Eliot Spitzer Discovers Sony BMG's Rootkit
from the uh-oh dept
Perhaps the scariest sentence any company exec can hear these days is that their company is being investigated by NY Attorney General Eliot Spitzer. While Sony may have initially brushed off the rootkit issue by saying that it didn't matter since no one knew what a rootkit was, it appears that Spitzer is now quite familiar with rootkits and that's probably not good news for the Sony BMG. Texas's Attorney General led the way by suing Sony BMG pretty quickly -- but Spitzer's reputation for coming down hard on companies that he believes have done something wrong can't be pleasant news for the record label that kept trying to tell everyone there was no problem at all.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Recall?
It's fallen off the radar as far as most of the press goes; I think they announced it just to get everyone to shutup, and now are waiting for the furor to die down before introducing something equally nefarious.
[ link to this | view in chronology ]
Re: Recall?
[ link to this | view in chronology ]
Spitzer Rocks
Sony should be shaking in their boots now. as bad as this situation is I hate to say it but I think it needed to happen for masses and the artists and the labels to really understand how bad DRM is. This would really be funny if Metallica was on Sony after their whole Napster stance and it was their sales that disintegrated during the holiday season.
[ link to this | view in chronology ]
DRM isn't the problem, actually...
DRM is just a tool that will keep most people in line, as long as it isn't used to degrade the user's experience. For a good example, look at Apple's DRM in iTunes. I can easily copy files to my iPod, and the DRM keeps casual users from doing the wrong thing (stealing music).
Just like a door lock isn't going to keep out a determined criminal that can just bust the door down, DRM shouldn't be trying to be installing rootkits or otherwise be invasive on my system. It's painful enough trying to open the damned CD's from their wrappers (they are more difficult to open than "child proof" prescription bottles!), but consider how you'd feel if you had to submit to fingerprint identification, have the image of your retina scanned, and produce a credit card before you could play your CD on your stereo. If this was the case, you'd find another vendor that doesn't have such bothersome restrictions very quickly.
One of the things that people always claim was that Napster's biggest benefits to the music companies was to allow people to hear music that their friends were listening to. A lot of people that downloaded also purchased the CD, since they have cars and living rooms, and don't want to just listen to music on their computer. However, the music companies just weren't getting their cut, and that angered them. They felt that people sharing music somehow made them poorer, so they claimed lost sales (while CD sales were still increasing), and trotted out "the poor artists" that weren't getting paid their penny-per-CD, and then extorted money from illegal uploaders and don't pay a single penny to any of those "poor artists."
Right now, the record companies are their own biggest problem. The only thing from having them completely out of the picture are those slave-contracts that they make artists agree to so that the artists don't try anything stupid, like trying to sell their own music to their own public, removing the middle man entirely.
How much longer will the status quo last? I don't think it's going to be long. There are forward thinking people out there, and the artists aren't dumb. They're underpowered right now, but that's how revolutions start!
And we have people like Mr. Spitzer to help whittle the music companies down...!
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
But see, you are missing the point. Anything that keeps me from using the music I paid for, the way I want, is degrading the user experience. Shoot, if I want to hack apart the audio and rearange it in a 'mix tape' or something, I should be able to. If I want to burn them onto an MP3 CD so I can play it in my car, I should be able to. I paid the insane $20 for a Cd, I should have my fair use rights allowed by law.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
I can put it onto my iPod. I can put it into any kind of playlist that I want. The only thing I can't do is export the songs to an audio-CD, since I didn't purchase a CD version of that song.
With iTunes I can, however, extract songs from any of my CDs, and rip them into AAC (DRM-encoded), MP3 files, or even WAV files (if I want to use Audacity to add effects to the song, or make my own DJ-rip for my upcoming rap video). MP3 and WAV files do not have any rights management on them! The music labels seem to be happy with iTunes (except for being able to charge premiums for new hits at the iTunes music store).
What can't I do with it?
If you paid the $20 for your CD, you can do what you want with it, short of selling the songs as your own work. I'm not talking about the DMCA here, but DRM in general.
I've seen few DRM systems that were so foolproof that there couldn't be a way around them. That's why the Sony "rootkit" story caught my eye... they went WAY to far out on a limb there. Most other DRM systems can easily be defeated, except when you start getting into TPI... which will have many people complaining loudly.
As I said, Sony's DRM went too far, and now they are going to have to pay Mr. Spitzer and the nice folks in New York. And Texas. And California... (!!!)
