101 thoughts on “Sony DRM rootkit saga”

  1. You should consider legal actions, Jon. Besides, once the media starts writing about Sony’s copyright infrigement in order to prevent copyright infrigement I hope it will heighten the awareness of the general public about DRM.

  2. Well, you live in the land of lawsuits, so why not do a trial from the prosecuters side?

  3. rofl… rediculous.. Will or can you do anything about it? Demand compensation, or that the code be removed and any damages fixed ?

    Or maby ask for a free sony vaio laptop, and some other good sony products for a few years in return for what happened? ๐Ÿ˜‰

  4. I know there are a lot of people out there (including me) who are holding their breath to see whether you press a suit for copyright violation/patent infringement.

    That could trun out very interesting for First4Internet and/or Sony.

  5. I’m not entirely sure why they would need to include anything related to FairPlay in their code per se anyway – it seems non-relevant. The only plausible theory for the presence of this would be as part of a “scan for tools that can pirate my content” signature algorithm sort of thing.

  6. are you planning to sue Sony Jon? ๐Ÿ˜‰

    this is truly unbelievable..

  7. After reading this Slashdot Article http://yro.slashdot.org/article.pl?sid=05/11/17/1350209&from=rss I searched for your blog. Are you and the organizations involved exploring legal repercussions? In UK where the software was written, Copyright infringement is a crime… aka investigated free by the british police. Not to mention that a civil lawsuit in the US could award bigtime, concidering the massive revenue streams involved.

    What are your thoughts?

    Btw, first time to your site, very impessed..



  8. The Register suggests about four million cds with the protection on have been manufactuered.


    Statutory copyright infringement in the US is $750 to $150000 per infringement if willful.


    At a potential reward of between three and six hundred billion dollars it has to be worth talking to a solicitor?


    Sony have assets of around $20,000,000,000 have a go at cleaning them out! You’d get an impressive office and all the PSPs you could handle.

  9. I glanced at that code and had a quick question: your(?) SWAP macro does the double-xor trick, which is cute but I imagine less performant than using a temporary. Could you comment on when/why you’d want to use that?

  10. Offer not to sue them (or file criminal complaints–remember, they’re doing this commercially! you could call the FBI on them, and claim statutory damages of zillions or something…) on the condition that they *never* use or distribute any DRM scheme again? ๐Ÿ™‚

    I know they’d never buy it, but maybe under threat of filing a criminal complaint? Err, and get a lawyer first, if you do–I’m not one, and you shouldn’t take any of this as legal advice ๐Ÿ™‚

  11. http://www.copyright.gov/title17/92chap5.html#504

    It gets better, if it’s willful infringement, and it was done for a commercial gain of more than $1000 the court shall order the desctruction of all the infringing copies and all implements, devices and equipment used in the manufacture of the infringing copies.

    Could you hold a ‘bring your own sledge hammer and smash the sony CD factory party?’ That would be cool.

  12. With those $$ of Sony assets as mentioned above, I’m sure you could manage to get such a sizeable chunk that you could devote half of their reparation payment towards Open Source software development funding and still live a very comfortable life from the rest ๐Ÿ™‚

    Just to make sure you get some nice ideas for spending any money you might get from that…

  13. before writing ANYTHING about your intentions to sue or not, please consult a lawyer. don’t say more than you need to on this matter in any public forum, including this journal. if you DO have a case, you’re talking about tens of millions. i think it’s worth a 30 minute consultation with a lawyer. chances are, you can find one willing to do it pro-bono too.

  14. For the love of God, do something with an attorney and make the circus that is my legal system have to account for itself. Our mainstream media has deliberately blunted the news about the rootkit and it’s damned time they and Congress took credit for the bastard child that is IP law and the DMCA.

    Take a “meh” perspective and you’re giving them silent permission to ramp up the legislation. Take a stand and the world will be watching. I can’t believe there isn’t a single attorney who wouldn’t take this pro bono.

  15. I’m now a lawyer, but I belive you have standing to go to federal court and get an injunction against F4I and/or Sony to prevent them from distributing your code in the future.

  16. I’m pretty sure somebody at your new workplace will be more than happy helping you sort this out ๐Ÿ˜‰ hehe this time you might actually be right place right time, so good luck man!
    Make us all proud again if you got a chance!

