Eliot Spitzer Discovers Sony BMG's Rootkit

from the uh-oh dept

Perhaps the scariest sentence any company exec can hear these days is that their company is being investigated by NY Attorney General Eliot Spitzer. While Sony may have initially brushed off the rootkit issue by saying that it didn't matter since no one knew what a rootkit was, it appears that Spitzer is now quite familiar with rootkits and that's probably not good news for the Sony BMG. Texas's Attorney General led the way by suing Sony BMG pretty quickly -- but Spitzer's reputation for coming down hard on companies that he believes have done something wrong can't be pleasant news for the record label that kept trying to tell everyone there was no problem at all.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Dave Walker, 29 Nov 2005 @ 4:24am

    Recall?

    Has anyone seen any evidence of Sony's recall actually proceding? I was in my local Walmart yesterday, and all the titles I could remember to check were still on the shelves there.

    It's fallen off the radar as far as most of the press goes; I think they announced it just to get everyone to shutup, and now are waiting for the furor to die down before introducing something equally nefarious.

    link to this | view in chronology ]

    • identicon
      kingmanor, 29 Nov 2005 @ 4:31am

      Re: Recall?

      Yes its absolutely ridiculous that these CDs are still on store shelves. Maybe they thought they could do it after the holiday season. They have lied about how bad it was, lied about their involvement, and lied about their solution. Sony keeps screwing up at every turn, every chance they have to make it right. Spitzer's warning will do more to move this along, as I'm sure he sent this to all the major music retailers in the state, and they would not want to be complicit in letting consumers get bad CDs. Sony should buy ads on MTV listing the CDs involved and a website or phone# where to get info on the recall. It may make them look better in front of a Judge (or two in NY and TX, so far...)

      link to this | view in chronology ]

  • identicon
    kingmanor, 29 Nov 2005 @ 4:24am

    Spitzer Rocks

    I love this guy. Wall Street doesn't take the SEC seriously sometimes, not caring about illegality when you can pay a $5 million fine on a $5 billion deal. But as the stock exchanges are physically in NY State, he goes after them with the state laws. Its not just Wall Street, he takes on a lot of consumer issues, partly to beef up his resume when he runs for governor, but also because they should get taken up, no matter what the pretense. I hope he will be as good as NY Governor (no one doubts he will win) as Rudy Giuliani was a Mayor (also former NY AG), and that the next NY AG is as good as he was.

    Sony should be shaking in their boots now. as bad as this situation is I hate to say it but I think it needed to happen for masses and the artists and the labels to really understand how bad DRM is. This would really be funny if Metallica was on Sony after their whole Napster stance and it was their sales that disintegrated during the holiday season.

    link to this | view in chronology ]

  • identicon
    lar3ry, 29 Nov 2005 @ 7:06am

    DRM isn't the problem, actually...

    Usually, I take sides against the RIAA, but the statement made above that DRM is wrong is missing the boat entirely.

    DRM is just a tool that will keep most people in line, as long as it isn't used to degrade the user's experience. For a good example, look at Apple's DRM in iTunes. I can easily copy files to my iPod, and the DRM keeps casual users from doing the wrong thing (stealing music).

    Just like a door lock isn't going to keep out a determined criminal that can just bust the door down, DRM shouldn't be trying to be installing rootkits or otherwise be invasive on my system. It's painful enough trying to open the damned CD's from their wrappers (they are more difficult to open than "child proof" prescription bottles!), but consider how you'd feel if you had to submit to fingerprint identification, have the image of your retina scanned, and produce a credit card before you could play your CD on your stereo. If this was the case, you'd find another vendor that doesn't have such bothersome restrictions very quickly.

    One of the things that people always claim was that Napster's biggest benefits to the music companies was to allow people to hear music that their friends were listening to. A lot of people that downloaded also purchased the CD, since they have cars and living rooms, and don't want to just listen to music on their computer. However, the music companies just weren't getting their cut, and that angered them. They felt that people sharing music somehow made them poorer, so they claimed lost sales (while CD sales were still increasing), and trotted out "the poor artists" that weren't getting paid their penny-per-CD, and then extorted money from illegal uploaders and don't pay a single penny to any of those "poor artists."

    Right now, the record companies are their own biggest problem. The only thing from having them completely out of the picture are those slave-contracts that they make artists agree to so that the artists don't try anything stupid, like trying to sell their own music to their own public, removing the middle man entirely.

