Sony Pulls Controversial Anti-Piracy Software

An anonymous reader writes "Bowing to public outrage, Sony BMG has temporarily halted the use of its controversial anti-piracy software in all of its music CDs, the company said in a statement today. The move comes just a day after a top Bush administration official chided Sony and the entertainment industry for going too far: according to this story over at Washingtonpost.com, Stewart Baker, the Department of Homeland Security's policy czar warned would-be DRM makers: 'It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.' The Post has the full text and video of his commentary." We've reported on this story previously.

They'll still be liable though

[metternich]

For the damage their program has already caused.
I forsee big lawsuits.

They're not going to recall their CDs...

[volpone]

What difference does this statement make? None at all. It's not like Sony will recall the millions of CDs out there with the malware. This is just spin. Move along.

Dept of Homeland Security?

[keraneuology]

Stewart Baker, recently appointed by President Bush as the Department of Homeland Security's assistant secretary for policy, made a comment that suggested that some anti-piracy efforts introduced by the industry could have profound and unexpected effects on the security of the nation's critical infrastructures.

Other than the concern that a nation filled with Spears, Timberlake and Dion worshippers would be unable to defend the nation against an invasion by Canada or Luxembourg I fail to grasp the connection between Homeland Security and a moronic VP at Sony who is trying to render 1/2 of his company's music player division worthless.

Keep up the pressure

[nuggz]

Good, now keep up the pressure. Unless Sony feels real pain for going too far it will encourage others to keep pushing the envelope on what is acceptable.

This is why punative damages for "bad behaviour" exist, to make the company take notice and change their behaviour.

Don't let them get off easy.

Bush Administration

[jbellows_20]

Man, what to say? They said something right for a change.

Re:Dept of Homeland Security?

[(A)*(B)!0_-]

Come on - you're on Slashdot and you can't figure out the implications of a large population of easily infected machines with a common point of entry?

Still no word on Sony's Mac DRM

[davidwr]

Macintouch reports [macintouch.com] that Sony is also putting Macintosh DRM on some of its disks. No word if these kernel extensions - PhoenixNub1.kext and PhoenixNub12.kext - are a rootkit or not, and no word if Sony is suspending their use or not.

According to the Macintouch article, the Mac DRM is on Imogen Heap's Speak for Yourself, an RCA CD distributed by Sony/BMG.

I suspect that CD-makers won't be able to keep a stunt like this secret for 8 months next time, because their customers will be watching for such shenannigans.

Now we wait for Sony to issue a recall.

"All your replacement CDs are belong to us" - Sony's customers.

Re:They'll still be liable though

[frodo from middle ea]

Most of the lawsuits will be class action lawsuits, which sony will be too glad to settle with the lawyers, thus making a few lawyers very rich.

What you may get is a discount of 1$ on an already overpriced 20$ CD.

Sony made a stupid PR mistake, but they are too big a company to really suffer from it so badly, so to completely give up DRM. Come release date of PS3, and all those who critisize sony now, will line up before stall drooling...

Like it or not, fair use will be a thing of past, in the years to come.

Re:They're not going to recall their CDs...

[IgLou]

Yeah, I thought the same thing. Lousy bastards, I bet you they won't send out anything to remove that stinking rootkit either. You can imagine that a class action will soon follow; especially without a recall.

Thinking about that though, does it matter if they recall the CD's if the DRM rootkits are already out there installed on computers?

Why am I not surprised?

[Cl1mh4224rd]

The move comes just a day after a top Bush administration official chided Sony and the entertainment industry for going too far [...]

Months of potential and prior customers crying foul and Sony's response is, "Meh. It's not that bad, but here's a half-assed patch and some hoops to jump through."

A day after someone in the government goes, "Naughty, naughty," Sony's suddenly pulling their DRM, if even "temporarily".

It can't be anymore obvious what Sony thinks of their customers...

It's not about who gets the money.

[CyricZ]

Regardless of who gets the money, the end result is that Sony suffers financially. And that may just serve as an example to other companies not to pull a similar stunt, lest they might lose money in a similar fashion.

Flu epidemic - warning to malware writers

[davidwr]

From the Washington Post article [washingtonpost.com]:

[Stewart Baker, Homeland Security's assistant secretary for policy, said:]
"If we have an avian flu outbreak here and it is even half as bad as the 1918 flu epidemic, we will be enormously dependent on being able to get remote access for a large number of people, and keeping the infrastructure functioning is a matter of life and death and we take it very seriously."

