Sony Rootkit Settlement Gets Judge's Approval

Lewis Clarke wrote to mention a ZDNet story about Monday's final approval of the rootkit settlement in the case brought against Sony BMG Music. From the article: "The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments ... At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official. "

Re:Wow! A replacement CD!

[TheSpoom]

Yeah.

Cause clearly a filing clerk working at a completely unrelated division of Sony should be punished for this.

</sarcasm>

Flawed?

[Mateo_LeFou]

I believe the software did exactly what it was supposed to do. Shouldn't there be mention of a flawed *DRM *strategy being foisted upon consumers?

Re:Wow! A replacement CD!

[Lave]

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case.

At least this will put record companies off this kind of behaviour.

Re:Wow! A replacement CD!

[Anonymous Coward]

He said "entire company," not "all employers" - in other words, everyone who owns Sony stock, either directly or indirectly via a mutual fund. If you're making money from Sony, you should be made to pay for Sony's actions.

If...

[Lord Kano]

If a 15 year old script kiddie had done the kind of damage that Sony did with its rootkit, he'd be spending a couple of years in a "Federal PMITA prison" why does Sony get off this lightly?

Someone should be incarcerated over this.

LK

Re:Wow! A replacement CD!

[gfxguy]

Why don't you blame the temp receptionist for using her company computer for personal use?

I'm sorry, but that's not enough

[Gizzmonic]

If some young "cranker" released this type of virus out in the wild, he or she would be looking at serious jail time. But as is normally the case with corporations, no one is expected to be personally responsible. Just a few dollars that amounts to jack shit for a huge corporation.

Just like when Ford and Bridgestone decided to go ahead and release the exploding tires. Sure a few people got killed, but we can't press criminal charges! These are our captains of the industry! Reason #122,234 that this country is seriously messed up.

Worthless!

[Luscious868]

As others have noted, this is a joke. Those users who were affected are entitled to a replacement CD, free downloads of the music on the CD in question (in who knows what format) or a cash settlement. So someone spends hours cleaning up the mess that Sony made and they get what amounts to $15 to $20 bucks. Most people who are affected probaby won't even bother to claim anything so Sony isn't really hurt by this. It seems to me that the lawyers who brought the class action suit are the only ones who really benefit here.

Re:Wow! A replacement CD!

[Whiney Mac Fanboy]

Why don't you blame the temp receptionist for using her company computer for personal use?

Let me rephrase your question.

Why don't you blame the temp recpetionist for playing a music CD, instead of the amoral, multinational corporation that placed a piece of malignant software, designed to cripple the way a computer works on said music CD.

Re:If...

[Rogue Eve]

A friend down here in Austin got indicted for "hacking" UT's network and getting access to a bunch of SS#s and got 6 years probation. He was 18 but still did not receive jail time so I am not surprised that Sony got off so easily. White-collar crime just doesn't receive harsh punishment.

Re:I'm sorry, but that's not enough

[sgant]

Easy, the "cracker" should have formed a corporation first with the intent of being a "security consultation firm".

"Hey, the worm we were developing to track down...um...terrorists...got away from us and got released to the net. Sorry about that. Hey, we'll bankrupt the company ok? We'll dissolve it and go on our merry way....oh, can we get some venture capital cash from you government types so we can continue our...um...research? Yeah yeah, national security and all that."

See, bullshit your way out of it and act just like a real company like Sony.

Re:Wow! A replacement CD!

[TheJediGeek]

I totally agree with you - but at least this set a precedent that this kind of behaviour is unacceptable. Imagine if the root kit had not *fucked* up you computer so royally. If it had only infringed your rights then they may have got away with it, what with stupid license agreements within the case. At least this will put record companies off this kind of behaviour.

I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

A replacement CD, and a few DRM's music files doesn't exactly make up for the huge amounts of time it has taken and will take to fix their damage.
I know of a few computers just in my family that had this rootkit on it. My youngest brother is in college and the school provides a laptop to every student that the school maintains through an IT dept. They had to reimage his system when things got screwed up. My dad has a couple computers at work that got this thing. He had to reload everything on one and IT had to reload the other one. That was just from one CD that had been played on those computers.

There are countless people that have had to spend many many hours fixing what Sony did. What they did was illegal and very damaging. All they have to do is replace some CDs.