  17. Jon, I think you should talk to a lawyer about taking them to court.
    I mean, you’ve got a bit of a shady rep here in the states, you had that media coverage a few years ago, but you’re legit now, eh? Always worth a shot, if you’ve got the dough.

  18. you know, I bet if you sued sony and set up a donations page you would more than make up for the lawyers.

  19. sue them for enough money to give back the prize of the cd’s to everyone who’s bought them.. ^^

  20. Well, I think everyone has been missing a VERY important point. First4Internet is a company which sells products designed to PREVENT copyright violations. Read one of their press releases for example: http://www.xcp-aurora.com/press_article.aspx?art=aug_05_art2

    F4I knows EXACTLY what copyright infringment is. Now the question I will ask you is, do you guys know what happens to people who understand the law, claim to abide by the law, but are secretly violating the law?

    Answer: very, very bad things. A court would slap this company so hard that they would cease to exist. And it needs to be done; it’s simply no excuse for “big brother” to violate the copyright laws if we cannot.

    (3yrd Year Law Student)

  21. If your not the only one to have copyright infringed, two words: Class Action. Every lawyer and his dog will want on that one.

  22. While I’m usually against copyright lawsuits in particular, this would so serve them right. Perhaps it’s time for the GPL to finally be put to the test in court? GPL vs. Sony — what a way for it to prove itself!

    So Sue Them!

  23. JON.The matter that I think is very much thought interesting if it tries to make “Sony rootkit parametor editor” if it likes black joke that you are considerable.
    As for the user, it learns to make it freely trojanhorse as much as it likes it by using rootkit manufactured by Sony.
    Doesn’t this become very enjoyable irony?

  24. F4I is toast anyway, at the very least after this can you imagine anyone buying software from them? They would have to be stupider than SONY!

    Hey! That’s a new phrase for the popular vocabulary – “stupider than SONY”…

    Bruce AKA Midnightcoder

  25. While I’m not a lawyer and can’t offer legal advice (gogo disclaimer..) I would absolutly LOVE to see Sony take a fall over this, if it could be made to stick.

    Kick some ass!

  26. This would be a perfect opportunity to hit them where it hurts!

  27. This has to be the funniest news I’ve read all day.
    You should have no problem finding some grade A laywers read to bleed Sony dry.
    Good luck Jon, give’em hell!!

  28. Sony will never admitt they knew that the GPL code was in the tool, they will just return against F4I. But I think this case is public enough so that this couldserve as a test for “GPL in court”.

    And you don’t have very often the occasion to beta test a licence validity in a real court.

  29. Dude, what are you waiting for?? You have the name, you have the media and you have the muscles. Now is the time. Do it for the open source comunity, do it for the stupid drm, do it for copyright infringement, do it for all the people who want to see sony in court!! Get yourself a good team of lawyers and SUE THEM!!

  30. You should sue, IMO. At this point, its not even about if you want to get some cash out of it (though you deserve it). It’s about Sony taking students and children to court for tens of thousands of dollars over some CDs that the kids probably didn’t listen to and never would have purchased anyway. It’s about them crying that people are ripping them off and then at the same time go jack a bunch code that wouldn’t cost them anything, if they had just given credit.

    Sony needs to learn that when you screw the community, the community will screw you back. Plus, I agree it would be nice to see how the GPL and/or LGPL stand up in court, especially against a huge company like Sony.

    I’m sure Sony BMG has plenty of enemies that would be willing to represent you. As soon as you file though, they’ll throw you a bunch of cash to get you to go away. Dont take it, fight the good fight man! You’ll get more by going to court anyway.

  31. Jon,

    Sue and invest (part of) the benefits in Creative Commons licensed music. A few 10^6 $ could help artists create a lot of albums you really like. Magnatune (http://magnatune.com ) ‘s John Buckman and friends would probably be most willing to help.

    Just my โ‚ฌ.02…


  32. Seriously, you infringe on their copyrights they are RELENTLESS! What is it, a max of $250,000 PER COPYRIGHT INFRINGMENT? So this being a little bit more than a single CD, I would take ’em for the house. Set you and your family for a while… Get those bastards.

