Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Sony's legal issues
Mark Rasch, 2005-11-14

Last month I wrote about a dispute between the Federal Trade Commission and a spyware distributor where the FTC alleged that an End User License Agreement, which essentially told downloaders that they were downloading spyware, was a false and deceptive trade practice. Two events cause me to revisit this issue. First, the FTC has gone after another spyware distributor, and second, Sony Corporation has caused the surreptitious installation of a rootkit-type program to enforce its digital rights management on its music CDs, claiming authority to do so under an End User License Agreement.

Not only did Sony's actions raise the ire of the user community and open up users to undisclosed security vulnerabilities, it also landed Sony in hot water and a class action lawsuit. The question now is whether the EULA provides Sony with any cover, and if not, why the Federal Trade Commission isn't going after companies that cause the installation of programs where we don't - and can't - know what they do.

Recent developments

On November 10, 2005, the FTC filed a lawsuit in federal court in Los Angeles against Enternet Media and others. It was your typical anti-spyware lawsuit - you know, the program was installed without the user's knowledge, added dozens of other programs, captured personal information, was impossible to remove - yadda yadda yadda. This fact was considered to constitute a fraudulent and deceptive trade practice by the FTC. What is interesting in the complaint is the fact that the FTC argues that the terms of Enternet Media's End User License Agreement are not enforceable noting that, "Although the EM defendants do have a EULA, they do not require, let alone encourage, consumers to review it prior to downloading and installing the EM code. The EM defendants' installation boxes, when clicked on, automatically install the EM code, with no requirement that a consumer agree to terms and conditions."

The FTC complaint goes on to note that "[n]or can a consumer, having installed the EM code, reasonably avoid its effects by uninstalling or removing it. In most cases, the EM defendants' own instructions do not remove all of the EM code, and the EM code does not appear in the Add/Remove feature of the Windows operating system. Often, all or some of the EM code remains on consumers' computers even after repeated attempts to uninstall the code." This, among other things, according to the FTC, constituted a deceptive representation about the software.

Sony stands in the spotlight

Of course, no large and reputable company would act this way. Enter the Sony BMG fiasco. As reported in Security Focus Sony made thousands of music CD's with embedded digital rights management code. People thought they were buying a music CD with some sort of copy protection. What they were actually doing was licensing software subject to an End User License Agreement. The terms of the EULA, like those of the spyware distributor cited by the FTC, were not visible simply by playing the music, at least not on regular CD player. The EULA provided that "this CD will automatically install a small proprietary software program (the "SOFTWARE") onto YOUR COMPUTER" but did not describe what the software did, where it was installed, or how to get rid of it. The EULA also provided that your right to listen to the music existed only for as long as you retained possession of the purchased (or more accurately, licensed) CD, that you could only make copies of the CD on personal home computers that you owned (theoretically, leased or borrowed computers were out), that you could not export the software (hence play the music) outside the country, that you agreed to install any updates to the software (sound like spyware?) and that Sony's liability to you was capped at five bucks - irrespective of what the software does. Other fun provisions of the EULA as noted by the Electronic Frontier Foundation include the fact that your right to listen to the music terminates if you file for bankruptcy, that you can't transfer the music on your computer, even with the original CD, and that you can't change, alter, or make derivative works from the music on your computer - all things you ordinarily could do under copyright law.

Story continued on Page 2 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Comments Mode:
Sony's legal issues 2005-11-14
fatman (2 replies)
Re: Sony's legal issues 2005-11-15
Mark D. Rasch (2 replies)
Re: Re: Sony's legal issues 2005-11-17
Anonymous
Re: Re: Sony's legal issues 2005-11-17
Yvan Boily
Re: Sony's legal issues 2005-11-22
R Simard
Sony's legal issues 2005-11-15
Anonymous (2 replies)
Re: Sony's legal issues 2005-11-16
Anonymous
Re: Sony's legal issues 2005-11-16
Anonymous (1 replies)
Re: Re: Sony's legal issues 2005-11-17
Anonymous
Sony's legal issues 2005-11-15
Anonymous (1 replies)
Re: Sony's legal issues 2005-11-16
Anonymous
Sony's legal issues 2005-11-16
norgan
Here's how you get the CD to play... 2005-11-16
Gordon Fecyk
Sony's legal issues 2005-11-16
dreq
Sony's legal issues 2005-11-16
Alexey Vesnin
Sony's legal issues 2005-11-16
ChiRaven
May be illegal in UK 2005-11-16
Anonymous
Sony's legal issues 2005-11-16
Steve (1 replies)
Re: Sony's legal issues 2005-11-19
Mark Rasch (1 replies)
Re: Re: Sony's legal issues 2005-12-01
Anonymous
Sony's legal issues - EULA and DELL 2005-11-16
Anonymous (1 replies)
Sony's legal issues 2005-11-16
Steve
But what are the consumer's remedies? 2005-11-17
HavaCuppaJoe (2 replies)
Sony's legal issues 2005-11-21
Anonymous
You Missed Something Big! 2005-11-22
Anonymous
Validity of the EULA 2005-11-22
Stephan Schulz
Sony's legal issues 2005-11-22
JCD
What recourse does a buyer have? 2005-11-22
Jaywalk (1 replies)
Sony's legal issues 2005-11-22
Capt Chas
Sony's legal issues 2005-11-29
Thaddy de Koning


 

Privacy Statement
Copyright 2010, SecurityFocus