You are Living in a Empire, get over it.

[hackus]

Welcome to the Empire of the United States of America.

While you serve the sufferance of the 5% of the families in this empire that own 95% of everything here, please be advised that you do not and cannot own:

Any sort of source code, any sort of music, any sort of transportation, any energy source.

You can however, license it from said 5% of the population here that own 95% of everything else.

You may buy a "rights" upgrade to your license to do as you please here, if you get caught violating the law. But bear in mind, sometimes we have to not accept your cash so we can calm the masses and throw them a "justice bone". In that instance should it happen, your "rights" license is null and void.

Above all else, while you are here please be advised that any government official can be purchased for a limited time depending on how much cash you have, and how much influence you want.

Just do not make it obvious and please use foreign banks to make sure transactions are not traceable.

Thank You and enjoy your stay!

-The Empire USA

Re:Wow! A replacement CD!

[Lave]

Well said.

That was fast!

[brouski]

As scandals go, it seems like it took no time at all to go from exposure to out of court settlement. What do people make of that?

Re:If...

[Overzeetop]

Sony installs a rootkit on (potentially) hundreds of thousand computers, and not a single person is on probation. I think community service for Sony USA executives would be a very worthwhile punishment for the humans who should be watching what their company is doing, and a stiff financial fine - say 10% of gross '05 earnings (just like a $3000 fine for a regular guy who makes $30k/yr) - for the corporation, with 6 years probation. Should Sony be found in violation of the terms of the settlement (to be negotiated by the plaintiffs attorney and the judge), Sony loses it's corporate status in the US.

Sound harsh? I'm a professional engineer. I own a corporation. If somehting bad happens due to my negligence in a design, I am still personally responisible, and can (1) lose my license to practice (2) lose my corporate authorization to do business (3) face financial penalties (4) be found guilty of various criminal offenses personally for acts done as a managing officer of the corporation. I only ask that Sony be held to the same standard.

Oh, and while I'm at it, I'd like world peace, too.

Re:Wow! A replacement CD!

[Whiney Mac Fanboy]

OK, my options for a lawsuit that will likely cost me far more in money, time & effort then I will recieve back are not limited. Great.

Do you think its OK that no government has gone after sony for distributing hundreds of thousands of rootkits, compromising hundred of thousands of computers?

Re:Wow! A replacement CD!

[lgw]

It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

If this were the only action taken, sure. Fortunately, however, the *really* scary thing for Sony happened very early on: the DHS said they're choosing not to enforce the law on this basically because it was the first time any company had made this mistake, so they'll give the company the benefit of the doubt that it wasn't a deliberate attack. This one time.

Sony broke federal law (section 1030) many thousands of times, and the Feds noticed. Installing a rootkit on a computer owned by the government (one not for public use) is a crime even if you never use that rootikit for anything, and Sony was using it for profit. The DHS spokeman hinted that the only reason that Sony was still allowed to sell any product in the US was that the DHS was being nice, this one time.

This court settlement was nothing; the threat that Sony would no longer have a US division was everyhting.

Re:If...

[thePowerOfGrayskull]

This was a settlement to a civil suit, which won't ever include criminal penalties. As far as I knowthere has not been a criminal suit filed.

Re:Opt-in website

[eln]

What makes you think that giving you a replacement CD or allowing you to download music is going to cost them anything? Giving you a CD will only cost them the actual cost of stamping the CD, which is probably less than 10 cents. Allowing you to download a music file from them will cost them nothing.

Sony is getting away with basically paying nothing here. Sure, they'll put it on their books as having cost so many millions in lost revenue or whatever for tax purposes, but the actual cost is pretty much zero.

Where's the criminal prosecution?

[SecurityGuy]

I really don't care about the free CDs, or any other fine that would be levied against Sony. They're huge, and they aren't going to be hurt by this.

What I want is criminal prosecution of the people in Sony's management who directed that this be done, and directed that this malware be distributed. I can't imagine that if I, Mr. John Q. Public, recorded some of my own songs and packaged them with a rootkit of my own, that I'd be prosecuted for it. More than that, I can't imagine that if some employees of Sony burned the CD and took it to work to listen to, where it then installed itself on their computers, that Sony wouldn't quickly rack up the requisite amount in damages and I'd shortly have the FBI on my doorstep.

Is there any valid reason they're not being prosecuted for this? Is it as simple as the DoJ isn't bothered by it? $DIETY knows, I'll never buy another Sony anything if I can help it, but that's not enough. It's well past time that corporations learn they aren't above the law, even if they do write and pay for it.

Re:Wow! A replacement CD!

[Steve001]

jacksonj04 wrote:

Technically it wasn't a real Digital Music CD.

For me, this has become the saddest thing about the whole situation. I used to have confidence that a music CD was safe to use on all devices that could play standard CDs, whether it was a stand-alone player, a portable, or a computer. Due to this, I could walk into any CD store and, on impulse, by a CD without concern.

Since finding out about the problem with copy protection, I have stopped purchasing new music CDs. Now, when I pickup a music CD my first thought after seeing if it is an artist that I like is: "Is this disc safe?" My reaction to the question has been to put the CD back on the rack and leave it there because I'm not confident that I can answer 'Yes' to the question. I have already passed on buying at least five recent discs because of this.

It is sad, but I may just have to settle for the music I already have since I don't want to purchase music in a compressed format. Due to this, I guess I will have to do research on any disc I wish to purchase to ensure that it is safe before I can buy it.

On impulse purchases of CDs, to quote Eric Carmen from "All By Myself:" Those days are gone.

Re:If...

[brufleth]

1. The root kit makes your computer vulnerable to attack/infection/whatever you want to call it.

2. All someone has to do is write something that changes the position of decimal places on infected systems.

3. Deaths

This world is run by managers sitting on the shoulders of engineers and scientists. When it hits the fan the managers come out smiling but engineers and scientists are often not so lucky.

Re:Wow! A replacement CD!

[chrae]

Heck, up here small claims handles stuff like this up to $7,000.00 If I were affected, I'd send them a demand/notice, wait 10 working days, then pay the filing fee. If enough people did this, they'd make a SERIOUS offer, one in line with the actual damages.

I like that idea but for most of us small claims and legal stuff is unknown territory. Most of us don't know what to do from start to finish because we haven't done anything like that before. I would like to see (as in, someone else do it :)) someone like Groklaw post templates and procedures for filing small claims specific to a case. e.g.: how to stick it to Sony in small claims.

All the research of what to do is too difficult and I'm lazy and a bit intimidated. If it were made easier, I would do it and I'm willing to bet a lot of others would too.

A thousand people each filing small claims at $500 a pop would be more potent then one lawyer representing a thousand people in a class action. Think "Slashdot Effect" in the legal sphere. It might even set a legal/business precedent: don't screw your customers so bad that they'll mobilize against you.

I'm willing to overcome my laziness and contribute, but I need help and direction. Others need it too.

Re:Wow! A replacement CD!

[HiThere]

Do you *really* think that there's a significant chance the DHS would enforce the law next time? Really? Against a wealthy company?

Companies have directly plotted to murder a percentage of the population in some towns and gotten away with paying less in fines than it would have cost them to avoid killing the people in the first place. Even after it was revealed that this had been the prediction of estimates given to management before it made the decision. (The case was in Georgia, and I believe [with imperfect certainty] that the company was Dow Corning]. It involved the intentional poisoning of a town's water supply by illegally disposing of chemicals. It was a federal court.)

Re:Wow! A replacement CD!

[MyOtherUIDis3digits]

Corporations have the same rights as individuals

You must not be in the US. Here, corporations have way more rights than individuals do!

Re:Wow! A replacement CD!

[Asphalt]

I agree it sets a precedent. However, it's not the kind of precedent it should have set. It sets the precedent that a large corporation can do things that are completely illegal and cause widespread damage to the public and they'll just get a slap on the wrist.

Not if you opted out. Which EVERYBODY should do to class action suits.

The more people that opt of of class action suits, the less likely the punishment is to be a "slap on the wrist". The last thing Sony wants is a bunch of individuals out there with money hungry lawyers free from the confines of the class action settlement. It makes the class action settlement worthless.

We enable the slaps on the wrists because 99.9% of us don't take the time/effort to opt out of class-action scams.

As usual, the enablers of this nonsense is us.