|
Technology giant Sony is heading to court for lawsuits filed after the company distributed spyware in the form of rootkits in a number of their music CDs. Sony's attempts to protect their music rights through Digital Rights Management (DRM) and then adding the rootkit has created tremendous problems for Sony, including possible criminal actions.
All this comes from research completed by SysInternals
and F-Secure
separately that discovered the rootkits on 20 of Sony
BMG's music CDs. These rootkits left potential access
points for various malicious hackers with a virus to turn
loose. While Sony put up fixes on their site, including
workarounds and patches, some of the patches actually
crashed Windows and resulted in data losses.
To top it all off, they blew off consumers and privacy
pundits saying harm wasn't their intention and essentially,
most people didn't know about it so they don't care. They
felt this was a sufficient response. Some people in California
didn't feel the same way.
The suit filed in Los Angeles seeks to stop Sony BMG from selling CDs with the anti-copying software on it. The lawyers also are pushing for damages for people who bought any of the CDs protected in this manner.
The Washington Post reported the L.A lawsuit charges Sony BMG broke three California laws dealing with malicious software distribution. Apparently, a New York attorney is considering a class action suit as well.
Then there are big national suits. The
Electronic Frontier Foundation is putting information
together for a large lawsuit. Electronic Frontiers Italy
has the Italian government looking into legal proceedings
as well.
The Electronic Frontier Foundation posted
19 of the 20 CDs and the labels they're on:
Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver's Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
There could be more although Sony only admits to 20. They
also won't release an official list. EFF says on their
website consumers
can identify the tainted discs by examining them closely
for the label XCP. They said the back of the CD also has
these in fine print. The best way to handle this is that
if you don't want your Windows computer infected, at the
very least, don't purchase these Sony BMG CDs. Keep in
mind there could be others.
Sony has said they are dropping this particular method of protection from their CDs, it's still no less repugnant to know a major company like Sony is distributing spyware. Keep in mind too they've not refuted what SysInternals and F-Secure found, they just say it isn't as serious as they make it out to be. Heck, these songs won't even play on iTunes without the fix.
If this situation were caused some hacker working out of his mom's basement in Jersey, the FBI and the DHC would be having conversations with him. This is legitimate cyber crime that should be investigated and possibly prosecuted.
The other point is one that's been mentioned before. The young generation of teenagers coming up now has no qualms about downloading music, whether it's illegal or not and they think it's unreasonable to expect people not to download the music since it's available. They know it's illegal and they don't really care. It's tough to prosecute millions of teenagers when they don't feel they've done anything wrong. Companies like Sony BMG need to find a new way to protect or distribute their product. Distributing spyware just isn't the way to do it.
About
the Author:
John Stith is a technology writer with SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
