DRM Gone Wild!
We knew Sony was up to no good. Now there’s this:
Sony’s misplaced zeal to protect its intellectual property suggests that the company sees its customers not as kings but as captives. The Electronic Frontier Foundation yesterday dissected the Sony-BMG end-user license agreement (EULA) that accompanies Sony-BMG CDs and detailed the terms of imprisonment.
As the EFF explains, the EULA says that 1) if your house gets burgled, you have to delete all your music from your laptop when you get home; 2) you can’t keep your music on any computers at work; 3) if you move out of the country, you have to delete all your music; 4) you must install any and all updates, or else lose the music on your computer; 5) Sony-BMG can install and use backdoors in the copy protection software or media player to “enforce their rights” against you, at any time, without notice. And the list goes on.
You’ve got to be kidding me.
Gotcha!! April Fool!!!
Yes, we were kidding.
Luckily enough, EULAs like this probably aren’t enforcable.
Which is why Sony is getting sued now. They don’t seem to understand that falling music sales are the result of crap music, not casual pirating.
DRM is never going to stop copying anyway; if you can play it through some speakers, the information is accessible and can be accessed somehow. It just pisses off paying customers who want to put the music they paid for onto their iPod/car stereo/whatever else.
Sony is really crapped in it’s bed with this move. While I haven’t read the EFF writeup, I sorta doubt their “translation” is perfectly accurate as it is related here.
I have spent a considerable amount of time looking at the rootkit Sony has placed on their music CDs as well as the bot\spyware that is now attempting to exploit said rootkit.
California has already sued Sony for the rootkit and Italy is looking at them with a very stern gaze. Don’t mess with the EU when it comes to personal privacy rights.
Beyond the legal shenanigans, CA has labelled Sony’s DRM thingy as spyware and other companies will probably quickly follow suit…ahem.
lastly, if anyone is interested in some high quality techno babble on this beast check out Mark Russinovich’s blog or F-Secure’s writeup.
It might be interesting to hear from some attorney familiar with Japanese business law and standards, to know how much the Sony BMG reflects Japanese Intellectual Property Law, either statutory or precedential.
(I’m not a lawyer, so I don’t have any idea what Japanese law is like— I just assume that a lot of U.S. concepts got plugged into their legal system in the re-casting of their culture under MacArthur’s rule…)
Legal or not, the logic seems to draw from the predatory practices of the U.S. music industry, which famously screws everyone it brushes against. The tradition it violates most conspicuously is much more recent: the “open source” community approach that has made the UNIX family of operating systems so successful.
Seems like everyone wants to have a garden and Sony is claiming a patent on the rain.
Speaking of open source – there’s rumors flying around that the music-playing software that Sony forces you to use has open source code in it. Sony could be getting sued for that too.
Oh, and number 7 on that list is good (at the eff link).
7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.
Oooooh, great – the attitude makes it fun, worthwhile, MORAL even, to steal from them.
From the TechWeb article:
The company has locked the PDF file that contains its Q2 financial results to prevent computer users from copying the data in the document.
Xpdf -> postscript -> ps2pdf -> acroread -> cut n’ paste -> ascii. Kiss my ass, Sony.
(Mind you, I don’t care about their results, I just saw a minor challenge.)
I’ll be in the market for a laptop here in a month or so. I really liked the Sonys, but after this crap, no way.
I just loaded the file in my Acrobat, printed the whole damn thing to another pdf and got a fully unlocked copy. Acrobat lets you OCR the whole thing, and copy and paste tables and text perfectly. All seems a bit pointless . . .
F*ck you, Cartels! Hoo-Ah, Shareaza!
angie has the right idea. if this stuff bugs you, dont buy sony products.
Let’s hope that this gets some decent publicity in major newspapers. A significant enough number of people will notice, then, to commercially affect Sony.
Anyone seen it in major MSM publications?
