The Missing Sony Exhibit

The Canadian Sony rootkit class action settlement heads to court next week amid mounting questions about the deal.  The EFF calls attention to a number of missing provisions, including no security reviews and no ongoing obligations to provide uninstallers for the rootkit.  There is also a financial hit in Canada, with Canadian consumers receiving roughly ten percent less than U.S. consumers due to currency differences.

By far the biggest difference, however, is that the U.S. agreement is subject to injunctive relief linked to actions brought by several U.S. agencies and attorneys general.  The Canadian agreement, by contrast does not include such relief.  The justification for this difference is contained in Exhibit C, the only key settlement document that Sony has not provided to the public

I have now obtained a copy of Exhibit C, which is an affidavit from Christine J. Prudham, Vice President, Legal and Business Affairs of Sony BMG Canada (Prudham is the same person who appeared today at the Copyright Board discussing how Sony BMG Canada released just 16 new Canadian records last year).  The affidavit seeks to explain why Sony BMG Canada believes it is appropriate to grant Canadian consumers fewer rights than their U.S. counterparts.  While there is the suggestion that Canadians would benefit indirectly from a U.S. injunction, the heart of the argument revolves around a series of copyright-related arguments that are utterly without merit. First, Prudham expresses concern that copyright is a federal matter and that the class action is being heard by a provincial court.  This makes no sense – there is concurrent jurisdiction over copyrights (the Robertson v. Thompson copyright case currently before the Supreme Court originated in provincial court) but, more importantly, the case isn't about copyright but rather consumer protection, contractual issues, and privacy.

Second, Prudham argues that there is currently a "legal vacuum around TPMs in Canada", concluding that "Sony BMG Canada is not willing to potentially prejudice itself by agreeing to the Injunctive Provisions in the Canadian Agreement."  This argument is simply embarrassing – there is no legal vacuum around TPMs in Canada.  While Canada does not have anti-circumvention legislation, this is not a legal vacuum and is in no way relevant to this consumer class action lawsuit.  The prejudice that Prudham refers to is not legal prejudice, but rather the "political prejudice" that will arise when Sony appears before a parliamentary committee discussing anti-circumvention legislation and is asked about the $25 million settlement arising from the rootkit fiasco and the fact that the company is subject to a potential injunction over the use of the technologies that it is seeking to protect.  

Third, Prudham swears in this affidavit that "to impose in Canada the Injunctive Provisions provided for in the U.S. Settlement because of the U.S. Government Inquiries, based on U.S. legislation, would amount to adopting in Canada the U.S. approach to the 1996 WIPO Treaties without giving the Canadian Government the opportunity [to] decide what its policies will be on TPMs in light of the 1996 WIPO Treaties."  This statement is complete rubbish.  The U.S. actions have nothing to do with the DMCA and, moreover, the Canadian government is quite capable of doing whatever it wants on TPMs regardless of the terms of this class action settlement.

The Sony rootkit fiasco has been a series of missteps that have demonstrated the dangers of TPMs.  This latest twist – shrouded for weeks in secrecy – only serves to place Sony in a further bad light and to cast doubt about its sincerity in addressing a major mistake that has harmed its reputation with consumers, musicians, policy makers, and the politicians.


  1. In Exhibit C one of the arguments is that as Sony BMG Canada uses Sony BMG USA technology, the Injuctive Provisions in the USA will trickle down to Canada, so we don’t need one. Without one in Canada, Sony BMG Canada would be free to deploy independently developed TPMs.

  2. Angry Consumer
    Hi Michael;
    Can anyone explain to me why there have been no criminal charges, either here or in the US? When individuals write and/or distribute worms, virii, trojans etc the police lay charges.
    Why haven’t Sony execs been charged?
    – dan the angered

  3. get a sony exec to spend his weekends fi
    This is nuts if i wrote a virus or a trogen… and it attacked SONY.

    I would be charged jail time fines or somthing.

    Why are these Turds AKA Sony/BMG able to get slaped on the wrist.

    This is a travasty on the system…..It raises the bar that i can only get a slap on the wrist bring systems down and be told not to do it again sets a dangerous precident.

    For the next Virus or trogen.

    Sony vs the public.

    which becomes.

    Joe Hacker vs Sony….GM….Goverment ect…

    the precedent has now been set for the law books.

