LISTSERV 16.0 - MSUNAG Archives

Message-ID: <13163370.1132951046232.JavaMail.www@app22>
From: EFFector List <[log in to unmask]>
Reply-To: EFFector List <[log in to unmask]>
To: [log in to unmask]
Subject: EFFector 18.41: EFF Files Class Action Lawsuit Against Sony BMG
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Organization: EFF
XData: 1010,49tennQ@KQn4@4n9t@i-Wwjq-e

EFFector Vol. 18, No. 41  November 25, 2005  [log in to unmask]

A Publication of the Electronic Frontier Foundation ISSN 1062-9424

In the 357st Issue of EFFector:

 * EFF Files Class Action Lawsuit Against Sony BMG
 * FCC Urged to Suspend new Internet Wiretap Rules
 * Nominate a Pioneer for EFF's 2006 Pioneer Awards!
 * miniLinks (11): Intimidating the Internet
 * Administrivia

For more information on EFF activities & alerts:
 <http://www.eff.org/>

Make a donation and become an EFF member today!
 <http://secure.eff.org/support>

Tell a friend about EFF:
 <http://action.eff.org/site/Ecard?ecard_id=1061>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* EFF Files Class Action Lawsuit Against Sony BMG 

Company Should Repair Damage to Customers Caused by CD Software 

San Francisco - The Electronic Frontier Foundation (EFF),
along with two leading national class action law firms, today
filed a lawsuit against Sony BMG, demanding that the company
repair the damage done by the First4Internet XCP and SunnComm
MediaMax software it included on over 24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging
the security risks caused by the XCP CDs, including a recall
of the infected discs. However, these measures still fall
short of what the company needs to do to fix the problems
caused to customers by XCP, and Sony BMG has failed entirely
to respond to concerns about MediaMax, which affects over 20
million CDs -- ten times the number of CDs as the XCP
software. 

Sony BMG is to be commended for its acknowledgment of the
serious security problems caused by its XCP software, but it
needs to go further to regain the public's trust," said
Corynne McSherry, EFF Staff Attorney. "It is unconscionable
for Sony BMG to refuse to respond to the privacy and other
problems created by the over 20 million CDs containing the
SunnComm software." 

The suit, to be filed in Los Angeles County Superior court,
alleges that the XCP and SunnComm technologies have been
installed on the computers of millions of unsuspecting music
customers when they used their CDs on machines running the
Windows operating system. Researchers have shown that the XCP
technology was designed to have many of the qualities of a
"rootkit." It was written with the intent of concealing its
presence and operation from the owner of the computer, and
once installed, it degrades the performance of the machine,
opens new security vulnerabilities, and installs updates
through an Internet connection to Sony BMG's servers. The
nature of a rootkit makes it extremely difficult to remove,
often leaving reformatting the computer's hard drive as the
only solution. When Sony BMG offered a program to uninstall
the dangerous XCP software, researchers found that the
installer itself opened even more security vulnerabilities in
users' machines. Sony BMG has still refused to use its
marketing prowess to widely publicize its recall program to
reach the over 2 million XCP-infected customers,  has failed
to compensate users whose computers were affected and has not
eliminated the outrageous terms found in its End User
Licensing Agreement (EULA).  

The MediaMax software installed on over 20 million CDs has
different, but similarly troubling problems. It installs files
on the users' computers even if they click "no" on the EULA,
and it does not include a way to fully uninstall the program.
The software transmits data about users to SunnComm through an
Internet connection whenever purchasers listen to CDs,
allowing the company to track listening habits -- even though
the EULA states that the software will not be used to collect
personal information and SunnComm's website says "no
information is ever collected about you or your computer." If
users repeatedly requested an uninstaller for the MediaMax
software, they were eventually provided one, but they first
had to provide more personally identifying information. Worse,
security researchers recently determined that SunnComm's
uninstaller creates significant security risks for users, as
the XCP uninstaller did. 

"Music fans shouldn't have to install potentially dangerous,
privacy intrusive software on their computers just to listen
to the music they've legitimately purchased," said EFF Legal
Director Cindy Cohn. "Regular CDs have a proven track record
-- no one has been exposed to viruses or spyware by playing a
regular audio CD on a computer. Why should legitimate
customers be guinea pigs for Sony BMG's experiments?"
"Consumers have a right to listen to the music they have
purchased in private, without record companies spying on their
listening habits with surreptitiously-installed programs,"
added EFF Staff Attorney Kurt Opsahl, "Between the privacy
invasions and computer security issues inherent in these
technologies, companies should consider whether the damage
done to consumer trust and their own public image is worth its
scant protection." 

