Forgot your password?
typodupeerror
Security Government Sony The Courts News

Where are the Prosecutors? 35

Posted by Cliff
from the companies-violating-your-property dept.
a_greer2005 wonders: "In the past 5 years, we have seen plenty of virus writers in the United States brought to justice both criminally and when possible financially. In the past couple of weeks it has been discovered that Sony has shipped a rootkit, which is worse than the common spyware or virus, so I ask you, where are the law suits? Is anyone planning criminal/civil action at all? Does Sony frighten the entire legal industry? If nothing is done about this, will we have ANY right to tell a company 'NO' in the future when it comes to DRM worms -- Is this but a sample of things to come?" Update: 11/12 10:20 PM EDT by C :Whoops! Missed the fact that we've already reported on the fact that California has already started a class action suit against Sony (thanks to the posters that caught this). New York may soon follow. However that is only 2 states out of 50. Is there a possibility of more to follow?
This discussion has been archived. No new comments can be posted.

Where are the Prosecutors?

Comments Filter:
  • by isn't my name (514234) <slash.threenorth@com> on Friday November 11, 2005 @11:10PM (#14013535)
    Looks like the corporation defending copyrightsmay have some copyright problems of their own. [dewinter.com]

    A computerexpert, whose name is known by the redaction, discovered that the cd "Get Right With The Man" by "Van Zant" contains strings from the library version.c of Lame. This can be conluded from the string: "http://www.mp3dev.org/", "0.90", "LAME3.95", "3.95", "3.95 ".
    • I haven't had mod points in years, but I reccomend modding this interesting, it should be brought to the attention of the people.
    • Maybe because the rootkit is LOOKING for these binaries in order to SHUT THEM DOWN.
    • A computerexpert, whose name is known by the redaction,

      That has BabelFish's German to English fingerprints all over it. Unfortunately, the site doesn't site the German website that they plagiarized their content from, so I can't attempt to guess what "whose name is known by the redaction" really means (other than vaguely "who kept his name secret").
    • by AtrN (87501) * on Saturday November 12, 2005 @12:03AM (#14013727) Homepage
      Nah, they're okay. The install the source under $sys$src
    • The main reason there aren't lawsuits yet is for there to be a lawsuit, there must be actual loss (often referred to as "harm"). There really isn't any. The only other way to sue would be under trespass of chattel (basically entering a computer without the OK, "chattel" is all personal property or [for the layman] all property that isn't land or a building), whereas the software would be "trespassing" the computer. it's pretty hard to allege because you WILLINGLY run the CD. California will probably be a te
      • You may expect a program CD to auto-run, but nobody expects a music CD to run executable code. You expect music CD's to simply be read and played, which does not involve running code from the CD. Music and data CD's are even encoded differently. Pure music CD's have no filesystem. If you look carefully on the surface of a DRM'd CD, you'll see two faint bands, a large outer band for audio, and a thin, almost invisible inner band for data. For a long time, CD's were either all-audio, or all-data, and almost n
        • If you read the literature (crap) that comes with the CD, i bet you that it has an agreement written by some lawyer (hey maybe me in like 2 years) that says "by inserting this cd in your computer you agree to let us install the software." while this statement may be unconscionable (and therefore bad and therefore unenforceable), it may also be ok. it depends on the judge and the jurisdiction. the "click here if you agree" EULA's have been met with a resounding chorus of "they don't matter and they don't me
      • by miu (626917) on Saturday November 12, 2005 @06:19AM (#14014684) Homepage Journal
        it's pretty hard to allege because you WILLINGLY run the CD

        Just like you willingly ran an executable containing a virus? I don't buy it. Basically that argument comes down to a rootkit being okay for Sony because they are the good guys and not okay for anyone else because they are criminals/terrorists/anarchists.

        • Technically spyware isn't a virus. A virus replicates itself, this isn't. It's an absurdly fine line (which Congress will soon obliterate, believe me) which makes it hard. From Merriam-Webster's online dictionary (m-w.com) "4 : a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs and that usually performs a malicious action (as destroying data)" It doesn't (a) copy itself (b) insert itself into other programs nor (
    • I'm disappointed that there's not a front page /. article on this issue alone. If it turns out that F4I and Sony really are using LGPL code without complying with the license, that is big news, at least as big as the whole rootkit deal. It shows Sony's hypocrisy when it comes to copyrights, and reinforces the notion that content producers are only interested in copyright protections because they can make Even More Money off of them, not because it "promote[s] the Progress of Science and useful Arts".
  • by ForumTroll (900233) on Friday November 11, 2005 @11:11PM (#14013539)
    It's easy to take legal action and be successful against a single person, especially one who often is very young and simply cannot afford to hire good legal counsel. On the other hand, it's not so simple to take legal action and be successful against a huge corporation with ties high up in the government and loads of money to protect themselves. Legal action is being pursued in several states and by several different parties, but due to the fact that this is a major corporation with very important friends in high places they will receive nothing more than a slap on the wrist.

    • There's winning the battle, and winning the war. Large corporations with deep pockets are well-suited to winning battles, but there isn't much they can do about losing the war with regard to the effects of negative public opinion.
    • They have protection with their money against the private lawyers who have filed civil actions.

      But the real question is whether the Sony rootkit constitutes a criminal act on their part. If it is criminal (and I sure hope it is, I hate the idea that the only recourse we have against computer hackers is a civil action) when will the government discipline Sony?

      Why should a major corporation be able to get away with hacking our computers and installing backdoors when we actually bought something from THE
  • Uhhh (Score:5, Informative)

    by timdorr (213400) * on Friday November 11, 2005 @11:15PM (#14013554) Homepage
  • In the past couple of weeks it has been discovered that Sony has shipped a rootkit, which is worse than the common spyware or virus, so I ask you, where are the law suits? Is anyone planning criminal/civil action at all?

    Where have you been lately? [slashdot.org]

  • Not a rootkit (Score:3, Insightful)

    by jgoemat (565882) on Friday November 11, 2005 @11:16PM (#14013560)
    A rootkit is a set of tools used by a hacker to hide his presence on a system and maintain 'root' privileges (Administrator on Windows). While Sony's DRM app does hide its presence, I don't believe there has been any indication of systems comprimised and hacked into by Sony and I don't think that was their intention. I don't know what it is, but I wouldn't call it a 'rootkit'.
    • Re:Not a rootkit (Score:4, Insightful)

      by Thing 1 (178996) on Saturday November 12, 2005 @12:32AM (#14013821) Journal
      Doesn't matter whether Sony uses their hidden software to compromise a system. They installed the hidden software which allowed someone to compromise. That hidden software is commonly known as a "rootkit".

      A "virus" or "trojan" or "worm" is the software that performs the compromise. A "rootkit" allows the V/T/W writer to produce their creation with less effort.

      Sony is directly responsible for reducing system security on PCs that have been infected with their rootkits. That is actionable, but likely nobody will go to jail.

      • to be blunt, "little people" HAVE been arrested and tried by prosecutors for much smaller infractions than that... like the School admin that installed SETI on some school computers... this is AT LEAST as bad as that so where is that prosecutor now???
    • Re:Not a rootkit (Score:4, Informative)

      by max born (739948) on Saturday November 12, 2005 @12:39AM (#14013842)
      I don't believe there has been any indication of systems compromised and hacked into by Sony ...

      Not hacked by Sony but others are beginning to take advantage as a result of Sony making it easy for them. Sony Rootkit Trojans Emerge [techtree.com]. So far, trojans Backdoor.IRC.Synd.a and its variant Backdoor.IRC.Synd.B have been detected.
  • it's not self replicating and doesn't attack other people's PC over the internet or such. The nuisance is limited to the computer the disc is inserted into. It sucks, and it doesn't make it right, but it's nowhere as bad as a virus that hits corporate LANs and that directly cost millions to fix (manpower, lost productivity, etc etc). It's mostly single homer users affected.
    • Well, considering the rootkit can easily be carried into the office by people wanting to listen to their protected music at work this software does at least rise to the point of annoyance for corporations too. Not to mention that it phones home, and other malwares have appeared that use the cloaking nature of this software to hid themselves.