    Yes im pissed

  4. \”Why haven\’t Sony execs been charged? \”

    Probably \’cause Sony execs don\’t have anything to do with Sony BMG? It\’s a separate company, separate board, and half of it is owned by Bertelsmann AG (hence why it is called \”Sony BMG\” instead of just \”Sony\”). If you bothered to do a little research you\’d realize that BMG (pre Sony joint venture) was quite involved with SunnComm (creator of the other recalled CD copy protection), and that XCP was in use well before the \”rootkit fiasco\” (I\’ve got a promo CD of Marilyn Manson\’s \”The Golden Age Of the Grotesque\” (Nothing (owned by Universal Music Group)) that has XCP on it, and that was released back in 2003!). EMI stuffs their CDs with Macrovision…

  5. Symantics
    Does it matter if I said sony not sony/bmg or emi….

    All I was trying to say is anyone behind this type of DRM should get the aproprate. Jail, fines, public service (fixing all those Borked computers).

    Reserch or not you missed what i was saying and decided to correct me instead. Just that I try to tell as many people about the pit falls of DRM.

    I my self wont buy any DRMed CD’s

    P.S. thanks for the info. 🙂

  6. More than a slap on the wrist
    > This is nuts if i wrote a virus or a trogen… and it attacked SONY.
    > I would be charged jail time fines or somthing.
    > Why are these Turds AKA Sony/BMG able to get slaped on the wrist.

    The answers are as follows:

    1) If you wrote a trojan (sp!) and unleashed it within servers owned by Sony, that’s actually trespassing and intent to interrupt servers used for business purposes.

    2) They get a slap on the wrist (proverbially) because when you buy the cd, that is a form of ‘permission’ as far as they are concerned, and gave them the ‘right’ to install whatever they wanted after you did so.

    I am angered that they are using such sneaky legal tactics, and largely relying on jurisdictional bulls*** to ‘justify’ not remedying the situation.

    Having said that: I now know so many people – especially non-technical people – who associate the name ‘Sony’ to ‘Hackers / rootkits’ that the media and PR damage which has been done by their stupidity could probably be considered the larger punishment. In my opinion, they probably won’t recover from that, at least not quickly. Which is fine by me.


  7. Cool, I do business with Sony, so all I have to do is get them to buy a patch with the service from me and buried in the paperwork is something about “Macoff being complimentary” and boom crash bang Sony Aust is dead and I can laugh and rub my tummy.

    I’ll piss on the front door on the way out.

    Sony stinks of poo.

  8. If people think this settlement is too soft on Sony/BMG as compared to the US settlement (and I know many do), they should file an objection – due MONDAY Sept.18th. See settlement website [ link ] . You have to have bought a music CD from SONY BMG between August 1, 2003 and August 10, 2006, which carried XCP or MediaMax software, in order to be entitled to object.

  9. Angry Consumer
    >>2) They get a slap on the wrist (proverbially) because when you buy the cd,
    >>that is a form of ‘permission’ as far as they are concerned, and gave them
    >>the ‘right’ to install whatever they wanted after you did so.

    Buying a product in no way shape or form grants a company the right to invade my privacy, break my computer etc.
    That’s the corporations talking – not the people.
    imho, the law is no where near being applied here. Sony installed rootkits on computers without permission* of the owner of the computer, and that is illegal. If I did this, the police would be wanting to talk to me…

    *btw: I’m of the opinion that even those that clicked ‘yes’ didn’t give permission to install a rootkit.
    (a) I don’t think a corporation can ask a consumer for permission to install malware and reasonably expect to hide behind the ‘accept’ click. Some things just can’t be legally binding even if there is a ‘contract’ (example is murder… a contract for murder is not valid)
    (b) …but regardless, the ‘accept’ didn’t say: this is going to install a rootkit on your system….so you didn’t agree for them to install this software even if you accepted.

  10. Cris Comeaux says:

    SONY has apparently agreed with me that all of their data is part of Champernowne’s constant which is public domain and that “sound” which I had extracted from numbers like 0.12345678910111213… which was lost can be re-extracted.

    In effect, they chose not to compensate me for their damage, and I hereby continue to announce that everything in the number including music is public domain, and this seems to be legally as well as arithmetically true. I think if you can calculate anything in court then you can not be sued for infringement but yet SONY has done actual vandalism to our equipment.

    SONY’s rootkit attacked me while I was documenting Champernowne Synthesis and the sound on my PC was actually calculated. The CD that contained the rootkit was not originally my own though I bought it from my friend as evidence, it installed AOL to phone home before attacking. Also, the CD itself says in fine print “SPECIFIC HARM MUSIC, INC”.