    How much longer will the status quo last? I don't think it's going to be long. There are forward thinking people out there, and the artists aren't dumb. They're underpowered right now, but that's how revolutions start!

    And we have people like Mr. Spitzer to help whittle the music companies down...!

    link to this | view in chronology ]

    • identicon
      Mike, 29 Nov 2005 @ 7:40am

      Re: DRM isn't the problem, actually...

      DRM is just a tool that will keep most people in line, as long as it isn't used to degrade the user's experience.

      But see, you are missing the point. Anything that keeps me from using the music I paid for, the way I want, is degrading the user experience. Shoot, if I want to hack apart the audio and rearange it in a 'mix tape' or something, I should be able to. If I want to burn them onto an MP3 CD so I can play it in my car, I should be able to. I paid the insane $20 for a Cd, I should have my fair use rights allowed by law.

      link to this | view in chronology ]

      • identicon
        lar3ry, 29 Nov 2005 @ 8:03am

        Re: DRM isn't the problem, actually...

        I download a song from iTunes.

        I can put it onto my iPod. I can put it into any kind of playlist that I want. The only thing I can't do is export the songs to an audio-CD, since I didn't purchase a CD version of that song.

        With iTunes I can, however, extract songs from any of my CDs, and rip them into AAC (DRM-encoded), MP3 files, or even WAV files (if I want to use Audacity to add effects to the song, or make my own DJ-rip for my upcoming rap video). MP3 and WAV files do not have any rights management on them! The music labels seem to be happy with iTunes (except for being able to charge premiums for new hits at the iTunes music store).

        What can't I do with it?

        If you paid the $20 for your CD, you can do what you want with it, short of selling the songs as your own work. I'm not talking about the DMCA here, but DRM in general.

        I've seen few DRM systems that were so foolproof that there couldn't be a way around them. That's why the Sony "rootkit" story caught my eye... they went WAY to far out on a limb there. Most other DRM systems can easily be defeated, except when you start getting into TPI... which will have many people complaining loudly.

        As I said, Sony's DRM went too far, and now they are going to have to pay Mr. Spitzer and the nice folks in New York. And Texas. And California... (!!!)

        Don't paint all DRM systems with the same paint roller. There are good implementations, and there are bothersome implementations. There may even be, some day, an implementation that's actually fair to the artists and not necessarily the music labels. Wouldn't you prefer paying your favorite group ten bucks for a dozen songs, knowing that they'll get all ten bucks rather than the pennies they make on those twenty dollar CDs you are buying now? What do you think the average artist would say?

        link to this | view in chronology ]

        • identicon
          Nathan, 29 Nov 2005 @ 8:40am

          Re: DRM isn't the problem, actually...

          You can't listen to your iTune on any device other than one Apple has given its blessing to. That is a big problem for lots of us who don't want to pay the hefty price for the Apple name brand.

          link to this | view in chronology ]

        • identicon
          Oliver Wendell Jones, 29 Nov 2005 @ 8:42am

          Re: DRM isn't the problem, actually...

          I can put it onto my iPod. I can put it into any kind of playlist that I want. The only thing I can't do is export the songs to an audio-CD, since I didn't purchase a CD version of that song.

          What version of iTunes are you running? You're allowed to burn your downloads to audio CDs with no DRM. There is a limit to the maximum number of times you can burn each track, but once you've got it on CD, it's totally DRM Free.

          Now, there are still copyrights in place and you can't legally rip it back and share the .MP3 file on P2P services, etc. but there is no restriction in iTunes that prevents you from enjoying the music you paid for.

          link to this | view in chronology ]

        • identicon
          kingmanor, 29 Nov 2005 @ 8:55am

          Re: DRM isn't the problem, actually...

          The record labels happiness with iTunes success is only for the music store, not the actual program. Who cares that it can rip non-DRM MP3s and WAVs? There are hundreds that will. If the record labels were so happy with programs that can rip a CD you lawfully purchased, then they wouldn't need to put DRM on it. If you pay $20 with a CD you cannot do what you want with it, if it has DRM.

          link to this | view in chronology ]

          • identicon
            kingmanor, 29 Nov 2005 @ 9:04am

            DRM and Copyrights

            And what happens when the Copyrights expire, which they eventually will. Technically, all DRM should stop at that point because it is in the public domain. It would be great to see cheap compilations of old songs with expired copyrights, just like Barnes&Noble sells cheap classic literature (you think that Shakespeare book would be $2 if he wrote it today?).