Both the XCP and MediaMax CDs include outrageous,
anti-consumer terms in their "clickwrap" EULAs. For example,
if purchasers declare personal bankruptcy, the EULA requires
them to delete any digital copies on their computers or
portable music players. The same is true if a customer's house
gets burglarized and his CDs stolen, since the EULA allows
purchasers to keep copies only so long as they retain physical
possession of the original CD. EFF is demanding that Sony BMG
remove these unconscionable terms from its EULAs. 

The law firms of Green Welling, LLP, and Lerach, Coughlin,
Stoia, Geller, Rudman and Robbins, LLP, joined EFF in the
case. Sony BMG is also facing at least six other class action
lawsuits nationwide and an action by the Texas Attorney
General. EFF looks forward to representing the voice of
digital music fans in the resolution of these disputes between
Sony BMG and consumers. 

For more on the Sony BMG litigation, see:
<http://www.eff.org/IP/DRM/Sony-BMG/>

EFF's open letter to Sony:
<http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* FCC Urged to Suspend new Internet Wiretap Rules

EFF and Others Petition to Stop 18 Month Countdown to 
Internet Backdoors 

San Francisco - The Electronic Frontier Foundation (EFF), 
the Center for Democracy and Technology, and 
representatives of industry, academia, librarians and 
others today filed a joint request for a stay with the 
Federal Communications Commission (FCC), arguing that the 
Commission has been "unreasonable, arbitrary and 
capricious" in demanding that broadband Internet access 
providers and interconnected Voice over Internet Protocol 
(VoIP) providers include backdoors for wiretaps in their 
services. The stay requested that the Commission should 
either postpone its Spring 2007 "full compliance" deadline 
for implementing these taps, or halt the requirement 
entirely. 

EFF, CDT, and other groups have already petitioned the D.C. 
Circuit Court of Appeals to overrule the FCC's September 
23rd ruling extending the 1994 Communications Assistance 
for Law Enforcement Act (CALEA) to cover broadband Internet 
access and Voice-over-IP (VoIP) service providers. Under 
the ruling, companies like Vonage and private institutions 
that provide Net access, such as universities, have 18 
months to redesign their networks to be wiretap-friendly, 
but neither the ruling nor the FCC have been willing to 
specify what is required. 

"The FCC has distorted an already dubious law designed for 
telephone services in order to reach Internet providers and 
private networks," said EFF Senior Staff Attorney Lee Tien. 
"They have plainly overreached their authority in requiring 
internet providers to design systems that make surveillance 
of the public easier and we are confident that the courts 
will agree.  But in the meantime the FCC deadline has not 
been moved and no one knows what CALEA compliance means on 
the Internet. The Commission refused to say, the FBI has 
been playing coy, and the rest of us just don't know. The 
result is a nonsensical deadline that forces companies to 
begin compliance without knowing what is required of them, 
or whether CALEA even applies to them, all happening in the 
shadow of a strong claim that the FCC does not even have 
authority to do this at all. The FCC needs to call a 
timeout until it knows what it wants, and seriously 
reconsider whether it has the authority to demand it." 

CALEA, the controversial law passed in the early 1990s that 
provides the FCC with powers to mandate backdoors into 
traditional, centralized telephony systems, expressly 
exempted information services such as the Internet. At the 
time of its drafting, Congress was convinced by EFF and 
other privacy groups that such backdoors would endanger 
privacy and security, strangle innovation, and be 
technologically burdensome to implement within the 
Internet's decentralized architecture. 

The September FCC ruling claims, contrary to this plain
intent, that CALEA now applies to broadband ISPs and Internet
telephony.  

Parties supporting the petition include the American 
Library Association, Association for Community Networking, 
the Association of College and Research Libraries, 
Champaign Urbana Community Wireless Network, Electronic 
Privacy Information Center, Pulver.com, Sun Microsystems 
and the Texas ISP Association. 

Copy of the stay request:
<http://www.eff.org/Privacy/Surveillance/CALEA/calea_order_stay_request.pdf>

For more on CALEA:
<http://www.eff.org/Privacy/Surveillance/CALEA/>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Nominate a Pioneer for EFF's 2006 Pioneer Awards!

EFF established the Pioneer Awards to recognize leaders on the
electronic frontier who are extending freedom and innovation
in the realm of information technology. This is your
opportunity to nominate a deserving individual or group to
receive a Pioneer Award for 2006.

The International Pioneer Awards nominations are open both to
individuals and organizations from any country. All
nominations are reviewed by a panel of judges chosen for their
knowledge of the technical, legal, and social issues
associated with information technology.

This year's award ceremony will be held in Washington, D.C. in
conjunction with the Computers, Freedom and Privacy conference
(CFP), which takes place in early May.

How to Nominate Someone for a 2006 Pioneer Award:

You may send as many nominations as you wish, but please use
one email per nomination. Please submit your entries via email
to [log in to unmask] We will accept nominations until February
1, 2006.

Simply tell us:

1. The name of the nominee,

2. The phone number or email address or website by which the
nominee can be reached, and, most importantly,

3. Why you feel the nominee deserves the award.

Nominee Criteria:

There are no specific categories for the EFF Pioneer Awards,
but the following guidelines apply:

1. The nominees must have contributed substantially to the
health, growth, accessibility, or freedom of computer-based
communications.

2. To be valid, all nominations must contain your reason,
however brief, for nominating the individual or organization
and a means of contacting the nominee. In addition, while
anonymous nominations will be accepted, ideally we'd like to
contact the nominating parties in case we need further
information.

3. The contribution may be technical, social, economic, or
cultural.

4. Nominations may be of individuals, systems, or
organizations in the private or public sectors.

5. Nominations are open to all (other than current members of
EFF's staff and board or this year's award judges), and you
may nominate more than one recipient. You may also nominate
yourself or your organization.

6. Persons or representatives of organizations receiving an
EFF Pioneer Award will be invited to attend the ceremony at
EFF's expense.

More on the EFF Pioneer Awards:
<http://www.eff.org/awards/pioneer/>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* miniLinks
miniLinks features noteworthy news items from around the Internet.

~ EU Recording Industry Wants ISPs to Store, Hand Over Private Data
The international equivalent of the RIAA is lobbying the EU to
expand data retention (an extreme power proposed to catch
terrorists) to include all crimes: especially catching online
infringers.
<http://www.openrightsgroup.org/2005/11/23>

~ TiVo to Bring TV Programming to iPod, PSP
Or, as it would be known in a less DRM-encrusted world, "TiVo
Introduce Simple File Transferring Feature."
<http://www.nytimes.com/reuters/technology/tech-tivo.html>

~ Disturbing Number of Legal Flaws in so-called "DMCA Notices"
A third of DMCA notices submitted to Chilling Effects have no
basis in law.
<http://lawweb.usc.edu/news/releases/2005/legalFlaws.html>

~ RIAA Online Chats With Students, Says Sony BMG Blameless
Audience's "OMG", "LOL", and "WTF?!111!"s edited for brevity.
<http://www.riaa.com/news%5Cnewsletter%5C111805.asp>

~ Sony Crosses Wrong Man
Texas Attorney General goes after the Sony BMG rootkit.
<http://www.oag.state.tx.us/oagnews/release.php?id=1266>

~ Lessig, Google, and the APA in New York Public Library: Shhhhh!
Summary of the debate from the New York Times: worth reading
for the final quote. 
<http://www.nytimes.com/2005/11/19/books/19goog.html>

~ The Price of Price Discrimination
Joel Spolsky on what the music industry is trying to do when
it pushes for multiple iTunes prices.
<http://www.joelonsoftware.com/items/2005/11/18.html>

~ Public Patent Foundation challenges JPEG patent
PPF says Forgent's claims are lossy.
<http://lwn.net/Articles/160281/>

~ Intimidating the Internet
Ethan Zuckerman scatters the secret police in Tunis.
<http://www.ethanzuckerman.com/blog/?p=259>

~ World's Worst Internets
Reporters Without Borders lists the 15 countries as "enemies
of the Internet" --including Tunisia, the EU, and the US.
<http://www.rsf.org/article.php3?id_article=15613>

~ Fair Use -- Did it Get a Fair Trial?
IPTABlog summarizes Congress' look at fair use.
<http://www.iptablog.org/2005/11/16/fair_use_in_the_internet_age.html>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

* Administrivia

EFF has updated its privacy policy:
  <http://www.eff.org/policy/>

EFFector is published by:

The Electronic Frontier Foundation
454 Shotwell Street
San Francisco CA 94110-1914 USA
+1 415 436 9333 (voice)
+1 415 436 9993 (fax)
 http://www.eff.org/	

Editor:
Danny O'Brien, Activist Coordinator
 [log in to unmask]	

Membership & donation queries:
 [log in to unmask]

General EFF, legal, policy, or online resources queries:
 [log in to unmask]

Reproduction of this publication in electronic media is
encouraged. Signed articles do not necessarily represent the
views of EFF. To reproduce signed articles individually,
please contact the authors for their express permission.
Press releases and EFF announcements & articles may be
reproduced individually at will.

Current and back issues of EFFector are available via the Web at:
  <http://www.eff.org/effector/>

Click here to unsubscribe or change your subscription preferences:
  http://action.eff.org/site/CO?i=UnuujbuVjhzd7KfpmDs7tZReXA0e5BMG&cid=1041

Click here to change your email address:
  http://action.eff.org/addresschange


To unsubscribe from all future email, paste the following URL into your browser:
http://action.eff.org/site/CO?i=0B5Fp5LLF-cuUcjBgR-_pQmHWMxONssh&cid=1041