Sony Facing Not-so-Secretive Legal Action

As details of Sony’s secretive digital rights management protections come to light, its actions are prompting not-so-secret opposition from privacy advocates.

The Electronic Frontier Foundation (EFF) is currently investigating Sony’s anti-piracy tactics in order to determine whether the organization will file a class-action lawsuit in the coming weeks against the music giant, said Jason Schultz, a staff attorney at the EFF.

A privacy organization in Italy, the Electronic Frontiers Italy (ALCEI), on Friday filed papers with authorities claiming Sony BMG was responsible for “illicit actions” in Italy and seeks penal denunciation against the company for secretly inserting software into consumer computers.

Schultz said he wouldn’t be surprised to see a number of lawsuits from other organizations as a result of Sony’s recent activities and that, “the more we find out about it the more illegal it seems,” he said.

“This is exactly what happens with spyware that gets installed on people’s computers, they have these 27-page license agreements in which you totally agree to let them infest your computer with all kinds of stuff you really don’t want,” he said. “But it’s all kind of buried in the fine print and I think to allow companies like Sony BMG to do the same thing is heading down a bad path.”

Officials at Sony were not available for comment at press time.

Last week’s blog post by Mark Rossinovich, Winternals Software chief software architect, created a sensation when he revealed the means Sony was taking to ensure customers weren’t stealing their music.

Sony uses an anti-piracy software component developed by First 4 Internet out of the United Kingdom, Extended Copy Protection (XCP), which installs a rootkit &bsp;onto the user’s computer to monitor their computer’s activities.

The software monitors all processes running on the computer, ostensibly to determine whether any ripping technology is being used to make illegal copies of the software. However, XCP runs behind a rootkit, which cloaks the software’s activities and is a common tactic used by malware writers to disguise their activities.

As originally reported, Sony released a patch that unmasks the secretive practices of the software. However, to get the patch the user needs to fill out a Web form and an e-mail is sent to the e-mail address provided.

In a follow up blog entry by Russinovich, he notes there’s a small chance the patch will cause a blue-screen crash and urged Sony to make a real un-installer readily available for download to consumers.

While the agreement does state that “as soon as you have agreed to be bound by the terms and conditions of the EULA, this CD will automatically install a small proprietary software program onto your computer,” Schultz said the omission of what exactly is getting installed is deceptive.

“If people really knew what was going on they would never agree to it,” he said.

Schultz said the thinks Sony’s vague EULA is a loophole to avoid running afoul of any consumer protections, particularly the Computer Fraud and Abuse Act, which states it is illegal for anybody who “knowingly accesses a computer without authorization or exceeds authorized access.”

“These issues of consent are going to be squarely in front of any lawsuit that occurs; to what extent did these people actually know what they were consenting to, did they realize it and is that an appropriate way for Sony to get around these protections?” Schultz said. “I think from a consumer protection point of view, we have to err on the side of being over-protective of consumers because most people just click through these agreements.”

News Around the Web