Don't paint all DRM systems with the same paint roller. There are good implementations, and there are bothersome implementations. There may even be, some day, an implementation that's actually fair to the artists and not necessarily the music labels. Wouldn't you prefer paying your favorite group ten bucks for a dozen songs, knowing that they'll get all ten bucks rather than the pennies they make on those twenty dollar CDs you are buying now? What do you think the average artist would say?
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
What version of iTunes are you running? You're allowed to burn your downloads to audio CDs with no DRM. There is a limit to the maximum number of times you can burn each track, but once you've got it on CD, it's totally DRM Free.
Now, there are still copyrights in place and you can't legally rip it back and share the .MP3 file on P2P services, etc. but there is no restriction in iTunes that prevents you from enjoying the music you paid for.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
[ link to this | view in chronology ]
DRM and Copyrights
Too bad Congress keeps extending copyright. Its all Disney's fault actually. Remember they started animating Mickey Mouse in the 1930s, and every time its copyright is about to expire, congress extends the law. Cause we all know the world would end if someone starts making cheap Mickey Mouse rip-offs.
[ link to this | view in chronology ]
Re: DRM and Copyrights
And just what rights and whos rights is DRM protecting? The artist? Not likely. Most of them are upset about the Sony situation. The user? if you call limiting the way you can use a product protecting your rights. Removing the right of sale, protecting your rights.
The "people" we are protecting with DRM are fat cat execs pulling in multi-million dollar salaries. Do these people NEED protected? This countries whole sense of what's right and wrong is all screwed up. It's right to allow the rich to get richer by forcing us working stiffs to buy multi-formats for the product we want to use. (this is where DRM is headed.)
Examples:
iTunes downloads can only be used on the program iTunes or on your iPod. I'm really surprised more lawsuits haven't gone after them for market lock-in.
The PSP discs are non-recordable thus if you want to watch the movie on your DVD player you have to purchase it twice.
The corporations want two things:
1) more money. What we're giving them is not enough. Those fat cats need a second yacht.
2) more power. They want absolute control over how we use the information. Sure right now you can record a CD from the songs you buy on iTunes, but how long will that last? Apple has already changed the DRM to lessen the number from 10 to 7.
Do you think the next version of Apple's fairplay will be as fair?
Do you think Steve Jobs needs more wealth?
[ link to this | view in chronology ]
Fairplay = fair
itunes, i think is fair in the current business model. You buy a song and it's yours, copy it, rip to ipod, burn to cd in whatever format you want... and the record industry is happy.
and itunes that implements fairplay is fine by me. there's no root kit on my system, there's no spyware, adware or other undesirable junk. there are no gaping security holes left on my machine.
so i'd love to see apple licence out fairplay to whoever need to use it! ok, ipod sales may take a hit (but i suspect not much of a one) - but just hink of the boom to itunes sales... and sudeenly everything would work together... mobile phones, sony walkmans, ipods, creative products.
but it's not going to happen. the whole industry is killing itself with it's own greed and blaming the consumer. SAD
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
I'm listening to Lee Scratch Perry on Myspace right now ;)
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
Well, they have you hook, line, and sinker.
A CD with any DRM at all, when compared to a CD with no DRM is a degredation of experience, period.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
What if trojan decides they want the birth rate to go up so the remove spermacide from condoms, think it will keep you in line and make you a good god-faring baby making little american lackey...
For the Record, the DRM is the first step in moving to a much more invasive method of CD protection. Like Software registration, disabling the ability to play a song if you are not connected to the internet. Or for god sakes a program that sends info back to the parent company letting them know you have ripped 1 copy of their CD and keeping a registration database..
Considering that if we let people like you at the helm we will be setting a clear course for hell.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
You can say that it is your right to break the law and freedom dictates that one can not restrict you from breaking the law only punish you after you do it but that is just ridiculous. We place locks on doors and alarms on cars. We create legislation defining safe conduct for individuals and companies. I have a right to protect my property from thieves as do companies and until you place down the cash on the counter the CDs still belong to someone else.
Remember, freedom dictates that they can do anything they wish as well. Freedom doesn’t just stop at your doorstep. If they break any laws while using their “freedom” they should be punished but they can freely exercise their freedoms when it comes to their property, right?