  33. Please sue Sony, Jon. You will be very rich, and you will be a hero. You will be more popular than any pop star !

  34. So um Where and why did they STEAL your code.
    i fail to understand why and how.

    P.s. SUE THEM

  35. What will happen to copyright infringement once China starts getting a little bolder?

  36. Why do so many people not know how to spell “ridiculous”? Many people seem to think it’s “rediculous”.

  37. Just because I want have a good laugh please sue them, please please, please.
    Even If you don’t plan to followup the sue, it will be related everywhere over the web

  38. It’s easy to say “you should sue them”, as it won’t take any of your time for Jon to file suit. For Jon it is a big endeavour and he has little free time at the moment. Please be considerate.

  39. Osaka: If the payoff is anywhere close to what I believe it could be, the hourly rate he would get for the time it takes to file suit and go to court would make Trump happy. If he can set himself up for life by investing some of his sparse free time in a lawsuit. Easy choice if you ask me.

    Ps. I came to this site looking to donate $20 to cover legal expenses. If you set up a fund, you’ll get plenty. SAKSร˜K (as we would say in Norway)

  40. Osaka,

    it will take as much time as it takes Jon to call up the EFF and ask them to find him a competent lawyer who’ll do the job on speculation. In other words, Jon has IP to monetize.

  41. Jon,
    Please please PLEASE do it… The irony of Sony being taken to the cleaners for copyright violation is just too good!

    This would be a great test case for the GPL, and for the principle that laws apply the same way to big and small alike.

  42. It’s the principle of the thing – they’ve broken a law. They’ve made claims that others are infringing on their property, and have taken legal action. SInce they’ve infringed on your property, you should take legal action.

    There’s an old saying – those who live in glass houses shouldn’t throw stones, and I think it applies in this case.

    The money isn’t important – the principle is. It would be more satisfying to see the executives of these companies jailed for copyright violations, than it would be to see them making a large cash payout.

  43. Ask Sony politely to either stop distribuing your code, or ship the source. Maybe see if they will give you a discount on a Playstation 3 by way of apology. Arrange to play BluRay DVDs under Linux on the Playstation 3.
    Do not sue them. They have suffered enough.

  44. if you don’t do something about this now jon, then they will think it’s fine to rip copyrights from
    company’s/people who’s not high up in the industry or under the watchfull eye of the big corps.

    they belive were all to small and a dip in the ocean that they can make 1 rule for them and 1 rule for us.
    they have done to you what if you did to them they’d haul your ass in a court room and sue you to kingdom come.

    if you do not do something about this now and make a stand and fight them. they will just remember this
    and think, ah well last time we did something like this we got away with it. we have the money they dont.

    for the love of god this is the biggest thing to happen in our favour and your the man to actually
    do something about it ๐Ÿ™‚

    you going to let the world down? and be over run and ruiled with DRM now and forever?
    or you going to use this 1 silver bullet in your gun to shoot that werewolf.

  45. Has it occurred to anyone that suing Sony might not help at all, since it’s not them who “wrote” the code in the first place? Sony would just say “not me, Jack – it’s those lazy F4I boys who sold it to us under false pretenses”. You’ll probably find that their pockets aren’t quite as deep as Sony’s ๐Ÿ˜‰

  46. Osaka, if a large multinational corporate like Sony can steal/infringe code by proxy and no one does anything about it – you let the corporate bastards get away with being above the law. Sony can spin this however they like, but they can’t justify breaking copyright law to stop YOU as a consumer from breaking copyright laws.

    But at the end of the day, it’s up to Jon if he wants to sue.

    Who is the bigger evil; distributing miiiiillions of CDs with your code on it, or a minority of a million consumers who pirate?

  47. Sue ..and help give an alternative to mega monothilic business that thinks dolars or pounds = right ..and ‘cos this is the real world ..watch out for fast cars ..lift doors and accidents ..or make sure your heirs can get the assets ..

    you might also look up lightning UK ..Sony tried to break the guy and denied his access to the net ..for doing way less than Sony have done ..

    plus first 4 ‘s code is really crap ( the bits that were n’t stolen from others ) ..”ceri” ..you should be ashamed ..crap code ..crap PR spin ..But we know Sony did actually ask for it to be tuned for them ..so you can always spill the bytes..

    “ninja hackers corp” are coming to you ..is your PSP watching your every move ?

  48. Wait a second…the FairPlay code?

    Just what, exactly, are they doing with FairPlay?

    This just keeps getting better.

  49. I love it. All I see in regards to a lawyer is for “pro-bono”. Fuck that. Get an attorney that wants 50%. He’ll get a team that will fight harder to get a bigger settlement and you’ll win in the long run.

