decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.

Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal

User Functions



Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

What About Sony's Downloadable Music?
Saturday, November 19 2005 @ 07:03 PM EST

I've been puzzling over how so many people in the UK and all over Europe got infected with Sony's rootkit, when Sony says it doesn't distribute those CDs in the UK. Then I had a thought. Doesn't Sony allow you to download music from its website? Is it possible that they have something rootkitting around in there too? Has anyone checked?

I mention it because of the statement made by the Department of Homeland Security official that if the bird flu happened to hit at the same time the rootkit was compromising millions of computers worldwide, it could be very serious indeed: "If we have an avian flu outbreak here and it is even half as bad as the 1918 flu, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is going to be a matter of life and death and we take it very seriously as well."

I couldn't find anyone writing about researching the digital downloads. So I went to Sony's site to buy some music to download, just to see what would happen. Notice you have a drop-down menu under Digital Downloads, where you choose a store. If you choose Sony Connect, there is a note "Must Be Installed." That's true for iTunes too, and Napster, and Real and everything else on the list. You need a player. So, what is in the Sony Connect player? Are we allowed to look? If not, could someone please do something about the DMCA before someone dies needlessly? Seriously. Is that fear why no one caught this rootkit for so long?

Sony Connect launched in July of 2004 in France, Germany and the UK, according to this The Register article, with other countries in Europe to follow later that year. That is a long time for a rootkit to be spreading with no one noticing. I understand that the antivirus companies as a group sold us out, and went along with Sony, but what about other security researchers? No one thought to check? Or no one dared to? The article also mentions that Sony Connect is located in Germany. I mention that for the lawyers out there.

I am not a lawyer, but I reasoned probably I was allowed to do what Mark Russinovich did, so I decided I'd buy something and download it and see what happened next. Note that this isn't legal advice. I am just explaining what I did, not what anyone else should or shouldn't do. But I hit a wall. You have to have Internet Explorer as your browser. Really. I'm wondering if anyone else has thought of this as another possible source of infection? Obviously there is some kind of tether on the download. This 2003 Wired article on Sony explains what Sony was planning and why:

Users of online services are offered only "tethered" downloads, which come with limitations on how files can be copied or burned to a CD, or transferred to a portable player. It's as if Macy's used anti-shoplifting tags to set limits on how many times your pants could be put in a suitcase or where you could go in them....

With OpenMG X, the version being developed, Sony will no longer set blanket rules for its own devices; it's created a digital rights management system that works on any manufacturer's hardware and allows the content owner to set the rules. Sony wants OpenMG X to be accepted across the entertainment industry - an ambition that puts it face-to-face with Microsoft. "The whole security/digital rights management/copyright arena is a critical battlefield," Stringer declares. "We're racing - racing - to get to a solution that has an open standard so that Microsoft doesn't waltz in and develop the audio-video operating system."

A digital rights management system isn't just a traffic cop; it's a powerful tool that gathers all kinds of information about consumers, from credit card numbers to listening habits, and dictates which devices can talk to the PC and how. Microsoft's DRM software, a key feature of its Windows Media platform, promises total flexibility for entertainment companies, and it's designed to work not just on PCs but with consumer gadgets like Sony's. "If it is the de facto standard for all digital rights management," says Stringer, "then at some point it migrates into all the networked devices, including the television set and everything else. Sony's nightmare is that the TV set becomes a monitor."

This puts Sony in a bind. Except for the Xbox, Microsoft doesn't really sell hardware. All it has to do is keep entertainment executives happy and watch them adopt its DRM platform. If Sony fails to offer every bondage option the entertainment folks can imagine for their customers, it opens the door for Microsoft to take control of its hardware.

Isn't that the problem here? That the entire world, not just software companies like Microsoft or hardware companies, like Sony partly is, but legislators too have caved in and have set everything up to satisfy the entertainment industry? And what it takes to satisfy them! We got a peek when the rootkit was revealed.

Then in 2004, The Register took a look at Sony Connect:

Sony's choice for format restricts consumers to its own hardware - a complaint the paper also makes about Apple, though at least iTunes does permit you to rip CDs to MP3 for transfer to other brands of player. Sony's SonicStage software does not support MP3 and "it defaults to storing music in an invisible, deeply buried sub-directory", the paper warns....

"Connect permits an unlimited number of transfers to portable players - except for songs from Warner Music Group's labels, which are restricted to three transfers. Ever," the paper reveals.

"Similar control-freak behaviour ensues when you move purchased songs to the other two PCs you're allotted at any one time: those copies lose all their transfer and CD-burning permissions. Sony says an upcoming software update will restore transfer rights, but not disc burning, to those copies."

