decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
More Sony DRM Hijinks - Now It's MediaMax
Tuesday, November 15 2005 @ 03:06 AM EST

Oh, swell. Just when you thought it couldn't possibly get any worse, here comes another report of Sony DRM anti-customer treachery. J. Alex Haldeman on Freedom to Tinker describes in detail yet another DRM scheme from Sony, SunnComm's MediaMax. It's not a rootkit this time, like XCP. He calls it spyware. While Sony has said it has temporarily halted shipments of the XCP rootkit, it hasn't promised to stop shipping CDs with this junk on it, from all I can determine. Haldeman describes how it works at length, but here's the executive summary:
They install software without meaningful consent or notification, they include either no means of uninstalling the software or an uninstaller that claims to remove the entire program but doesn’t, and they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm’s web site.

Charming.

Here's the part that makes my skin crawl:

But before the agreement appears, MediaMax installs around a dozen files that consume more than 12 MB on the hard disk. ...These files remain installed even if you decline the agreement. One of them, a kernel-level driver with the cryptic name “sbcphid”, is both installed and launched. This component is the heart of the copy protection system. When it is running, it attempts to block CD ripping and copying applications from reading the audio tracks on SunnComm-protected discs. MediaMax refrains from making one final change until after you accept the license—it doesn’t set the driver to automatically run again every time Windows starts. Nevertheless, the code keeps running until the computer is restarted and remains on the hard disk indefinitely, even if the agreement is declined.

However, the EULA says it will install software only *after* you say yes to the EULA:

As soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program (the “SOFTWARE”) onto YOUR COMPUTER.

This is bad. Very bad for Sony. Deceitful EULAs can get you sued, methinks. If you want your hair to turn white, though, read the details about the phoning home. It seems they wish to send you third-party ads, according to the account, so every time you play a CD, they get to know what you are playing and some important details about you, like your IP address and what operating system you use. Say, how about your security? Think it might be a security problem for you if software you don't know about is placed on your computer? Duh. Haldeman is more tactful:

Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software. However, it certainly causes unnecessary risk. Playing a regular audio CD doesn’t require you to install any new software, so it involves minimal danger. Playing First4Internet or SunnComm discs means not only installing new software but trusting that software with full control of your computer. After last week’s revelations about the Sony rootkit, such trust does not seem well deserved.

So, another loathsome Sony DRM scheme, which installs a driver even if you say no to the EULA, calls home with info about you, and can't be uninstalled with normal techniques. Both Macs and Windows are vulnerable, although at least on Macs there is no autoplay.

Larry Loeb sums it up well:

Most users would probably accept that media companies have some sort of right to protect the product they sell, but hijacking a user's computer is universally felt not to be part of those rights.

By using this kind of DRM, Sony has made itself an enemy of the user. Users seem to be pretty much united in feeling that the existing implicit and explicit societal compacts that exist between someone that sells something and someone that buys it are being egregiously violated by Sony's course of action.

Haldeman tells you how to check if you are "infected" and are running XP. What can you do if you are? Well, you can certainly live and learn. We know now that Sony has gone nuts over DRM. But let's face it. It's the customers who'd have to be nuts to buy treacherous music like this.

Speaking of learning, what kind of DRM surprises does the rest of the music industry have in store for us? I hope someone is checking. I seriously doubt Sony is unique in its DRM dreams, even if it was apparently the first to try the XCP DRM rootkit. Clearly we haven't been watching as closely as we must.

In the complaint [PDF] just filed in New York against Sony and First 4 Internet, one paragraph sums up the fundamental problem as the plaintiffs see it:

5. In encoding the disks XCP, Sony and F4i have decided that their intellectual propery is more deserving of protection than the intellectual property and personal information on millions of personal computers worldwide.

The plaintiffs claim that to date over 3 million copies of XCP encoded disks have been sold. And they point out that Sony distributes under a number of labels, including Columbia, Epic, Sparrow, Delicious Vinyl, Masterworks, and others.

Why MediaMax? What is the purpose?

According to the SunComm Web site, their MediaMax DRM allows for a limited amount of CD burns from the source material, and then will block further copying. The DRM also can make time-expiring (or number-of-play-expiring) copies of the tracks. . . .

So, while Sony may be backing down from its acts regarding Windows modification, it is yet to be seen whether the recent firestorms will cause it to pull the DRM installed on Macs.

Time-expiring copies? So they not only want to prevent sharing music with a friend, what they call "casual copying," now they want music you buy to evaporate? Oh, fine. This is grand. Next we'll hear they have a Final Solution to the P2P problem. Too extreme? How about an electric shock, then? Or at least a script that pops the CD tray open and hits the infringer on his noggin?

Seriously though, let's think for just a minute about the big picture. Fair use is part of copyright law, is it not? So, if we are all going to be law-abiding, that means that copyright holders have to abide by the law, too, just like customers do. No? But when DRM schemes cut off all possibility of fair use, is that lawful? Leave aside the legality of hijacking someone else's computer. Just think about fair use. Here's how the US Copyright Office explains fair use:

One of the rights accorded to the owner of copyright is the right to reproduce or to authorize others to reproduce the work in copies or phonorecords. This right is subject to certain limitations found in sections 107 through 118 of the copyright act (title 17, U.S. Code). One of the more important limitations is the doctrine of “fair use.” Although fair use was not mentioned in the previous copyright law, the doctrine has developed through a substantial number of court decisions over the years. This doctrine has been codified in section 107 of the copyright law.

