基础法律英语辅导热招
您的位置:外语教育网 > 法律英语 > 法治资讯 > 正文

Sony BMG's Copy-Protection Quagmire

2005-12-20 00:00   我要纠错 | 打印 | 收藏 | | |

Sony BMG is the world's second largest music company, responsible for approximately one-quarter of all album sales in the United States. Among the CDs that it has been selling in 2005, however, are millions that include copy-protection software. If the owner of one of these CDs wants to play or copy these CDs on her Windows computer, she must first install software intended to restrict the number and kind of copies that her computer can make.

After quietly distributing these CDs for months, Sony BMG was caught flat-footed when computer security professionals in early November 2005 discovered that its copy-protection software creates serious security risks. At least one variant of the protection software installs itself even if users decline the pop-up end-user license agreement and eject the CD. Moreover, when the CDs are played, the software phones home to servers controlled by Sony BMG, reporting details regarding the user's listening habits. Finally, once installed, the copy-protection software is difficult, if not impossible, to uninstall.

The response from customers, musicians and consumer journalists has been swift and merciless. A reporter for Stereophile magazine put it this way: In other words, Sony installs files on its consumers' computers without their permission, does not allow the files to be removed, and spies on its customers. His verdict: Weasels, we calls 'em. On the opinion pages of The New York Times, a working musician urged the music industry to recognize that copy-protection software is bad for everyone, consumers, musicians and labels alike. At online retailer Amazon.com, the reviews of Sony BMG's copy-protected CDs are filled with customer complaints.

But the public relations meltdown was only the beginning of Sony BMG's troubles. Within weeks, more than 10 class action lawsuits in both state and federal courts had been filed against Sony BMG (including two in which this author serves as counsel). Texas Attorney General Greg Abbott has also filed an action against Sony BMG, and the attorneys general of New York, Illinois and Massachusetts have expressed concern about the CDs in question.

Sony BMG's experience is quickly shaping up into an object lesson in the legal risks that companies can face when they distribute faulty software and mislead the public.

THE PROBLEM AND SONY BMG'S RESPONSE

All of Sony BMG's copy-protected CDs include one of two protection technologies, either First4Internet's Extended Copy Protection (XCP) or SunnComm's MediaMax software.

The initial security revelations, published on the SysInternals Web log in early November 2005, related to the XCP software. The Web log reported that the XCP software automatically installed a rootkit on Windows computers. A rootkit is essentially the computer equivalent of Harry Potter's invisibility cloak, permitting software to render itself invisible to a computer's operating system, anti-virus and anti-spyware software, thereby hiding itself from the computer user. Rootkits are generally associated with viruses, spyware and other malware that wants to burrow deep into a computer in order to avoid discovery and removal. The XCP rootkit posed a serious security risk because, once installed on a user's computer, it could be used by other third parties to hide their own malicious software.

Sony BMG initially responded to the XCP revelations by attempting to downplay the risks, with one senior Sony BMG executive opining that most people, I think, do not even know what a rootkit is, so why should they care about it? While typical computer users may not have appreciated the vulnerabilities created by XCP's rootkit feature, virus writers responded within days by developing and releasing viruses designed to exploit it. Soon thereafter, the leading makers of anti-spyware and anti-virus tools, including Microsoft, Symantec and Computer Associates, branded XCP a security threat. Their concerns were soon echoed by the U.S. Computer Emergency Readiness Team (US-CERT), an arm of the Department of Homeland Security charged with the task of protecting the nation's Internet infrastructure.

Security woes were only part of the problem. Having paid full retail price for the CDs, music fans got them home only to discover that using them on a computer was subject to a bewildering and outrageous array of contractual conditions imposed by a mandatory end-user license agreement (EULA). For example, the EULA includes provisions purporting to require the immediate deletion of all copies if a user files for personal bankruptcy or parts with possession of the CD (including, presumably, if the CD were stolen from your car). The EULA also attempts to limit Sony BMG's liability to no more than $5, well short of a refund of the purchase price, and to force consumers to litigate in New York if they have any disputes with Sony BMG. In short, when it came to using these CDs on their computers, music fans are getting far less for their money than they had with traditional CDs.

