Monday, November 14, 2005

Add hypocritical and illegal to the list

Sony has unleashed a shitstorm with the news that it put some heinously nasty malware on some of its music CDs. (If you are already familar with this story, skip the next few paragraphs.) EFF explains:

Using a program called a rootkit, inserting a Sony BMG music CD will now infect your computer with a nefarious program, burying it deeply and obscurely within your operating system. The program will monitor your computer activity in the name of preventing the so-called epidemic of "piracy" that results from people making extra copies of their music CDs or favorite songs. Worse yet, there is no "uninstall" feature on this program. It's like the roach motel -- once Sony BMG's surveillance program checks in, you can't make it check out without completely wiping your entire system clean. Such practices have been widely condemned in the computer world, even by Microsoft's own research division.

Outrage from computer users and music fans has sparked Sony BMG into offering a program on its website that will show you if you have been infected with the rootkit. However, while you can see the program running, you still can't uninstall it, and some security experts believe installing the "update" may even infect your computer with more unwanted files.

It has also been widely reported that hackers have already found ways to exploit Sony's rootkit with other ways of screwing up your computer -- that is, that Sony's code creates vulnerabilities that others can exploit.

And check out the list of toxic titles -- Gerry Mulligan? Dexter Gordon? Were Napster junkies stealing millions in potential sales of 1950's jazz?

But wait -- there's more. The whole point of Sony's "ends justifies the means" assault was the evil of copyright violation. So what a shock to discover that Sony's hack attack itself appears to be a copyright violation.

It turns out that the rootkit contains pieces of code that are identical to LAME, an open source mp3-encoder, and thereby breach the license.

This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.

Open source licensing is a rather arcane topic, I know. But if Sony did what these guys said they did, it is a mind-boggling bit of hypocritical hubris.

To summarize: a major consumer products company -- one that actually sells PCs in addition to content -- intentionally infects its product with PC-crippling Big Brother code, parts of which appear to be stolen from other sources, so that it can monitor your use of the products you buy from them.

Until and unless they eat major, public shit for this, no more Sony purchases of any kind for me.

Update: A reader points out that there is a site out there monitoring this and encouraging a Sony boycott. And it looks like there is at least one class action lawsuit brewing as well.


Anonymous Anonymous said...

"The net effect is that it's not in doubt that Sony has created a major security event on the Net."

12:11 AM  
Anonymous Anonymous said...

Sony BMG is facing yet another class-action lawsuit stemming from the controversy over its anti-piracy software, this time from a New York attorney who filed a federal case that could potentially include consumers in all 50 states.

12:12 AM  
Anonymous Anonymous said...


you'll love this blog >>

12:22 AM  

Post a Comment

<< Home

see web stats