Copyright

Cory Doctorow visited the offices of Nature and gave an interesting talk. (Link via Pharyngula.)

Sony has said it will “temporarily” stop making CDs with the problematic DRM technology. I’m sure they’ll make more in the future with a modified version or a new DRM technology.

As reported at Brian Krebs’ Washington Post blog, there has been a class action lawsuit filed against Sony in California and another one about to be filed in New York. The California lawsuit alleges violations of California’s anti-spyware law, the Consumer Legal Remedies Act, and the California Unfair Competition law. In other news from Krebs, there is now real malware exploiting Sony’s DRM to hide itself. Krebs seems to be breaking the key news on this story–there are a number of other related articles on his blog worth reading, such as the one on Sony’s past history of cavalier and inconsistent actions on DRM. The EFF has an analysis of the EULA for Sony’s software–it’s something no reasonable person should agree to. Back at Mark Russinovich’s blog that exposed this issue and began the controversy, he rebuts a response from First 4 Internet, the implementers of the Sony DRM, and points out more evidence that their software is poorly written and can crash Windows.

Mark Russinovich at Sysinternals.com, a security professional who is careful about what software he installs on his computer, found a rootkit on his Windows machine. A rootkit is a set of applications designed to hide malicious activity from the owner or administrator of a machine. He found a hidden directory, several hidden device drivers, and a hidden application. After further investigation, he found that the software installed on his machine without his consent or authorization included files identified via Sigcheck as part of “Essential System Tools” from a company called First 4 Internet. Google revealed that First 4 Internet has implemented Digital Rights Management for several record companies, including Sony. It turned out that a recent CD he had purchased, “Get Right with The Man” by the Van Zant brothers, contained Sony’s DRM. Additional experimentation shows that the software is poorly written, and creates a load on the system by scanning the executable files associated with every running process every two seconds, and querying file information including size eight times per scan. The End User License Agreement (EULA) gives no indication that this software will be installed to your machine, and provides no mechanism for removing it. (They have apparently since modified the EULA in response to Russinovich’s analysis.) Russinovich took the trouble to take the steps necessary to remove the software (and return his computer to a functional condition), but as his analysis points out, this would be very difficult for an inexperienced user. A typical responsible computer user who saw the rootkit files and simply deleted them would cripple their computer. This software appears to me no different from spyware, which was made illegal in the U.S. under the SPY ACT (Securely Protect Yourself Against Cyber Trespass), and also appears (as a commenters on Russinovich’s blog note) to violate California state law, UK law, and Australian law. Arizona’s anti-spyware law doesn’t seem to apply. Russinovich’s detailed step-by-step analysis may be found here. Don’t purchase CDs with such irresponsible and sleazy DRM software. ...