b.cognosco

RIAA President Cary Sherman on Sony/BMG DRM-Spyware

terrywfrazier@gmail.com — Thu, 24 Nov 2005 22:43:03 GMT

RIAA President Cary Sherman during an online chat with college newspaper reporters:

There is nothing unusual about technology being used to protect intellectual property. You can't simply make an extra copy of a Microsoft operating system, or virtually any other commercially-released software program for that matter. Same with videogames. Movies, too, are protected. Why should CDs be any different?

The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology,and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they've taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?

One other thing to point out: The music industry has been more permissive about copying of its copyrighted product than virtually any other industry. How many burns are you allowed of a movie? None. How many of a videogame? None. You get the idea. Even the CDs with content protection allow consumers to burn 3 copies or so for personal use. The idea is not to inhibit personal use, but to allow personal use but discourage (not prevent, you can never prevent) copying well beyond personal use.

Mr. Sherman, Microsoft doesn't give Windows away over the air, for free, to anyone who cares to listen. Microsoft doesn't infect customers' computers with software expressly designed to be invisible, undetectable, and non-removeable. Microsoft doesn't (yet) rampantly ignore the intellectual property rights of its customers in the drive to protect its own.

That's what spyware companies do, and SonyBMG infected millions of computers with DRM-spyware. That you are either too stupid to grasp this, or too disengenuous to admit it, confirms again that you and your industry simply cannot be trusted to define personal use, or set the rules for any sort of intellectual property law in this country.

Repeat after me: DRM-spyware. DRM-spyware. DRM-spyware. DRM-spyware. DRM-spyware. DRM-spyware...

Complete List of Sony/BMG Rootkit CDs

terrywfrazier@gmail.com — Fri, 18 Nov 2005 16:33:53 GMT

Here's the complete list of all 52 CDs designed to infect your windoze computer with a "rootkit" - a hidden, backdoor program that opens your computer to nefarious communications, viruses, and other exploits. These CDs, manufactured and marketed by Sony/BMG for the sole purpose of infecting your personal computer to protect their intellectual property, may soon be recalled by Sony. If you own one of these CDs please do not play it on your personal computer. Unsubstantiated estimates are that more than 500,000 computers have already been infected. You don't want to be number 500,001.

Will the RIAA Pursue Individuals?

terrywfrazier@gmail.com — Sat, 03 May 2003 05:35:11 GMT

I've been thinking about this RIAA/college student settlement and just what it means for the RIAA. There are a couple of points in this Yahoo! News article worth examining.

Students Sued by Record Companies Settle Download Case. Yahoo! May 1 2003 6:24PM ET
[...] Daniel Peng at Princeton University in New Jersey and Joseph Nievelt at Michigan Technological University in Houghton, Mich., agreed to pay $15,000 to the recording companies, while Jesse Jordan and Aaron Sherman from Rensselaer Polytechnic Institute in Troy, N.Y., agreed to pay $12,000 and $17,500, respectively. The students will make the payments on installment plans over the next several years.

The settlements resolve the first phase of what could be a risky legal gambit by the major record labels, including AOL Time Warner Inc.'s Warner Music, Sony Corp (news - web sites).'s Sony Music Entertainment, Vivendi Universal SA's Universal Music Group and Bertelsmann AG (news - web sites)'s BMG, to combat online music piracy, a phenomenon the labels blame for declining music sales. Recording industry executives said the lawsuits have resulted in at least 18 campus-wide file sharing networks being taken down, adding that they may ask for stiffer settlement terms in future legal actions. [...]
[...] But in suing individuals, particularly university students, analysts and attorneys believe the recording industry may risk alienating a wider swath of music fans. [...] [Moreover - Online legal issues news]

It's clear the RIAA wasn't interested in going to court, and neither were the students. It's also clear the RIAA wasn't interested in proving, or recovering, damages:

[...] Mr. Jordan added that his son's $12,000 settlement "happens to be the same amount of money that is the total of his bank account. That is money he has saved up over the course of working three years to save money for college." [...]

Looking at Title 17, Sec 504 says the copyright owner can request statutory damages of between $750 to $30,000 per infringement. In cases of willful infringement the court may, at its discretion, increase statutory damages to not more than $150,000 per infringement. A kid trading tunes from just a handful of CDs could face as much $4 to $6 million in statutory damages. But there is more, if you are a willful infringer:

Title 17, Sec. 506 Criminal Offenses
(a) Criminal Infringement.-Any person who infringes a copyright willfully either-

for purposes of commercial advantage or private financial gain, or

by the reproduction or distribution, including by electronic means, during any 180-day period, of 1 or more copies or phonorecords of 1 or more copyrighted works, which have a total retail value of more than $1,000,
shall be punished as provided under section 2319 of title 18, United States Code.

Among other things, Title 18 Sec. 2319 lists prison terms of 1 to 10 years for first offenders, plus fines (additive to any damages awarded under Title 17.) The remedies in the code are clearly written to curtail large-scale criminal infringers, particularly with regard to profiteering. In fact, Sec. 2319 refers repeatedly to the infringer's profits.

So what we have here is a game of legal chicken. The criminal code views copyright infringement as a criminal endeavor of significant proportions. Its remedies never anticipated the occurrence of common, everyday file trading among lowly students with no profit motive or criminal intent. But if the RIAA ever gets a kid in court it is not clear just how it will play out. There is a risk of having the hammer fall on some hapless student and putting a very human face on the whole situation.

It's one thing to go after some high profile file trading company in Antigua, or a couple of venture capitalists that can afford really good lawyers and big settlements. It's entirely another to be seen winning million dollar awards and locking up college kids for doing something most people aren't even sure is wrong. There is simply no public perception that file trading justifies the kind of remedies in the code, especially when there is no profit motive.

I think this is why the RIAA has been so slow in going after individuals and why they are focused on getting lots of PR and then settling for small amounts. There is risk of a serious public backlash if they push too hard. It wouldn't take but one outrageous court case to bring home the ludicrous nature of current copyright law to the parents of every college student in America. Next thing you know, some politician is grandstanding on the idea of legalizing file trading, and the RIAA is in deep shit.

Given their pathetic track record at PR this could certainly happen. In the end it could well be the human face they create that ultimately leads to changes in the copyright code that so desperately want to maintain.

Sacrificial Lambs

terrywfrazier@gmail.com — Thu, 01 May 2003 21:08:51 GMT

RIAA has first sacrificial lambs for its pursuit of individual file traders. This is where the focus should be, and should have always been (on individuals, not infrastructure providers.) Except the DMCA has removed any need for the RIAA to show just cause or submit to oversight for its actions. Essentially, the DMCA has turned the RIAA into an unregulated, unelected, unaccountable enforcement agency. Your government at work.

If there were oversight restrictions in place we could be assured that the RIAA would be forced to concentrate on individuals acting with criminal intent. It would not be possible for them to flood entire networks or castigate entire classes of users. As it stands they can go after anyone they want, any time, without incurring significant cost.

RIAA Suits Against Students May Settle.. RIAA lawsuits brought last month against the four students making and operating network search engines apparently will settle soon. The Daily Princetonian reports that Daniel Peng, and the three others, have been working with attorneys to negotiate an end to this, and expect some kind of announcement today. "It would be really expensive to litigate," said Peng, who has avoided commenting publicly since the filing. "I would like to reach an amicable settlement." In a... [bIPlog]