Sony BMG's initial efforts to address the problem were half-hearted, at best. An early uninstaller, offered to customers only after completing a complex request procedure, created new security vulnerabilities. Nearly two weeks elapsed before Sony BMG finally announced that it would halt further production of the XCP CDs. Ultimately, Sony BMG announced that it would offer to exchange XCP-protected CDs for unprotected replacements. More than a month after the initial public revelations, a revised XCP uninstaller was finally released.

The other copy-protection technology, SunnComm's MediaMax, presented its own problems. Researchers discovered that the MediaMax software installed itself on Windows computers even when users declined the pop-up license agreement. When Sony BMG released an uninstaller for MediaMax, it created additional security risks. The Electronic Frontier Foundation (EFF) subsequently commissioned an examination of the MediaMax software, revealing a potentially dangerous security vulnerability. When Sony BMG released a patch to address this flaw, another vulnerability was discovered, necessitating the withdrawal of the patch.

Both XCP and MediaMax are also troubling from a privacy perspective, as they routinely transmit information over the Internet to servers controlled by Sony BMG, sending information about a user's listening habits. This phone home feature is not disclosed to CD buyers, who are instead told by Sony BMG that no information is ever collected about you or your computer without your consenting.

THE LEGAL CLAIMS

The numerous lawsuits filed against Sony BMG in the wake of the protected-CD debacle provide an illuminating overview of the kinds of claims that companies may face when distributing faulty software.

One set of claims is rooted in statutes forbidding computer intrusion. For example, a number of the class action complaints rely on the federal Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, which forbids accessing a computer without, or in excess of, the authority of the owner of the computer. Private civil litigants are entitled to bring suit where the prohibited computer intrusion causes losses exceeding $5,000, threatens public health or safety, or damages a computer system used by government entities for judicial, national security or defense functions. Similar state laws have also been invoked, including California's Penal Code §502, which prohibits the unauthorized introduction of a contaminant into a computer that transmits information about a computer to third parties without authorization.

Recently enacted state laws aimed at spyware and adware are a second basis for legal claims against Sony BMG. Class actions filed in California, for example, allege violations of recently enacted California Business & Professions Code §22947.3, which prohibits deceptively taking control of a user's computer, modifying computer settings or preventing users from uninstalling software. Similarly, the Texas attorney general relied on the Consumer Protection Against Computer Spyware Act, Texas Business & Commercial Code §48.053, which prohibits manipulating software in order to prevent a computer user from detecting, locating and removing the software. The Texas statute also prohibits intentionally misrepresenting that the installation of software is necessary for security or privacy reasons. §48.055(1). In addition to California and Texas, 10 other states have enacted laws aimed at spyware, many of which may reach Sony BMG's conduct.

Several complaints brought in California also articulate claims based on the Consumer Legal Remedies Act (CLRA), California Civil Code §1770, a state consumer protection statute applicable to consumer transactions involving goods. This statute forbids, among other things, the imposition of unconscionable contractual terms on consumers, misrepresentations about a product and misleading advertising.

Some class action complaints have also included common law trespass to chattels claims, alleging that Sony BMG's copy-protection software constitutes unauthorized intermeddling with the possessory interests of computer owners, resulting in damage to their computers. While this theory of liability has proven controversial when applied in Internet contexts, several courts have indicated a willingness to entertain such claims. See Register.com v. Verio, 356 F.3d 393, 404 (2d Cir. 2004); eBay v. Bidder's Edge, 100 F.Supp.2d 1058 (N.D. Cal. 2000).

Finally, many of the complaints include allegations that Sony BMG's conduct amounts to an unfair or deceptive trade practice, fraud, or false advertising under applicable state statutes. The class actions filed in California, for example, invoke California's Business & Professions Code §§17200 and 17500, while those filed in New York invoke General Business Law §§349 and §§350.