            Too bad Congress keeps extending copyright. Its all Disney's fault actually. Remember they started animating Mickey Mouse in the 1930s, and every time its copyright is about to expire, congress extends the law. Cause we all know the world would end if someone starts making cheap Mickey Mouse rip-offs.

            link to this | view in chronology ]

            • identicon
              thirst4knowledge, 29 Nov 2005 @ 9:22am

              Re: DRM and Copyrights

              Public domain unfortunately is dead. I doubt we'll see anything copyrighted within the last century (especially the latter half) go into public domain.

              And just what rights and whos rights is DRM protecting? The artist? Not likely. Most of them are upset about the Sony situation. The user? if you call limiting the way you can use a product protecting your rights. Removing the right of sale, protecting your rights.

              The "people" we are protecting with DRM are fat cat execs pulling in multi-million dollar salaries. Do these people NEED protected? This countries whole sense of what's right and wrong is all screwed up. It's right to allow the rich to get richer by forcing us working stiffs to buy multi-formats for the product we want to use. (this is where DRM is headed.)

              Examples:

              iTunes downloads can only be used on the program iTunes or on your iPod. I'm really surprised more lawsuits haven't gone after them for market lock-in.

              The PSP discs are non-recordable thus if you want to watch the movie on your DVD player you have to purchase it twice.

              The corporations want two things:

              1) more money. What we're giving them is not enough. Those fat cats need a second yacht.

              2) more power. They want absolute control over how we use the information. Sure right now you can record a CD from the songs you buy on iTunes, but how long will that last? Apple has already changed the DRM to lessen the number from 10 to 7.

              Do you think the next version of Apple's fairplay will be as fair?

              Do you think Steve Jobs needs more wealth?

              link to this | view in chronology ]

        • identicon
          Boo, 30 Nov 2005 @ 1:27am

          Fairplay = fair


          itunes, i think is fair in the current business model. You buy a song and it's yours, copy it, rip to ipod, burn to cd in whatever format you want... and the record industry is happy.

          and itunes that implements fairplay is fine by me. there's no root kit on my system, there's no spyware, adware or other undesirable junk. there are no gaping security holes left on my machine.

          so i'd love to see apple licence out fairplay to whoever need to use it! ok, ipod sales may take a hit (but i suspect not much of a one) - but just hink of the boom to itunes sales... and sudeenly everything would work together... mobile phones, sony walkmans, ipods, creative products.

          but it's not going to happen. the whole industry is killing itself with it's own greed and blaming the consumer. SAD

          link to this | view in chronology ]

    • identicon
      PJ Brunet, 29 Nov 2005 @ 7:48am

      Re: DRM isn't the problem, actually...

      The new music middleman is more like a hosting/blogging/Myspace wiz.
      I'm listening to Lee Scratch Perry on Myspace right now ;)

      link to this | view in chronology ]

    • identicon
      Joe Schmoe, 29 Nov 2005 @ 8:03am

      Re: DRM isn't the problem, actually...

      DRM is just a tool that will keep most people in line, as long as it isn't used to degrade the user's experience.

      Well, they have you hook, line, and sinker.

      A CD with any DRM at all, when compared to a CD with no DRM is a degredation of experience, period.

      link to this | view in chronology ]

    • identicon
      Serenity, 29 Nov 2005 @ 9:39am

      Re: DRM isn't the problem, actually...

      Spoken by a man who has no idea what a loss of freedom is... Freedom is the CHOICE to do something wrong or equally right. Not the choice to let some nitwit with a god complex rule over how I can use my machine. If i want to go to jail for copying music I have that right, it is not sony's right to remove the choice for me.

      What if trojan decides they want the birth rate to go up so the remove spermacide from condoms, think it will keep you in line and make you a good god-faring baby making little american lackey...

      For the Record, the DRM is the first step in moving to a much more invasive method of CD protection. Like Software registration, disabling the ability to play a song if you are not connected to the internet. Or for god sakes a program that sends info back to the parent company letting them know you have ripped 1 copy of their CD and keeping a registration database..

      Considering that if we let people like you at the helm we will be setting a clear course for hell.

      link to this | view in chronology ]

      • identicon
        Kris, 29 Nov 2005 @ 12:46pm

        Re: DRM isn't the problem, actually...

