Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

EFF Files Lawsuit Against Sony BMG

By Nate Mook, BetaNews

November 22, 2005, 1:29 PM

Not long after Texas Attorney General Greg Abbott announced he had sued Sony BMG over its invasive copy-protection scheme, the Electronic Frontier Foundation said it filed a class action lawsuit against the record label in Los Angeles. The EFF's suit goes beyond the rootkit and includes SunnComm DRM used by Sony as well.

While acknowledging that Sony has taken steps to recall CDs affected by First 4 Internet's rootkit DRM, known as XCP, the EFF says "these measures still fall short of what the company needs to do to fix the problems caused to customers."

The organization also chided Sony for ignoring altogether concerns about the SunnComm MediaMax software. MediaMax is used on over 20 million CDs -- ten times the number of discs containing XCP. The EFF claims that the software installs on a user's PC even if they do not accept the license agreement and has no uninstall facility.

SunnComm's software tracks when a user listens to CDs and reports the information back to the company. Security researchers have also discovered that an uninstaller provided by SunnComm opens the door to security risks, just like the XCP uninstaller provided by Sony.

"Sony BMG is to be commended for its acknowledgment of the serious security problems caused by its XCP software, but it needs to go further to regain the public's trust," said Corynne McSherry, EFF Staff Attorney, in prepared remarks.

"It is unconscionable for Sony BMG to refuse to respond to the privacy and other problems created by the over 20 million CDs containing the SunnComm software."

The EFF says Sony has not widely publicized the XCP problem, and "has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA)."

"Regular CDs have a proven track record -- no one has been exposed to viruses or spyware by playing a regular audio CD on a computer. Why should legitimate customers be guinea pigs for Sony BMG's experiments?" remarked EFF Legal Director Cindy Cohn.

Sony is facing six other class action lawsuits in addition to the Texas suit, according to the EFF. The group has posted information about the litigation on its Web site.

Add a Comment (41 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By dixter

edited Dec 7, 2005 - 10:38 AM

This is outrageous, a criminal act which should be punished. My computer has been infected and I get conflicting info on what need to be done to protect it. I will now scrutinize all CDs I wish to purchase and when I see the Sony-BMG name I will not purchase that product. Furthermore, I will endeavor to inform the performer of the reason I refused to purchase that performance.

Score: 0

By maniakmx3

posted Nov 28, 2005 - 10:00 AM

You guys have to remember, there is no proof that "Sony" Had anything to do with this. This is "Sony BMG" a Subsidary. Techniccally This just BMG with a sony logo....

Score: 0

By bourgeoisdude

posted Nov 28, 2005 - 1:58 PM

If it wasn't sony maybe they shouldn't have put their logo on it then!

Score: 0

By melkor

edited Nov 25, 2005 - 4:03 AM

Just so everyone knows,
Texas Sues Sony BMG Over CD Rootkit

This brings the number of lawsuits to something like 5 (or is it 6?).

Score: 0

By KSzostek

posted Nov 23, 2005 - 11:59 AM

Boycott ALL Sony products. Hit them where it hurts "Sales"

Score: 0

By tipsyboy

posted Nov 23, 2005 - 9:56 AM

It's just a pity that nobody will have to do time in jail - every hacker they lock up for years.

Corporations are treated like humans before the law, but they don't care about human worths at all.

Score: 0

By wincement

posted Nov 23, 2005 - 10:53 AM

Umm... most cases, they just fine a hacker. Who are you talking about specifically?

Score: 0

By Jedite

posted Nov 23, 2005 - 7:12 AM

As of yesterday I still saw the Ricky Martin CD for sale in 3 different stores. (WalMart, Kmart, and Specs) which begs the question of how hard they are pushing this recall.

Score: 0

By arkytech

posted Nov 23, 2005 - 11:56 AM

I'm still finding the disks at my local Wal-mart. When I ask about the recall, I just get blank looks.

Score: 0

By Jedite

posted Nov 23, 2005 - 12:28 PM

Yeah exactly.. No one at the Electronics department, heck not even the Indipendent sales rep that SuperStores use to fill up their CD stocks had any clue what I was talking about.

They actually thanked me for explaining to them the problems with the CDs, and that they would inquier about the issue with their bosses.

Funny thing is, I actually stopped a sale of one of those CDs, and in the process got a date =). A very nice looking woman was about to buy the Ricky Martin CD and she over heard the conversation, which prompted her to put the CD back and engage me in a conversation. Sure I got a date with her, but now im thinking if I really want to go out with someone who actually buys a Ricky Martin CD.