Catch that? The copyright holder's rights are "subject to certain limitations" by law. That's what "codified" means, that it's part of the law, not just a nice idea. So, if you design DRM, is there not a legal duty to incorporate those "certain limitations" into your scheme so as to make sure that those legal fair use rights are not only technically still possible but ensured? If you answer no, what is the legal basis for your answer? No. Really. On what legal basis do you argue that fair use can be ignored or prevented under the law? I only ask these questions because it does seem like it's time to get back to fundamentals. These entertainment dudes have run amok, and they are endangering the rest of us. Maybe if they are compelled to abide by fair use -- and why shouldn't they be? -- it will trim their appallingly hostile DRM schemes back to a bearable level. At least it will force them to concern themselves with their customers' rights, which they apparently don't know how to do on their own any more.


  


More Sony DRM Hijinks - Now It's MediaMax | 421 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Lame code seems to have been linked *accidentally* into Sony rootkit
Authored by: lamare on Tuesday, November 15 2005 @ 03:28 AM EST
New investigations finally prove that the Lame libary has been statically linked into the Sony DRM kit, as had been suspected before:

"Even though go.exe apparently does not contain any LAME code, a considerable amount of tables and constants from the LAME source files can be found in the go.exe file. Here's a list of the LAME tables I've been able to locate. The first column shows the hex address where the table can be found in the go.exe file, the second column shows the name of the table as it appears in the LAME source code and the third column shows the LAME source file where the table can be found."

It is absolutely remarkable that none of the actual Lame code seems to have made it into the investigated executable. In the talkback forum, a statistic analysis of the CPU instructions strengthens this hypothesis:

"I've created an opcode distribution list for the files lame_enc.dll and go.exe. The former uses tens of thousands of FPU instructions with fld being the 2nd most used instruction (only mov is used more often). The latter file, on the other hand, uses only a few hundred FPU instructions and there are 26 more frequently used CPU instructions before the 1st FPU instruction comes in the list."

That raises two questions:

1) Has the Lame library really been linked in by accident?

2) Does the LGPL apply? After all, a lot of LGPL licensed data is part of the executable.

[ Reply to This | # ]

Corrections here
Authored by: MathFox on Tuesday, November 15 2005 @ 03:31 AM EST
The non-anonymous thread...

---
When people start to comment on the form of a message, it is a sign that they
have problems to accept the truth of the message.

[ Reply to This | # ]

Off Topic thread
Authored by: MathFox on Tuesday, November 15 2005 @ 03:35 AM EST
For the Non-DRM legal and Open Source stuff.
Post in HTML mode for links, we appreciate a few lines describing where the link
leads to.

---
When people start to comment on the form of a message, it is a sign that they
have problems to accept the truth of the message.

[ Reply to This | # ]

The irony here is that ....
Authored by: Jude on Tuesday, November 15 2005 @ 03:36 AM EST
... when Sony's CD sales decline, they will almost certainly go whining to
lawmakers that piracy must be the cause and that even more draconian laws are
needed.

[ Reply to This | # ]

Sony to pull controversial CDs, offer swap
Authored by: lamare on Tuesday, November 15 2005 @ 04:02 AM EST
http://www.usatoday.com/money/industries/technology/2005-11-14-sony-cds_x.htm

"Sony BMG deeply regrets any inconvenience to our customers and remains
committed to providing an enjoyable and safe music experience," the company
said. Sony says more than 20 titles have been released with the XCP
copy-protection software, and of those CDs, over 4 million have been
manufactured, and 2.1 million sold.

Details about how long it will take to replace the XCP CDs and about its
consumer exchange program will come later in the week, Sony said.

[ Reply to This | # ]

As you point out, "fair use" is only a codification of de facto behaviour
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:26 AM EST
So by that very argument, Sony has every right to define new de facto behaviour
that will produce new case law that will in the future be codified into book
law. What goes around comes around.

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:30 AM EST

If it's indeed true that a driver is launched even if you decline the EULA, then surely you have not authorised the execution of that driver?

This being the case, this sounds to the layman very much like Unauthorised modification of computer material under the Comput er Misuse act 1990 here in the UK.

(1) A person is guilty of an offence if—(a) he does any act which causes an unauthorised modification of the contents of any computer; and (b) at the time when he does the act he has the requisite intent and the requisite knowledge.

(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—(a) to impair the operation of any computer; (b) to prevent or hinder access to any program or data held in any computer; or (c) to impair the operation of any such program or the reliability of any such data.(sounds like a pretty clear description of what their DRM does, doesn't it?)

(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorised. (if the EULA is declined, where would SONY be getting this authorisation?)

(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.

Anyone with a UK legal background able to comment?

[ Reply to This | # ]

when do the eula restrictions reply?
Authored by: endgueltig on Tuesday, November 15 2005 @ 04:31 AM EST
one of the remarks about the MediaMax software was,
Does MediaMax also create security problems as serious as the Sony rootkit’s? Finding out for sure may be difficult, since the license agreement specifically prohibits disassembling the software.
is this also true in the case where the user has explicitly refused an eula? if one refuses the terms of the license and the installer still installs the code, is it not an even stronger case than unsolicited mail? that is, cannot one do whatever one wants with it?