Obviously, if it can do this, it is talking to Sony about you in some manner. If anyone is researching this, no doubt they'll let us know eventually.

I know it's the right question. If you read Bruce Schneier's article on the stunning acing of all the anti-virus companies, their failure to either notice the rootkit (with the exception of F Secure) or to tell us about it, I think we can at least validly ask if this problem is a lot deeper than it originally seemed. And I sincerely hope someone who knows how and is allowed to is looking into more than just Sony's CDs.


What About Sony's Downloadable Music? | 222 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections Here Please
Authored by: fettler on Saturday, November 19 2005 @ 07:16 PM EST
Corrections et al:

[ Reply to This | # ]

Sometime the simplest explanation...
Authored by: Mark Levitt on Saturday, November 19 2005 @ 07:37 PM EST
is the right one.

Lets see, Sony lied about:
1) The number of CDs containing the XCP software (they said 20, it's actually
more than twice that

2) Whether the software sends information back to Sony. They said it doesn't,
but it's been shown to make a request to a Sony website with an ID number.
At the very least, this tells Sony your IP address and that your playing a CD.

3) The severity of the software, telling people it was not a security risk.

Would it really be beyond them to lie about where these CDs were sold?

I think Sony is either unaware of the locations where these CDs were on sale
or they are continuing to lie, hoping to limit the damage.

After reading through the UK's Computer Misuse Act, I can think of a good
reason for Sony to say they didn't sell these disks in the UK... (Like they
like going to jail)

[ Reply to This | # ]

See EFF for more info.
Authored by: Anonymous on Saturday, November 19 2005 @ 07:40 PM EST
check EFF's Open Letter to Sony as well as some of their other info on this topic.

I'm upset about this because I wrote the liner notes for one of their infected albums and then recommended it to all my friends. Thank God, the copy I have is the pre-release one to listen to so I could write the liner notes. I then had to call and e-mail my friends and tell them NOT to buy the album.

At this point, I don't see a way of putting rootkit software within a media file but, requiring a special player to play the media is exactly what Sony did on their CDs. I guess they could do something just as evil with their music download service. BC

[ Reply to This | # ]

Off Topic goes here
Authored by: John_Doe#1 on Saturday, November 19 2005 @ 07:42 PM EST
Clickable links: Like this

HTML Formatted in the Post Mode drop down box

[ Reply to This | # ]

There needs to be a bit of bird fly sanity
Authored by: Anonymous on Saturday, November 19 2005 @ 07:47 PM EST
To put it as bluntly as one Australian Virus expert.

There will be a pandemic.
It won't be this version of the bird flu.

His reasoning. Pandemic's happen, get over it. This version of bird flu has been
around for 5 years and nothing has happened.

Crazy Engineer

[ Reply to This | # ]

Bruce Schneier Misses Something Obvious
Authored by: Mark Levitt on Saturday, November 19 2005 @ 07:48 PM EST
If you read Bruce Schneier's article on the stunning acing of all the anti-virus companies, their failure to either notice the rootkit (with the exception of F Secure) or to tell us about it, I think we can at least validly ask if this problem is a lot deeper than it originally seemed. And I sincerely hope someone who knows how and is allowed to is looking into more than just Sony's CDs.

Although I enjoyed the article, I think Mr. Schneier misses something fairly obvious. He implies that there was some form of collusion between Sony and the Anti-virus software vendors. While he may be right to some extent, I don't think it's a simply matter of Sony asking nicely and the anti- virus companies looking the other way.

Think about it: If the anti-virus companies had marked Sony's software as a malicious peice of code and removed, they would be guilty of breaking the law. Under the DMCA, distributing tools designed to circumvent a technological copy protection measure is a crime.

Rather than a collusion, I suspect the Anti-virus companies corporate lawyers made it clear that removing Sony's software could possibly land the company is serious legal trouble.

What really needs to be pointed out is that Mark Rossinovitch, who broke the story about Sony's rootkit, is a criminal under the DMCA. And, all the companies that are now releasing removal tools, are breaking the law as well.

Maybe when people realize that the DMCA makes it a crime to make your own property safe from damage the law will be changed.

[ Reply to This | # ]

The real question is, Why would anyone buy a product like that?
Authored by: kawabago on Saturday, November 19 2005 @ 08:15 PM EST
Why would anyone buy a product with restrictions like that? The quotes from the
article clearly show that the entertainment industry and Microsoft both hate
consumers. Unfortunately for both the entertainment industry and Microsoft, DRM
is not going to be the way of the future. They already have strong hints at how
much people don't want it but they simply refuse to acknowledge them.

