Tuesday, November 01, 2005

Sony DRM rootkit code (#5) Sony DRM rootkit code (#5)

Legal Buff / ReynenStarfyre on the comment thread at Mark's Sysinternals Blog posts some interesting theories:
This action violates many local and international laws. Lets look at some of the ones mentioned.

DMCA anyone? Whos's the one NOW circumventing security? Wouldn't be grand if the DMCA was used AGAINST the RIAA and associated for the very same thing they are sueing other people for?

By sony installing rootkits they are effectly bypassing any security put in place and IF someone uninstalls it, they can completely screw up their computer.

I know someone in fact has installed this on a government computer that has TIGHT security. How do you think they will feel knowing SONY has willingly put on and changed a ROOTKIT.

Great news for computer repair's across the country. Is SONY going to pick up the tab because THEIR DRM software screwed up the computer?

Also if buy a CD and it doesnt work, fraud anyone? It's very clear if you buy something and it doesnt work, you are entitled to get your money back else it IS considered fraud regardless of any EULAs or store rules.

What is really ironic, I know a senators child who just happened to buy a number of SONY cd's with the DRM. Won't it be interesting when they install it on DADDY's computer.

SONY did you consider what happens when you piss of a senator? You think he is going to be happy to find out out about, and heaven forbid his kid try and remove it. Then he'll REALLY be mad.


This software will be considered spyware under the ASC definition,

The ASC's most recent definition of spyware is:

Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

* Material changes that affect their user experience, privacy, or system security;

* Use of their system resources, including what programs are installed on their computers; and/or
* Collection, use, and distribution of their personal or other sensitive information. - thank you Mellisa


"The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, makes spyware illegal, but it is unclear if the SPY ACT defines spyware the same way as the ASC.... " - thank you Mellisa


INAL, but this appears to be illegal in the State of California, punishable by a $1000 fine per computer affected.

California Business & Protections Code Section 22947.3, Paragraph C:

A person or entity that is not an authorized user, as defined in Section 22947.1, shall not, with actual knowledge, with conscious avoidance of actual knowledge, or willfully, cause computer software to be copied onto the computer of a consumer in this state and use the software to do any of the following:
(c) Prevent, without the authorization of an authorized user, an authorized user's reasonable efforts to block the installation of, or to disable, software, by doing any of the following:
(1) Presenting the authorized user with an option to decline
installation of software with knowledge that, when the option is
selected by the authorized user, the installation nevertheless proceeds.
(2) Falsely representing that software has been disabled.

- Thank you Erik


Computer Misuse Act - UK

Ever think of this one? It may be old but it's broad, however it does cover what is mentioned that they do.


Even if they changed the EULA, it's been proven that the DMCA OVERULES THEM. After all the RIAA has used the DMCA to overrule EULA's before theyby setting a precendence for others to use against them AND thier associates.

I love how they shoot themselves in the foot.

Also as previously stated the rootkit and can used by other programs to future exploit the system. So SONY has thereby placed a method to where others can hack the machine.


I look forward to a class action suit. If nothing else, bad publicity will hurt them more then anything.

Remember the embarassing bypass with a marker anyone?


8:28 PM Display: Full / Chopped / Footer

Display: Full / Chopped / None

Display: Full / Footer / None

Display: Chopped / Footer / None


Anonymous Anonymous said...

There has been some noise made about DMCA liability for disassembling and removing this aoftware.

If there is no obvious connection (obvious to a person of ordinary skill in their normal use of their computer) between the software installed on the machine, the purpose of that software, and the consent to the EULA, how can the behaviour of the user be constained by the EULA?

If the EULA does apply to these otherwise unidentifiable changes made to a computer how does a person avoid liability if they reconfigure the OS, or remove or disassemble files that have no clear origin, no clear owner and no clear purpose? Changing your desktop wallpaper could be a violation of the EULA if that is the case.

7:31 PM  

Post a Comment

Links to this post:

Create a Link

<< Home >>