[ Reply to This | # ]

well you can certainly dissassemble it.
Authored by: Alan Bell on Tuesday, November 15 2005 @ 04:32 AM EST
The EULA forbids dissassembly, however if you said no to the EULA, then any
software installed can't be covered by it. In fact you have every right to use
all means to discover what the heck this mystery software is and what it does.

[ Reply to This | # ]

So, I can revere engineer it if I reject the EULA?
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:32 AM EST
The EULA says "no reverse engineering." I click "No",
because I don't like
agreeing to things like that. On my computer, before I reboot, there's a piece
of
software installed and running. There's no reason I can't reverse engineer it,
is
there?

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: elronxenu on Tuesday, November 15 2005 @ 04:36 AM EST
As each day passes, I'm increasingly glad I run linux.

[ Reply to This | # ]

In the end the artists are the ones who suffer more... :(
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:44 AM EST
I only hope that artists do see what's going on and that having any sort of
affairs
with THIS company only hurts THEM on the first place.

[ Reply to This | # ]

About (un)accepted EULA and disassembly
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:45 AM EST
If you do not agree to the EULA you are not bound by it. According to the law(s)
that apply(ies) you may (or may not) be allowed to disassemble or reverse
engineer the software. However, you are (probably) not allowed to distribute it.
The software, however despicable, is still covered by copyright law. That
includes (as far as I understand) publishing the disassembly. You can though
publish the algorithm(s) and explain what the software does (methods and
concepts you know).

Loïc, as IANAL as you can get

[ Reply to This | # ]

DVDs Too?
Authored by: Anonymous on Tuesday, November 15 2005 @ 05:12 AM EST
Call me a cynic, but I can't believe that this kind of thing is limited to audio
CDs and the playback software. Many DVDs shipped today have content on them that
is specifically tailored for PCs - including links to web sites and other
material [game demos, etc].

I'm too cynical to assume that a company that would put virus-like software on
Audio CDs would completely disregard the DVD scene.

Has anyone come across reports to confirm/disprove this theory?

[ Reply to This | # ]

  • DVDs Too? - Authored by: Anonymous on Tuesday, November 15 2005 @ 08:45 AM EST
  • DVDs Too? - Authored by: Jadeclaw on Tuesday, November 15 2005 @ 04:10 PM EST
    • DVDs Too? - Authored by: Anonymous on Wednesday, November 16 2005 @ 03:33 AM EST
About fair use
Authored by: Khym Chanur on Tuesday, November 15 2005 @ 05:32 AM EST
I thought that the fair use provisions only prevent the copyright holders from
suing you for exercising fair use, which means that technologically preventing
people from exercising fair use isn't against the law. (DMCA provisions which
criminalize the circumventing of DRM technology in order to exercise fair use is
another matter)

---
Give a man a match, and he'll be warm for a minute, but set him on fire, and
he'll be warm for the rest of his life. (Paraphrased from Terry Pratchett)

[ Reply to This | # ]

  • About fair use -- example - Authored by: Anonymous on Tuesday, November 15 2005 @ 11:26 AM EST
  • Correct - Authored by: Anonymous on Tuesday, November 15 2005 @ 12:08 PM EST
  • LLL ? - Authored by: Anonymous on Tuesday, November 15 2005 @ 03:50 PM EST
More Sony DRM Hijinks - Now It's MediaMax
Authored by: Anonymous on Tuesday, November 15 2005 @ 05:38 AM EST
Having read Sonys grudging climb down it struck me that if they refered to
people who bought their product as CUSTOMERS not CONSUMERS it might put them in
a better mind set !

M

[ Reply to This | # ]

Wired News: Boycott Sony
Authored by: heretic on Tuesday, November 15 2005 @ 06:19 AM EST
A lot has been written about this issue already. But a lot more needs to be said to ensure Sony gets the message: This kind of behavior can never be tolerated. It may be unrealistic to think many will heed this call, but someone’s got to say it: Boycott Sony. Boycott them until they come clean and recall all the infected CDs. Boycott them until they distribute a removal program. Boycott them until they promise never do anything like this again

link

[ Reply to This | # ]

How about FBI and DOD computer
Authored by: kb8rln on Tuesday, November 15 2005 @ 06:24 AM EST

I have work on DOD and FBI computers. All software that is install must be certificated and if and virus, spyware and rootkit are found the computer is remove and investigated. If it on the red network all h311 break loose. And the virus scanner/OS did not tell us about it.

I really think because we are at war. These people that worked on this needs to be convicted for treason. Think on what happen if some tank driver want to lisen to some music. Now there is a back door to kill the tank or the whole battle force because they are networked.

Richard Rager
PS: I have not been around because I have cancer. It mealoma stage 3 maybe 4. Less then 1% live 5 years.

---
Director Of Infrastructure Technology (DOIT)
Really this is my Title so I not a Lawyer.

[ Reply to This | # ]

Sony Canada seem to be a bit annoyed with their USA division
Authored by: TAZ6416 on Tuesday, November 15 2005 @ 06:42 AM EST
Vancouver Sun Article

I was going to buy the new Gorillaz album today, but it is copy protected (on EMI so not sure what technology they use) so I decided not to, even though I'm pretty sure I could get around it very easily by disabling autorun on my work Windows PC, or just use my home Linux PC. From now on I will never buy a copy protected CD.

Weird thing is, HMV had a non-copy protected version for £13.99 but the shop with the copy protected CD was £9.99, so there must be different versions of the CD out there.

Jonathan

Oscar The Grouch Does California, Nevada & Arizona

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: Stumbles on Tuesday, November 15 2005 @ 07:18 AM EST
So, if you design DRM, is there not a legal duty to incorporate those "certain limitations" into your scheme so as to make sure that those legal fair use rights are not only technically still possible but ensured?

It seems to me the notion and intent of DRM cannot meet that requirement. That's if you strip away all the marketing hype and other pleasentries DRM supporters want you to believe.

---
You can tune a piano but you can't tune a fish.

[ Reply to This | # ]

To be fair to Sony...
Authored by: cmc on Tuesday, November 15 2005 @ 07:40 AM EST
I can't believe I'm saying this, but let's be fair to Sony. We don't know for
sure why they went with these DRM schemes. Do I think they're truly innocent in
all this? Heck no. But I at least have to consider the fact that the Sony
execs who decided to go with these DRM schemes may not have known what the code
behind the DRM does. Sony could have given the specs for the DRM, or they could
have purchased the DRM not knowing that it installs even when rejecting the
EULA.

My point is, we don't have all the facts, so it would (in my eyes) be wrong to
place all blame on Sony. First4Internet and SunComm deserve just as much, if
not more, than Sony should get. Just as with the music, Sony is just the
distributor here. It *might* be that they just chose bad DRM methods.

Having said that, the Sony exec's comment on NPR about people not knowing what a
rootkit is, so why should they care... That's a whole different issue. I also
note that while Sony may not distribute any more of the
First4Internet-encumbered CDs, they have not said that they will recall those
already on store shelves, either. That also says a lot to me.

Bottom line: I will not purchase any copy- or content-"protected"
CDs. Ever. I have a large enough collection of music that I'll just keep
listening to my old stuff. Heck, I've even started listening to my cassettes
again. While I will not place the entire blame for this on Sony, their actions
and attitudes regarding this mess have caused me to boycott all of their
products, not just CDs. Sadly, as another commenter pointed out, they will
probably attribute their lost sales to "piracy".

cmc

[ Reply to This | # ]

Other parts of Sony are getting into trouble too
Authored by: Anonymous on Tuesday, November 15 2005 @ 07:50 AM EST
Sony and other manufacturers have been accused of asking online retailers for 10-15 per cent more for wholesale electronic goods than they charge their traditional counterparts.

Sony in internet 'price-rigging' rumpus - The Register.

[ Reply to This | # ]

"More Sony Problems to Be Revealed"
Authored by: Anonymous on Tuesday, November 15 2005 @ 09:21 AM EST

Several groups of privacy and security experts are expected to release research later today that points to multiple, serious security flaws present in "XCP," the anti-piracy software used on an undisclosed number of Sony BMG music CDs. (For the record, Security Fix observed that experts were busily searching for such flaws shortly after this whole fiasco began).

According to details provided by prominent security researcher Dan Kaminsky, the resulting public outcry could make Sony feel like the last two weeks of consumer backlash were a walk in the park.

Kaminsky will be unveiling research that indicates just how many computer networks have Sony's anti-piracy software installed on them.... Security Fix

Brian S.

[ Reply to This | # ]

Rootkit contains more binaries -- LAME code found!
Authored by: lamare on Tuesday, November 15 2005 @ 09:28 AM EST
Looks like there's more binaries in the rootkit. And those *do* contain more then just a bunch of tables!

See this slashdot post from muzzy:

"That only concerns GO.EXE, and while the analysis is correct for that executable, I checked for LAME references against every binary in the compressed XCP.DAT file after I managed to unpack it (thanks to freedom-to-tinker.com guys for providing description of the format). Turns out, there's more binaries including references to LAME, and this time there's actually code that uses the data as well. And not just LAME, there's also Id3lib included in one dll, and bladeenc and mpglib distributed along with the DRM. All of this is LGPL, it's code, and it's being used."

Congratulations, Muzzy!

[ Reply to This | # ]

GPL mpglib library also present
Authored by: Anonymous on Tuesday, November 15 2005 @ 10:06 AM EST
Continuation on details from muzzy: http://hack.fi/~muzzy/sony-drm/

I've just extracted the XCP.DAT that comes on the CD, and inside I've found the most wondrous stuff. I don't know if this is old news to anyone, but it appears there's stuff like mpglib.dll, some version of bladeenc dll, etc.

What that page misses is the fact that mpglib.dll is licensed under the GPL.
looking at the licence of lame: [sourceforge.net]


*** IMPORTANT NOTE ***

The decoding functions provided in LAME use the mpglib decoding engine which
is under the GPL
. They may not be used by any program not released under the
GPL unless you obtain such permission from the MPG123 project (www.mpg123.de).

[ Reply to This | # ]

"the license agreement specifically prohibits disassembling the software"
Authored by: pfusco on Tuesday, November 15 2005 @ 10:36 AM EST
I find this one line to be particuarly troublesome. What prevents virus writers and trojan makers from putting out a free peice of some useful program and adding a peice of Malware to a program. This line makes it totally illegal to check.