Musicians can record and produce their own music at home with pc's and open
source music tools. They can distribute their music directly to fans on the
internet, the music companies are no longer needed.

That is why DRM will not become a new cash cow for either the entertainment
companies or Microsoft. The entertainment industry model is failing and being
replaced with a new paradyme putting the artist in control. Microsoft will be
killed off by open source and DRM will no longer be talked about.


[ Reply to This | # ]

Boycott Sony
Authored by: Anonymous on Saturday, November 19 2005 @ 08:20 PM EST
Not forever, just until January 02 /06.

If Sony misses out on the Christmas rush perhaps they, and the rest of the E! industry, will figure out that their customers don't like to be harrassed, lied to or spied on.

!!! - Arista Records, BMG Classics, BMG Heritage, BMG International Companies, J Records, Jive Records, LaFace Records, Provident Music Group, RCA Records, RCA Victor Group, RLG - Nashville, Sony Urban Music, So So Def Records, Verity Records, Columbia Records, Epic Records, Legacy Recordings, Sony Classical, Sony Nashville, Sony Wonder, Sony Ericsson, Sony Music, Sony Pictures, Sony Electronics & PlayStation. - !!!

Sony's actions were egregious, their behaviour is arrogant and their response has been without remorse.

A six week consumer action just might have the effect of reaching into the corporate boardrooms and making those who approve such actions pause. A six week consumer action just might make pension funds and other big $$ investors smack corporate leaders upside the head and direct them to 'do no evil'. A six week consumer action just might tip the balance, for a little while anyway, away from unaccountable corporate malfeasance.

Please keep in mind that while Sony is the target of this boycott; it is the insatiable, unconscionable corporate thinking that perverts any reasonable interpretation of capitalism that needs to be reformed... My hope is that Sony can go from loser to leader.

[ Reply to This | # ]

What About Minors and ELUA's
Authored by: Anonymous on Saturday, November 19 2005 @ 09:25 PM EST
Are DRM type agreements enforceable with regard to minors, or do
parents/guardians need to be a party?

Could we see music, hardware, downloads, and so on, restricted to those over


[ Reply to This | # ]

About "Fair Use"
Authored by: Anonymous on Saturday, November 19 2005 @ 09:27 PM EST
This topic troubles me greatly, and I've been following the stories here closely. A few days, ago, PJ wrote:
Time-expiring copies? So they not only want to prevent sharing music with a friend, what they call "casual copying," now they want music you buy to evaporate? ...

Seriously though, let's think for just a minute about the big picture. Fair use is part of copyright law, is it not? So, if we are all going to be law-abiding, that means that copyright holders have to abide by the law, too, just like customers do. No? But when DRM schemes cut off all possibility of fair use, is that lawful? [emphases mine]
I am not a lawyer, and this is not a troll, and I certainly don't want to see "rights management" used to do what Sony (and others) are trying to do. But fair use seems a slender reed to hang our hopes on.

17 USC 107 specifies four issues that must be considered when determining whether a particular usage is fair. But neither it nor precedent (as far as I know) gives a bright-line rule that would let lawyers, much less laymen, decide what is and isn't, short of taking it to court.

"Casual copying" arguably fails all four prongs -- at least, let's not debate it now. What I'm talking about is customary use, what we've become used to doing with our books and records: reading or playing them where we like, when we like, as often as we like, for as long as we own them.

The fact is that copyright has long been enforced, not by law, but by economics: a particular copy of an expression was inextricably tied to a physical item. It was physically impossible or (more often) economically infeasible for the end user to make another copy and thus become the not-the-end user. By the same token, once that copy passed into the user's control, it was impossible or infeasible for the publisher to monitor and control the user's use of it.

Whenever copying or passing-along got easier, publishers got frantic -- first when Bill Caxton invented moveable-type printing**, later when public libraries were formed, still later when you could tape a movie off the air on your new Sony Betamax.

**(Yeah, I know about Gutenberg and the folks he stole his press from. What Caxton did that scared the vendors was he started making money from it.)

So here we go again. Only now, the expression is no longer tied to a physical item and every pass-along copy has complete fidelity to the legal copy in hand (which is likewise faithful to the original) and every kid and his cousin has the technology to make those duplicates, and buy blanks to do so at 10 cents per, down at Fry's.

Is it any wonder the publishers wanted somehow to tie copies back down to something? Or that bright techies figured out how to tie use to a software "key"? Or that bright lawyers and lobbyists figured out how to pass the DMCA to make bypassing that key (so technically trivial) illegal?

Or that bright capitalists sat back and said to themselves, "Hey, now that we've lassoed the copies back in again, do we really have to give away all the stuff we used to?" One man's looting is another man's "monetizing".

