p2pnet - rss feed: DRMPA: DRM solution?
p2p news / p2pnet: Reports today indicate that a provisional settlement has been reached in the U.S. Sony rootkit class actions. While the settlement still requires court approval, it makes for an interesting read since it may provide the starting point for a future statute that protects against the misuse of digital rights management technologies.
Given the Canadian focus on my blog, I should note up front that the settlement does not apply to Canadians, who for the moment are left with no compensation and no protection against ongoing DRM misuse. This is very troubling given the fact that more than affected 100,000 CDs have been distributed in Canada. Sony BMG Canada should step up and immediately offer the same terms to Canadian consumers and undertake to abide by the same restrictions found in the settlement agreement.
The settlement has two broad goals: compensate consumers for the harm they suffered from both the XCP and Media Max DRM software and place limits on Sony’s use of DRM. The compensation for XCP purchasers includes the replacement of the CD with a version without copy-protection and the choice of either (i) US$7.50 plus one free album download or (ii) three free album downloads (Sony will select at least 200 eligible titles). The compensation for Media Max offers fewer free album downloads. The most notable aspect of this part of the settlement is that Sony will undertake to provide the free downloads from at least three music download services including Apple iTunes. The irony of Sony being forced to offer Apple iTunes downloads when a prime reason for inserting the DRM software was to combat Apple iTunes should not be lost on anyone.
More interestingly (at least to non-class action lawyers) is the undertakings on Sony’s future DRM use. The company has agreed to the following limitations on the use of copy-protection software until 2008:
1. No further use of XCP or Media Max
2. Ensure that the DRM will not be installed on users’ computers until the user accepts the end-user license agreement
3. Ensure that an uninstaller for the copy-protection software is made readily available to consumers
4. Fully disclose any updates to the copy-protection software
5. Ensure that the EULA accurately discloses the nature and function of the software in plain English
6. Obtain comments about the EULA from an independent oversight person
7. Obtain an expert opinion that the copy-protection software does not create security vulnerabilities
8. Only collect limited personal information necessary to provide enhanced CD functionality
9. Include full disclosures of the copy-protection software on the CD jewel case
10. Fix any software vulnerabilities that may arise from the copy-protection software
While many of these obligations should be standard operating procedure and not require a court approved settlement, the full package provides the starting point for a future Digital Rights Management Protection Act. Much like the settlement, a DRMPA must include consumer protections, privacy protections, security protections, interoperability, and appropriate oversight. Rather than pushing for protection for DRMs, it is apparent that we need protection from DRMs and DRMPA would be a smart step in that direction. Such a statute would be the best legacy of the Sony rootkit fiasco.
Michael Geist
[Geist is the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa. He can be reached by email at mgeist[at]uottawa.ca and is on-line at www.michaelgeist.ca.]
December 30th, 2005 at 7:43 pm
If a person chooses not to accept the agreement Sony buys it back at face value.
Any damage caused to a computer by their software direct or indirect Sony pays to repair it at a local shop.
December 30th, 2005 at 8:22 pm
Not just the USA, not just Canada. What was the figure for DNS servers with rootkited PCs behind them worldwide? 500,000 ? And in most every country in the world?
December 30th, 2005 at 8:26 pm
“(ii) three free album downloads (Sony will select at least 200 eligible titles).”
I for one am very glad that I will be reimbursed for getting my computer stuffed with virus like drm by being able to pick from 200 of the best titles sony has to offer which I am sure will include such timeless hits as
The Remix Album ~ Milli Vanilli
Spaced Out: The Best of Leonard Nimoy and William Shatner
Spiceworld – The Spice Girls
The Best of Hanson Live and Electric
Hung for the Holidays ~ William Hung
and the one album I will be waiting for all day by my mailbox
The Best of Los Del Rio
December 30th, 2005 at 9:03 pm
There is a note that while MP3 versions may be available, fully CD quality DRM-free vendor-neutral versions aren’t. While I didn’t buy any of these infected CDs, I would not be willing to accept any DRM-defective albums as they are worth less than nothing.
December 30th, 2005 at 9:11 pm
I’ve a better solution, taken from a french website (eucd.info) on which the french copyright law evolution is debated and on which, obviously, DRMs are a main topic.
The solution is to design an international logo for NON DRMed CDs. Something like an anti “copy-protection”, with clear notices to the users that the content of the CD can be read on any plateform, is not DRM crippled and will not harm their computer nor their privacy.
Any producer who choses NOT to protect his CD with DRMs will be allowed to put this logo (that shall be freely available online) on the CD he sells, without any extra charge (Basically, the Compact disc - digital audio logo should be enough as copy protected CDs do not comply to that standard, but another logo, which is more explanatory would be more suitable).
This logo should be managed by some kind of anti-DRM fundation who might have the powers to sue the producers who misuse it (as the contract term between this fundation and the producers would of course include the full compliance to the Non-DRM standard rules I described above).
Once all kind of CDs will be in the stores, the ones with the copy protection logo on it, the others with the non-DRM logo on it, and if enough communication is made around it (why not start a fundraiser to pay an advertisment campaign around it ?), and thanks to Sony’s rootkit story, the audiance will have a clear choice whether they accept DRMs or not.