Score: 0

By tmaioli

posted Nov 22, 2005 - 8:25 PM

Where's Al Sharpon and Jesse Jackson when you need 'em.

Score: 0

By tmaioli

posted Nov 22, 2005 - 8:24 PM

I'd like everyone to sue them, a million suits to defend 1 by 1.... yea, tie them up in courts for years. Like they do to their customers, the few left. Greedy B*st*rds

Score: 0

By yleclerc

edited Nov 22, 2005 - 7:05 PM

The XCP fiasco is just the tip of the iceberg! Now with the focus on these DRM "rootkits", we will discover "who" is watching our PCs and monitoring our "audio" listening.

Score: 0

By rijp

posted Nov 22, 2005 - 5:54 PM

OK, anyone else want to jump on this bandwagon? I find it funny that a class action lawsuit equals big bucks for the lawyers, but amounts to squat for everyone else..

Yeah, class action lawsuits are a great idea...

Score: 0

By httpd.confused

posted Nov 26, 2005 - 11:20 PM

What are you talking about? The point of class action suits isn't so everyone can get rich; it is so that all eligible parties get back what they deserve.

Sometimes it works out better than other times, but if you think this legal action is pointless just because not all Sony music customers will end up millionaires, you are being as goofy as you are when you review software.

Score: 0

By ogman

posted Nov 23, 2005 - 9:45 AM

If it's a pain in the a** for Sony, it works for me!

Score: 0

By maniakmx3

posted Nov 22, 2005 - 4:12 PM

Now I am curious, The suits are against "Sony BMG" Is the rest of sony held liable? because technically they are two different companies. "Sony Entertainment" "Sony Computer Entertainment" "Sony BMG" "Sony Electronics" etc...are all branches of the company held liable? or just that one executive branch??

Score: 0

By Jedite

posted Nov 23, 2005 - 7:10 AM

Depends. To bring down the Parent Company aka Sony, they would have to prove that Sony knew about it and did nothing. This is how corporate america gets away with alot of things.

Score: 0

By zridling

posted Nov 22, 2005 - 2:15 PM

Lawyers are usually useless, except in this case, and Sony should be buried for even trying this. But they'll settle and the states will fill their coffers.

Score: 0

By httpd.confused

posted Nov 26, 2005 - 11:22 PM

I don't understand comments like this. It isn't lawyers who are the real problem; it is all the scumbags who bring illegitimate lawsuits.

This is the same sort of thinking that blames illegal immigrants rather than the employers who knowingly hire them.

Score: 0

By wincement

posted Nov 22, 2005 - 2:57 PM

"Lawyers are usually useless"

Wow. With how much the U.S. relies on the court system, I don't think we would even have a country if we didn't have lawyers.

Score: 0

By Alexq

posted Nov 22, 2005 - 7:25 PM

> ...I don't think we would even have a country
> if we didn't have lawyers.

Very funny, despite the fact that you actually mean it!

Score: 0

By wincement

posted Nov 22, 2005 - 11:31 PM

I didn't say I like it. I think it's a sad, but true statement.

Score: 0

By nightops

posted Nov 22, 2005 - 2:04 PM

I hate to say it, but they've got this one coming. Why should they be treated any different than hackers/etc. You could pretty much see this coming. Sony has just become an accomplice to every malicious attempt that has been made using their rootkit. Ouch

Score: 0

By PC_Tool

posted Nov 22, 2005 - 2:18 PM

Yeah...next time they'll be smart and have a window pop up saying something along the lines of,

"By inserting this disc, you agree to these terms and conditions."

Folllowed by an OK button.

I think there's probably 2 people here where I work that would even bother to read the window, much less the T&C, and not just click the OK button just because it's there.

Yeah, this will hurt them, but they'll manage.

Score: 0

By roj

posted Nov 22, 2005 - 3:08 PM

"By inserting this disc, you agree to these terms and conditions."

Doesn't hold water. No express permission granted. That one would cause much fun in court.

Score: 0

By httpd.confused

posted Nov 26, 2005 - 11:25 PM

I don't think it should even be legally possible to consent to installation of a rootkit. I can't sign a waiver that allows someone to legally stab me; nor should I be able to do away with my computing security and privacy by clicking an OK button.

Score: 0

By PC_Tool

edited Nov 22, 2005 - 4:25 PM

I would have been more specific and included a link to the terms and conditions, but BN doesn't like those kind of links.

Regardless, whether it "hold water" or not, you hopefully get the point... It'll never make it to court... have any of the other eulas?

They'll still get their DRM because most people won't fight it, hell most people won't even know it's there.

And no, it doesn't mean I like it or want it on my system. I am by far, not pro DRM.

Score: 0

By wincement

posted Nov 22, 2005 - 3:37 PM

Maybe it would just say:

"By checking the 'I accept' box and clicking OK, you agree to these terms and conditions."

Sheesh. You know what he means.

Score: 0

By drumcat

posted Nov 22, 2005 - 2:01 PM

Boycott Sony.

Score: 0

By krazy1

posted Nov 22, 2005 - 1:51 PM

How much more weight can this ship take before it sinks?

Score: 0

By wincement

edited Nov 22, 2005 - 2:52 PM

A lot more than a few scattered lawsuits. Sony is absolutely gargantuan.

This will definitely make them hurt though.

Score: 0

By roj

edited Nov 22, 2005 - 3:14 PM

You have a state (Texas) suing them with more to follow. You have class action lawsuits in Cali and by the EFF. They have violated the new anti-spyware law and that's Federal. A few scattered lawsuits?

Also, consider this:

If the class action lawsuit is by the users whose machines were infected (say a mill;ion or so) and each sues for the cleanup costs for their machines (let's say an hour at $85 an hour which is pretty reasonable these days), that adds up to $85 million.

That's not small.

And before I spend more time than I want to trying to figure out who said what in this mess, I'm out. :)

This seriously needs a blog format.

Score: 0

By nightops

posted Nov 22, 2005 - 4:24 PM

Oddly enough, $85 million would be letting them off easy. 4.8 million CD's sold between 52 different artist's CD's that contain the Copyright protection software. Assuming that 1/2 of the people that bought these were actually affected: 2.4 million. Now take 1/3rd of those and add them into the class action lawsuit in Texas just to give us an average figure of 'per infringement' costs at $100,000 per incident. Then we take that sum and add it to another 1/3rd that will actually take their PC to a Best Buy/etc. to get it serviced and add your $85/hour charge to those. The other 1/3rd will probably either figure it out on their own and voice their opinions online, or just fix it and not worry about it. Breakdown:
800k people in lawsuits @ $100k per incident:
$80,000,000,000
800k people sending Sony the bill @ $85/hour for 1 hour (conservative):
$68,000,000

Total damage to Sony: $80,068,000,000

Do I honestly expect that to go through? No, not really. However, please realize that this is simply a 'moderate' possibility. If it reached maximum potential, it could feasibly be worth $480,000,000,000. Anyone care to laugh at that number? If it were the RIAA suing, they would seek up to $200k per incident, bringing that number to $960,000,000,000. Insane, I agree. However, we're just talking sheer possiblity, not probability ;-)

Score: 0

By wincement

edited Nov 22, 2005 - 3:41 PM

Ok, so maybe they're bigger than a few scattered lawsuits, but I still don't think this is going to "sink" the Sony ship. I guess I'm just a pessimist that way. =p

This is just going to make them hurt and think twice before they pull anything like this again (or at least make sure they cover their butts legally when they do).

Score: 0

By bourgeoisdude

posted Nov 22, 2005 - 5:21 PM

As much as I dislike sony, though, if they completely went under the global economy would suffer...

Score: 0

By wincement

posted Nov 22, 2005 - 11:34 PM

Very true. They make a good chunk of just about everything in the electronics/computer world.

Score: 0

By roj

posted Nov 22, 2005 - 1:47 PM

Oh yeah, this is surely the future reported by another user here where DRM becomes to Draconian that customers can't take a pee without raising their hands.

Sure it is.

*snicker*

As I've said many times before, the backlash is only just beginning. The entertainment industry opened the ball and now they'll have to dance to the music - Sony is just the first.

Looks like their bought-and-paid-for special interest lobbies ain't helping this time.

Score: 0

By PC_Tool

posted Nov 22, 2005 - 2:14 PM

Yeah, I guess we'll see in a month when this is buried beneath all the news about the latest Xbox games.

It may be news here, but it isn't news outside our quiet little world here. The majority of folks don't even know this happened, what a rootkit is, or what DRM is.

Snicker all ya want, roj, we'll see. But just so you know, I hope I'm wrong, if that counts for anything.

Score: 0

By forgie

edited Nov 22, 2005 - 1:42 PM

The pile of s*** continues to grow on Sony's doorstep. *lights it on fire, rings the door bell, and runs*

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue