the Sale of Goods Act just says "fit for purpose" - it doesn't say anything about "unfit because it was broken rather than unfit because it was badly designed".

Then you're getting into arguments about whether or not a music CD should be expected to play in a car or a computer... and there things really get awkward. DRM'd CDs have been around long enough that it's reasonable to expect some to have found their way into the secondhand market, so that's not an option for guaranteeing that you're not getting a crippled disk. Boycott or become very good at arguing with the staff at your local record shop appears to be the only option.

Re:Save your reciept ? (1)

GrenDel Fuego (2558) | more than 7 years ago | (#17826862)

> How are they going to know when the CD was purchased ?

Well, considering these CDs were pulled from the shelves quite some time back, I think it's safe enough for them to assume that if you have a rootkit version of a CD, you bought it before that date.

Re:Save your reciept ? (1)

scottsk (781208) | more than 7 years ago | (#17827818)

"How are they going to know when the CD was purchased ?" -- sure, and how would the RIAA know ANY CD had been legally purchased if they accused you of piracy? No one saves receipts for disposeable items like that. Could you prove to the RIAA that you legally own all the CDs you have?

Re:Save your reciept ? (0)

Anonymous Coward | more than 7 years ago | (#17828736)

The receipt is irrelevant as proof to the RIAA. There are legal ways to buy a CD that don't result in my getting a CD (my friend sells me a used disc and keeps no copies himself); and even if I have a receipt, that doesn't prove that the CD wasn't counterfeit (which, from the RIAA point of view, means I haven't legally licensed the content).

For a store-bought CD, the only "proof" worth talking about is the original pressed disc, packaging, liner notes, etc. (Most counterfeits won't get all of this right.) I suppose they could start shipping a COE like many software companies do, but that's always struck me as silly anyway.

For downloaded music, your proof depends on the service; AFAIK, this is an underdeveloped part of the distribution model. A store could implement signed receipts (and if they did this with the explicit purpose of proving the sale, you can bet that's something I'd save)... or I suppose you could just rely on the store's sales logs if you're the trusting sort...

how does this multiply out? (3, Informative)

acidrain (35064) | more than 7 years ago | (#17825654)

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers. Also, for those who would like to see Sony hurt worse for this, do remember that that this is more than enough. Any company pulling a stunt like that again will be ignorant, not unconcerned.

So when are desktop OS's going to come installed inside a secure virtual machine OS that is capable of detecting rootkits and possibly doing a little extra scanning on the side? That is long overdue.

Re:how does this multiply out? (4, Insightful)

Don_dumb (927108) | more than 7 years ago | (#17825766)

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque? Because I imagine those are entirely different numbers.
I wonder how many people have these CDs and dont even realise that their CDs are or have been infected? This did make the mainstream media, but wasn't a huge story. I imagine there are thousands of people who still have no idea.

Wouldn't a better punishment be that Sony is made to stand up and publicize (using such mediums as MTV) the particular CDs that were infected and educate people as to how they can protect against malware. - It openly damages them to those who aren't aware about this (thereby acting as a deterant for anyone else thinking about doing somthing like this), informs the masses as to the lengths DRM goes to (generating more widespread disapproval for DRM) and helps to fight malware through educating the yoot.

Re:how does this multiply out? (1)

Fredge (186975) | more than 7 years ago | (#17826156)

The list of affected albums [sonybmg.com] is available on the internet.

Instructions for uninstalling [sonybmg.com] the rootkits are also on the internet.

I think most people who would really care about DRM issues already know about the Sony rootkit incident.

Re:how does this multiply out? (1)

CastrTroy (595695) | more than 7 years ago | (#17826494)

But what about all the other people who don't really follow the tech news. They still have a rootkit on their computer. I remember when the news came out, there was nothing on the news that 98% of the population would listen to. Only stuff on geek sites like slashdot. I bet most people are completely unaware it even happened.

Re:how does this multiply out? (0)

Anonymous Coward | more than 7 years ago | (#17827278)

> But what about all the other people who don't really follow the tech news. They still have a rootkit on their computer.

And there are thousands of people out there with rootkits that make their computers send out spam or start DoS attacks, blissfully unaware. At least this one harms only the computer it runs on.

Make no mistake, Sony should pay dearly for this so it doesn't happen again. But there's only so much you can do to minimize the damage, and if at this point people still haven't hard about this, well...

Re:how does this multiply out? (1)

Don_dumb (927108) | more than 7 years ago | (#17828434)

That's exactly what I mean, it's the people who don't care that Sony should be owning up to.
They might begin to care if they realise how far this can go.

Re:how does this multiply out? (1)

High Hat (618572) | more than 7 years ago | (#17825768)

Can you say Vista on TCPA?

Only it comes with its own Rootkit called DRM...

Re:how does this multiply out? (1)

Secrity (742221) | more than 7 years ago | (#17825888)

That is $150 per infected computer. I don't even want to get into what you will probably have to do in order to prove that you got infected. How many people won't even know that they have been rooted?

Re:how does this multiply out? (5, Funny)

Professor_UNIX (867045) | more than 7 years ago | (#17826034)

How many people won't even know that they have been rooted?
This sounds like the perfect opportunity for one of those chain e-mail letters to be circulated. "Have you played any of these Sony CDs on your computer? If so you're entitled to $150. Pass this along to 5 other people or you will die tomorrow!"

Re:how does this multiply out? (1)

mpe (36238) | more than 7 years ago | (#17826290)

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?

The number of infected PCs may well not tally well with the number of customers or the number of CDs. Some customers may have bought more than one infected CD and each CD can infect an arbitraty number of PCs. e.g. if it was bought by a lending library a single CD could have infected hundreds...

Re:how does this multiply out? (4, Interesting)

theckhd (953212) | more than 7 years ago | (#17826476)

Is that $150 per cd "sold through" or $150 per customer who is aware of the lawsuit and actually files to get their cheque?
It's not even that simple, FTFA [ftc.gov] :

As part of the settlement, Sony BMG will allow consumers to exchange CDs containing the concealed software purchased before December 31, 2006 for new CDs that are not content-protected, and will be required to reimburse consumers up to $150 to repair damage that resulted directly from consumers' attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs.
It's a reimbursement for costs incurred while trying to repair the damage done. I presume this means you would need a receipt from a vendor or service company that removed the rootkit for you. I doubt Sony will award the full $150 to you if you removed it yourself.

Re:how does this multiply out? (0)

Anonymous Coward | more than 7 years ago | (#17827744)

I presume this means you would need a receipt from a vendor or service company that removed the rootkit for you. I doubt Sony will award the full $150 to you if you removed it yourself.

All you should need is a receipt from a geek friend's "consulting service". Handwritten should do; just because he's small-time shouldn't disqualify him. In the unlikely event that they question it, whatever geek credentials he has (CS grad, etc.) should put the matter to rest. If they persist in refusing, take it to small claims, where your geek friend will testify as to his credentials - at an appropriate hourly rate, of course, which will be part of the damages you seek. Plus additional billing for whatever other time he spent on being inconvenienced.

Meanwhile, RIAA wants $750 per song... (5, Insightful)

Zaatxe (939368) | more than 7 years ago | (#17825666)

Isn't that a little unfair?

Re:Meanwhile, RIAA wants $750 per song... (1)

grimJester (890090) | more than 7 years ago | (#17825814)

Yes. The damages of $750 up to 125k per count of infringement were supposed to be that horrendous to discourage the practice. $125k per infringement would be a more reasonable punishment, not only because $150 is probably not worth the trouble of collecting, but because a single user rootkitting a Sony server would never get away with only a $150 fee.

Re:Meanwhile, RIAA wants $750 per song... (1)

SolitaryMan (538416) | more than 7 years ago | (#17825870)

single user rootkitting a Sony server would never get away with only a $150 fee.

Doesn't this set some kind of precedent, so users now can get away with $150 per rootkit too?

IANAL, so I'm asking seriously.

Re:Meanwhile, RIAA wants $750 per song... (1)

delinear (991444) | more than 7 years ago | (#17825974)

Probably not, the $150 is likely based on the estimated cost of repairing the damage done by the rootkit, or the cost for removal by a professional at any rate. If you were to rootkit a server then the potential for damage and cost of removal are likely to be much higher. If you were to rootkit individual machines then this would probably be assessed on the basis of the machines in question.

What is most annoying about this is that it requires the injured party to be pro-active in claiming the money, and for the most part people will not bother. It's a small enough amount that it's not worth the hoops you'll probably have to jump through to collect it, and as such it's unlikely to be more than a blip to Sony. The real precedent here should be that damages to **AA should only be paid if the individual artist (the injured party) comes forward and stakes their claim. Then lets see how many multi-millionaire musicians want to stand up in court and claim damages against their fans when they have no faceless organisation to hide behind...

Re:Meanwhile, RIAA wants $750 per song... (1)

freedom_india (780002) | more than 7 years ago | (#17826030)

If the GeekSquad charged me $550 to repair my computer, would Sony BMG pay the higher of the amounts?
What makes Sony say they can pay only $175/-? Who estimates it would take only that much?
FTC Should not have settled at all. They should have charged Sony with criminal trespass, and jailed the CEO.
if i write a rootkit and distribute it inadvertently (because my GF burned it to CD??), would FTC settle? Heck, i would be in Gitmo after being "renditioned" to Syria!
So if you are a corporate, all you get is a settlement. If you are an individual, especially single mom, you get to be sued for $1.5 million and jailed.
I wish people would pursue a criminal case against Sony and jail them.

Re:Meanwhile, RIAA wants $750 per song... (1)

mpe (36238) | more than 7 years ago | (#17826272)

if i write a rootkit and distribute it inadvertently (because my GF burned it to CD??), would FTC settle?

The "inadvertently" bit would be tricky, in order for things to work the CD has to be mastered such that Windows automatically executes the malware when someone trys to play the disk. You need to do a few more things that just putting an executable on a data track.

Heck, i would be in Gitmo after being "renditioned" to Syria!

Or your GF or both of you...

Re:Meanwhile, RIAA wants $750 per song... (1)

cdrudge (68377) | more than 7 years ago | (#17826178)

a single user rootkitting a Sony server would never get away with only a $150 fee. Well, you probably could get more money back by firing the admin that was playing a CD on a server.

Re:Meanwhile, RIAA wants $750 per song... (1)

laughingcoyote (762272) | more than 7 years ago | (#17825932)

Actually, the $750 per song is for unintentional infringement. This action was obviously intentional and profit-motivated, the statutory damages in that case are $150,000 per infringement...which would be pretty good, I bet that would actually discourage them from doing this again, as opposed to this garbage settlement, which will have roughly the deterrent effect of fining you or me fifty cents.

Re:Meanwhile, RIAA wants $750 per song... (1)

mpe (36238) | more than 7 years ago | (#17826254)

Actually, the $750 per song is for unintentional infringement.

Even that is a highly inflated figure. Actual "loses" are under 10USD, possibly under one.

This action was obviously intentional and profit-motivated, the statutory damages in that case are $150,000 per infringement

Part of the reason to have such massivly inflated figures is to ensure that the amount of money involved is high enough for law enforcement to take an interest. With something like spamming, even when it involves outright fraud, the amount of money involved per incident is often "too small".

which would be pretty good, I bet that would actually discourage them from doing this again,

Alternativly start putting the people responsible in jail. Remember that the "limited liability" is about the financial liability of investors.

Re:Meanwhile, RIAA wants $750 per song... (1)

Technician (215283) | more than 7 years ago | (#17826222)

Meanwhile, RIAA wants $750 per song... Isn't that a little unfair?

Yes, Sony is getting ripped off big time. Filesharers are simply getting $750 per title shared, not $750 per copy someone else recieved from him.

Sony is not getting charged $750 per song on the DRM CD. They are getting charged $150 for everyone who picked up a copy of the same set of songs from them. How unfair is that? I think they would love to have to pay $750/song for each of the CD titles they distributed regardless of how many copies sold of each title. It would be much cheaper! ;-)

Not bad (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17825678)

The terms of the settlement actually seem pretty good for the consumer. You can claim up to 10 times the price of a CD for damages, you can exchange existing CDs for unencumbered ones, and Sony has to deal with the embarrassment of advertising this fiasco on its website. And more importantly, this will hopefully send enough of a message to other DRM providers and users to make them pause before throwing more malware into their products.

The only thing I'd like to see added onto there is a clause requiring Sony to pay the legal defense fees of anyone sued by the RIAA. I can dream.

Re:Not bad (2, Interesting)

Don_dumb (927108) | more than 7 years ago | (#17825878)

The one change I would like, is for this to be labelled 'Malware' 'adware' or 'virus concealment tools' because barely anyone outside this site has any clue what a 'rootkit' is, to the public, this is just some "techy thing". Mention virus and people will take notice, they might not bother to protect themselves against them but they certainly know what viruses are. This would have had a different reaction form the public if they understood the issue.
Sometimes the IT world just doesn't make its case clear in a public issue and loses out as a result.

Re:Not bad (2, Insightful)

MrNiceguy_KS (800771) | more than 7 years ago | (#17828796)

I definitely agree about this being labeled Malware. Sony should be required to make a detection program available that users could run to see if their system is infected, and provide information to antivirus vendors so that it can be added to their detection signatures. They should make it's removal part of the next update to Microsoft's "Malicious Program Removal Tool" or whatever it's called.

Also, their player program that shipped with the rootkit CDs had a 'phone-home' function that loaded a banner from the web. It didn't actually provide Sony any personal data other than the user's IP address, but Sony should be required to track down anyone still running the rootkit player and assist them in removing their software. If they can track down file-sharers using an IP address they should be required to do the same to clean up their mess.

Re:Not bad (1)

danzona (779560) | more than 7 years ago | (#17828978)

You can claim up to 10 times the price of a CD for damages

This would be generous if Sony had damaged a CD. But Sony damaged a PC, something that generally costs 100 times the price of a CD.

While I don't think Sony should have to buy everyone a new PC, I do think Sony got off light.

By that rationale... (4, Insightful)

GapingHeadwound (985265) | more than 7 years ago | (#17825680)

From TFA

The US regulator said the anti-piracy software wrongly limited the devices on which music could be played to those made by Sony or Microsoft.

Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.

Re:By that rationale... (1)

EzInKy (115248) | more than 7 years ago | (#17825840)


Hmmm... no mention whether Vista or other Microsoft operating systems will come under fire of the same arguement.


I doubt it. Microsoft has made it pretty clear that their software will be monitoring and controlling its users activities.

Re:By that rationale... (2, Insightful)

grimJester (890090) | more than 7 years ago | (#17825880)

Hey, your comment actually made me RTFA. Congratulations!

The proposed settlement requires Sony BMG to clearly disclose limitations on consumers' use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software.

From the summary, I thought this was about the rootkit, not the DRM functionality it was meant to protect. Why does the settlement require things that the law already requires? If the above is just a clarification of how the law was interpreted in this case, this might really have serious implications for the current crop of DRM. iTunes' DRM limits use to Apple products, PCP limits content playback to licensed hardware, Vista (probably) doesn't come with clear disclosure of what the DRM does etc.

Hell, I bet not one DRM'd cd/dvd or DRM-limited piece of hardware has any visible warning label spelling out what restrictions it imposes compared to what the customer might reasonably expect.

Banning things which are already illegal (2, Interesting)

h2g2bob (948006) | more than 7 years ago | (#17826876)

Quite - installing software without consumer consent is pretty much the legal definition of computer hacking. If I was to do that, I'd go to prison. If this is what they did, why isn't Sony's execs in prison?

Send the repair bill in (2, Interesting)

scsirob (246572) | more than 7 years ago | (#17825686)

Maybe some folkes can send the invoices for lost time and consultancy hours spent on fixing their systems.

I'm sure that will be just a bit over $150...

If someone in their basement pulled the exact..... (5, Insightful)

Anonymous Coward | more than 7 years ago | (#17825722)

....same thing, their asses would be in the slammer in no time. Sony souldn't be treated any different. This was a computer crime, plain and simple.

Re:If someone in their basement pulled the exact.. (4, Insightful)

jimicus (737525) | more than 7 years ago | (#17826552)

Yes, but Sony is a company and this is the USA.

All the rights of an individual with hardly any of the responsibilities.

How much per song can the RIAA get away with? (1)

Karem Lore (649920) | more than 7 years ago | (#17825804)

I want THAT, per song on the CD that contains the rootkit...

Karem

Re:How much per song can the RIAA get away with? (0)

Anonymous Coward | more than 7 years ago | (#17825908)

Luckily U'll get 2 or 3 PS3 in exchange of your music CD :)

So if I'm reading the settlement site correctly... (5, Interesting)

Telephone Sanitizer (989116) | more than 7 years ago | (#17825868)

Without a receipt for repair services the most that you can qualify for is $25 dollars, at their discretion.

If you removed the unlawful hack yourself, no matter how much pain and suffering it caused, there is every probability that they will compensate you exactly nothing.

(I mean nothing but the opportunity to exchange your defective CD for a slightly less defective one or a DRM-laden download.)

I think the kicker is that this is one of those fancy federal consent-decrees -- like the one that was used to "break" the Microsoft monopoly way back when. They agree not to be such meanies and in exchange, they receive total immunity from prosecution on any related federal charges and all state laws that conflict with the federal decision are automatically superseded.

I'm so glad that the feds are looking out for me. With punishment like that, Sony surely KNOWS they've been naughty. It's certain that they won't do anything like THAT again.

The REAL point of a class action lawsuit (2, Insightful)

elrous0 (869638) | more than 7 years ago | (#17827512)

Here's a little breakdown of how class action suits *really* work:
  • Suing lawyer gets $5 million
  • Corporation gets protection from individual lawsuits
  • Consumer gets a meaningless coupon

-Eric

Claim form help? (5, Interesting)

Kredal (566494) | more than 7 years ago | (#17825986)

The claim form you need to fill out for recompensation is at this link [sonybmg.com] .

One of the questions is as follows:

7. Briefly describe the type of harm / damage / problem you experienced and the steps that you
took in response:


What kinds of problems, other than the pain of removing it, did people have? Was any actual damage done? Did anyone's computer get taken over? I'm just curious what a valid response would be to this, for when I fill out the form.

Apparently some did get taken over (1)

Moraelin (679338) | more than 7 years ago | (#17826806)

Sony's rootkit didn't just cloak itself, but everything else that knew how. And I think there was at least one trojan which used just that. And I think Sony's first attempt to "fix" it actually created a security hole of its own. So, yeah, the damned thing was a security risk, not just an inconvenience.

Plus, I don't know, I think the very act of installing a rootkit on someone's computer pretty much qualifies as "taking over" by itself. If someone installed a rootkit on your machine, I'm guessing you'd be a lot less than amused, regardless of whether they actually used it to do extra damage yet.

Understatement of the year... (5, Insightful)

Panaqqa (927615) | more than 7 years ago | (#17826082)

According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall.

Huh? "Reasonably difficult"? This damned thing broke Russinovich's [technet.com] machine, and he had to use several utilities he developed himself to get rid of it by looking deeper into the Windows OS than I think Microsoft ever intended (or wanted) anyone to look. How many /. denizens would have looked for this little gem using named pipes [wikipedia.org] to communicate?

"Difficult to uninstall"? Right...

Derstatement of the year... (0)

Anonymous Coward | more than 7 years ago | (#17826540)

Huh? "Reasonably difficult

Since when did unreasonably a synonym for reasonably?

I Chooose a Better Punishment (5, Interesting)

N8F8 (4562) | more than 7 years ago | (#17826104)

I'll never buy something from Sony again until they change their anti-consumer practices.

Re:I Chooose a Better Punishment (1)

l0b0 (803611) | more than 7 years ago | (#17826474)

Ditto, except the last part. Sony won't see another dime from me. It's not like this was some kind of minor slip; I believe it shows the company's opinion of customer rights. Some trust is just too fundamental to break.

Re:I Chooose a Better Punishment (1)

MyNameIsEarl (917015) | more than 7 years ago | (#17827556)

When I purchased my $2000 HDTV on Thanksgiving weekend last year I did not even consider Sony when making my comparisions. I went with the Sharp Aquos.

Re:I Chooose a Better Punishment (1)

MrNiceguy_KS (800771) | more than 7 years ago | (#17828920)

I agree 100%. Sony will never see another dime of my money. I remember reading their early public statements once this was discovered. The only thing they ever "apologized" for was the potential security risks. It was quite clear to me that they feel it is 100% OK to install rootkits on peoples' computers, if they can do so without leaving security holes. They obviously believe that their music is so precious that they can do whatever they want to keep people from copying it.

Re:I Chooose a Better Punishment (1)

eMbry00s (952989) | more than 7 years ago | (#17826822)

That's nothing to them. Voting with your dollars is a good way to make people forget the one vote per person thing. Thankfully America hasn't voted per dollar, and instead have made themselves a court system to handle these cases properly.

Re:I Chooose a Better Punishment (1)

Is0m0rph (819726) | more than 7 years ago | (#17828734)

I'm the same way. May not make much of a difference but I won't buy anything Sony again and I haven't for quite a long time.

Re:I Chooose a Better Punishment (1)

cparker15 (779546) | more than 7 years ago | (#17828858)

Same here. Normally, I don't actively participate in boycotts, but this is one I plan to stick with. I refuse to give Sony any more of my money after this stunt. I managed to get all of my relatives to cancel their BMG mailorder accounts, too, in light of this debacle. I've had to make several electronics purchases since the cat was let out of the bag, and I've completely turned a blind eye to Sony products. Because of this, I've also avoided anything related to Sony products. I've been a loyal PSM [psmonline.com] subscriber since near the beginning. Since I'm not getting a PS3, I have no use for a continued subscription. The same goes for the continuation of the Final Fantasy series on the PS3. And let's not forget Sony Pictures! The HD DVD/Blu-Ray debate? No contest! Blu-Ray is Sony. HD DVD FTW!

Wow... a 7-digit User ID (0)

Anonymous Coward | more than 7 years ago | (#17826106)

Off topic, I know, but look how far /. has come. A million users! Well, probably most are not active, but still.

Two cents (3, Funny)

Bob54321 (911744) | more than 7 years ago | (#17826226)

American citizens who read Slashdot might want to put in their two cents.

No, thats all wrong. Sony is supposed to pay out...

Wonder who really gets to pay... (4, Insightful)

ray-auch (454705) | more than 7 years ago | (#17826232)

What's the betting that cost of this gets passed onto artists as deductions from royalties ?

Artist monthly statement:

Sales: $$$
Gross royalties (tiny%): $
Deductions:

      [ blah blah blah ] $$
      DRM legal costs $$
      [new this month]

Net Royalties: -$$$

[NB: you won't have to pay us because we're nice like that, we'll just carry it forward]

A modest proposal (0)

Anonymous Coward | more than 7 years ago | (#17826298)

Revoke their corporate status - 1 month duration for each disc distributed. No money needs change hands here.

I have an idea for compensation (2, Funny)

badenglishihave (944178) | more than 7 years ago | (#17826526)

How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.

Re:I have an idea for compensation (1)

blueZhift (652272) | more than 7 years ago | (#17826758)

How about a free PS3 instead? Oh wait, that would just introduce more Sony problems into our lives. Whoops.

Naahh, if you got a free PS3 you'd just be induced to run out and buy a Sony HDTV so that in the end Sony would still make money on the deal [proliphus.com] . They wouldn't learn a thing!;)

Damn them anyway! (3, Interesting)

Anonymous Coward | more than 7 years ago | (#17826884)

Sony's rootkit (which my teenaged daughter installed; damn it I had autoplay shut off for a reason!!!) cost me the price of an SB Audigy since I couldn't find sound chip drivers, and XP since my video card mfg didn't have Win 98 drivers for download. Around $200 plus an afternoon of my time; reinstalling W98, then going to Circut City and installing XP (three fucking times - it didn't like my CD burning software and had a popup on boot saying XP had disabled it, but XP wouldn't let me uninstall it because it had disabled it. Then it updated my networking drivers which disabled the internet. Great product that XP).

After being yelled at for ruining my computer, she broke the CD and threw it away, and I've lost the receipts for the SB and XP.

I think a more fair settlement would have been to just have Sony give $500 to every man, woman, and child on the planet, and have its CEO spend as much time in a US federal assrape prison as anybody who would have done this to Sony's corporate computers would have, after being caned in Singapore. Then when he was released from US prison, have the Chinese execute him and bill his family for the bullet.

If you work for Sony in any capacity at all, I hate your fucking guts. Please die and take your God damned company with you.

Sorry for the rant.

Re:Damn them anyway! Don't be Sorry (1)

Nom du Keyboard (633989) | more than 7 years ago | (#17828686)

Sorry for the rant.

Don't be. You earned the right to it.

Now if your computer is old enough to be running Win98 (mine is as well), consider it's time to upgrade. Try to get XP installed by the factory, since you'll likely like Vista even less, and give the old computer to the daughter. After that, if she stuffs it up, it's her problem, not yours.

How much they should actually pay (1)

Kwesadilo (942453) | more than 7 years ago | (#17828402)

Sony BMG should have to pay each infected person the amount of money that it would take to replace their infected system plus the money they lost from not being able to pull all of their data out of the fire. For the average user, this malware probably made their computer totally unsalvagable, so this seems reasonable.

Grrrr Rrrrr Aaah-Oogah!!! (1)

Nom du Keyboard (633989) | more than 7 years ago | (#17828598)

(Subject Title is from the Dilbert Desk Calander for 1/28/2007)

So it took them this much longer to achieve exactly the same settlement, lawyers billing their time all along the way. That's government in action for you.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?