Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Servers

    Sonys Rootkit DRM Raises Legal Red Flags

    By
    Steven J. Vaughan-Nichols
    -
    December 1, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Sony BMG Music Entertainments XCP digital rights management technology may have gotten the company into trouble in several ways.

      First, XCP technology manipulates the Windows kernel to make its code almost undetectable on Windows systems.

      This, in turn, makes it difficult to remove and makes it an ideal launch vehicle for malicious rootkit programs.

      /zimages/4/28571.gifClick here to read more about how Sonys controversial DRM technology operates.

      Next, as was expected, a rootkit Trojan—Backdoor.IRC.Snyd.A aka Backdoor.Ryknos—appeared.

      Soon thereafter it was discovered that XCP may also violate the LGPL open-source license.

      “The allegation that Sony has incorporated open-source software into its purportedly proprietary software in a manner inconsistent with the Open Source General Public License, if established, would create a nice irony,” said Simon J. Frankel, an IP (intellectual property) attorney and partner with Howard Rice Nemerovski Canady Falk & Rabkin LLP in San Francisco.

      “The entire purpose of open-source software is to make broadly useful software available for all to build on. For Sony to take such software and incorporate it into software that it claims as proprietary would be contrary to the entire spirit of open source,” Frankel said.

      “The improper use of GPL software by Sony could be the basis of a claim for violation of the GPL, which could prevent Sony from utilizing the rootkit program to the extent that it includes GPL software and, if a proper party were definable, could even subject Sony to damages claims under the license and copyright principles,” said Michael R. Graham, IP attorney and partner with Marshall, Gerstein & Borun LLP, a Chicago-based law firm specializing in IP.

      Not long after that, the lawsuits bagan. The first suit came from the EFF (Electronic Freedom Foundation), but it was soon followed by a suit from the state of Texas.

      “On a very basic level of product liability law, if Sony is distributing a product that causes damage to consumers, then it may well be held liable,” Frankel said.

      “There also appears to be a particular Texas statute that may make Sony liable for distributing spyware to consumers computers. This potential legal liability only piles on to the tremendous public relations snafu caused by Sonys media player,” Frankel added.

      These suits may be only the beginning of Sonys troubles.

      “Sonys surreptitious inclusion of this code into its CDs in an effort to prevent digital pirating of its software was ill-considered, and just another instance of the music industry grasping for digital locks for its recordings,” Graham said.

      He added, “But what could lose Sony its friends in the media business is that this type of introduction may also spur Congress to adopt anti-spyware, anti-Trojan horse legislation.”

      “The entertainment industry would be forced to seek an exception to such legislation—based on a use of reasonable steps to prevent piracy—or develop non-spyware software and technology that would limit the reproduction of CDs without compromising individuals systems,” Graham said.

      Next Page: Sonys EULA may be asking for trouble.

      Sonys EULA May Be

      Asking for Trouble”>

      What Suvashis Bhattacharya, an IP attorney in the Palo Alto office of Thelen Reid & Priest LLP, found most interesting, however, was the combination of all the other problems with Sonys EULA (End User License Agreement).

      Bhattacharya suggested that the EULA “found on the CDs that contain the rootkit software has many restrictions and requirements that may be argued to violate the copyright laws as well as the rights that are guaranteed to the end user.”

      Among these, Bhattacharya said, are “restrictions in the License [that state] that the user will not be able to access the content on the CD if he or she no longer possesses the original CD.

      “Considering that the user has the right to make a copy of the CD under the Fair Use doctrine, one may argue that this provision violates the copyright laws by requiring the user to erase all copies of the CD if the original CD is lost, destroyed or stolen.”

      Rubbing salt into the wound, the EULA also “requires the purchaser to install all updates for the rootkit software or otherwise lose rights to be able to access the contents on the CD.”

      And if your system is damaged by the rootkit? Too bad.

      “Further, should the software be defective or expose vulnerabilities to hackers, the License states that the purchaser assumes the costs for fixing the problem. The License does allow the purchaser to collect up to $5.00 from Sony, however, in the case that the software causes a loss in data or equipment,” Bhattacharya said.

      Sony BMG recalls CDs carrying the XCP DRM software. Read more

      here.

      Sonys EULA also restricts the users access to legal recourse, Bhattacharya said. “One provision in the License states that the user waives any right to seek judicial approval which may be needed to terminate the License. The License also forces the user to waive his or her right to a jury trial for any dispute that arises relating to the software or the License. Of course, it may be argued that this provision violates the U.S. Constitution as well as various state Constitutions.”

      The restrictions and requirements imposed by the EULA on CDs bearing the rootkit software raise many questions that the legal, software and consumer industries should tackle, lest enforcement of the agreements have “a chilling effect” on business, Bhattacharya said.

      Taken all in all, as one legal marketing expert said, “if [Bhattacharyas] eye-opening analysis of Sonys EULA is true, look out!! Attorneys will be salivating.”

      Indeed, one way or another, thanks to its use and licensing of XCP DRM, Sony may be in for quite a legal shipwreck.

      Check out eWEEK.coms for the latest open-source news, reviews and analysis.

      Steven J. Vaughan-Nichols
      I'm editor-at-large for Ziff Davis Enterprise. That's a fancy title that means I write about whatever topic strikes my fancy or needs written about across the Ziff Davis Enterprise family of publications. You'll find most of my stories in Linux-Watch, DesktopLinux and eWEEK. Prior to becoming a technology journalist, I worked at NASA and the Department of Defense on numerous major technological projects.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×