Will The DOJ Investigate Sony?

By Richard Menta 11/18/05

It concerns me the fact that the Department of Justice (DOJ) has made no comment on the Sony-BMG rootkit story.

Going by the broad definition by which all of the early spyware and malware laws in this country are drafted Sony-BMG seems to be in violation. Only a court of law can decide for sure, especially since these are new laws and the parameters of what triggers a violation and what doesn't have yet to be established. But a court will only decide the matter if charges are brought. No one is even suggesting they may be brought up.

If there are no charges made isn't the DOJ saying through inaction that this is acceptable behavior, or at least behavior that in their view violates no law?

The 4GB iPod Nano is available on Amazon

The DOJ has kept silent while one of the biggest cybersecurity intrusions ever hit the press with a fervor. No comment on if Sony-BMG may or may not have broken the law by installing a rootkit on millions of PCs covertly. No details on why they came to their conclusions to act or not act. Nothing.

I personally would feel better I they communicated their thoughts on this, one way or the other. The DOJ certainly has made its thoughts clear on file sharing.

The Intellectual Property Protection Act of 2005

The other week US Attorney General Alberto Gonzales announced a new bill the Department of Justice sent to Congress. The bill, called The Intellectual Property Protection Act of 2005, is designed to toughen penalties against intellectual property violations. The problem I have with this bill is that this action is driven through the efforts of a movie and record industry with a sky-is-falling attitude. Their clear intention is to erode - for their added enrichment - the fair use rights we as Americans enjoy.

As an MBA I know this is not good business, though in the short run it may appear to be. I say that because real financial growth comes through innovation and opportunity, not by upholding the status quo. In terms of content distribution the Internet is the most efficient tool to ever appear. It's so efficient that I can make music files available to the world from my living room for almost no cost. A significant reduction in cost is probably the greatest opportunity for any established industry, but if an industry barely explores that opportunity it's moot. The record and movie industries are suspect of the Net and were quite slow to exploit the opportunities brought on by it. So slow that consumers simply did it themselves in the form of file sharing.

The content industry calls file sharing piracy, but it also called the VCR piracy. It called home taping piracy too. Neither were. Some people - including recording artists like Janis Ian - call file sharing fair use, but they don't have a well-funded lobby on Capitol Hill.

Anyway, the content industries call file sharing piracy, the newspapers they put their ads in call it piracy, and now the US Attorney General has proposed a law that will officially and unambiguously declare it piracy and make it a felony.

Mr. Gonzales, if you believe that grandmothers should go to jail for sharing the jaunty tunes of 50-cents, how do you think we should handle this Sony rootkit scandal? A rootkit that, irony of ironies, may also have infringed anothers intellectual property.

Leading information security companies from Symantec to McAfee officially classify the Sony rootkit as a Trojan. Corporations are now forced to spend time and money to root out the rootkit that has exposed their networks to attack. It seems to warrant at least an investigation.

If the DOJ is eager to go after small time hoods and homeowners for copyright infringement, you would think they would go after one of the most successful enablers of malware in the history of information security. After all, Sony had this code out for months before anyone detected it. They sold over two million of these discs in that time and may have infected just as many PCs.

I have heard the DOJ try to claim that P2P applications can be used to facilitate terrorism. Personally, I think that is a bit of a stretch, but even if you could convince me of the logic don't you think Al Qaida might find the vulnerabilities the Sony-BMG rootkit creates a bit more useful? Which is the greater threat here?

Again, I would like to hear from the DOJ. I would like to hear their reasoning.


Should these various bills become law it would criminalize unauthorized activities with regards to copyrights. And what qualifies as unauthorized? Since these bills are the progeny of the copyright industry they lean to giving the industry the right to define what ultimately constitues infringement.

Let's take a silly example to make my point using an extreme. Let's say that the record industry decides that CDs can no longer be played on automobile sound systems. In this world they release an End User License Agreement (EULA) with every new record that states the copyright owner does not authorize such use. Listen to a CD in your car anyway and you can go to jail. How? Because the EULA serves as a form of contract that dictates the terms of acceptable use. Any violation is a felony.

Now the above example is intentionall a silly one, an example that will never happen because it is so silly. Or is it?

After the Sony-BMG rootkit scandal the Electronic Frontier foundation (EFF) reviewed the End User License Agreement (EULA) Sony placed on their copy-protected CDs. What they discovered is that Sony-BMG is already populating their EULA's with the silly. This is what the EFF found underneath the legalese, which is comical if not surreal. It is genuinely funny, yet if the DOJ's bill were to become law ignoring what's funny might become - a crime!

What the EFF's legal minds pulled from the Sony EULA:

1. If your house gets burgled, you have to delete all your music from your laptop when you get home. That's because the EULA says that your rights to any copies terminate as soon as you no longer possess the original CD.

2. You can't keep your music on any computers at work. The EULA only gives you the right to put copies on a "personal home computer system owned by you."

3. If you move out of the country, you have to delete all your music. The EULA specifically forbids "export" outside the country where you reside.

4. You must install any and all updates, or else lose the music on your computer. The EULA immediately terminates if you fail to install any update. No more holding out on those hobble-ware downgrades masquerading as updates.

5. Sony-BMG can install and use backdoors in the copy protection software or media player to "enforce their rights" against you, at any time, without notice. And Sony-BMG disclaims any liability if this "self help" crashes your computer, exposes you to security risks, or any other harm.

6. The EULA says Sony-BMG will never be liable to you for more than $5.00. That's right, no matter what happens, you can't even get back what you paid for the CD.

7. If you file for bankruptcy, you have to delete all the music on your computer. Seriously.

8. You have no right to transfer the music on your computer, even along with the original CD.

9. Forget about using the music as a soundtrack for your latest family photo slideshow, or mash-ups, or sampling. The EULA forbids changing, altering, or make derivative works from the music on your computer.

Does anyone reading this feel that not erasing all the music on your PC after a bankruptsy should be a crime? Does anyone reading this feel that number 5 on this list is acceptable?

The DOJ is more than willing to let the courts decide when average consumers are violating the law. They are willing to pen new laws that add further restrictions to the use of copyrighted material. Why won't they give us their opinion on whether Sony has done something wrong with regards to the Cybersecurity laws already on the books?

I would like the DOJ to tell us if they will or won't investigate the Sony-BMG matter. I would then like them to detail to the public how they came to their conclusions. If they are reasonable I'll accept them. If they simply say something I'll feel better.


Other MP3 stories:
Apple May Raise iTunes Prices
Devaluing the Product Part II - Sony CDs

The 30GB iPod Video is available on Amazon

Back to