In other words, it’s an idea designed in a way so that releasing your CD without DRM should be a marketing bonus (that could for exemple be said in TV or radio commercials promoting the given CD. whereas copy protected CDs would be a marketing malus. Imagine you listen to the radio or watch TV and you hear/see a commercial like this one : “Buy [album name here] by [band name here], great music…and 100% DRM free!” I bet if something like this is set up :
- Many (mainly indie but soon even major companies) producers will adopt it.
- The sale of DRM-crippled stuff will sink quite fast.
–> DRM stuff will disappear by the same rules that made it appear : the laws of the market.
Wanna kill DRMs ?
Support non DRMed music !
December 30th, 2005 at 10:46 pm
Notification is the right way to go, that should include hardware too, not just cd’s. There should be:
1. A statment, clearly visible on the package, that the product contains DRM
2. An explanation of what the DRM does.
I don’t see people rushing out to replace their vcr’s with Tivo’s if it was made clear right on the box that some shows may only be kept on it for a limited time. ( http://www.pvrblog.com/pvr/2005/09/tivo_72_os_adds.html )
December 30th, 2005 at 10:54 pm
Yeah, and I can suggest the entire text of such a law right now:
___
1. (a) In this Act, ‘Digital Rights Management’ [hereafter, DRM] means any technical measure in a sound recording or movie, which has the effect of preventing legitimate purchasers of the said work from exercising their fair use rights in relation to it
2. (a) All Digital Rights Management, as defined in s.1(a), is illegal and use of such is punishable by a fine not less than $50,000 per copy of the Work distributed to consumers
___
Simple, and effective.
December 31st, 2005 at 12:18 am
I sort of have a problem with this. Sony has once again committed criminal acts and once again gets off with what is nothing short of a sugar coated pill. Had this been an individual pulling this, you can be sure that the penalities would not be this easy.
They certainly aren’t pulling those infected cds from countries not pushing lawsuits against them, as has been reported by several members here from different parts of the world. This appears to be one of those feel good moves and nothing short of it. Something that allows Sony to escape what anyone else would not be able to pull off.
Nothing in this has addressed damage to a users computer from buying authorized product. I don’t even know that there would be any kind of yardstick that measures the cost to one that has to format the computer to remove this mess. Certainly Sony doesn’t want it removed and has done everything it could throughout this debacle to drag its feet and ignore the real damage it has put its customers through. The idea that Sony has used this as an additional tool to obtain yet more datamining from its users and put them on a mailing list without choice to get the decloaker shows just how sorry they are. Most likely the CEO is back in the kitchen planning what next new toy to buy with all the extra profit that successful damage control has saved them.
I am not going to buy DRM items. Forget it, there is nothing there in the subpar quality works that makes it worth the money without DRM. Since I can’t use the purchase as I would to fit in my lifestyle, there is even less incentive to buy. Add to it that Sony is making out like the bandit it is by only having to offer up 7 bucks is a mockery compared to what they pulled off in the form of a scam on the world.
December 31st, 2005 at 1:50 am
The average user does NOT read the EULA , this is a fact. The EULA may be read by various computer ‘nerds’, but not by anyone that ‘trusts’ what they are downloading.
December 31st, 2005 at 2:55 am
Who wants to bet how many minutes will pass before sony starts whining that this is costing them too much money and gets the govt to drop the whole thing as “unsustainable” and “too burdensome”?
December 31st, 2005 at 11:12 pm
The courts should NOT accept this ‘offer’ from Sony!!! They should make Sony give a NON-rootkit CD in exchange for the rootkit one in each and every case!!!!! PERIOD!!!! Sony should be made to have to pay restitution for all the computers they destroyed. Two of which are MINE!!!! x( Then Sony should have to pay fines up to and hopefully overtopping the $BILLION mark!!!
This goes for ALL affected CDs/DVDs sold, etc. in ALL Countries!!!!!!!!!
After Sony is dealt with, the RIAA and those like them, need to be classified as TERRORIST orgaizations and taken DOWN!!!!!….ALONG with all their assets being siezed!!!
ONLY THEN will we have a FREE Entertainment MARKET again.
Sony is a member of the RIAA:
http://www.riaa.com/about/members/default.asp
Cruise that site thoroughly and find out what the RIAA is REALLY about!!! Along with their member list, pay close attention to the physical address given on the page where ‘you’ can “Join the RIAA”.
THEN go and actually join the EFF:
http://www.eff.org/
to help fight the RIAA.
Thank you very much, p2pnet, for doing YOUR part in educating people about all these ‘digital’ issues!!!!!!!!!!! United we stand, Divided we FALL.
January 1st, 2006 at 5:32 am
>Sony should be made to have to pay restitution for all the
>computers they destroyed. Two of which are MINE!!!!
While I don’t disagree with your overall sentiment(s) on the subject matter, “destroyed” is hardly the most-appropriate word. If you mean munged the OS by an attempted removal of said (losing functionality, data files, etc.) as opposed to electronically fry your PC… the point is, inflamatory is not akin to accurate.
NightShade