Sony BMG Hits Rootkit Providers With Lawsuit

from the misapportioned-blame dept

Thu, Jul 12th 2007 12:02pm — Carlo Longino

Sony BMG settled both the class-action lawsuit against it and with the FTC, after it distributed rootkits that opened up security holes on consumers' PCs in the copy protection it used on its CDs. Now the company's filed a suit of its own against Amergence, formerly known as SunnComm, and its MediaMax unit, which supplied one of the pieces of copy-protection software in question. The lawsuit alleges Amergence/SunnComm supplied Sony BMG with faulty software -- which, all things considered, seems true. But the bigger issue here is that Sony BMG is implying that none of this mess is its fault, when it's the one that felt the need to implement the DRM in the first place. As we've pointed out plenty of times, DRM doesn't stop piracy, it just annoys legitimate customers. The SunnComm and XCP copy-protection that Sony BMG implemented on its CDs didn't stop piracy, and it wouldn't have, even if it hadn't been "faulty", as the suit alleges. It created a huge PR mess for the company, and it's cost them a fair bit of money to clean things up. Getting $12 million from Amergence won't change the fact that deciding to put the DRM on its CDs was a bonehead move that never would have delivered any real benefits.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: rootkit
Companies: sony bmg

31 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Matt Bennett, 12 Jul 2007 @ 12:11pm

"ony BMG is implying that none of this mess is its fault" ???

Really, I think they're just trying to get money where ever they can, just like any other corporate entity. That doesn't change the fact they're A-holes, but it's actually one of the more legitimate suits out there.
[ link to this | view in thread ]
Bill, 12 Jul 2007 @ 12:23pm

So Sony had no idea what it's CD protection software was going to do? Umm ok whatever you say Sony. They still won't ever get another dime from me for any of their products.
[ link to this | view in thread ]
What, 12 Jul 2007 @ 12:24pm

Re:
How is this one of the more legitimate suits out there? You're going to have to explain yourselves on this one, as Sony is the one who wanted to put DRM on their CDs. No one twisted their arm and forced them to do it.
[ link to this | view in thread ]
cutter892, 12 Jul 2007 @ 12:42pm

Passing the buck.
Sony went to a third party software company for there DRM software in case something like this did happen. The software in question caused security problems and now Sony can turn around and say it was not are fault these guys over here built the software that caused the problems. Now granted Sony does have a legitimate claim because the company seems to have failed to test it's own software for security risks but the fact remains that Sony did use the software and didn't bother to check it out them selfs. Now of course you will more than likely hear Sony's argument that "We bought the software licenses under the assurance that it was secure and that they have throughly tested it for security".
[ link to this | view in thread ]
Anonymous Poster (profile), 12 Jul 2007 @ 12:56pm

Way to duck out on taking responsibility for your boneheaded decision, Sony. Man, lawyers really DO run your company.
[ link to this | view in thread ]
Nasty Old Geezer, 12 Jul 2007 @ 1:01pm

Maybe a win-win
This would a real win for all of us, if Sony can get just enough money to destroy the DRM supplier, but not enough to cover their actual losses.

If MediaMax actually warranted the software met legal standards, Sony may have case. Since it installed even if the user clicked "no", it could be shown to be defective.

Of course, I agree with Bill in post #2 -- Sony never gets any more of my money.
[ link to this | view in thread ]
annoyed by lack of english mastery, 12 Jul 2007 @ 1:14pm

if you're going to post...
please learn grammar and spelling. It is not "are" fault that you weren't taught properly in public school, or that we went to private school our "selfs".

Sheesh...
[ link to this | view in thread ]
Overcast, 12 Jul 2007 @ 1:15pm

Yes, I agree Nasty Old Geezer - let's hope they sue them right out of business!

And yes, I'm with you - I just recently bought a bookshelf Stereo - it wasn't a Sony.

I need a new TV for my living room - guess what it won't be?

lol
[ link to this | view in thread ]
Overcast, 12 Jul 2007 @ 1:18pm

please learn grammar and spelling.

ROFL

I love that. You forgot to capitalize the first letter of your sentence.
[ link to this | view in thread ]
Sanguine Dream, 12 Jul 2007 @ 1:24pm

Yeah right...
I really don't think Sony has a standing here. Its as simple asking how would all this rootkit stuff would have turned out if agreement to install the rootkit was buried in a massive EULA. Under those circumstances they would have only said, "The user had to agree to EULA to install the rootkit. They should have read the EULA."

Now I know in this day and age of legal departments running comapnaies that there is no way Sony did not have some sort of contract with the makers of that rootkit. And I don't care who you are if you are going to agree to distribute someone else's product you are going to go over it with a fine tooth comb. They wanted DRM (or as they say copyright protection) on their CDs but didn't test it to see exactly how the "protection" worked. For Sony BMG to claim they are the victims of bad software is childish and I really wish there was a way for both sides to lose big time in this. I wonder if they will come up with a number of "lost sales" from all the people that have sworn off Sony BMG music and artists and add that to the lawsuit.
[ link to this | view in thread ]
annoyed by lack of english mastery, 12 Jul 2007 @ 1:25pm

my first sentence...
started with the subject, hence the elipsis. yes, i should have started the body text with another elipsis. good point. by the way, i hate capitals, that's where the politicians are : )
[ link to this | view in thread ]
ILikeThis, 12 Jul 2007 @ 1:31pm

I Like This
I like the idea of this for one reason.

copyprotection companies may now be scared (of lawsuits if they win) and will move to other areas of codeing.

and who would want to sell copyprotection software to sony now that they know that if there's any bug / problem that sony will sue them.
[ link to this | view in thread ]
me, 12 Jul 2007 @ 1:35pm

Sony blows
That's why I download all my music
[ link to this | view in thread ]
Anonymous Coward, 12 Jul 2007 @ 2:28pm

Re: if you're going to post...
Remember to capitalize the first letter in your sentence, especially if you want to play grammar police.
[ link to this | view in thread ]
Bonehead jobs, 12 Jul 2007 @ 3:53pm

Say what??
If Sony would have done some type of verification tests on this software then perhaps such measures could have been avoidable. I say Sony was negligent and they got exactly what they purchased. Do they want to protect their...ahem good name or not. It would matter with mistakes like that.
[ link to this | view in thread ]
DrKenneth, 12 Jul 2007 @ 4:11pm

Sounds fair
I do not see how this is not a completely justified action by Sony. They licensed a copy protection scheme under the fair assumption that it would not open security holes and cause a mess of legal issues. When somebody buys a product that ends up being faulty and burning down their house you don't blame them for not "being careful enough" with their selection of product. True, it was a bad product underneath, but it's not something the buyer would see.

In this case Sony bought a copy protection scheme knowing that, well, it stopped people from copying the CDs. I highly doubt the protection company explained in detail what exactly it did in technical details. Imagine explaining rootkits to whoever makes the buying decisions at Sony BMG.

Also, I don't see how people can use something Sony BMG did as a reason to hate the company as a whole. It's a small subsection of a much larger company, without much connection to the rest of it. For the most part they are completely different entities, just the same ownership. You would not see people boycotting GE appliances as junk because they think NBC said some stupid stuff. (Yes, GE owns NBC)
[ link to this | view in thread ]
Slartibartfast, 12 Jul 2007 @ 4:24pm

People correcting my grammar is something up with which I will not put.

-Winston Churchill (I think.)-
[ link to this | view in thread ]
Slartibartfast, 12 Jul 2007 @ 4:45pm

Oops, not entirely accurate.

Here is the correct version by good ol' WC

"Ending a sentence with a preposition is something up with which I will not put."

Although I think my misrepresentation is a little more apt on this occasion.
[ link to this | view in thread ]
Anonymous Coward, 12 Jul 2007 @ 4:45pm

Re: Sounds fair
its good to see at least one other person recognizes the Sony BMG does not represent Sony as a whole.

I can't stand when people say they'll boycott all sony products just because of Sony BMG. it's an ignorant statement. Sony itself may have had no real clue of what was going on at Sony BMG. In fact, I'd bet that they didn't. I know if I bought a bunch of worldwide corporations, I wouldn't want to know every little thing they do or have to approve everything they did. Thats why they are separate companies and not one huge company. Its so they are somewhat autonomous and can run themselves more efficiently.

Remember, blame Sony BMG, not Sony. if you don't want their TVs for some other unrelated reason, then fine, but the rootkit shouldn't influence your decision in any way, shape, or form.
[ link to this | view in thread ]
Charles Griswold, 12 Jul 2007 @ 7:20pm

Re:

please learn grammar and spelling. It is not "are" fault that you weren't taught properly in public school, or that we went to private school our "selfs".

I love that. You forgot to capitalize the first letter of your sentence.
your all just jelus of my 1337 speling an grammer skilz i was lerned good riting at school

:-P

Nobody's perfect, guys, so let's all just shake hands and agree not to buy Sony products, mkay?
[ link to this | view in thread ]
cutter892, 12 Jul 2007 @ 8:34pm

Support your grammer Nazies
buy makeing mistakes.
[ link to this | view in thread ]
Anonymous Coward, 12 Jul 2007 @ 9:27pm

Sony should stick to build TVs and maybe stereos.
[ link to this | view in thread ]
Anonymous Coward, 12 Jul 2007 @ 9:36pm

a few ppl mentioned Sony isn't responsible cause its a 3rd party product or its Sony BMG not Sony.

but when u buy a product labeled Sony you expect the quality standards of Sony there fore they are responsible and if there product sucks or worse messes up ur equipment then they should "pay" for there mistakes.
[ link to this | view in thread ]
_Jon, 13 Jul 2007 @ 5:31am

Sony / MM
A really interesting angle is that just before Sony hired them, a Sony exec left Sony and became the CEO of MM.
Then MM got the contract to supply the DRM to Sony.

Curious, no?
[ link to this | view in thread ]
Nasty Old Geezer, 13 Jul 2007 @ 6:20am

Re: Re: Sounds fair
AC -- cash is the only language they understand. Withholding my cash speaks the language as loudly as I can, that Sony Corp needs to take control of Sony BMG and end the unethical practices. The DRM mess is not the only thing going on there -- do a bit of research about the recent fines for engaging in payola schemes with radio networks.

The unethical behavior also has appeared in the hardware side, lack of support, denial of problems, predatory pricing, and coercion against game vendors to name only the ones I have found.

When SOny senior management begins to understand that ethical behavior will be rewarded financially, and unethical behavior will be punished financially, they may change. Until I see strong evidence of such change, NOTHING from any Sony subsidiary will be on my 'buy' list.

Also, your statement that you wouldn't want to know every little thing about corporations under your control is a truly frightening concept. This is the ENRON defense all over again.

It is absolutely SOny Corp's job to know everthing going on, especially as it pertains to security.
[ link to this | view in thread ]
Anonymous Coward, 13 Jul 2007 @ 7:23am

Re: Re: Re: Sounds fair
I agree. If you're going to reap the benefits of the many smaller sectors (video games, steroes, music...etc.) under your brand name (namely brand recognition) then you should be able to make some effort to know what is going on with said sectors.

Now I'm not saying that Sony (the absolute top) should have had the clairvoyence to know that Sony BMG (the music sector) was about to make a mistake on this DRM scheme but to claim no responsibility is borderlin negligent.

Why is that it is so hard to keep up with what parent company owns what smaller companies these days? So that the parent company can reap secretly reap the benefits from said smaller company while having remaining separated just enough so that they can play the "I don't know" card when things go sour.
[ link to this | view in thread ]
Anonymous Coward, 13 Jul 2007 @ 10:50am

Re: Re: Re: Sounds fair
It's impossible to know the complete details of a bunch of *huge* companies.

Do you think the president knows about every single law in every single state? do you think he even knows every single law in the federal books? no, he doesn't. he has judges for that.

You assign different people different project tasks. You get updates from them, but any time they need to make a decision, they don't have to ask you. They can make decisions on their own. That way, you don't have to micromanage the entire conglomerate.
[ link to this | view in thread ]
Overcast, 13 Jul 2007 @ 1:49pm

your all just jelus of my 1337 speling an grammer skilz i was lerned good riting at school

:-P

Nobody's perfect, guys, so let's all just shake hands and agree not to buy Sony products, mkay?

Yes - people who 'police' perfection in writing, because - typically, they can't argue the matter at hand are annoying indeed.

But to add - the wife was talking about getting a digital Cam Corder yesterday. I told her I wouldn't buy Sony - who knows what's in the firmware. Still, it's principle. But I did notice they are VERY competitive on price now. I suspect they have to be to sell much.

Doesn't matter, though, I figure you get what you pay for anyway.

*please feel free to correct vareous missspellingz and other airors in grammtikal compositzion.*

lol
[ link to this | view in thread ]
GP, 13 Jul 2007 @ 3:52pm

Back On Topic, Unintended Consequences?
So,

Lee me see if I have this straight.

Company A buys DRM from B.

It doesn't work, It pisses off customers etc...

A -- SUES -- B

If A wins, where does that leave B's business model?
In light of the fact that that DRM cannot work. Ever.

Will any Company A be stupid enough to buy DRM with an "If it doesn't work, too bad for you" clause in it's license agreement? These Agreements aren't shrinkwrap, this is custom made stuff that cost a ton of money.

Will any company B DARE to "create" DRM & sell it? Knowing in advance that they will loose?

Wow, Or perhaps I should say Shhhh.
[ link to this | view in thread ]
alternatives(), 14 Jul 2007 @ 5:24am

Great!
This just helps remind people as why they should not buy Sony products. Good.

Oh, and the person who says they don't understand the idea of 'a boycott' - the only vote anyone has is where they spend their money. Sony corp has paid lobbyists for laws like the DMCA - so it looks like Sony has 'the back' of the entertainment units.
[ link to this | view in thread ]
kb, 15 Jul 2007 @ 7:19am

is this mean that I can sue M$ for all the bugs on the windows?
[ link to this | view in thread ]