      It is just a dirty deal.

    • Re:The thing is... (Score:2, Insightful)

      by GuyverDH (232921)
      So what it seems like you are saying (or at least implying) is this.

      If it only FUCKS over the little guy, then fuck it - it's okay.

      However, if it fucks over a big fish - then shit - we have to prosecute.

      There's something distinctly wrong with that, and I really hope that that was not your intent.
    • Re:The thing is... (Score:3, Interesting)

      by barc0001 (173002)
      it's not self replicating and doesn't attack other people's PC over the internet or such

      Oh. So by that definition ANY rootkit is just peachy.

      It's mostly single homer users affected

      Where do you think those zombie botnets that send out all the crap spam are located?
      That's right. Compromised home users who don't even know something's wrong because their system has been hit with a rootkit. Now Sony has created a powerful new tool for the spambot creators to use. Thanks Sony!
  • This is what you get when you allow large corporations to dictate your laws: they will only be enforced when it suits those corporations. And when you allow nearly all laws to defend only the interests of the very rich at the expense of everyone else, a travesty of justice is the inevitable result.
  • Some information (Score:4, Informative)

    by _LORAX_ (4790) on Friday November 11, 2005 @11:40PM (#14013635) Homepage
    I spent the better part of an hour yesterday ridding my mothers computer of this "rootkit". Most of that time was spent attempting to restore the use of her CD/DVD drive that went missing after the core DRM code is shut down. Before people get on my case, my mom is no idiot and is very protective of her computer. I asked her specifically if she ran or saw anything run when she put the CD in her drive and I believe her version of events.

    She did not install anything

    She did not agree to anything

    She never saw an EULA

    Her computer could not RIP ANY CD's afterwards

    All she did was attempt to import a CD into iTunes and from then on out any attempt to import CD's would freeze up her computer, not just XCD protected disks.
    • Re:Some information (Score:4, Informative)

      by karnal (22275) on Saturday November 12, 2005 @01:11AM (#14013957)
      I have Our Lady Peace's new disc, Healthy in Paranoid Times.

      On insertion (simulated here via the AUTORUN.EXE, since my autorun is off) the CD displays an "Enhanced CD Installer" window, which has the title and artist of the cd. "End User License Agreement" is off to the right.

      In the center is the familiar legalese of the EULA - stating "IMPORTANT - READ CAREFULLY:" Off to the bottom is an "Agree/Disagree" radio button, which if you select Disagree (agree is defaulted, BTW - without any scrolling in the main EULA part) the CD automatically ejects to protect itself.

      But it will not install any software if you select Disagree. Given, I am only able to test on this specific CD, so I can't really state with full authority that your mother clicked on "Next" without moving the radio button, but in my case you'd have to hit something to install this rootkit.

      p.s. You can also rip away with EAC while the agreement is being displayed, if you don't want to turn off Autorun. My thoughts are to just turn off Autorun, however... It is handy in certain cases, but I'm not a typical user I guess.

      pps bottom of my eula = (ID:239675.18 -- 1/7/2005)
      • She inserted the disc while in iTunes and never accepted or rejected anything. Chris Botti was the artist in question I don't know the album name.

  • let the editor flambe begin
  • It's not just a domestic issue anymore. Before CA filed or people began talking about the NY case, a consumer protection group from Italy filed suit.

    The domestic issues are just the tip of the iceberg. Other countries that are not so impressed by the financial might of companies like Sony are going to nail anyone using such underhanded methods. Rootkits like this one most likely violates the Berne Convention, TRIPS, and possibly WIPO.

    AC

A failure will not appear until a unit has passed final inspection.

Working...