Does this mean if malware keeps people from getting medical help the authors can be convicted of manslaughter?

Jury: We find the defendant guilty on each of the 100 million counts of computer tampering and 2 million counts of involuntary manslaughter.
Judge: I hereby sentence you to 10 million sentences of 2 years of probation and 2 million sentences of 6 months in jail followed by 5 years probation. Due to the outrageous nature of your conduct, sentences are to be served consecutively. You should be out in time to watch the sun swallow the earth.

Delicious!!!!!!!

What about removal?

[Spy der Mann]

Will sony give removal instructions? Their downloadable "patch" only updates their rootkit, but doesn't uninstall it.

Re:Dept of Homeland Security?

[Anonymous Coward]

I fail to grasp the connection between Homeland Security and a moronic VP at Sony who is trying to render 1/2 of his company's music player division worthless.

The problem is that the DHS has to charge Sony with computer crimes or not. If they do, they're going to upset the people who keep them in cigars and hookers. If they don't, they are establishing a very dangerous legal precedent. So the compromise is to publically chide them while actually not doing anything.

Re:Homeland Security

[keraneuology]

The dept of Homeland Security has been worried for some time about the possibility of foreign nationals creating botnets which might allow them to ddos critical online national assets.

Fair enough, but the millions of zombies hosted by comcast, bellsouth.net, or SBC doesn't interest them, the massive security flaws that allow any Microsoft machine to become a zombie just by connecting it to the internet and going for a pizza don't interest them, but a Van Zant (and other) CDs elicit a response from the tier 1 level?

Pardon my cynicism but I suspect that -this- received the attention because no matter what people will always buy broadband internet and people will always buy Microsoft but the paranoid with the amplifying tinfoil hats just might start to demand oversight of DRM technologies to the point where the major congressional donors of the RIAA/MPAA might suffer an induced case of the fidgets.

(Not that there's much danger of that... at this moment the #1 selling album on amazon is 12 Songs [Content/Copy-Protected CD] by Neil Diamond).

Replace my DRM CDs!

[Anonymous Coward]

I think that Sony should replace my CDs that contain their DRM software free of charge. I do have to say that when I bought the Kings of Leon CD 5 months ago, I was a little angered by the copy protection and have tried to stray from buying CDs that had similar labels since then, but when you really like an artist, you have to plug your nose and go for it. Needless to say, I didn't put any of the subsequent CDs in my computer's CD-ROM drive.

No

[Armour Hotdog]

Check out their full statement (from a Security Focus article [securityfocus.com]):

We are aware that a computer virus is circulating that may affect computers with XCP content protection software. The XCP software is included on a limited number of SONY BMG content protected titles. This potential problem has no effect on the use of these discs in conventional, non-computer-based, CD and DVD players.

In response to these events, SONY BMG has swiftly provided a patch to all major anti-virus companies and to the general public that guards against precisely the type of virus now said to exist. The patch fixes the possible software problem, and still allows CDs to be played on personal computers. It can be downloaded at http://cp.sonybmg.com/xcp/ [sonybmg.com]. Starting today, we will also be adding this link to the SONY BMG label and corporate sites. We deeply regret any possible inconvenience this may cause.

We stand by content protection technology as an important tool to protect our intellectual property rights and those of our artists. Nonetheless, as a precautionary measure, SONY BMG is temporarily suspending the manufacture of CDs containing XCP technology. We also intend to re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use. More information about our content protection initiative can also be found at: http://cp.sonybmg.com/xcp [sonybmg.com].

They're spinning this with all their might. Remember that the patch they so proudly trumpet (look how serious we are about protecting our customers!) doesn't remove the rootkit - it merely disables the cloaking feature. Also note that while they say they are suspending manufacture of these CDs, there is no mention of any effort to remove already manufactured copies from store shelves or the distribution network. Considering that CDs are stamped in large production runs and then kept in inventory, they really haven't committed to anything except to "re-examine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use." (and note how their goals do not include consumer privacy or control over their own electronic devices).

No, I don't think we forgive them for this for a long time yet.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Why can't they go to jail?

[swb]

I agree that Sony will probably just write a check to a bunch of lawyers and maybe fire some guys, but why can't people go to jail for these kinds of things?

It always strikes me as odd that you can fuck up thousands of people's lives (in this case, their computers), knowingly and deliberately, and the only outcome is that some lawyers get rich and a few overpaid *might* have to use their golden parachutes.

Why isn't this thousands of counts of unauthorized use of a computer? I know that "throw 'em in jail" really isn't a large-scale social solution, but there needs to be a way for our corporate leaders to understand that not only can they not steal and get away with it (cf various corporate thefts), if they abuse their corporate power and mess with people lives, you know what, you might go to jail, too.

Already product in the channel

[Chief Typist]

"As a precautionary measure, Sony BMG is temporarily suspending the manufacture of CDs containing XCP technology," it said in a statement.

So why aren't they recalling the product that's already in the channel? There are thousands (millions?) of discs sitting on retailers shelves that are just waiting to install the rootkit. Oh yeah, that would hurt their bottom line.

Until it costs them, they're not going to learn.

-ch

Re:OMG... Overload!!!

[ghoti]

Yeah, it's tricky for the other side too: If you download music illegally, you're financing terrorism - but if you buy the CD, you invite the terrorists to use your machine for attacks ...

Re:Keep up the pressure

[demachina]

Setback for DRM yes, a lost battle, but a battle does not a war make.

This is a quote you should save for coming years.

"It's very important to remember that it's your intellectual property -- it's not your computer."

Drag this quote out out when Trusted Computing, Vista and its successors come out and Microsoft and Intel really do seize control of your computer and everything on it and get away with it.

I think most of this backlash is just due to the fact Sony, a non U.S. corporation did it, and it was done as an add on. If in the future Microsoft does more or less the same thing, though better integrated and implemented, and ships it bundled in the OS it might well get forced on the world without a peep from the U.S. government.

In particular Microsoft just need to sell Trusted Computing and DRM as a defense against terrorism, as pro democracy, freedom and capitalism and the Federal government will be cheering it on.

To put it another way Sony's effort was just badly marketed and marketing is everything in this sorry world we live in.

The purpose of a class action

[rgoldste]

Sure, a class action won't help consumers much. But the actual harm in this case was thankfully pretty small, anyway.

The reason you put together a class action is to consolidate thousands of small claims, and in doing so come up with a total liability that Sony has to pay for. A class action against Sony would cost them a nice chunck of change, "helping them manage their access" to consumers' computers. In other words, a class action, which will almost certainly be settled, is how hundreds of little guys get together to punish the big guy for infringing on their rights.

I don't think any other western democracy allows U.S.-style class actions, and that's because the class action fulfills a role in the U.S. that the government fills in other countries. Specifically, the class action allows private parties to regulate and enforce the laws via large monetary damages, e.g., environmental laws and consumer protection laws. In other countries, the national government would be more involved in enforcing these laws.

Baker doing what politicians do best- distracting

[SuperBanana]

Stewart Baker, the Department of Homeland Security's policy czar warned would-be DRM makers: 'It's very important to remember that it's your intellectual property -- it's not your computer. And in the pursuit of protection of intellectual property, it's important not to defeat or undermine the security measures that people need to adopt in these days.'

How about: "it's not your computer. You do not have the right to install software components on someone's computer that spy on them, without their permission. That is computer trespassing and wiretapping. The FBI is currently investigating; in the meantime, here is a court order to remove any CDs with this software from shelves immediately, and we expect you to fully assist consumers with identifying whether a machine has the software installed, and the removal process."

What Baker is doing is trumpeting the Homeland Security line ("Won't someone PLEASE think of the Homeland Security?!"), and distracting us from the more important issue-that a corporation installed trojan programs that spy on people, and probably broke an number of laws doing so.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Why can't they go to jail?

[soupdevil]

Corporations limit the liability of individuals. That's their primary purpose. That said, we should put corporations in jail. Should they be found guilty, Sony should have to cease operations for the extent of their sentence.

Re:Why DRM won't work

[DECS]

So Apple's limp restrictions in Fairplay are supposed to be equal to Sony's installing of rootkit on Window's users PCs?

And MS is going to save the world? How exactly?

MS lead the push for unreasonable DRM in their WMA products, and looked certain to foist "subscription services" that nobody wanted and that the market has since largely ignored. WMA promised to deliver DiviX style CDs that crap out after a play and other consumer-hateful services.

All companies are trying to make money; its just that Microsoft and Sony have so many customers that they don't fear pissing them off, or think that the world will eat whatever crap they decide to serve. It's good to see that the public has a little aversion to being cheated still. Lately, everyone seems ready to roll over and take it.

The hand, the right hand, and going too far

[symbolic]

Funny that a top dubya adminstration official chided Sony for its DRM debacle, when not but one day later, Bush is asking Congress to pass a tough new anti-piracy law. Read about it Here [hollywoodreporter.com]. If anything, the proposed law takes "going too far" to the next level.

Due to outrage? HAHAH yeah right...

[Jackie_Chan_Fan]

They're pulling it because it will open them up to serious legal issues the second someone is infected with trojans that use their software to do serious damage.

Re:Homeland Security

[Piquan]

Fair enough, but the millions of zombies hosted by comcast, bellsouth.net, or SBC doesn't interest them, the massive security flaws that allow any Microsoft machine to become a zombie just by connecting it to the internet and going for a pizza don't interest them, but a Van Zant (and other) CDs elicit a response from the tier 1 level?

There's a difference. Microsoft's security model is an existing threat, with no easy solution. This type of DRM is a new threat, with the easy solution of "don't start doing this". The DHS is simply advocating this easy solution.

That's not to say that the problems you mentioned aren't getting tier 1 attention. But they aren't a simple, sound-bitable public statement.

Re:Who will "trust" them next time?

[RPoet]

Or as Sony's CEO Howard Stringer put it in 2001:

"Right now it would be possible for us, and I've often thought it would cheer me up to do it, you could dispatch a virus to anybody whose files contain us or Columbia records, and make them listen to four hours of Yanni" (Source [washingtonpost.com]) )

Re:Why DRM won't work

[Arend]

The point is that DRM punishes the people who *are* paying for their CDs. And of course it's true that virtuall any mp3 on the web originated from some CD, I don't think a considerable percentage of CD buying consumers actually rips the CDs and puts them on the web, even though I must admit that is more a guess then something I have any numbers for.

And if I read Janis' articles, I get the feeling that it is not in the artists interests to ban downloading, because with every download there is a benefit for the artist: exposure -- his song is played, and if the listener likes it, he just might get interested in buying a CD or coming to a concert.

Janis also posted a follow up article, where she mentions some numbers:

http://www.janisian.com/article-fallout.html [janisian.com]

"Winner of the Put Your Money Where Your Mouth Is award: Me. We began putting up free downloads around a week after the article came out. We will attempt to put up one free download a week for as long as we can - and leave them all up.
Change in merchandise sales after article posting (previous sales averaged over one year): Up 25%
Change in merchandise sales after beginning free downloads: Up 300%"

After Janis put some of her music for free on the net, she saw a 300% increase in sales. Real money for a real artist *because* of downloading.

Another interesting quote from that article, which is actually a quote from Steven Levy:

"So why are the record labels taking such a hard line? My guess is that it's all about protecting their internet-challenged business model. Their profit comes from blockbuster artists. If the industry moved to a more varied ecology, independent labels and artists would thrive - to the detriment of the labels... The smoking gun comes from testimony of an RIAA-backed economist who told the government fee panel that a dramatic shakeout in Webcasting is 'inevitable and desirable because it will bring about market consolidation'." ("Labels to Net Radio: Die Now", Steven Levy in Newsweek, July 15, 2002.)

The bottomline is that downloading seems to quite bad for the industry, but not for the artists and certainly not for the more "underdog" artists, because these actually make their money by performing and not by their CDs, which is more like a tip then actually providing income. Janis puts it this way:

"in 37 years as a recording artist, I've created 25+ albums for major labels, and I've *never once* received a royalty check that didn't show I owed *them* money."

Re:Homeland Security

[KarmaMB84]

I think the easier explanation is that unintentionally crappy software doesn't concern them, but intentionally invasive software does. ;p

Re:Keep up the pressure

[KarmaMB84]

You don't see how those cases are different. I'd rather have my DRM come as part of the OS than an invasive exploitable addon that could potentially crash my computer if I tried to restore it to its original condition.