I am sure it sounds like I am a fan of the music industry but I am not. I don’t agree with what they are doing but I don’t go around thinking I have a right to dictate to them what they should be doing with their property. Just like I don’t think they should be dictating what I can do with mine. If I don’t like how a company acts I just do not buy from that company. Yes, it is a sacrifice but I am not so pathetic that I NEED to buy that next Metalica CD. If you really don’t like how Sony does business don’t buy Sony CDs. But that won’t happen. Not for any length of time anyways. Too many people complain about Sony then give them more money to fund the company’s escapades. That would be contributing to the problem!
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
The "We" in your analogy is the consumer [or at the behest of the consumer], and as such, your analogy is inccorect.
Otherwise, you're sorta fairly on track.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually...
and so is my spelling. OOOPS!
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually... - append
What if trojan decides they want the birth rate to go up so they remove spermacide from condoms, think it will keep you in line and make you a good god-faring baby making little american lackey...
For the Record, the DRM is the first step in moving to a much more invasive method of CD protection. Like Software registration, disabling the ability to play a song if you are not connected to the internet. Or for god sakes a program that sends info back to the parent company letting them know you have ripped 1 copy of their CD and keeping a registration database..
Considering that if we let people like you at the helm we will be setting a clear course for hell.
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually... - append
If you took that SONY CD with the rootkit installer, put it into a Windows PC that did not have AUTORUN set, ran a ripper program, you would have gotten every song on the CD without having the rootkit installed. The insidiousness of SONY's DRM was to make it LOOK like it was simply playing a CD when it was really doing something bad to your operating system.
If you claim that every form of DRM allows "some nitwit with a god complex [to] rule over how [you] can use [your] machine," then may I ask how you have tested each and every type of DRM algorithm to find this to be true? My posting only claimed that not all DRM is bad, and I used Apple's DRM as an example of a non-invasive implementation. Now, say what you want about Apple's licensing of its DRM, but the DRM itself isn't all that bad. Apple will allow you to transfer your legally purchased iTunes songs to another computer (up to a couple of times a year, I've heard). That doesn't sound anywhere near as nefarious as SONY's installation of a rootkit without warning. That was my point.
If everybody rejects all forms of DRM, then we are only setting ourselves up to have it forced on us via fiat. Instead, find a technology that you can live with and support it. If none of them currently appeal to you, then feel free to protest or help come up with ways to make it fairer.
In my previous post, I said that a great DRM would allow the artists to get all the money. Do you really have a problem with that? Wouldn't you feel better knowing that the artists are being fairly compensated while at the same time allowing you to do whatever you want with the music?
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually... - append
WHAT??? The average person in this/your scenario HAS ALREADY BOUGHT THE DAMN MUSIC!
[ link to this | view in chronology ]
Re: DRM isn't the problem, actually... - append
DRM is not going to do this. DRM will only perpetuate a bad business that has over and over been proven to unfairly compensate its artists and literally screw over many.
What will bring about the compensation of artists is the death of said music business and something that places the consumer and the artist in closer, or in direct, contact with each other!
This is all so stupid. The only thing that the music industry can supply to artists anymore is exposure. There are other ways to distribute music now, meh, it distributes itself!
Artists that a sullied with contracts to "the man" will suffer for a period. The next generation [who learn to create a relationship with their fans] that understands and promotes appreciation and loyalty will prosper.
You cannot regulate and enforce this loyalty or appreciation. It has to be engendered. Any attempts otherwise will quash it.
[ link to this | view in chronology ]
infected by (Sony!) DRM...
infected by (Sony!) DRM...
infected by (Sony!) DRM...
[ link to this | view in chronology ]
No Subject Given
Ha!
hope those "disguises" didnt set the tax payers back too much
[ link to this | view in chronology ]
No Subject Given
The music "industry" does [did] not sell music. Never did. They sell [or used to...] objects that happen to have music on them. i.e. LP's, Cassettes, CD's...
DRM is a bandaid for a business model that evaporates once the music is freed from its object.
Everything about their business model revolves around objects. Music is now data. Data is not an object. DRM is an "attempt" to employ real world restrictions on a virtual entity.
The music industry's business model is broken. It cannot be fixed. Yet, they refuse, with the niavety of luddites, to see, accept, and move on to develop new models and strategies. It is an ultimate irony. The music industry feeds on the creativity of others, yet has absolutely none of its own.
[ link to this | view in chronology ]
Spitzer's sued them before
[ link to this | view in chronology ]
No Subject Given
[ link to this | view in chronology ]