I am afraid that our customary use is not fair use, in the strict legal sense. It's not "educational" or "nonprofit"; you copy*** the entire work (who wants half a song or book or movie?); it affects the "value" of the work (in that the publisher can't force you to buy another copy). It's not criticism or news reporting or classroom use or research -- it's entertainment... which isn't mentioned.

***(I believe there are precedents that reading a digital image into RAM is "copying", at least in the case of computer programs. If so, why not a song?)

I fear that customary use is licensed use -- and what license is granted is up to the owner. Sections 108 through 122 limit the publisher's restrictions on broadcasters, libraries, disabled folks, etc., but not much is said about us, the customary customers. The first sale doctrine would seem to imply that we have some control over the particular copy we have in hand (since the publisher cannot stop us from disposing of that copy as we like), but doesn't actually mention using the copy. And that's only if we actually own the copy, as opposed to merely owning a license to use the copy, with the publisher retaining ownership -- as every EULA ever written seems to say.

Today's top Groklaw news link is to a story of just this sort of thing. I don't want to be limited in the number of times I can read a book, or where I can read it, or on what kind of medium, or to have to phone home to E.T., Inc., to get permission (and get tracked) every time I do. And I predict that publishers who try to force this down our throats will trigger a customer uprising.

But I'd be very nervous about depending on the courts to guarantee customary use to us.

[ Reply to This | # ]

What About Sony's Downloadable Music?
Authored by: blacklight on Saturday, November 19 2005 @ 09:51 PM EST
I am of two minds whether discovering the root kit only after eight months
benefited Sony:

On one hand, had Mark Russinovich discovered the rootkit on Day 1, Sony's costs
of recall would have been a lot lower.

On the other hand, I am pretty cynical as to whether the costs of recall are
going to be of any significance to Sony if only a small percentage of buyers
takes advantage of the recall. Now that I think about it, the recall may very
well be a cynical attempt by Sony to evade further liability over the rootkit.
"We offered to replace the CD's, and the plaintfiffs simply did not take
advantage of our offer. Therefore, we should not be held liable for any
subsequent virus infestation, Your Honor"

In the meantime, I am not buying any of Sony's videos or music. In fact, Sony
has yet to put out a statement acknowledging that Sony has no right to tamper
with buyers' computers.

Know your enemies well, because that's the only way you are going to defeat
them. And know your friends even better, just in case they become your enemies.

[ Reply to This | # ]

What About Sony's Downloadable Music?
Authored by: Sneakster on Saturday, November 19 2005 @ 10:19 PM EST

>I'm not yet familiar with the contents of the Sony-BMG
>rootkit. But it is said to contain "cloaking" technology,
>which pretty much requires modification to such system
>programs as "dir". Classic rootkit. Any AV program that
>routinely monitors system file checksums could fail to
>notice such a rootkit only by deliberate design. Hence
>Mr. Scheier's suggestion of collusion.

Best not to make technical speculations if you aren't "familiar with the
contents". Mark Russovitch detailed exactly how the damned thing operates -
it hooks important system calls via a kernel mode driver (the reason you have to
be Administrator to install it).

Once the filesystem calls are hooked, the kernel mode driver simply hides all
files with names beginning with '$sys$' from directory listing system calls.
This will affect *any* program that uses those calls, whether directly or via
the appropriate run-time libraries and *NO* program has to have even one byte of
it's binary modified for this. Therefore, no Tripwire work-a-like is going to
see this rootkit.

"dir" is not a special program on MS Windows, BTW. It's simply a
function internal to the CMD.EXE command line interpreter shell program.

Michael A. Hobson
Web Programmer (I am definitely *not* a lawyer)
email: use my yahoo id at yahoo dot com
ICQ: #2186709
Yahoo: warrior_mike2001

[ Reply to This | # ]

Influencing the DRM platform?
Authored by: Anonymous on Saturday, November 19 2005 @ 10:30 PM EST

Will Sony gain or loose by these recent events?

Sony's history is in various stand alone players.

Microsofts history is PC software, they don't make hardware.

The battleground is the digital home.

Bill Gates believes that Windoze Vista will become the hub of the digital home.

Sony has just demonstrated why it won't.

Stand alone players with the the blu-ray disc will be cheap, internet connected and enforce the DRM that Hollywood and the RIAA desires without compromising anyone's data.

Vista home won't be so widely accepted following recent events.

Brian S.

[ Reply to This | # ]

SonicStage 1.5
Authored by: Anonymous on Saturday, November 19 2005 @ 10:37 PM EST
From the help glossary

A copyright protection technology used when importing and managing audio content
from music distribution services or audio CDs.

By using OpenMG compliant applications such as SonicStage, audio content can be
encrypted before being stored on the hard disk of a computer so that the audio
file cannot be played back on any computer other than the one it was created on.
OpenMG is useful in preventing unauthorized distribution of audio content via
the Internet.

MG seems to stand for 'Magic Gate'.

Advanced properties on some albums suggest you can reset the checkout count but
others stay locked. No rootkit detected by RKR, nothing shows in adaware or
spybotsd. Ethereal showed no undue IP packets during opening or playing a


[ Reply to This | # ]

  • Re: SonicStage 1.5 - Authored by: Anonymous on Sunday, November 20 2005 @ 12:40 AM EST
  • SonicStage 1.5 - Authored by: Anonymous on Sunday, November 20 2005 @ 12:45 PM EST
  • MG - Authored by: Anonymous on Sunday, November 20 2005 @ 05:20 PM EST
    • MG - Authored by: Anonymous on Sunday, November 20 2005 @ 08:40 PM EST
F-Secure noticed the rootkit, you say?
Authored by: Anonymous on Saturday, November 19 2005 @ 11:26 PM EST
Yeah, well, umm, they 'noticed' it I guess.

And they said mum about it also!

Mark blogged about it and then about the very same day F-Secure publishes they
have knowledge about it. Which frankly, doesn't make them look better in my eyes
than the ones who didn't know.

F-Secure didn't report a thing or do anything of practical worth that I'm aware
of. They say they were working with Sony on it.

What about their customer base? The people who trust in them and buy their
services. Where exactly do they fit it?

One thing for sure, they didn't have much effect convincing Sony it was a
security risk. Sony was still producing and marketing the software on the day
Mark posted his report. Within a day or so after his report, Sony affirmed that
it is not a security risk.

F-Secure knew about and it was hush, hush. That's how it comes across to me
after I read the words straight from F-Secure.

Also, First 4 Internet reported they were working with the aniti-virus vendors
and specifically mentioned Symantec. If there is any truth to that, I don't know
what to say.

I will say that I've read no reports from Symantec denying what First 4 Internet

If I were Symantec and accused of supporting or working with what turns out to
be a company producing sleazy rootkits and likely infringing on copyrights to
boot, and it were not true, I'd speak up and call First 4 Internet liars for
naming me.

I seriously doubt we will see denials from Symantec in this area.

[ Reply to This | # ]

One way to review questionable software.
Authored by: hamjudo on Sunday, November 20 2005 @ 12:37 AM EST
If the DMCA or its ilk may apply to you, consult a lawyer before doing anything remotely close to publishing details about circumventing the copy protection. It seems like it should be ok to report on whether a particular software install is unusually invasive or requires excessive resources.

Some suggested techniques for measuring the resources used by a questionable software install. Use the subset for these tests that match the tools and skills that are available to you. Suggest things that I may have missed.

  • Use a relatively small partition, so you can reasonably copy the whole thing to other media.
  • start with a baseline install of the OS with appropriate patches installed.
  • Measure the performance of the baseline system, how much disk space is free, and how much memory is free.
  • With an external network host running etherial or something similar, monitor the network activity of the baseline configuration on a "idle" system for at least 24 hours.
  • Use one of those tools that can save the entire contents of the registry to a regular file.
  • Boot your computer with a live CD such as Knoppix or Ubuntu.
  • Recursively copy the whole filesystem to a directory on a Linux host or external drive.
  • Also copy the raw image (the bits from the disk) to the external storage.
  • Reboot under the baseline OS.
  • Install the questionable software.
  • Repeat the performance tests, how much, if any, has performance gone down? How much disk space is available now? How much memory is available now?
  • Monitor the network for another 24 hours, and while running the questionable software. Is there more network activity? Does it contact different hosts?
  • Copy the registry to a normal file.
  • Reboot under the live CD.
  • Once again recursively copy every file to the external host, and make an image of the disk partition.
  • Compare filesystems, how many files were changed, and in which directories?
  • Compare the registry copies, how many existing registry settings were changed? How many registry settings were added? Were all the new registry settings in the registry under the software vendors company name, or were settings change in other parts of the registry?
  • Does the amount of disk space available and the amount of news files created add up correctly, or was disk space used outside of the normal filesystem. How much phantom space did the software use?
  • Were any portions of the disk altered that aren't part of the filesystem? ie. boot blocks or partition tables?
  • Reboot to the OS under study.
  • Uninstall the questionable software.
  • rerun the performance tests, and measurements. Did everything return to the baseline configuration?
  • Did all of the questionable software's network activity go away?
  • Save the registry to the filesystem.
  • Reboot to the Live CD, and see if any files or registry keys got left behind.
  • Copy the baseline disk image back to your system before testing other software, or retesting this software.
Write your review. There is no need to be specific about which system files or registry keys got changed, or what hosts were contacted. Just report whether any got changed, or if hosts were contacted.

[ Reply to This | # ]

you can detect it too
Authored by: Anonymous on Sunday, November 20 2005 @ 04:04 AM EST
You can always run rootkit revealer or blacklight. That shouldn't be considered
as a dmca bypass madness as it just signals the illegal method of hiding files.

Also, you might catch a keylogger unrelated to Sony :)

[ Reply to This | # ]

Sony's motivation for the recall
Authored by: cybervegan on Sunday, November 20 2005 @ 04:47 AM EST
In another post here, Blacklight reminded me of an observation I made when
discussing S0ny's response to their cover being blown. My colleagues and I had
been talking about how S0ny were obviously in hot water, what with the Italian
Polizia taking it seriously, and three consumer class action suits in the US,
and the probability that the kit is probably illegal here in the UK under the
Computer Misuse Act.

My comment was "That's why S0ny are recalling the CD - simply to mitigate
damages if they lose any one of those cases in the States! If they lose, they'll
just resume production, and carry on as if nothing ever happened".

So, I don't think it's about admitting they were wrong - its more about damage
limitation, in the courtroom. They are still in denial; they still don't
believe what they did was wrong, and they just can't admit to themselves that
this is the wrong approach to copyright infringement.

Assuming I am correct (big assumption) I wonder if, considering the backlash,
they are still considering this course of action.


Software source code is a bit like underwear - you only want to show it off in
public if it's clean and tidy. Refusal could be due to embarrassment or shame...

[ Reply to This | # ]

Sony May Not Distribute but Others Do
Authored by: hauva on Sunday, November 20 2005 @ 04:54 AM EST
Sony BMG may not distribute their malware but that does not mean that those
"CD"s are not found outside of US.

The public library of Espoo (a city just west of Helsinki, Finland) found a copy
in their collection. The "CD" was probably bought from some US

Also, there seems to be network traffic from rooted systems in Finland although
Sony claims that the DRM "CD"s have not been distributed in Finland.
Some people are forgetting that web shops exist.

Ari Makela, Helsinki, Finland
My name is Ari and I am a grokholic.

[ Reply to This | # ]

Sony's root kit
Authored by: Anonymous on Sunday, November 20 2005 @ 05:05 AM EST
the Australian age

Crazy Engineer

[ Reply to This | # ]

  • Sony's root kit - Authored by: Anonymous on Sunday, November 20 2005 @ 10:06 AM EST
What About Sony's Downloadable Music?
Authored by: Jonathan Bryce on Sunday, November 20 2005 @ 07:18 AM EST
The short answer is that CDs are generally priced the same in $ in the US as
they are in £ in the UK. The exchange rate is currently $1.72/£, so even after
international shipping and import taxes, it is cheaper to buy your CDs from than

[ Reply to This | # ]

What About Sony's Downloadable Music?
Authored by: darkonc on Sunday, November 20 2005 @ 09:12 AM EST
Has anybody written to Sony asking for a copy of their source code under the GPL?

Powerful, committed communication. Touching the jewel within each person and bringing it to life..

[ Reply to This | # ]

A few thoughts
Authored by: Anonymous on Sunday, November 20 2005 @ 10:20 AM EST
Sony trial this XCP on a few (?number) musci reviewers pre release. They try it
out on the radio shows to check the music quality. No problems for about a year.

They next run it on the internet download sites. This is more complex and risky
as the antivrus companies might pick it up. These guys normally do contact the
vendor if they are large before stating that there is a security problem. But
not a delay this long.

Independ security people - there are a lot of bugs out there - just look at the
bug list for the Linux kernel for example and only so many eyes. Who would have
though some like Sony could be so stupid to try this? At least we know for the

Now F Secure claim to have picked this up 30 days before the blog reveals it to
the world. They like the bigger firms were 'in talks' with Sony.

The blog that revealed the existance of the root kit was by a chap with long
standing connections to MS. He is also a genuien expert on Windows so any
connection here is not clear.

The number of networks seems to exceed 500,000 and the number of machines is
probbaly > 2 million - we dont know this yet. Sony have this XCP on 50+

This XCP contains unlicenced code. This is copyright infringement. Thanks to
Sony and thier pals in the RIAA et al this is now a criminal acttion in many

This means that the retailers involved are facing criminal charges as well. It
seems extremely likely that they have acted innocently and all they will be
forced to do is disgorge thier profits from the sale.


Sony are facing or will face both civil and criminal actions in several
jurisdictions for copyright theft, damage to computers, violation of privacy
laws and others. F4I may or may not be facing criminal and civil actions.

The retailers are facing both criminal and civil actions for participating in
possibly the widest ever copyright infringement event ever.

Sony are facing law suits from the retailers for damage to thier business (tort
claims), from their artists from loss of sales, damage to repuation etc, from
thier shareholders for damage to the share price. The directors in particular
are in trouble because E&O insurance (Error and Omissions) does not normally
insure you against criminal actions. (The law does not normally uphold a
contract for criminal such actions.)

Moving on - are there still others in the firing line?

I think the answer is possibly yes.

Consider the RICO requirements:

Enterprise - tick that.
Pattern of related activities - tick that.
Continutiy - tick that.
Interstate commerce - tick that.
Conduct exceeding one year - tick that.
Directly injured third parties - tick that.
Federal offense - tick that.
Criminal activity - tick that.
Involving more than one party - looks like that wih Symantec to me.

Do I think a sucessful RICO action can be brought here?

Sucessful civil RICO actions are rare. There are loads of facts we dont know
yet. But if I was an antivirus firm in the US that knew about this root kit
(this includes MS here) I would be waving this past my lawyers - just in case.



[ Reply to This | # ]

What About Sony's DVD?
Authored by: Anonymous on Sunday, November 20 2005 @ 10:28 AM EST
Part of the SONY empire, in addition to Sony-BMG, are Sony Pictures et al. (See

I just looked to see if by chance there were any Sony DVD in my very small
collection. I was going to use a Linux based forensic tool kit to see what I
could find. No joy, however, as I seem to be a Sony media free zone.

So the question; has anyone look at other Sony media?

Sony Corporation of America (SCA)
Outline of Principal Operations

Sony Pictures Entertainment (SPE)
Columbia TriStar Motion Picture Group
- Columbia Pictures
- Sony Pictures Classics
- Screen Gems
- TriStar Pictures
Sony Pictures Home Entertainment
Sony Pictures Television Group
- Sony Pictures Television
- Sony Pictures Television International
Sony Pictures Consumer Products
Sony Pictures Digital
- Sony Pictures Imageworks
- Sony Pictures Animation
- Sony Online Entertainment
- Sony Pictures Digital Networks
- SPiN
- SoapCity®
- Sony Pictures Mobile
Sony Pictures Studios
- Sony Pictures Studios Post Production Facilities
- DVD Authoring Center
- Worldwide Product Fulfillment
Game Show Network

[ Reply to This | # ]

What did M$ know and when? N/T
Authored by: Anonymous on Sunday, November 20 2005 @ 11:07 AM EST

[ Reply to This | # ]

Why are we even having to discuss this?
Authored by: Anonymous on Sunday, November 20 2005 @ 11:36 AM EST
To me it's simple.

If it were me or any private individual, or small company news of the the arrest
would be old news by now.

Why should a deep pocket or two make a difference, they broke the law(s), they
should pay the price, in time not only $$$

[ Reply to This | # ]

Why nobody has noticed all the rootkits yet...
Authored by: Anonymous on Sunday, November 20 2005 @ 07:22 PM EST
I am at times an information security professional, at other times a
professional reverse engineer. Finding, dissecting, neutralizing, and
sometimes *creating* DRM systems and rootkits (or, when I build them,
"remote administration and security audit systems") is a large part of
my day job as well as a hobby and a passion.

I haven't bothered to investigate what these DRM systems do because frankly I've
just assumed that they do everything the Sony rootkit does, and much worse;
hence, determining the specific details of what they do is too much like real
work, and I've never bothered. Actually, I assume *all* proprietary software
these days phones home, hides bits of itself in the dark places in the OS that
I've never heard of, and weakens or entirely defeats security measures. It
doesn't matter to me if these things are done maliciously or just due to
incompetence--both will ruin my day, so I behave in ways that give me blanket
protection from the lot.

If anything, I've been startled to see how *liberal* some of these DRM systems
in the field are--all the data I've seen protected with strong enough encryption
to notice has typically offered no rights to the consumer whatsoever. Granted,
I mostly deal with software and video, not music or books.

