Cyberlaw Central

Blawg Review #33 has been posted over at Overlawyered. While I didn’t submit anything this week, I have been following one of the controversies posted about, namely the name change by Pajamas Media to Open Source Media. In relevant part, the quote is as follows:

Taking second place in interblog buzz is the IP sticky wicket that awaited the former Pajamas Media (discussed by Blawg Review here) when shortly before launching it decided to switch to the more dignified monicker of Open Source Media. Turned out there was already a well-known public radio show by the name of Open Source which hadn’t been consulted even though it occupied such URLs as opensourcemedia.net. Ann Althouse has been merciless (here, here and here) in needling the OSM organizers, while Prof. Bainbridge piles on with a law and economics analysis of OSM’s market.

This is a good example of why it pays to do a trademark knockout search before publicly announcing your new company name…

UPDATED TO ADD: The name will be changed back to Pajamas Media. Here’s a link to the company’s explanation of what happened. A good object lesson: don’t blindly follow advice from a marketing presentation without checking with a trademark attorney to see if the name is available.

Mark Russinovich, over at Sysinternals, has declared victory over the rootkit embedded in the CD’s Sony has distributed. And, as Bruce Schneier points out in his excellent analysis, Mark has reason to be happy. It’s David v. Goliath.

However, it’s not a total victory.

There are untold numbers of machines still infected with the Sony Rootkit, a lurking security flaw waiting to be exploited. A recall of the discs will not uninstall the software. At best, Sony will get back the unsold discs, plus a very small percentage of those in the wild.

Further, Sony’s own attempt to remove it leaves another security hole, an ActiveX control that can be exploited, too.

It will take years before the lawsuits play themselves out. As news of what Sony has done to consumers spreads beyond techies, I fully expect more lawsuits to be filed. In the next few days, I will look further at some of the legal theories propounded, including trespass to chattels. Not to mention, of course, Sony’s own potential liability under copyright for including the LAME MP3 encoder in the DRM software without complying with the terms of its license. What irony, Sony’s software to protect its copyrighted content may itself be in violation of the copyright of others.

Whether others will learn from Sony’s public relations nightmare has yet to be seen.

It’s taken several days for the ideas expressed at BlawgThink to percolate through enough to have me post about it. For a great summary of some of the presentations, Dave Gulbransen was blogging throughout, here is a link to the first post. And, to boot, he’s a great guy.

Many thanks to Matt Homann and Dennis Kennedy for organizing the event. Some fun moments included recognizing Evan Schaeffer by voice (check out his great Legal Underground podcast for a slice of fun), chatting with the ReThink IP’ers, Russ Krajec, Sabrina Pacifici, and Dave Swanner. Not to exclude many, many other interesting people I will be adding to the Blogroll here as the days progress.

Now, back to Internet issues… with a renewed determination and focus.

I am attending the inaugural BlawgThink 2005 here in Chicago tomorrow and Saturday. I have been looking forward to this for weeks. Last-minute spaces are still available, so if you want to learn more about blogging from either a beginner or advanced status you can attend one day or two.

So, just what was Sony thinking? Now that the first class-action lawsuit has been filed in California, I’m sure more details on that topic will eventually emerge. Since Sony licenses the software from First 4, it may not have known all of the niceties of just how the software worked. I would not be surprised if First 4 will be required to indemnify Sony from the lawsuits over the use of its software.

So what else has happened since my last post?

My major problem with the Sony DRM I wrote about yesterday is the lack of consent on the part of the user. The terms of the Sony EULA are posted here. Nowhere does Sony advise that even if you uninstall the software using normal procedures that there are hidden bits that remain. Further, the fact that the software is sloppily written and leaves the door open for malicious rootkit developers to take advantage of its flaws is negligent at best.

For its part, Sony today advised that a removal tool is now available from its website provided that you tell Sony where you obtained the CD from. However, it denied wrongdoing while admitting that many of the security flaws pointed out by Russinovich will be fixed on future CD releases.

Here’s a link to a fascinating article by Mark Russinovich detailing his process in detecting the DRM on his computer installed with a Sony music CD that uses rootkit technology to hide its existence. It’s the same process used by a lot of malware to hide their existence.

Bad, Sony. Bad, bad bad.