From a legal perspective, the many suits against Sony BMG will raise a welter of questions of first impression for the courts on whose dockets they appear. Whether those courts have an opportunity to rule on all of them may depend on whether Sony BMG opts to seek an early and comprehensive settlement aimed at repairing the damage that already has been done by its ill-considered copy-protection strategy. But irrespective of the outcome in these cases, counsel advising companies that distribute software with their products have been afforded a sneak preview of the kinds of legal actions that can be brought against clients that release defective software into the national marketplace.

相关资讯:
网站导航:
 四六级 指南 动态 经验 试题 资料  托福 指南 动态 经验 留学 备考
 雅思 指南 动态 机经 经验 辅导  公共英语 指南 动态 备考 试题 辅导
 日语 就业 辅导 留学 考试 报考  法语 资料 文化 考试 留学 辅导
 韩语 入门 口语 阅读 留学 文化  西语 辅导 资料 考试 留学 风采
基础法律英语
350元/门
系统讲解知识,全面提升水平
课时数:18课时左右
学员 tueiwi:
自我感觉LEC考得不错,感谢外语教育网的法律英语课程老师。
学员 tyjf:
外语教育网的法律英语信息不错,希望有朝一日可以成为法律达人,顶起!
学员 Alice12345:
我报的是法律英语的辅导班。因为英语底子不太好,一直没有太大的进步。后来,我在外语教育网报名参加了网上培训。感觉老师很负责。课程内容也详细。在老师的帮助下,感觉我的法律英语的水平得到了长足的提高。很感谢法律英语的老师的教导。谢谢老师!
学员 lionm:
一直在学法律英语,但总是找不到门路。不但单词多,而且本来认识的单词意思又变了,头痛死了。听了李文沛老师的法律英语课程后,我觉得好多了。希望能网校的法律英语课程能继续开个中级班。
学员 xyz521:
我一直在找法律英语的课程都没找到,偶然的机会来到外语教育网,发现这里的法律英语的课程真的很不错、信息也很齐全,绝对支持哦!
学员 futami:
以前自己看书,感觉非常吃力,很多地方看不懂。抱着试试看的心理,我报名参加了外语教育网的基础法律英语辅导。沙老师和李老师讲得非常好,重点、难点,经过老师的系统讲解,我都基本掌握了。就连冥思苦想都不能解决的难题,也通过答疑板请教老师而得到了满意的答复。在此衷心感谢网校的老师。
学员 hnigni:
我是法律专业的本科生,因为工作的需要,必须得会法律英语,可之前在学校的时候没好好学过啊。正头疼,同事推荐了外语教育网,于是我就报了名,开始学习。在学习过程中,发现沙老师的课真的很不错,她不但英语口语发音标准,而且她授课的内容通俗易懂,很方便我们接受和学习。另外,外语教育网的教学模式很适合我这种已经参加了工作的人,可以让我兼顾工作和学习,也很不错。特此,到网上来赞一下沙老师!沙老师,谢谢您!也谢谢网校的良好服务!在外语教育网学习,真值!
版权声明
   1、凡本网注明 “来源:外语教育网”的所有作品,版权均属外语教育网所有,未经本网授权不得转载、链接、转贴或以其他方式使用;已经本网授权的,应在授权范围内使用,且必须注明“来源:外语教育网”。违反上述声明者,本网将追究其法律责任。
  2、本网部分资料为网上搜集转载,均尽力标明作者和出处。对于本网刊载作品涉及版权等问题的,请作者与本网站联系,本网站核实确认后会尽快予以处理。
  本网转载之作品,并不意味着认同该作品的观点或真实性。如其他媒体、网站或个人转载使用,请与著作权人联系,并自负法律责任。
  3、本网站欢迎积极投稿
  4、联系方式:
编辑信箱:for68@chinaacc.com
电话:010-82319999-2371