If someone absolutely insists that I install some particular piece of
DRM-encumbered software to hear a song, watch a movie, or read a book, I'll
usually just target the weak points of the DRM's encryption system instead of
trying to live within its restrictions, or even bothering to understand what
those restrictions are. I'll capture the data as the DRM system decrypts it,
then keep the data and throw the DRM system away. If I'm unwilling or unable to
break the DRM system, then I'll hear, watch, or read something else. If the
data in question is software, I'll write my own if I can't find something

It does take several hours to break these systems, so I'm often motivated to
save my own time by getting the material from a non-DRM-encumbered source, and
to save the time of others by contributing DRM-stripped material back to the
same sources. Ironically, I would not trouble myself to do either of these
things if the original vendor would just sell me a standards-compliant, non-DRM
file in the first place. If the vendors want to treat consumers as the enemy,
then they should not be surprised when consumers cooperate to defeat them. Duh!

[ Reply to This | # ]

SonyConnect = Rootkit?
Authored by: ExcludedMiddle on Sunday, November 20 2005 @ 08:41 PM EST
One of the parts of this discussion needs to be clarified. DRM software is not
equivalent to rootkits, they are distinct concepts. It is the rootkit in Sony's
XCP protection that is the most egregious part of their strategy. While I
dislike DRM, it is less likely to cause system instability, although it can
certainly do so if poorly coded.

The discussion about phoning home and other things that it does are also
troubling, and should be investigated, but unless SonyConnect does something to
modify the operating system to hide itself, or exhibit other rootkit behaviors,
it can only be called DRM software (which is certainly bad enough).

PJ seems to be calling for folks to take a peek at SonyConnect. I would second
that motion, and see what they've been up to.

[ Reply to This | # ]

One word: Imports
Authored by: Anonymous on Monday, November 21 2005 @ 05:36 AM EST

Over here in the UK, it is common practice to import the American versions of CDs, and sell them alongside our locally-produced versions of the same stuff. (Of course, people in the USA won't realise this, since all media of importance or interest are created in Hollywood, and imports to the USA are therefore superfluous. But I digress...)

For example, see Amazon UK's listing for Get Right with the Man. This is clearly marked as an import, although the reviews also clearly mark it as the spawn of evil, etc.

That's how so many people over here got rooted. No need to posit additional draconian measures. However, that doesn't mean they don't exist...

[ Reply to This | # ]

Just say no.
Authored by: philc on Monday, November 21 2005 @ 09:56 AM EST
Send a message with your money. If you believe that privacy is important and
should be protected (and should be treated like protection from "illegal
search and seisure"), don't buy their products. There is plenty of content
and software from companies and organizations that don't infringe your privacy.

Mpaa, riaa, and Microsoft no longer get my money.

[ Reply to This | # ]

Bruce Schneier's article & Open Source
Authored by: Anonymous on Monday, November 21 2005 @ 11:16 AM EST
The story to pay attention to here is the collusion between big media companies who try to control what we do on our computers and computer-security companies who are supposed to be protecting us.

This makes me thing of something else: there has been an argument going on for some time in the Open Source world about binary device drivers for Open Source operating systems. On one side, the pragmatists (Linus and others in the mostly Linux camp), thinking that they are at least a necessary evil, and on the other hand those, exemplified by OpenBSD's position, that they cannot be tolerated.

Most of the arguments have centered around IP issues, and while the argument has been made that the problem with binary drivers is that you can't inspect the code and therefore must trust the hardware vendor (who shouldn't be trusted), it is my impression that this has always been a secondary argument, coming after the arguments about right to access the hardware.

But this collusion between the security firms and Sony (even if it's only apparent collusion), should be a wake up call. If you wish a secure system, all of the system must be open source. The idea that a vendor might deliberately compromise security for its own ends was a prudent thought based on possibility. But it's clear now that it is not a matter of possibility, but is inevitable -- simply a matter of time.

[ Reply to This | # ]

What About Sony's Downloadable Music?
Authored by: Anonymous on Tuesday, November 22 2005 @ 01:56 PM EST
I am sitting in my house in Viet Nam. Several people out of 70,000,000+ living
in Viet Nam have died over the last few years from the Bird Flu. More people die
every day here from trafic accidents.

How many people actually died from Mad Cow? Or does anyone remember back that

[ Reply to This | # ]

What About Sony's Downloadable Music?
Authored by: Anonymous on Tuesday, November 22 2005 @ 06:25 PM EST
Actually, Windows XP has something that uses the techniques of Tripwire to
protect a limited subset of the system files from unauthorised (by Microsoft)
changes. It's called System File Protection, and was also in Windows Me. It
checks a protected file on each access to ensure that its crytographic checksum
is correct, and if it isn't it replaces it from the installation CABs in
realtime, usually without any detectable slowdown.

This, of course, does not protect configuration information in any way, so any
old sort of nastiness can invade the system as long as it doens't try to reqrite
protected library files. The Registry is open for arbitrary rewriting, though.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )