COPYCENSE

Editor’s Note: CopyCense started its coverage of the Sony DRM-rootkit issue on Wednesday, Nov. 2, 2005. Unlike few other issues covered here, the debate over Sony BMG’s surreptitious use of malicious digital rights management code has spawned a torrent of stories. From the beginning, CopyCense has attempted to provide an ongoing, frequently updated listing of key stories and documents. As we received word over the holiday season that Sony BMG was seeking to settle class action lawsuits against it in the United States — a separate class action against Sony BMG started last week — the editorial staff decided to republish our collection of stories into a bibliography. As before, we will continue to update this bibliography periodically, and will cross-post to it as we expand our coverage of digital rights management.

The first edition (Version 1.0) of CopyCense Sony BMG DRM bibliography is compiled by K. Matthew Dames, and includes stories published during the U.S. holiday season (Dec. 23, 2005 through Jan. 2, 2006). This edition, Version 1.1, is updated through Feb. 8, 2006.

For more DRM information, please check CopyCense‘s DRM Archive.

Original post:

“Mark Russinovich was doing a routine test this week of computer security software he’d co-written, when he made a surprising discovery: Something new was hiding itself deep inside his PC’s guts.

“It took Russinovich, an experienced programmer who has written a book on the Windows operating system for Microsoft, some time to track down exactly what was happening, but he ultimately traced it to code left behind by a recent CD he’d bought and played on his computer.”

John Borland. Sony CD Protection Sparks Security Concerns. News.com. Nov. 1, 2005.

See also:

Mark’s Sysinternals Blog. Sony, Rootkits and Digital Rights Management Gone Too Far. Oct. 31, 2005.

The CopyCense Bibliography on the Sony-BMG DRM Controversy, v. 1.1 (last updated Feb. 10, 2006)

Dawn Kamamoto. Rootkit Numbers Rocketing Up, McAfee Says. News.com. April 17, 2006.

Electronic Frontier Foundation. Sony BMG Class Action Claim Forms. No date.

Robert McMillan. DHS: Sony Rootkit May Lead to Regulation. Computerworld. Feb. 16, 2006.

Matt Moore. Sony BMG Names New CEO to Replace Lack. Yahoo! Finance. February 10, 2006.

Dan Tynan. Pirate TV. Digit. Feb. 10, 2006.

Michael Geist. The Digital Economy. P2PNet.net. Feb. 9, 2006.

ArsTechnica. Librarians Air Concerns About DRM. Feb. 3, 2006.

Thomas Mennecke. DRM, the IFPI and You. Slyck. Feb. 3, 2006.

Bill Rosenblatt. DRM Discussed at World Economic Forum. DRM Watch. Feb. 2, 2006.

Bruce Sterling. The Rootkit of All Evil. Wired. February 2006.

Bernhard Warner. Content Owners Pursue DRM Despite Sony Climbdown. PCPro. Jan. 31, 2006.

World Economic Forum. A New Democracy in Digital Rights Management. Jan. 27, 2006.

Freedom to Tinker. CD DRM: Threat Models and Business Models. Jan. 24, 2006.

Michelle Manafy. Time for a Business-Model Remix? Music Distribution in the Wake of the Sony BMG DRM Debacle. EContent. January/February 2006.

Michael Godwin. OITP Technology Policy Brief — Digital Rights Management: A Guide for Librarians. (.pdf, 362 KB) January 2006.

Knowledge@Wharton. Digital Rights Management (DRM): Media Companies’ Next Flop? No date.

Ryan Singer. The Year of Living DRMishly. Wired News. Jan. 24, 2006.

EFF Deep Links. SunnComm’s Initial Response to Our Open Letter. Jan. 20, 2006. (“A while back, we wrote open letter to SunnComm, the manufacturer responsible for the insecure MediaMax DRM software installed on audio CDs. As an initial formal response, SunnComm has released lists of all the titles, regardless of label, that use the MediaMax 5 and MediaMax 3 DRM. The MediaMax’d CDs are not limited to Sony BMG, but include independent label records.”)

Wendy M. Grossman. Digital Rights Manifesto Revealed. The Inquirer. Jan. 20, 2006.

Tom Espiner. EMI Considers Opening Its DRM to Inspection. News.com. Jan. 20, 2006.

David Canton. Sony’s ‘Rootkit’ Opens Massive Can of Worms. The London Free Press. Jan. 18, 2006.

Ingrid Marson. Sony Rootkit Victims In Every State, Researcher Says. News.com. Jan 17, 2006.

Robert Lemos. Researcher: Sony BMG “Rootkit” Still Widespread. SecurityFocus. Jan. 16, 2006.

Frank Washkuch Jr. Symantec Owns Up To ‘Rootkit.’ SC Magazine. Jan. 12, 2006.

PledgeBank. Boycott DRM. (Editor’s Note: CopyCense called for, and supported, a Sony BMG boycott soon after original coverage commenced.)

Victor Yodaiken. Some Safety and Reliability Questions About DRM. Groklaw. Jan. 11, 2006.

Lorraine Woellert. Sony BMG Ends A Legal Nightmare. BusinessWeek Online. Jan. 9, 2006.

SonySuit.com. The Sony BMG Settlement and What It Means For You. Jan. 7, 2006.

Sean McKibbon. Suit Targets ‘Spyware.’ Ottawa Sun. Jan. 6, 2006.

Bill Rosenblatt. SonyBMG Offers Settlement to Copy Protected CD Suits. DRM Watch. Jan. 5, 2006.

EFF Deep Links. What About EMI’s Copy-Protected CDs? Jan. 4, 2006.

CopyCense. Sony BMG Settles DRM Lawsuit. Jan. 4, 2006.

Michael Geist. Legal Fallout From Sony’s CD Woes. BBC News. Jan. 3, 2006.

Michael Geist. Rootkit Fiasco Shows Sterner Laws Needed. Toronto Star. Jan. 2, 2006.

Michael Desmond. Security Industry Rocked by Sony Rootkit Fiasco. Redmond. January 2006. (“The Sony BMG rootkit fiasco could be the worst retail marketing meltdown since the launch of New Coke. While Sony has been rightly villified for its irresponsible actions, the real question is, why did it take so long for security vendors to detect and remediate this serious threat?”)

The Gripe Line Web Log by Ed Foster. Unsettled by the Sony Settlement. Dec. 30, 2005.

Lorraine Woellert. Sony BMG Ends a Legal Nightmare. BusinessWeek Online. Dec. 30, 2005.

United States District Court, Southern District of New York. Motion and Memorandum of Law in Support of Plaintiff’s Application for Preliminary Approval of Class Action Settlement. (.pdf, 177 KB) Dec. 28, 2005.

Girard Gibbs & De Bartolomeo, LLP. Sony BMG CD Proposed Class Action Settlement. No date.

Ingrid Marson. Sony Settles ‘Rootkit’ Class Action Lawsuit. News.com. Dec. 29, 2005.

Freedom to Tinker. Sony CDs and the Computer Fraud and Abuse Act. Dec. 21, 2005.

Reuters. New Spyware Claim Against Sony BMG. News.com. Dec. 21, 2005.

EFF Deep Links. Summary of Claims Against Sony-BMG. Dec. 18, 2005.

EFF Deep Links. Open Letter to SunnComm/MediaMax. Dec. 9, 2005. (“The Electronic Frontier Foundation (EFF) remains concerned that additional security flaws will be discovered in MediaMax software, in both version 5 and version 3.”)

John Borland. Sony Fixes Security Hole in CDs, Again. News.com. Dec. 8, 2005. (“Sony announced on Tuesday that a new risk had been found with a batch of 27 of its compact discs, which automatically install antipiracy software on hard drives when put into a computer’s disc drive. Along with the Electronic Frontier Foundation, a digital rights group, the record label released a patch aimed at fixing that flaw. However, Princeton computer science professor Ed Felten wrote in his blog on Wednesday that the patch itself could open computers to attack by hackers.”)

Freedom to Tinker. MediaMax Bug Found; Patch Issued; Patch Suffers from Same Bug. Dec. 7, 2005.

Olga Kharif. For Sony, a Pain in the Image. BusinessWeek Online. Dec. 2, 2005.

Arik Hesseldahl. Spitzer Gets on Sony BMG’s Case. BusinessWeek Online. Nov. 29, 2005.

Steve Hamm. Sony BMG’s Costly Silence. BusinessWeek Online. Nov. 29, 2005.

Steven Levy. Sony Gets Caught With Slipped Discs. Newsweek. Nov. 28, 2005.

Tom Zeller Jr. Sony BMG Sued Over CD’s With Anti-Piracy Software. The New York Times. Nov. 22, 2005.

The Gripe Line Web Log. Sony’s DRM Profile. Nov. 22, 2005. (“What was Sony’s real motive for what many consider behavior that is awfully close to a criminal act? To answer that question I think we’re going to need to borrow a page from the criminal profilers by tracking the company’s behavior. Fortunately, we have more than one crime scene to help us with our profile, because it so happens that Sony has been employing more than one form of spywarish DRM in recent months.”)

BenEdelman.org. Cleaning Up Sony’s Rootkit Mess. November 21, 2005.

Electronic Frontier Foundation. EFF Files Class Action Lawsuit Against Sony BMG. (Press release) Nov. 21, 2005.

Michael Geist. Sony’s Long-Term Rootkit CD Woes. BBC News. Nov. 21, 2005. (“Stewart Baker, the US Department of Homeland Security’s assistant secretary of policy, admonished the music industry, reminding them that ‘it’s very important to remember that it’s your intellectual property – it’s not your computer. And in the pursuit of protection of intellectual property, it’s important not to defeat or undermine the security measures that people need to adopt in these days.'”)

John Leyden. Gaffer Tape Defeats Sony DRM Rootkit. The Register. Nov. 21, 2005.

John Borland. Who Has the Right to Control Your PC? News.com. Nov. 21, 2005.

Joris Evers. What Makes A Rootkit? News.com. Nov. 21, 2005.

Paul F. Roberts. Amazon.com Offers Refund for ‘Rootkit’ DRM-Carrying Sony CDs. PCMag.com. Nov. 18, 2005.

Associated Press. Copy Protection Still a Work in Progress. Yahoo! News. Nov. 18, 2005.

Gregg Keizer. Sony Rootkits: A Sign Of Security Industry Failure? InformationWeek. Nov. 18, 2005. (“[For] at least for seven months, Sony BMG Music CD buyers have been installing rootkits on their PCs. Why then did no security software vendor detect a problem and alert customers?” asked an analyst.)

Martin Reynolds and Mike McGuire. Sony BMG DRM a Public-Relations and Technology Failure. Gartner. Nov. 18, 2005. (.pdf, 36.2 KB)

Andrew Orlowski. Sony’s CD Rootkit Infringes DVD Jon’s Copyright. The Register. Nov. 18, 2005.

Andrew Kantor. Sony: The Rootkit of All Evil? USA Today. Nov. 17, 2005. (“Thomas Hesse, president of Sony BMG’s global digital business said, ‘Most people I think don’t even know what a rootkit is, so why should they care about it?'”)

BBC News. Sony to Recall Copy-Protected CDs. Nov. 16, 2005.

Freedom to Tinker. Sony’s Web-Based Uninstaller Opens a Big Security Hole; Sony to Recall Discs. Nov. 15, 2005.

Dan Goodin. Boycott Sony. Wired News. Nov. 14, 2005.

Electronic Frontier Foundation. An Open Letter to Sony-BMG. No date.

Jefferson Graham. Firestorm Rages Over Lockdown on Digital Music. USA Today. Nov. 13, 2005. (“New York University sophomores Inga Chernyak and Diana Rosenthal took part in a demonstration near campus the other day. It had nothing to do with the Iraq war, a political election or any of the other hot-button issues students normally want to protest. Instead, the pair and about 20 other NYU students were out to rally consumers against what Chernyak calls a dark force that has invaded her tech life: digital rights management.”)

Joris Evers. Microsoft Will Wipe Out Sony’s ‘Rootkit’. News.com. Nov. 13, 2005.