First saw this on Slashdot like a week ago. It has to potential to really open your computer up to other exploits. The rootkit crapware that the Sony disc installs prevents the operating system from showing executables that begin with “$sys$”. Not only is Sony screwing with the music that you paid for, they’re making any computer that it’s installed on vulnerable to other exploits.
it seems to me that with there being trojans out now that target this specifically, Sony will get the backsides tanned to the tune of several MM$.
Glad I’m ditching Winders and going all Linux / Mac.
I’m happy now that i bought a Toshiba laptop instead of the Sony. I will never ever buy another Sony product.
Heck, I’m not checking any more Sony CDs out of the library.
You’d think they’da learned after they tried to lock up Beta for themselves and wound up with 100 % of nothing.
:-/
Hmmm.
Sony has a Mac version of the DRM on it’s CDs.
link
I think you’re being to hard on Sony, Stephen. Really, their conditions are not so unreasonable. Just last year I moved from the U.S. to Canada, and so I had to sell all my CDs because, as you may know, in Canada they have different formats and players, which renders all American CDs useless.
That accomplished, and $100 in my pocket from the second hand store that bought my 600 CDs (even Hotel California, which surprised me), I went home and deleted the 8,436 MP3 files that I’d converted from CDG using legally purchased music management software, from my hard drive.
When you’re moving, especially to another country, it’s best to divest yourself of all your bulky, useless junk. That way, when you get to your new place, you can go shopping.
given that a number of companies recently were SHUTDOWN for less destructive violations, namely placing spyware/ adware on your computer under the guise of other files, Sony placing a rootkit with wideopen backdoors could be in a WORLD O HURT.
The /. crowd is saying that of course Sorny is invincible as ChimpyMcBushhitler will protect a big corporation, in the real world, we know that a $BBBBB company that is flagrantly violating the law and can arguably be accused of multiple federal felonies for each CD shipped is like manna from heaven for lawyers. Computer crime laws are not exactly weak and give very high damage awards per incident. I’d expect to see Google AdWords and TV ads about this misbehaviour within the next few weeks. Hell I think I’m even going to email a few of the scum firms that do the mass torts (Lerach, etc). This is going to be fun.
Dear Mr. Green –
It has come to our attention that you own several appliances that you purchased from a store that also sells Sony products. Under the terms of our sale and service, this means we own your ass.
We learned this trick from Microsoft.
Sincerely,
Some Jap Guy
Well, that was fast:
Still ain’t buying one of their laptops. God knows what that would have on it.
Even the U.S. Department of Homeland Security has
weighed in against the Sony DRM:
In a remark clearly aimed directly at Sony and other labels, [DHS Assistant Secretary for Policy Stewart Baker] continued: “It’s very important to remember that it’s your intellectual property — it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.”
http://blogs.washingtonpost.com/securityfix/2005/11/the_bush_admini.html
Remember: If Sony can break your computer just to
protect Celine Dion’s music, then the terrorists have
won. (only slightly tongue-in-cheek)
my husband erbo write the above and also this.
From this page at EFF, a list of CDs that contain the
evil XCP/rootkit technology:
Trey Anastasio, Shine (Columbia)
Celine Dion, On ne Change Pas (Epic)
Neil Diamond, 12 Songs (Columbia)
Our Lady Peace, Healthy in Paranoid Times (Columbia)
Chris Botti, To Love Again (Columbia)
Van Zant, Get Right with the Man (Columbia)
Switchfoot, Nothing is Sound (Columbia)
The Coral, The Invisible Invasion (Columbia)
Acceptance, Phantoms (Columbia)
Susie Suh, Susie Suh (Epic)
Amerie, Touch (Columbia)
Life of Agony, Broken Valley (Epic)
Horace Silver Quintet, Silver’s Blue (Epic Legacy)
Gerry Mulligan, Jeru (Columbia Legacy)
Dexter Gordon, Manhattan Symphonie (Columbia Legacy)
The Bad Plus, Suspicious Activity (Columbia)
The Dead 60s, The Dead 60s (Epic)
Dion, The Essential Dion (Columbia Legacy)
Natasha Bedingfield, Unwritten (Epic)
Ricky Martin, Life (Columbia) (EFF notes: “labeled as
XCP, but, oddly, our disc had no protection”)
Don’t buy ‘em. (Except I wonder if I should buy one,
to see if I can extract the audio data under Linux
without encountering the rootkit…)
Electronic Frontier Foundation
http://www.eff.org/deeplinks/archives/004144.php
re DRM:
I bought the BMD stand up cd, which has a bunch of copy protection (not sure if it’s XCP, but it is distributed by a sony sub-brand). You can only get restricted WMAs off the CD and you have to be on the internet to play the cd on your comp (what if you use a laptop that isn’t always connected? sit down when not connected!)
So what did I do to get the files on to my computer reliably and to play on my iPod? Yep, I used bittorrent to download mp3s of the songs. So Sony’s DRM caused a legitimate consumer to use an illegal service to gain access to music they had already bought but couldn’t use due to Sony’s stupid DRM.
If they did put XCP on that disk (so far the EFF list isn’t exhaustive) then I’m going after Sony. I’m also boycotting Sony product in the future (not like it’s hard… most of the best electronic gear is Korean or Taiwanese, cheap stuff is Chinese, and phones are one of the above plus American and Finnish).
Put that in your pipe and smoke it Stringer.
I
The rootkit is only installed if you have autorun enabled, which is something you should have switched off anyway.
Plus you have to click through a EULA. If you have autorun disabled, you can do what you like with the CD.
And the supposed Mac version of the rootkit only works if you look through the CD and actually double click on a particular application
If you need to know how to disable autorun on windows XP, here it is:
http://features.engadget.com/entry/3239236478279892/
Pamela may be onto something. Celine Dion is Canadian, after all.
Coincidence?
Or masterful plot?
Wayne Fielder, do you know me? DRMS Battle Creek 1989, worked with Quincy et al. Hastings is inbred
Stephen, you’re on a roll. Have fun in NY.
edgr – thanks for the info. I had autorun turned off in tweakui. But my larger point still stands — people will be avoiding CDs out of fear.
Hmmm.
The way the rootkit works, in a very very simplified form, is that any process that has a name that starts with “$sys$” becomes effectively invisible.
In effect this rootkit “blinds” the operating system so that it can no longer see any file or process that starts with “$sys$”. And what makes this a problem is that all programs have to ask the operating system for information on where files exist, whether or not they exist and if any particular program is running. Programs generally don’t do this by themselves anymore, instead they rely on the operating system to do it for them.
And if the operating system is blind to a specific file, then as far as any other program it doesn’t exist.
It’s like walking down a street with someone simply cannot see anything the color blue. If you stand in front of him in a red jumpsuit, he can see you. If you stand there in a blue one, you’re invisible.
This causes all sorts of problems with anti-spyware and anti-virus programs.
The part of the user agreement hidden in the white on white printing about surrenduring your first born is, unfortunately, true.
Often anti-spyware and anti-virus programs get around the OS somehow to find files that are invisible to the OS.
Some anti-spyware utilities will now remove the sony rootkit.
Heh….good thing I don’t listen to any of those artists.
edgr – The part about the EULA isn’t true. I have a BMG CD that uses the SunComm protection, and it installs that before the EULA ever shows up. I hit cancel, and my machine was STILL infected with it.
Which makes the activity a felony under U.S. law.
Sony are in a world of hurt, they just don’t know it yet.
Brian is very right… Sony has deep pockets. Deep pockets + blatant violation of law = hordes of lawyers.
Hah! Microsoft is issuing a security update that will delete the Sony rootkit!
http://news.zdnet.co.uk/internet/security/0,39020375,39236971,00.htm
Why? Because the first trojan to use a Sony DRM vulnerability or backdoor appeared on the net a few days ago. Sony is in some serious trouble.
Wait, I read it wrong. The only ‘vulnerability’ the new trojan uses is in it’s name. The trojan filename starts with $sys$, so the sony drm makes it invisible. You still have to run it yourself for it to get on your system.
And you’re surprised about this why?
Some of us have been protesting this kind of treatment for quite a while now, particularly since copy protection schemes like UbiSoft’s “StarForce” became all the rage and immediately caused thousands of dollars worth of hardware all over the world to crash.
But, of course, the ones being hit by that kind of root-level malware were nothing but stupid gamers, so nobody really cared all that much. Dumb kids and all.
So now all of us stupid kids are supposed to get all riled up because it’s somebody else’s precious ox being gored now when nobody gave a shit about us back in the day?
Good luck.
Read Martin Niemoller.
Quit following NFL after the 1987 strike. Quit following MLB after the strike in 1994. Quit taking the San Jose Mercury News in the run-up to the 2000 election. Quit watching network TV in 2002. Quit going to Hollywood-made movies in 2004. Quit buying music in 2005?
I’m busier and happier than ever and none of those assholes gets dime one of mine. Want to change their behavior? Stop buying their shit. You will get their attention.
So if you normally run Windows as just a user rather than as administrator (no installation privileges) can a Sony disc still install its malware on your computer?
I’m so glad to see people posting about how the copy protection actually encouraged them to use file sharing or circumvention of the copy protection! That’s really the predictable effect of treating all your legitimate customers like criminals.
The CD format was not designed with copy protection in mind; the data was designed to be accessible, period. Retrofitting the CD with copy protection will be just as successful as retrofitting LP records with it. If the CD copy protection is designed to be very restrictive, it will exclude users of certain kinds of hardware and software, and if it is not restrictive enough then it will just be easy to circumvent.
Therefore the total effect of CD copy protection schemes will be primarily to exclude minority groups within the consumer base and to encourage cracking. Does Sony really want to do this????
Here’s another instance where companies take our rights away: digital music sales. I wanted to buy a song from CD 101′s music store, but the file was a copy-protected DRM Windows Media Audio file. The .WMA files can be DRM-protected to restrict how they can be copied. But I use a FreeBSD server to hold all my digitial music and access from 5 different client computers; two of them at work, my laptop, a workstation at home, and my mother’s workstation. The laptop runs Ubuntu linux, the home workstation is on Redhat, and the others run Windoze XP. So would their music-store music help me? No. I would pay money for music that I could only use on ONE Windoze machine, and I couldn’t use it on my main workstation or my laptop. Screw them, I didn’t buy it and instead I found it using mutella, which works like Bearshare to search the Gnutella network.
Until these out-of-touch conscience-less companies accomodate their customers using linux, BSD, Macintosh, and other UNIX operating systems, until they acknoledge that we are valued customers and not criminals, and until they stop violating our rights by subverting our computers with software we didn’t agree to install, they will be the target of hackers and pirates, and they should be. Beat ‘em into submission, folks!
I actually bought a couple of songs off iTunes, since I don’t have any objections in principle to paying for music downloads, but, continuing my perenially unhappy experience with all things Apple, I found that they came with a pile of restrictions about how many things I could copy them to, etc. Under the “I bought it, I’ll do what I’m damn well please with it” philosophy which I subscribe to, I promptly downloaded them off Kazaa.
Carnival of Crazy X
Welcome to Edition #10 of the Carnival of Crazy.
EFF’s comments are a reductio ad absurdum of SONY’s EULA. They view the EULA as unconcionalble and unreasonable, and thus unenforceable. So, to make their point, they engage in a little hyperbole by broadly interpreting parts of the EULA to mean things like “if your house is burgled, etc. etc.” The point being, if SONY is stupid enough to put rootkits on CDs, and have a draconian EULA, they might actually try to enforce the EULA in extreme circumstances. Although the latter is highly unlikely, EFF wants to point out that a company stupid / crazy / malevolent enough to put rootkits on CDs, and write draconian EULAs, might also try to enforce them under ridiculous circumstances. Personally, given the PR stupidity of suing individual end-users for music downloads, I wouldn’t put it past them.