Oh wait!! My bad, Sony already did!

I have written my senator and congressman about these things and I have gotten on reply and that was a "Thank you for requesting information on how to reveive a copy of your free credit report"

Answer wasnt even in the same ballpark as the question Oh well. My tax dollars at work.

---
only the soul matters in the end

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: greybeard on Tuesday, November 15 2005 @ 10:36 AM EST
Thinking about the Sony/SunnComm nonsense. If one chooses to be a stickler for
legality given the EULA (and I don't personally feel very inclined to by bound
by a pledge given under false pretenses, that is to a liar); there is still the
interesting fact that the code is installed BEFORE the EULA is accepted.
Consequently, it seems to me that one would be perfectely free to disassemble,
reverse-engineer, and generally muck with that program in any way that
technology and ingenuity supports without violating a EULA that one has not
accepted. Any curious folks out there?

---
-greybeard-

[ Reply to This | # ]

UK - "MPs launch DRM consultation"
Authored by: Anonymous on Tuesday, November 15 2005 @ 10:40 AM EST

A UK inquiry into the implications of what has become 'a big issue for consumers' is underway.

The All Party Parliamentary Internet Group (APIG) is taking a closer look at digital rights management (DRM).... ZDnet UK

Brian S.

[ Reply to This | # ]

  • More on this. - Authored by: Anonymous on Tuesday, November 15 2005 @ 11:24 AM EST
    • Dinner party? - Authored by: Anonymous on Tuesday, November 15 2005 @ 12:04 PM EST
More Sony DRM Hijinks - Tech Support Must Keep Up
Authored by: Anonymous on Tuesday, November 15 2005 @ 10:42 AM EST
I have been charging a standard rate -- $125.00 per hour -- to clean up clients'
borked or owned home machines. I have now added an additional fixed fee --
$225.00 -- if the PC has been used to play certain infected music CDs.

My 'infected CD' list currently includes only the Sony BMG 'rootkit' releases.
I intend to refine and maintain this list as new information becomes available.
I encourage all user support businesses to do the same.

-Wang-Lo.

[ Reply to This | # ]

Fortunately, Vista will be ready...
Authored by: Anonymous on Tuesday, November 15 2005 @ 10:49 AM EST
... and all this (and more) will be built right into the OS. Instead of having to hack it in, it'll be right there for the media pushers to call on: safe and effective. Cool.

Seriously, I haven't seen much lately, but does anyone think MS is going to 'do the right thing?'. Here's a bit from one recent article (syndicated; here's one link)

At least one Microsoft watcher sees the company as caught between a rock and a hard place on the DRM issue. "Microsoft is trying to serve two masters, and that's not always an easy task," said Joe Wilcox, a senior analyst at Jupiter Research, "Master one is Hollywood and the content providers, who want their stuff protected. Master two is the consumer, who wants to be able to get at everything easily. And Microsoft's kind of caught in the middle. There are a lot of [DRM] mechanisms being proposed and implemented...

Poor Bill: "between a rock and a hard place". Such a dilemma. Well, I guess he'll just have to take money from both.

And don't journalists know their Bible anymore? (yes, I'm being scarcastic ;-) The whole point of that story is that "no one can serve two masters'. I think I can guess which master MS will serve and which one MS will hate.

I certainly hope that once DRM is done 'cleanly', people don't just go back to sleep. Maybe this SONY debacle and the secondary detonations will be enough to finally convince Joe Public that these corps are not our friends.

<Acknak

[ Reply to This | # ]

Sony's tactics are *not* the Holocaust...
Authored by: Anonymous on Tuesday, November 15 2005 @ 10:55 AM EST
Next we'll hear they have a Final Solution to the P2P problem.
Shame on whoever wrote that.

Go here to see what a real Final Solution is all about.

[ Reply to This | # ]

Disassembling the Software is Legal
Authored by: Anonymous on Tuesday, November 15 2005 @ 11:22 AM EST
If you don't accept the EULA, they still install the software. Now you have the software on your machine (as a result of their actions, but you're not bound by any EULA.

And you've even paid for it!

Go knock yourself out.

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: DeadlyOats on Tuesday, November 15 2005 @ 11:55 AM EST
It seems that the legality of DRM will be debated in the UK with an eye towards creating legislation that will balance out the needs of the media industry and the needs of consumers. They want interested parties to write in and present PRO / CON arguments with evidence or some such. Take a look at the link. article on The Register

[ Reply to This | # ]

We're focusing on Sony's music, what about their movies?
Authored by: DeadlyOats on Tuesday, November 15 2005 @ 12:00 PM EST
Well, if Sony is doing this with their music CD's, what about their movies on
DVD? Are there rootkits or some other software being installed without
permission when we watch a Sony DVD movie on our PC's?

[ Reply to This | # ]

Most users...?
Authored by: Anonymous on Tuesday, November 15 2005 @ 01:01 PM EST
"Most users would probably accept that media companies have some sort of
right to protect the product they sell, but hijacking a user's computer is
universally felt not to be part of those rights."

If ask if I am like "most users" according to this standard, then I
would have to answer no. Physics (stress/strain), economy (point of diminishing
returns), even art (good taste) have standard that describe qualitative shifts,
and I think that we have culturally passed one. Laws get revoked when they
exceed their Constitutional basis, and Copyright has done so. The basis for
patents and copyright is to *promote* arts and applied sciences by rewarding
those who develop original works and material. This is not what is happening.