  50. I own a Sony Net MD Mini Disk i know it has DRM will this mean that I will at last get a program to upload my music to my Mini Disk in Linux ?
    They must be using your code in there Sonic program too as this is the prog that transfairs music from Windows to Mini Disk.
    Now they will have to ether replace my MD with a version without DRM or make the DRM opensource !
    Sue them Big Time and tell them i want a MD without DRM

  51. To Jens M: If the others are like me, we can see a momentous moment in the battle over copyright:

    1. Jon is made even more of a superstar by being the protagonist in a land-breaking case.
    2. The GPL is tested in court (and wins, we hope!).
    3. An (indirect) awesome victory is won for those of us who are fed up with modern copyright law and are horrified at the way DRM is subtly slinking into the mainstream and becoming the only choice.

    I’d sue if I could, but in this case, Jon is the man with the power and we are hoping we’ll find the outcome we want through him. Maybe that’s selfish, but this is a great opportunity. If Jon decides to pass it up, it’s still his choice, though, and I’ll understand (going to court will be a hassle, I’d imagine).

  52. Let me amend that: a great hassle, likely, especially for someone with a new job working on an interesting project.

  53. Send DMCA takedown notices against anyplace that is carrying your code illegally, including retailers, all auctions, and so on.

    When the notices aren’t followed, submit to the EFF and use to defend poor clients, asking for the same treatment that Sony is getting, because the law isn’t being followed equally. Seek for the eventual overturning of the law. The purpose isn’t to make sure everyone is being punished under unjust laws (3 stooges hitting each other?), but to seek to get rid of them. If the law won’t be followed because its against Sony, its unenforceable.

  54. A line needs to be drawn in the sand now before we have NO fair use rules left in copyright rules due to the actions of the likes of RIAA and Sony.

    At least the RIAA have set a nice value per infringment when they take 12 year old children to court. Perhapse you should contact the RIAA and get them to take up your case for you if the infringment is clear cut enough. How could the RIAA refuse as they like to defend copyright so much.

  55. Just have to say that I, and lots of others will support you if you choose to sue Sony for the infringment. (Fonds, whatever)

    Go on, it’s your choice though.

    By the way, even though I’m not your friend as other seem to think they are,

    Grattis med dagen Jon!

    Nothing’s more annoying than strangers using your name and talks to you as a friend… =)


  56. Jon i appreciate your software and what you do.

    You may have an opportunity to sue Sony but don’t do it. Your time is wasted throught all these legal issues. You have better things to do ๐Ÿ™‚

  57. Go get them for everything they’re worth! Lag litt f..nskap Jon.

  58. I am not a lawyer, but I read Groklaw.

    If Sony is sued, the GPL and LGPL legality should not be part of any proceedings. Those licenses only apply IF you obey the terms of the licenses.
    The GPL hasn’t been “tested” in US courts for a very good reason.
    If you don’t acknowlege your license and say “I have permission to copy, modify, and distributed the software, it’s the GPL!”, then you are basically admitting to copyright violation under US code!
    In other word, read “license” as “permissions granted by the owners, and the terms (if any) of those permissions.”

    Since when does permission need to be “tested in court?”
    You either have it or not, it is quite simple.

    IF Sony did not obey the terms of the LGPL and GPL, they automatically are not covered by it They should be prepared to produce an alternate license from the author of the LAME code.

    So, I ask you Sony: Under what license did you copy and distribute the LAME code?

    One last comment: GPL is NOT Public Domain!

  59. Go get them, tiger. Hehe. If you sue them, you kind of turning the world upside down, maybe then I’ll even get a girlfriend.

  60. Jon….hats off to you…..having all the answers to most of lifes difficult questions….is what would lead you to do the “correct” action. Doing the “right” thing…..in your emotional mind…..will not be “correct”. Addressing Sony and asking them if you could work with them on future Technology……Is what I would do. Being Able to see the reason behind the actions of both sides……is what sets you apart from the rest.

  61. Hey doesnt that mean that the people that found out that Jons code was in that software actually broke a few laws to start off with? So doesnt that mean that the guy who found out can get beasted for that and then all Sony has to do is to remove that code and claim it was never there and that its all a big conspiricy?

  62. Cmon! Sue sony shitless!!!! they wouldent think twice about sueing you…give them a taste of their own medicine ๐Ÿ˜‰

  63. Please sue them, they would… And it would be just right to them, they wouldnยดt be just writing from similar thing and they should learn a lesson…

  64. I can’t wait to hear about this on CNN or some other news station! I would definately speak to the best lawyer around!

