I thought you might like to read the complaint in the new litigation just filed by the State of Texas against Sony. Here you go [PDF]. The article tells us a bit about it:
Texas is suing Sony BMG Music Entertainment, alleging the company illegally installed spyware on millions of music CDs that Attorney General Greg Abbott says can make computers “vulnerable to computer viruses and other forms of attack.” Specifically, it's the Consumer Protection agency in the state, through the Attorney General's office, bringing the action.
Abbott said the spyware installs files onto the computers on which the CDs are played.
"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Abbott said. . . .
“We share the concerns of consumers regarding these discs..."the company said.
That last is a nice touch. I'm smelling a defense on its way, dumping the blame on the company that wrote the rootkit for Sony.
The complaint notes that on Sony's website, it specifically denied that the DRM was malware/spyware:
11. Sony BMG discusses its XCP technology on the website http://cp.sonybmg.com. As part of its frequently asked questions, Sony BMG included the following:
“I have heard that the protection software is really malware/spyware. Could this be true?
Of course not. The protection software simply acts to prevent unlimited copying and ripping from discs featuring this protection solution. It is otherwise inactive. The software does not collect any personal information nor is it designed to be intrusive to your computer system. Also, the protection components are never installed without the consumer first accepting the End User License Agreement. If at some point you wish to remove the software from your machine simply contact customer service through this link. You will, though, be unable to use the disc on your computer once you uninstall the components. Our technology vendors are constantly looking to improve the product as well as respond to any critical software issues found. Please check here for upgrades to address any known issues.”
This is going to hurt Sony, in my opinion. It allows the State of Texas to accuse the company of "intentionally misrepresenting" the facts. And it denies the executives a cluelessness defense, or at least makes it harder.
The thing is, this is just one state out of fifty in just one country in the world. Every state in the union has a consumer protection department and an attorney general. I don't see how it can stop with just Texas. This is a money pit, for one thing, for the states. And that isn't to say that they are not being sincere. I'm sure they are. Outrage over what Sony did runs deep. I feel it too. But I'm just saying that when you decide whether or not to sue someone or some company, part of the analysis is whether it's going to be worth the time, expense and trouble of bringing the lawsuit. Here, we're talking deep pockets, so there's no hesitation, I'm sure.
Here's the Wherefore clause at the end, telling us what the state of Texas is asking the court to do for relief:
18. WHEREFORE, Plaintiff prays that Defendant be cited according to law to appear and answer herein; and upon notice and hearing TEMPORARY and PERMANENT INJUNCTIONS be issued, restraining and enjoining Defendant, Defendant’s agents, servants, employees and attorneys and any other person in active concert or participation with any Defendant from engaging in practices declared unlawful by the CPACSA, including but not limited to:
A. Offering for sale or selling any good which includes or installs any software which violates the CPACSA by either:
1) Changing the name, location, or other designation of computer software to prevent the owner from locating and removing the software, or
2) Creating randomized or intentionally deceptive file names or random or intentionally deceptive directory folders, formats, or registry entries to avoid detection and prevent the owner from removing computer software.
B. Misrepresenting the extent to which a computer software component must be installed on a computer in order to play a particular type of musical or other content.
19. In addition, Plaintiff STATE OF TEXAS respectfully prays that this Court:
A. Adjudge against Defendant civil penalties in favor of Plaintiff STATE OF TEXAS in the amount of One Hundred Thousand Dollars ($100,000.00) for each violation of the CPACSA, pursuant to CPACSA § 48.102(a);
B. Order Defendant to pay Plaintiff STATE OF TEXAS attorneys’ fees and costs of court pursuant to CPACSA § 48.102(c);
C. Order Defendant to pay all costs of Court, costs of investigation, and reasonable attorney’s fees pursuant to TEX. GOVT. CODE ANN. § 402.006(c);
and D. Grant all other relief to which the Plaintiff STATE OF TEXAS may show itself entitled.
So, let's see. I wonder how many victims live in Texas? We know it's half a million in the world, at least, no? Let's say Sony gets sued in every jurisdiction and they end up paying $100,000 per victim, plus all the attorneys' fees. And that's if the state of Texas defines "each violation" as each computer.
On the civil side, an attorney who used to work for the US Justice Department has written an article on some of the issues Sony faces legally. It was written fairly early in the outfolding of the story, and with legal matters that can make a difference (for example Sony did apologize and remove CDs from store shelves after the article was published), so you'll have to update in your mind as you read it, but it will give you a very clear overview. He addresses the question: Can Sony's EULA save them?
I wonder how much Sony likes DRM now. What about all the other companies foisting it on the public? Will it save you enough money from lost sales to pirates that you are still ahead of the game financially? I don't wish to pick on just Sony. They are not the only company using DRM in ways that turn my hair white. Didn't we read that EMI was supposed to roll out the same deceitful junk shortly? Do you think they are the only company in the world that creates "randomized or intentionally deceptive file names or random or intentionally deceptive directory folders, formats, or registry entries to avoid detection and prevent the owner from removing computer software"? This article by Harvard's Ben Edelman, "Media Files that Spread Spyware", will get you started on how spyware ends up on your Windows computer. We'll be writing about this subject more and more in the days to come. Do be aware that if you switch to GNU/Linux, none of these things would be happening to you.
I have no doubt that companies all over the place are now talking with their lawyers, and here's at least one of the questions: Does our DRM do any of the things listed in this complaint?
But I saved the best for last. Here's a statement from a representative of Microsoft that I trust we will all hold them to, starting today:
"A personal computer is called a personal computer because it's yours," said Andrew Moss, Microsoft's senior director of technical policy. "Anything that runs on that computer, you should have control over."
OK. First, have you taken a look at Microsoft's digital rights management? And to Mr. Moss: Please come to my mom's house and fix it so her XP Home computer stops hindering her from adding hardware to her personal computer, will you? Oh, and can you please check and see if Windows MediaPlayer is calling home to your company? She isn't able to control her own personal computer, even though it's hers. She added some hardware, and now XP Home won't let her print her documents unless she calls you up and gets you to agree. Oh, and about this Trusted Computing thing that some say causes us to lose control of our personal computers... Can we talk?