Sony is not an artist with copyrights on original works. Sony is a distributor
who stands in the way of new works by small artists with a massive portfolio of
copyrights. Sony acquired all of these copyrights and produced none of the
works to which they hold copyrights. This acquisition was with the intent to
limit and control original works, not to promote them.

Our technology has exceeded the ability of these laws to be properly applied,
and the laws need to replaced. This is bad for free software, as well, because
the basis for free software to protect itself is that self-same, broken,
copyright law. Technology has really exceeded the abilities of law since the
radio was invented (they are allowed to broadcast their songs through my *body*,
but I'm not allowed to capture the signal?), but without accessible technology
at a similar level of advancement to record the signal, the risk to distributors
was small. Of course, now that is not the case.

When copyright was about a book, I purchased unlimited right to enjoy the story,
or learn from the knowledge and experience related therein. Sony and others are
trying to limit that right to the business model used by distributors of illegal
drugs: the fix is cheap (at first), the thrill intense (but fleeting), and
ultimately, addictive.

Just say no to Crap.

Geek Unorthodox

[ Reply to This | # ]

Im wondering now.................
Authored by: pfusco on Tuesday, November 15 2005 @ 01:13 PM EST
Has anyone thought about what they are doing with their CDR's and DVDR's?

Wonder if they are also infected?

---
only the soul matters in the end

[ Reply to This | # ]

So isn't this a criminal act?
Authored by: Jaywalk on Tuesday, November 15 2005 @ 01:48 PM EST
But before the agreement appears, MediaMax installs around a dozen files that consume more than 12 MB on the hard disk. ...These files remain installed even if you decline the agreement. One of them, a kernel-level driver with the cryptic name “sbcphid”, is both installed and launched.
As reprehensible as Sony's acts to date may have been, they have arguably stayed within the law. They avoid some of the copy protection issues by claiming to "license" the content. They also at least pretend to give notice to their spyware.

But now they're installing software without permission. How does this differ from knowingly shipping software with a Trojan Horse? Doesn't this qualify as "unauthorized access" to a computer? I'm pretty sure that's the wording in a number of state laws. It's in the Patriot Act as well, but it only applies to "protected" computers.

Which laws Sony broke depends on which computer somebody tried to play Sony's discs. But I don't see how they could have avoided breaking a bunch of them.

---
===== Murphy's Law is recursive. =====

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: Anonymous on Tuesday, November 15 2005 @ 01:53 PM EST
What happens when a person, rightfully purchasing a license to listen to the
music, attempts to play the disk(s) or copy the music tracks using linux?
Obviously the hijinks are based on Windows use. Just wondering...

[ Reply to This | # ]

Firewall
Authored by: Tufty on Tuesday, November 15 2005 @ 01:56 PM EST
A 'Deny' of license.sunncomm2.com just went on my firewall!


---
There has to be a rabbit down this rabbit hole somewhere!
Now I want its hide.

[ Reply to This | # ]

Here's the scary part about DRM.
Authored by: Stumbles on Tuesday, November 15 2005 @ 03:22 PM EST
This story about Sony violating peoples rights is only but the tip of
the iceberg called DRM. It is but an example of just what Microsoft
had in mind when first proposing such a concept., one I might add
was not fully thought through.


---
You can tune a piano but you can't tune a fish.

[ Reply to This | # ]

And the cure is worse than the cold.
Authored by: Jaywalk on Tuesday, November 15 2005 @ 03:39 PM EST
This story keeps getting better. Apparently Sony started distributing a "fix" that uninstalls their software. Unfortunately it leaves a security hole behind it that you could drive a truck through. According to this article it leaves behind a program to allow any web page to install any software on your computer. And an article in Wired says that it appears that roughly one in six networks on the Internet has at least one infected computer.

It will be interesting to see how much interest this story will garner in the populace at large.

---
===== Murphy's Law is recursive. =====

[ Reply to This | # ]

We should remember that copyright law is just one protection mechanism
Authored by: Anonymous on Tuesday, November 15 2005 @ 03:40 PM EST
Fair use is part of copyright law, is it not? So, if we are all going to be law-abiding, that means that copyright holders have to abide by the law, too, just like customers do. No?

Yes, fair use is fair use and should be protected. However, if one agrees to the notion of intellectual property and its protection, copyright is only one possible property right and property protection regime. There are trade secrets. There are contracts. These are just the ones codified in law. There are technological measures too. You could try to protect with all of these.

The music and movie industries appear to be eyeing contractual plus technological protection regimes next, having thought that the old copyright system didn't suit them anymore. This particular Sony chapter may just be a glimpse into the future where all music/movie access is possible only through contracts. The contracts would not need to preserve traditional fair use rights, so far as I can see. They would have you agree to have a technology watchdog oversee your uses. Don't agree? No culture for you, my friend.

Is that against fair use principles? In one sense: no, because while they're claiming copyrights they're just layering other protections on top, much as software has done for decades now. You know, I have a fair use right to create copies of my Windows XP CD, but fat load of good that does to me with the EULA and the activation mechanism. I'd have to break the law---or worse, my own word---to exercise my fair use rights. I've made that compromise in the past b but I won't in the future. They can keep that crap, thanks.

The question going forward is whether the buying public will be complicit in allowing this business model to work. Will they give up their fair use rights in order to keep buying (oops!, I mean "licensing") the music?

Sadly, I think so. The success of ITunes says it probably is so. Encrypted HD. Satellite radio. It points to the majority of consuming public not letting such issues worry them.

And I think the social contract notion of copyright will become effectively moribund. Some think copyrights are a natural or moral right. Others argue that it should be seen as a social contract: give the authors some limited rights in order to provide the motivation for increasing the public's wealth of creative output. Such a system might work as envisioned if the works are purchased as intellectual properties that come with a bundle of rights, including fair use. That bundle of rights is part of the bargain with the authors/publishers. If they refuse to pay it, some (including myself) would be tempted to think the deal is off. A broken social contract. In this sense the law is written to enforce only one part of the contract: the author rights, not the consumer rights.

So, because of this asymmetry in the implementation of the contract, the slow jettisoning of fair use rights is fine by the letters. Although Sony's particular try here is misguided, IMO, music can probably follow software into an era where it is protected by contract and technology. Movies are already halfway there with DVD encryption and the DMCA, remember. Books...well the printed form isn't there yet save for ebooks, but they might get there too.

[ Reply to This | # ]

Toying with an idea
Authored by: Nick Bridge on Tuesday, November 15 2005 @ 03:58 PM EST
I had an idea some time ago. The last generation of Pentiums didn't quite have the controls that this would require, but there were plans...

Anyway, here it is:

Some processors (PowerPC for example) have the ability to flag pages as executable. This gives the kernel the option of tagging which pages can contain executable code, and more importantly, which cannot.

The point is, with an kernel like Linux, it would be possible to give the OWNER of the hardware complete control over what can run and what cannot.

The idea is to only allow digitally signed code to execute.

When a program is loaded onto the computer for the first time, it won't run. The user (or other entity, see below for other schemes) will have to authorize the program. This can be a simple process.

This means that injecting code into an area not tagged for execution will necessarily fail. Modifying areas of code that ARE tagged, will UNTAG them, causing the entire page to be untagged, and giving control to the kernel. Depending on the code being exploited, this could result in an app simply being terminated, or if it were the kernel itself, am oops or panic.

This would prevent any unauthorized code from being installed, or even run on your computer.

It would not be able to distinguish between authorized malicious authorized code and benign authorized code, but see below for finer-grained controls.

Other logistics:
It is possible, in this type of scenario, to allow a central signing facility in the network. This would allow programs to be signed by an IT department, and then distributed to the nodes on the network. Each user would not have to sign everything themselves.

It would also allow "presigned" code, such that the signer could be trusted or untrusted. ie everything from Novell could be trusted, but not from (to pick a name completely at random!) Sony - or anyone else.

You could still build your own programs and apps - just sign each one yourself before executing it.

In addition to these, each signigture could be associated with a role, such that different kinds of activities would be allowed. So far I have mentioned execution, but you could give the user even more control than that. For example, a program could have execution rights, but ONLY under a particular user id. Without root access, the program can do limited damage.

The program could be disallowed direct access to networking functions, such as sockets; or access to install into the kernel like a rootkit; or access to hardware.

Certain programs could be allowed to bestow come level of access automatically. An example would be a browser (Firefox) automatically allowing a plugin access to graphics and sound, but without the "bestowing" capability of the browser.

To conclude, we could use the identical technology underlying DRM, to empower us. And in an open manner - not like the oft-cited Trojan Horse.

[ Reply to This | # ]

So is it a "CD" then?
Authored by: Anonymous on Tuesday, November 15 2005 @ 04:57 PM EST
ISTR that the term Compact Disc is protected by Philips (and perhaps even Sony?) trademark, so is a similar flat object which does not comply with that specification but holds additional spyware etc, actually a CDTM?

I also seem to recall from some website or other these last few days that it would not.

In that case, it may simply be a case of checking the case for the "CD" logo.

-Roland (IANAL, & I have a poor memory span)

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: Anonymous on Tuesday, November 15 2005 @ 05:11 PM EST
Pict ure speaks very loud!

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: jws on Tuesday, November 15 2005 @ 06:03 PM EST
What all this will lead to is probably the reason that Microsoft's Vista is
delayed. I have read a lot about the Media center type systems that Microsoft
envisions, and fear that most of the delay will turn out being time to allow the
DRM to be fully integated everywhere.

The only other shoe to drop will be when does Congress outlaw running anything
without verifyable DRM included. Already access to video is compromised without
DRM, probably a clue as to what lies ahead.

All of the current hue and cry is only to be tolerated by the media companies
until the "right" solution is out. This is all a smoke screen to keep
everyone busy till it's too late to ensure that products can be fully used
without meddling by these corporations with idiotic "features" making
DRM type compromises or disables.

[ Reply to This | # ]

what about states where eulas are not enforceable?
Authored by: Anonymous on Tuesday, November 15 2005 @ 06:43 PM EST
there has been much discussion on whether people have the right to disassemble
the binaries as the eula states this is not allowed.

just a couple of thoughts:

1 - sony violated the eula before it was even presented likely making it
unenforceable; anywhere.

2 - not every state/country holds eulas to be valid instruments. in these
states/countries, sony has likely violated a number of criminal statutes by
altering a person's property without consent.

i've been waiting for them to go too far for a while now. perhaps they finally
have. if joe schmoe were to do this he would be considered an 'hacker' and would
be facing serious charges. why should a corporate 'entity' be treated any
differently?

sum.zero

[ Reply to This | # ]

What happen if you play this rogue CDs on other's machines?
Authored by: Anonymous on Tuesday, November 15 2005 @ 06:52 PM EST
I attent a University and we have permission to play CDs while using the
computer but it is strictly forbidden to install any software whatsoever.

So what happends when I use one of these CDs at the University computers? Or
what happens when someone uses one at their workplace? Am I liable for
installing rogue software? Am I liable if I did not know? Now that I know, am
I liable if I use one of these CDs as it isn't really me installing this rogue
code - I'm just intending to listen to the music as permitted.

[ Reply to This | # ]

Use Live CD to play music, DVD's
Authored by: Anonymous on Tuesday, November 15 2005 @ 06:59 PM EST

Might want to use Knoppix or some other live CD to play music and DVD's on. The
spyware gets installed into RAM instead of the hard drive. (Might want to unplug
the hard drive as a precaution, too.)

[ Reply to This | # ]

UF:Specially for PJ and the team
Authored by: Anonymous on Wednesday, November 16 2005 @ 07:25 AM EST
<a
href="http://ars.userfriendly.org/cartoons/?id=20051116">UF</a&g
t;

[ Reply to This | # ]

More Sony DRM Hijinks - Now It's MediaMax
Authored by: Anonymous on Wednesday, November 16 2005 @ 09:04 AM EST
There is basically only one way to cope with the music industry, and especially
Sony music: STOP BUYING THEIR CD's.
Depriving these folks of their revenue is the only way to make a statement that
will be heard and reacted upon.

Picture a 3 month complete boycot of Sony Music, backed by information sent
their way, explaining why they are being stripped of their income.

That would be a statement they couldn't ignore.

[ Reply to This | # ]

Sony's position seems resonable to - guess who - I would think
Authored by: Anonymous on Thursday, November 17 2005 @ 04:38 AM EST

5. In encoding the disks XCP, Sony and F4i have decided that their intellectual propery is more deserving of protection than the intellectual property and personal information on millions of personal computers worldwide.

Certainly, Sony and F4i cannot be faulted for reaching that conclusion, after listening to our fine Federal Government, in the form of one Senator Orin Hatch:

Senator OK with zapping pirates' PCs (June 2003 story at Cnet)

[ Reply to This | # ]

Now It's MediaMax - more problems in the UK
Authored by: Anonymous on Thursday, November 17 2005 @ 05:56 PM EST
"...they transmit information about user activities to SunnComm despite statements to the contrary in the end user license agreement and on SunnComm's web site."

If this is true, then the said CD also falls foul of the very first part of the Comput er Misuse Act 1990:
1.--(1) A person is guilty of an offence if--
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.

(2) The intent a person has to have to commit an offence under this section need not be directed at--
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.

(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
Sending data "home" without your permission is without much doubt securing unauthorised access to data on the system?

[ Reply to This | # ]

Boycott Sony
Authored by: Anonymous on Friday, November 18 2005 @ 12:11 AM EST
Not forever, just until Jan. 02 /05.

If Sony misses out on the Christmas rush perhaps they, and the rest of the crooked E! industry, will figure out that their customers don't like to be harrassed.

[ Reply to This | # ]

Implications !?
Authored by: Anonymous on Friday, November 18 2005 @ 08:04 AM EST
Call me dense or cynical if you like, but I feel that the "Sony case" may have far-reaching adverse implications.

I imagine the following response from what I will call the "Corporate Point of View", and the "Legislative Point of View", and because of that I have a rather bleak view of the impact of the "Sony case".

I base this on the following thoughts:

  • Neither the reason nor the justification for having DRM was never called into question throughout the "Sony case". (both corporate and legistlative point of view)
  • The "Sony case" merely showed the adverse results of trying to retrofit DRM on an "Open" system, read a system that wasn't built to support DRM from the ground up. (MS-Windows)(Corporate point of view)
  • It therefore makes a strong case for "Trusted Computing", where all the DRM is embedded in the hardware. (Corporate point of view). (see e.g. here, here , and here )
  • After "Trusted Computing" enters the marketplace, non-Trusted computer systems may be viewed with suspicion (corporate oint of view), and might therefore even be outlawed for consumers (legislative point of view).

    In summary I fear therefore that all the "Sony case" will do is:

  • 1) to make the case to corporations and legislature alike that retrofitting DRM on "Open" systems won't work
  • 2) that _therefore_ the mandatory use of "Trusted" computing is required.

    Any comments?

    [ Reply to This | # ]

  • Artists get double pay?
    Authored by: Anonymous on Friday, November 18 2005 @ 03:18 PM EST

    Do the artists get double payment for all the CD's that Sony says they are going
    to replace? I mean this might be good for some of the artitsts?

    [ Reply to This | # ]

    rootkit defence against RIAA?
    Authored by: Anonymous on Saturday, November 19 2005 @ 04:02 PM EST
    Now that all these people have been rooted. Can they use that as a defence when
    the RIAA comes calling saying that they have pirated music on their machine?

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )