Next Generation Emulation banner

Sony, Rootkits and Digital Rights Management Gone Too Far

5051 Views 118 Replies 21 Participants Last post by  __Xzyx987X
Story can be found here.

This really makes me feel glad I don't listen to any music being published by Sony, seeing it installs stuff worse than spyware on my computer.

There's a few interesting posts underneath the blog, I'll quote a few.

INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.

California Business & Protections Code Section 22947.3, Paragraph C:

A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.

This is some horribly written legislation (difficult to parse), but it appears that you must be able to specifically decline to install software (regardless of EULA conditions).

If this is a British company, or one which operates from the UK then they may have fallen foul of UK law, specifically the Computer Misuse Act 1990 as follows:

"3.-(1) A person is guilty of an offence if-
he does any act which causes an unauthorised modification of the contents of any computer; and
at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing-
to impair the operation of any computer;
to prevent or hinder access to any program or data held in any computer; or
to impair the operation of any such program or the reliability of any such data.

(3) The intent need not be directed at-
any particular computer;
any particular program or data or a program or data of any particular kind; or
any particular modification or a modification of any particular kind.

(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

It would seems that this law would apply to any UK citizen who's PC was affected by this software. It would be interesting to see what the consiquences of this would be for the company in question.

Kind Regards

81 - 100 of 119 Posts
The more I read about them, the more I start to dislike them in a serious way. (all the Sony bashing for their PoS2 is just fun you know :p )

Read this article. "What you don't know can't hurt you"

What an arrogant statement, not to mention that it CAN hurt you. Even if you don't know anything about rootkits and stuff, it is still possible that someone from the outside might do damage to your belongings by getting your computer infected with a virus.
I'll say it once: Control. They want a way to force more people to buy from them, by stopping people from sharing music. But thanks to the knowing few who warned us about it, it will hopefully stop.

Unfortunately, that's not the last time we'll hear about DRM. Its main challenge is to provide both conveniency AND CONTROL to consumers. Its about an unbalanced fight between the media industry and the consumers, lost for the latter since the DMCA was drafted.

Once upon a time, people casually relinquished the right to copy (ie books, vinyl discs...) to the industry because it required a tiresome effort only the industry at that time could produce. Copyright used to limit copying to the companies authorized. Recently it has been used as a way to restrict everything.

Remember, copyright is an industry regulation. It should not apply to 'consumers'.
But in the current age we live in, since it became easier and easier to copy content (either books or music i.e), people are no longer willing to give up the right to copy for private/personnal uses.

For everyone's notice, I say that copyright is supposed to ensure both the sharing of knowledge and the rewarding of innovation. There is no room for excessive greed there.




DRM has essentially these uses for companies:

- Competing products are driven off the market because of incompatible DRM. The most popular wins.

- Competition is prevented

- Abuse of "copyright protection" rewards monopolies. Remember Microsoft's. They're at it too, not only Sony is.

- Copyright's balance of benefits is definitely lost.

- Beneficiaries are a tiny fraction of society
See less See more
Kraelis said:
Or don't use Auto-run. The tape might be small, but it's enough to risk instability of the CD. Besides, it'll also cause wear and tear on the drive.
Applying another piece of duct tape on the opposite side should do the trick.
Well that is just adding fuel to the fire, there is enough ppl that are not fond of RIAA. Besides, Rikki is right about the greed part, not a lot of ppl are content with what they have it is kind of saddening, but that is the way we humans work.
It's still wear and tear since the drive will darn try it's hardest to read unreadable data before giving up.

But anyway....

It seems' Mr. Sherman is a big dimwit. Even if the rootkit did not have any security vulnerabilities (as if such a thing was practically possible), the deception involved with the concept itself of a rootkit is an issue. It's just like saying it's OK to install a Trojan in your system as long as it's not a security vulnearbility, but worse, since rootkits are actively stealthy by nature. Not all technology is good, nor even lawful to begin with. So can Sony get away with it by getting the user to agree with a EULA that mentions such security enhancements? Well, there IS such a thing as contract which is "contrary to law", and as such illegal and non-binding if it can be proven as such.

Copyright's intention is to is to serve as a mechanism to selectively grant selective rights over the material to other people. At its very core is the recgnition of who the creator is. All the other rights are given or taken as seen fit. Aside from recognition, it's other purpose is to protect the interests of the creator. This is why the right to sell reproductions is withheld, but you can easily sell what you bought as long as its the only copy. Oddly enough, in most cases, it's actually the publisher that's more concerned with this than the creative author. It's even widely considered that publishers were really the first to request and benefit from this. It doesn't necessarily ensure the sharing of knowledge. Unfortunately it's merely a commercialization tool now. You're reproducing something for your own benefit, and yours alone, for purposes that come with the nature of the material such as audio. You don't have to make copies of a book to enjoy it, but you do need to load it on your mp3 player, etc...

Sad how it's being used for greed now.
See less See more
It would seem the EFF (Electronic Frontier Foundation) is also sueing Sony BGM, but not only for the XCP but also SunnComm MediaMax software.

EFF Files Lawsuit Against Sony BMG
By Nate Mook, BetaNews
November 22, 2005, 1:29 PM

Not long after Texas Attorney General Greg Abbott announced he had sued Sony BMG over its invasive copy-protection scheme, the Electronic Frontier Foundation said it filed a class action lawsuit against the record label in Los Angeles. The EFF's suit goes beyond the rootkit and includes SunnComm DRM used by Sony as well.

While acknowledging that Sony has taken steps to recall CDs affected by First 4 Internet's rootkit DRM, known as XCP, the EFF says "these measures still fall short of what the company needs to do to fix the problems caused to customers."

The organization also chided Sony for ignoring altogether concerns about the SunnComm MediaMax software. MediaMax is used on over 20 million CDs -- ten times the number of discs containing XCP. The EFF claims that the software installs on a user's PC even if they do not accept the license agreement and has no uninstall facility.

SunnComm's software tracks when a user listens to CDs and reports the information back to the company. Security researchers have also discovered that an uninstaller provided by SunnComm opens the door to security risks, just like the XCP uninstaller provided by Sony.

"Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public's trust," said Corynne McSherry, EFF Staff Attorney, in prepared remarks.

"It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software."

The EFF says Sony has not widely publicized the XCP problem, and "has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA)."

"Regular CDs have a proven track record -- no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG's experiments?" remarked EFF Legal Director Cindy Cohn.

Sony is facing six other class action lawsuits in addition to the Texas suit, according to the EFF. The group has posted information about the litigation on its Web site.
I wonder what will Sony do after this

It's still wear and tear since the drive will darn try it's hardest to read unreadable data before giving up.
We can also use a black marker to do the trick
The point is that the laser will be damaged either ways, because of the higher output while trying to read those sectors. It's similar to the LA chip issue in new PS2s when reading bad media for a long time (even when not using a mod chip).
It's great to see all the people suing sony, now they'll probably think thrice before doing something like this again.
I doubt it, I still see the posibility for those media groups to do something worst like forcing thier crap on your computer by changing the law or by employing hackers to directly attack peoples computers
Hackers, at least real ones, are not the type to go by big brother's whims. They're what you might call... free spirited... moving in the gray area of computing.

Although Sony can probably do some congressional lobbying, I doubt they can harness hackers against us. Some might be lured by the money... but for sure we'll have the better ones on our side. It simply is the way hackers are.
Some might be lured by the money... but for sure we'll have the better ones on our side.
What about the ones who turn most pcs into virus spreading zombies? maybe they will turn peoples pcs into zombies that force the crap on to your pc
Those aren't made by real hackers. If Sony ever stoops that low (doubtful), all the real hackers need to do is find evidence of the like, and, I betcha, no amount of money can save Sony from being blown out of the water. That's downright illegal, EULA or no EULA.
Those aren't made by real hackers. If Sony ever stoops that low (doubtful), all the real hackers need to do is find evidence of the like, and, I betcha, no amount of money can save Sony from being blown out of the water. That's downright illegal, EULA or no EULA.
Unless they do that from Sony's secret headquarters somewhere in the pasific outside of other countries......j/k
pacific? secret headquarters?

seems like u know quite a lot player-x...UR THE HACKER !

/me bonks player-x on the head
Actually, there's one in St. Andrews... no extradition treaties. :lol:
Sony obviously is in trouble. However, I wonder if people will prefer to have their 'value-substracted' audio CDs replaced, or sue Sony for more compensation.

Fair-play from companies smells nice. Sneaking rootkits and defending these sure is a PR mistake.

I can bet my DRM'd CDs that in the near future, the only thing from Sony in my home will have 'Playstation 2' on it.

BDA's (who Sony is a member of) next-gen Bluray disc format seems to have trouble convincing the movie industry lately:
More expensive than HD-DVD and require all-new, special pressing machines. Who knows what new DRM schemes might be 'sneaked in'?

Sony's DRM scheme was out since a long time. No details were disclosed to the public, and it lasted for months until someone (the MAN from sysinternals) discovered it BY CHANCE (and a lot of knowledge in security). Those stuck with this rootkit can say 'thanks' to this dude.

I wonder: what if he hasn't discovered it?
81 - 100 of 119 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.