Re:They'll still be liable though

[Jaseoldboss]

To quote from the website of the British Phonographic Industry [bpi.co.uk]

The unauthorised distribution of music over the internet is against the law. It infringes the legal rights of artists and record companies. And it's bad for music.

How hollow those words ring now, let me paraphrase in light of what Sony is accused of.

The unauthorised tampering with users computers is against the law. It infringes the legal rights of customers. And it's bad for music.

If there is one thing I'm sick of it's being preached to in this manner by corrupt, self serving sleazy corporate fat cats.

I don't think it was the government...

[alizard]

http://blogs.washingtonpost.com/securityfix/2005/1 1/calif_ny_lawsui.html#comments [washingtonpost.com] I think it's the 2 class action suits. . . so far. To be joined soon by 48 other class action suits. There's blood in the water and it's Sony's. The first step to getting their worthless asses out of this mess is to stop making it bigger, and every sale of a DRM-broken CD makes it bigger. The Feds simply gave Sony an excuse that didn't involve surrendering to their customers. Though given the dismal performance of Homeland Security, even this is a worthy contribution to computer security.

Look for legislation in future designed to give *AA companies immunity from the consequences of future machine-frying DRM.

Finally!

[interstellar_donkey]

It's very important to remember that it's your intellectual property -- it's not your computer.

It might be a slight overreaction, but I'm so happy to see somebody of importance say that.

Now if somebody would say "It's your IP, but it's not your DVD player" and got rid of those 'Pirating movies over Internet is akin to car theft or gang rape' that you can't bypass unless, of course, you pirated the movie.

The sad part is, it takes legislative action to get media distributors to stop them activly pissing off their paying customers.

Do not forgive, do not forget. Boycott!

[uncoveror]

Is Sony recalling all the trojan infected CDs and replacing them with clean ones? No. They are only claiming that they will not put this malware on future CDs. If we forgive or forget any of this, we only invite them to do it again. We need to boycott all Sony products. I know a lot of people who are mad about this are tempted to still buy Playstation games, and a Playstation III when it comes out. Don't buy them. There are other game consoles, PC gaming, and even Mac gaming. Let Sony go bankrupt, and let the story of their demise serve as a lesson to the entertainment and electronics industries.

Re:Why can't they go to jail?

[mmeister]

However, just because it happened to one group of people, making the same thing happen to another group doesn't make it right.

While this is true, I would argue that if you let some Corporate Executives off with a slap of the wrist after throwing some punk kid in jail for essentially the same crime, you are playing favorites and perpetuate the notion that the rich can buy their way out of jail more easily than the poor (which is sadly more true than not).

I, personally, believe that Sony Executives acted with total disregard to the law in their zealous attempt to "protect" their rights. Their use of deceptive practices is no better than that of a virus or spyware author.

Re:Finally!

[Unxmaal]

"The sad part is, it takes legislative action to get media distributors to stop them activly pissing off their paying customers."

No, the sad part is that the paying customers are fucking stupid because we are still paying customers.

It's still entirely passive-aggressive laziness to whine to your congresscritters when bad ole Sony installs the DRM that ass-rapes your mother and kills your dog.

Did you get that?

No, really, please understand this point: Lawsuits don't fucking help.

Lawsuits are tax-deductible. They're an acceptable business risk. They don't get CEOs fired. CEOs only get fired when the business stops making money.

Companies like Sony will continue to rape you until you -- yeah, you, the one sitting there reading Slashdot on a Friday night on one Sony monitor while playing EQ2 on the other, you fat fuck -- YOU stop paying them.

Stop paying them.

Stop. Paying. Them.

Really. Otherwise you're just fucking asking for it. And you deserve no sympathy for when your computer suddenly crashes because of the DRM you bought and paid for, or when you get sued for piracy that you didn't commit but that the spyware that the latest Sony DVD installed had a glitch and mis-reported your personal data to them.

Stop paying Sony.

What, you wanted to have that neat new DVD but also be able to skip the 30 minutes of previews?

Fuck you, whiner.

You put the ball in Sony's hands, and they really, truly do not give a shit about you. They dictate the terms because you fucking let them.

You fucking idiot.

Every Sony DVD you buy hurts you. Every CD. Every movie. Every neato electronic widget.

So stop.

Or at least shut the fuck up about being a slave.