        Any company has the right to put out what ever legal product they wish. If they want to put out a CD product that restricts use or reports use back to them, they have that right. They own the product and can distribute that product in any form they wish. You have the right to buy or not buy that product. They have an obligation to inform any prospective customers of any restrictions or adverse effects associated with using their product. If you know of these restrictions and purchase the product anyway you have nothing to complain about. Sony’s problem is they did not properly inform the potential customer of the restrictions and adverse effects associated with use of their product. That is why they can be hit with spy ware suites.
        You can say that it is your right to break the law and freedom dictates that one can not restrict you from breaking the law only punish you after you do it but that is just ridiculous. We place locks on doors and alarms on cars. We create legislation defining safe conduct for individuals and companies. I have a right to protect my property from thieves as do companies and until you place down the cash on the counter the CDs still belong to someone else.
        Remember, freedom dictates that they can do anything they wish as well. Freedom doesn’t just stop at your doorstep. If they break any laws while using their “freedom” they should be punished but they can freely exercise their freedoms when it comes to their property, right?
        I am sure it sounds like I am a fan of the music industry but I am not. I don’t agree with what they are doing but I don’t go around thinking I have a right to dictate to them what they should be doing with their property. Just like I don’t think they should be dictating what I can do with mine. If I don’t like how a company acts I just do not buy from that company. Yes, it is a sacrifice but I am not so pathetic that I NEED to buy that next Metalica CD. If you really don’t like how Sony does business don’t buy Sony CDs. But that won’t happen. Not for any length of time anyways. Too many people complain about Sony then give them more money to fund the company’s escapades. That would be contributing to the problem!

        link to this | view in chronology ]

        • identicon
          Joe Schmoe, 29 Nov 2005 @ 1:21pm

          Re: DRM isn't the problem, actually...

          "...We place locks on doors and alarms on cars..."

          The "We" in your analogy is the consumer [or at the behest of the consumer], and as such, your analogy is inccorect.

          Otherwise, you're sorta fairly on track.

          link to this | view in chronology ]

        • identicon
          Joe Schmoe, 29 Nov 2005 @ 1:23pm

          Re: DRM isn't the problem, actually...

          "your analogy is inccorect"

          and so is my spelling. OOOPS!

          link to this | view in chronology ]

    • identicon
      Serenity, 29 Nov 2005 @ 9:41am

      Re: DRM isn't the problem, actually... - append

      Spoken by a man who has no idea what a loss of freedom is... Freedom is the CHOICE to do something wrong or equally right. Not the choice to let some nitwit with a god complex rule over how I can use my machine. If i want to go to jail for copying music I have that right, it is not sony's right to remove the choice for me.
      What if trojan decides they want the birth rate to go up so they remove spermacide from condoms, think it will keep you in line and make you a good god-faring baby making little american lackey...
      For the Record, the DRM is the first step in moving to a much more invasive method of CD protection. Like Software registration, disabling the ability to play a song if you are not connected to the internet. Or for god sakes a program that sends info back to the parent company letting them know you have ripped 1 copy of their CD and keeping a registration database..
      Considering that if we let people like you at the helm we will be setting a clear course for hell.

      link to this | view in chronology ]

      • identicon
        lar3ry, 29 Nov 2005 @ 10:13am

        Re: DRM isn't the problem, actually... - append

        DRM is currently a minor step in giving people a warm fuzzy feeling that the average person isn't going to "steal" "your" music. (Note: Let's not quibble about the words I put in quotes.) It is most certainly NOT a step into a more invasive method of CD protection. There is no such thing. The spec has long been out on the CD format, and to put the CD logo on your recording, you must abide by the standard. There is nothing in that standard to prevent ripping. To fully protect the songs on that CD, you will have to switch to a new medium, which will have everybody up in arms about the recording companies switching media AGAIN just to build up their coffers. However, CD-ROM is still a great medium for audio, and nothing is going to make it go away except outlawing it entirely. Anyway, back to the point: DRM is not a step into further CD protection.

        If you took that SONY CD with the rootkit installer, put it into a Windows PC that did not have AUTORUN set, ran a ripper program, you would have gotten every song on the CD without having the rootkit installed. The insidiousness of SONY's DRM was to make it LOOK like it was simply playing a CD when it was really doing something bad to your operating system.

        If you claim that every form of DRM allows "some nitwit with a god complex [to] rule over how [you] can use [your] machine," then may I ask how you have tested each and every type of DRM algorithm to find this to be true? My posting only claimed that not all DRM is bad, and I used Apple's DRM as an example of a non-invasive implementation. Now, say what you want about Apple's licensing of its DRM, but the DRM itself isn't all that bad. Apple will allow you to transfer your legally purchased iTunes songs to another computer (up to a couple of times a year, I've heard). That doesn't sound anywhere near as nefarious as SONY's installation of a rootkit without warning. That was my point.

        If everybody rejects all forms of DRM, then we are only setting ourselves up to have it forced on us via fiat. Instead, find a technology that you can live with and support it. If none of them currently appeal to you, then feel free to protest or help come up with ways to make it fairer.

        In my previous post, I said that a great DRM would allow the artists to get all the money. Do you really have a problem with that? Wouldn't you feel better knowing that the artists are being fairly compensated while at the same time allowing you to do whatever you want with the music?

        link to this | view in chronology ]

        • identicon
          Joe Schmoe, 29 Nov 2005 @ 11:28am

          Re: DRM isn't the problem, actually... - append

          "DRM is currently a minor step in giving people a warm fuzzy feeling that the average person isn't going to "steal" "your" music."

          WHAT??? The average person in this/your scenario HAS ALREADY BOUGHT THE DAMN MUSIC!

          link to this | view in chronology ]

        • identicon
          Joe Schmoe, 29 Nov 2005 @ 11:43am

          Re: DRM isn't the problem, actually... - append

          "In my previous post, I said that a great DRM would allow the artists to get all the money. Do you really have a problem with that? Wouldn't you feel better knowing that the artists are being fairly compensated while at the same time allowing you to do whatever you want with the music?"

          DRM is not going to do this. DRM will only perpetuate a bad business that has over and over been proven to unfairly compensate its artists and literally screw over many.

          What will bring about the compensation of artists is the death of said music business and something that places the consumer and the artist in closer, or in direct, contact with each other!

          This is all so stupid. The only thing that the music industry can supply to artists anymore is exposure. There are other ways to distribute music now, meh, it distributes itself!

          Artists that a sullied with contracts to "the man" will suffer for a period. The next generation [who learn to create a relationship with their fans] that understands and promotes appreciation and loyalty will prosper.

          You cannot regulate and enforce this loyalty or appreciation. It has to be engendered. Any attempts otherwise will quash it.

          link to this | view in chronology ]

  • identicon
    ac, 29 Nov 2005 @ 8:40am

    infected by (Sony!) DRM...

    infected by (Sony!) DRM...
    infected by (Sony!) DRM...
    infected by (Sony!) DRM...

    link to this | view in chronology ]

  • identicon
    Nipsey Russell, yo, 29 Nov 2005 @ 8:53am

    No Subject Given

    "Spitzer's office dispatched investigators who, disguised as customers, were able to purchase affected CDs in New York music retail outlets"
    Ha!
    hope those "disguises" didnt set the tax payers back too much

    link to this | view in chronology ]

  • identicon
    Joe Schmoe, 29 Nov 2005 @ 9:06am

    No Subject Given

    Everyone is missing a point [of view].

    The music "industry" does [did] not sell music. Never did. They sell [or used to...] objects that happen to have music on them. i.e. LP's, Cassettes, CD's...

    DRM is a bandaid for a business model that evaporates once the music is freed from its object.

    Everything about their business model revolves around objects. Music is now data. Data is not an object. DRM is an "attempt" to employ real world restrictions on a virtual entity.

    The music industry's business model is broken. It cannot be fixed. Yet, they refuse, with the niavety of luddites, to see, accept, and move on to develop new models and strategies. It is an ultimate irony. The music industry feeds on the creativity of others, yet has absolutely none of its own.

    link to this | view in chronology ]

  • identicon
    Tim Howland, 29 Nov 2005 @ 12:05pm

    Spitzer's sued them before

    He just won a pretty sizable settlement from SonyBMG just last july, after a big Payola scandal- he already has the Sony BMG lawyers in his rolodex... see http://en.wikipedia.org/wiki/Eliot_Spitzer .

    link to this | view in chronology ]

  • identicon
    Mousky, 29 Nov 2005 @ 4:34pm

    No Subject Given

    I like the Ads from Google - I get a link to a site that will remove the XCP rootkit and another link to a site where two Canadian lawyers are planning a class-action suit against Sony. Priceless.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.