  65. At a minimum statutory damages of $750 x $4 million = 3 billion dollars, you really really *really* should sue them.
    Worst case scenario is that you get the entire assets of the rootkit company as it goes bankrupt.
    More likely scenario is that you actually get 3 billion dollars, since I don’t think Sony can escape the actions of the
    company which it hired.

    Imagine what you could do with 3 billion dollars.

  66. Contingency-fee lawyers. 450 billion dollar maximum, you can get really very powerful legal teams to work on contingency for a percentage. Absolutely worth it.

    And trust me, the result will be Sony campaigning to *reduce* statutory copyright infrignment penalties. ๐Ÿ™‚

  67. Do them please! What they are doing was already so criminal. Copywrite infringement is the icing on the cake.

  68. Please sue them, Jon. I’m just a grad. student, but I’ve donated to help with your ‘corporate asset management’ project. This is much more important then you getting rich or even the digitial rights garbage. This is about a megacorporation’s audacity. This is about stealing code to prevent fair use. This is about making an example of a bully.

    You’re going to be in a position to be paid off. They’ve probably already tried. They’ll badger you into believing you couldn’t win a trial, that you can walk away with millions of dollars with no hassle. Please subject yourself to the hassle. Consumers need to bare our teeth, and you’re clearly one of our champions.

    You’re too young and too talented to be paid off. That’s not just flattery. That’s a reminder that you’re in a position to gain a lot more than money. Your fans are growing in numbers. Winning that lawsuite could permanently alter the scope of consumer rights. Winning would recast your image from brilliant-reverse-engineer-shit-disturber to Dragon Slayer.


  69. Forget the money, forget the glory, sue them just to raise public awareness about the status quo of the DRM, copyright laws and open-source. Show the general public what is going on so they can decide if they want that kind of world.



  70. Hey!

    As they say, “Paybacks are a bitch”. Principle? Money? I think you got it all jon. It’s your work. They took that from you, and used it to hurt people for which the code was not intended for. They are being boycotted by so many people, they might not be able to pay you. Who cares! Teach them a lesson, make it stick and make an example out of them! Not only will the courts side with you, it will teach other companies they simply cannot do this. I don’t think any attorney will turn down the case, (unless they have some sort of conflict) as it may well be a sensational one. The media would have a field day. Go for it. We all would love to see you do it.

  71. Somebody needs to stop them and stop them fast — I just loaded a Sony DVD into my PC running Windows Media Center Ed. and it loaded DRM software onto it. I couldn’t even play the original movie right out of the package (it was the proper region code and not listed as RGE either) I can’t play other movies anymore and I can’t seem to find the errant code causing the trouble yet. PLEASE SOMEBODY SUE THEM!!!

  72. The movie title was “The Cave” and in small print has copy-protected on the lower right edge of the back sleeve. The soundtrack for this movie is also list as having the XCP stuff on it too.

  73. In any lawsuit, there is the question of “standing”. This means that the plaintiff actually has to suffer some form of harm (which need not be economic — damage to your good name, psychological pain, and time spent fixing a problem all count) in order to bring a lawsuit. For code that one intends to give away for free, it’s probably difficult to convince a judge that you were harmed by having your freely-available code “stolen”.

    Can anyone brainstorm ways in which Sony’s actions “harm” Jon or other potential plaintiffs?

  74. Posted above… “Sony would just say โ€œnot me, Jack – itโ€™s those lazy F4I boys who sold it to us under false pretensesโ€. Youโ€™ll probably find that their pockets arenโ€™t quite as deep as Sonyโ€™s”
    – This is true but it was Sony who distributed the copyrighted material. You can quote Sony from there own lawsuits against p2p users…distribution is a violation of copyroght law and ignorance of wrong doing is no defense. If they turn around and sue F4I that’s their business.

    The fact that Sony used copyrighted material for commercial gain is enough to sue. The money they made off the sale of Jon’s work, in violation of the gpl, is his monetary loss. Just because he never intended to sell the code himself does not mean he is not entitled to royalties or fees based off someone else selling his code.

    The fact that its not registered with the U.S. Copyright Office might be hard to work around.

    Whatever you decide, I wish the best to you.

Comments are closed.