We have traveled the world umpteen times, and everywhere we go, the kids want rootkit news! You may remember when the second biggest record label/first biggest consumer bully Sony/BMG embedded little rootkit cuties into a bunch of its CDs in the name of copy protection (in total, 52 titles were embedded with the Digital Management Software and 7 million were sold). Although the news was everywhere when it broke at the butt-end of 2005, the story has slowly lost its headline news status. Since the public uproar started, there have been minor settlements along the way in a slew of states, and at the end of January, the Federal Trade Commission (FTC) announced a proposed settlement on the charges it brought against the music giant for monitoring users' PCs and exposing them to destructive programs and hack attacks. It was a subdued affair, by all accounts...
FTC: "Next on our docket…a suit against the gentlemen and gentlewomen of Sony Corp? Cannot be! Can I get a summary of this case, Mister Lawyer-guy? I probably should have boned up on the case details before this trial began, but I was too busy spending time boning up my secretary."
The people: "Well, your honor, or commissioner, or whatever we are supposed to call you, I would never attempt to tell you how you should be spending your extra-curricular pursuits, but you would have had to be hiding under a rock not to have heard of this case. In 2005, Security Researcher Mark Russinovich discovered a clandestine "DRM" rootkit program installed in certain Sony CDs...
FTC: "Uh, huh..."
The People: "Not only were consumers not notified of these rootkits' presence on their CDs, but uninstalling them proved nigh on impossible. Once they are installed, the software can hide any file, regardless who put it there. So it basically worked like a "trojan horse" for hackers to jump in and attack the computer of anyone who unwittingly played a certain CD embedded with the software!"
FTC: "Well, the only parts of that I understood was the thing about hiding under a rock or using a Trojan to hide the salami or something? Both of which I excel at, by the way. Anyway, my good friend Sony, what do you have to say to all of that?"
Sony: "We stand by content-protection technology as an important tool to protect out intellectual property rights and those of our artists."
The People: "Sony BMG Global Digital Business president Thomas Hesse even said in a NPR interview, ‘Most people...don't even know what a rootkit is, so why should they care about it?' What kind of attitude is that? Since this case has begun, Sony has shown outright contempt for the consumer and at this hearing today, they still believe they have done nothing wrong!"
Sony: "We stand by content-protection technology as an important tool to protect out intellectual property rights and those of our artists."
The People: "This was a deliberate and malicious use of technology to infect millions of computers with spyware and rootkits to restrict what consumers could do with the CDs that they purchased in good faith. Sony has never disclosed their unexpected limitations on customer's use of their products. They just happened to get caught!"
Sony: "We stand by content-protection technology as an important tool to protect out intellectual property rights and those of our artists."
The People: "Sony has been completely unethical during this whole sorted mess! They are lucky I'm not pushing for a public flogging followed by a good old-fashioned bout of feces throwing."
Sony: "We stand by content-protection technology as an important tool to protect out intellectual property rights and those of our artists."
FTC: "Alright, I've heard enough. Now, I've deliberated on this matter for quite awhile..."
The People: "No, you haven't!"
FTC: "Quiet please, whoever said that. As I was saying, I have thought about this for awhile, and I'm ready to hand down my sentence. I'll give consumers a chance to exchange their Sony CDs through June 31, 2007 and grant them a $150 reimbursement package to those who can prove damage to their computers ($150 is appropriate, I think. Computers are not expensive to repair, are they?). And Sony, lifelong pal, you've had to pay so many fines already since this started. Four to five million dollars? Outrageous. How's a poor boy supposed to keep themselves warm with cognac and Hummers when they have to settle cases all over the U.S.? Tsk, tsk, a darn shame, I say. Dear friend, you'll have to promise to be careful with collecting your consumer information and will have to stop installing these wonderfully sneaky softwares from now on, ‘k? And let's be clear here... this settlement in no way presumes an admission of guilt on your part. How does that grab you, old chum?
Sony: "We stand by content-protection technology as an important... tools... rights... artist... WE'VE DONE NOTHING WRONG... WE'VE DONE NOTHING WRONG... WE'VE DONE NOthing... (Sony's representative starts inexplicably smoldering, falls on ground, and breaks apart to reveal a mess of wires, processors, ports, and a rootkit, for good measure)."
FTC (smiling): "Oh you..."
The People: "Oh c'mon! I'm representing you here... we're on the same side! Talk about a slap on the wrist. That's not even a slap on the wrist. That's like a flaccid dong on the wrist! No slap! None! Depending on who you believe, they have paid out about $4.5 or $5.75 million only in fines since this began! Sony makes that kind of money every time * breaks wind! Justice sucks, man! Justice sucks!
FTC: "Did you say something, stranger? Well, I'm sure it was hogwash. I don't take sides, especially not against upstanding entities like Sony. Are we done here? I'm off to the club for my three triple-gin lunch." (Nods to shapely commission clerk) "You coming, Sweetie-pie?"