Spyware Confidential. Sony Stops DRM CDs – Temporarily. Nov. 11, 2005.

Reuters. Sony BMG Pulls CD Software. eWeek. Nov. 11, 2005.

Joris Evers. Sony Halts Production of ‘Rootkit’ CDs. News.com. Nov. 11, 2005.

John Borland. FAQ: Sony’s ‘Rootkit’ CDs. News.com. Nov. 11, 2005.

Ingrid Marson. Sony Faces Multiple Lawsuits Over DRM Rootkit. ZDNet UK. Nov. 10, 2005.

Jay Wrolstad. Hackers Exploit Secret Copy Protections Found on Sony CDs. CIO Today. Nov. 10, 2005.

InformationWeek Blog. At Sony, The Customer Is Captive. Nov. 10, 2005.

The Gripe Line Web Log by Ed Foster. EULAs and DRM Make Ugly Music Together. InfoWorld. Nov. 10, 2005. (“It’s important to keep in mind, [Fred von Lohmann] points out, that the music is sold, not licensed. … But if you want to play the CD on your computer, under the Sony EULA all those rights are ‘licensed’ away.”)

CD Freaks. Sony Faces Californian Class-Action Suit & Likely a 2nd U.S. Suit. Nov. 10, 2005.

EFF Deep Links. Now the Legalese Rootkit: Sony-BMG’s EULA. Nov. 9, 2005.

EFF Deep Links. Are You Infected by Sony-BMG’s Rootkit? Nov. 9, 2005. (List of SonyBMG CDs suspected of having the rootkit problem.)

Declan McCullagh. Perspective: Why They Say Spyware Is Good For You. News.com. Nov. 7, 2005. (“It’s a wacky result when both Sony and its hapless customers could be embroiled in legal hot water at the same time.”)

Mark’s Sysinternals Blog. Sony’s Rootkit: First 4 Internet Responds. Nov 6, 2005.

Molly Wood. DRM This, Sony! CNET.com. Nov. 3, 2005. (“So, let’s make this a bit more explicit. You buy a CD. You put the CD into your PC in order to enjoy your music. Sony grabs this opportunity to sneak into your house like a virus and set up camp, and it leaves the backdoor open so that Sony or any other enterprising intruder can follow and have the run of the place. If you try to kick Sony out, it trashes the place.”)

Freedom to Tinker. SonyBMG and First4Internet Release Mysterious Software Update. Nov. 3, 2005. (Princeton professor Edward W. Felten writes, “SonyBMG and First4Internet … have taken their first baby steps toward addressing the problem. But they still have a long way to go; and they might even have made the situation worse. The update is more than 3.5 megabytes in size, and it appears to contain new versions of almost all the files included in the initial installation of the entire DRM system, as well as creating some new files. In short, they’re not just taking away the rootkit-like function — they’re almost certainly adding things to the system as well. And once again, they’re not disclosing what they’re doing.”)

Eric Goldman. Sony, DRM and Trespass to Chattels. Nov. 2, 2005. (“Sony’s software was installed based on a EULA that contained disclosures about the software. Though we may doubt the efficacy of disclosures in the EULA (a point I’ll discuss more below), this was not a surreptitious installation.”)

Wired Editorial Staff. The Cover-Up Is the Crime. Wired News. Nov. 2, 2005. (“By deliberately corrupting the most basic functionality of their customers’ computers, Sony broke the rules of fair play and crossed a bright line separating legitimate software from computer trespass. Their actions may be civilly actionable.”)

John Borland. Sony to Patch Copy-Protected CD. News.com. Nov. 2, 2005.

Slashdot. Sony Rootkit CD Providers. Nov. 1, 2005.

John Borland. Sony CD Protection Sparks Security Concerns. News.com. Nov. 1, 2005.

Mark’s Sysinternals Blog. Sony, Rootkits and Digital Rights Management Gone Too Far. Oct. 31, 2005.

Robert Vamosi. Security Watch: Root Kit 101. CNET Reviews. Oct. 21, 2005.

CopyCense™: K. Matthew Dames on the intersection of business, law and technology. A business venture of Seso Digital LLC.