July 22, 2024

Sony-BMG Sues Maker of Bad DRM

Major record company Sony-BMG has sued the company that made some of the dangerous DRM (anti-copying) software that shipped on Sony-BMG compact discs back in 2005, according to an Antony Bruno story in Billboard.

Longtime Freedom to Tinker readers will remember that back in 2005 Sony-BMG shipped CDs that opened security holes and invaded privacy when inserted into Windows PCs. The CDs contained anti-copying software from two companies, SunnComm and First4Internet. The companies’ attempts to fix the problems only made things worse. Sony-BMG ultimately had to recall some of the discs, and faced civil suits and government investigations that were ultimately settled. The whole episode must have cost Sony-BMG many millions of dollars. (Alex Halderman and I wrote an academic paper about it.)

One of the most interesting questions about this debacle is who deserved the blame. SunnComm and First4Internet made the dangerous products, but Sony-BMG licensed them and distributed them to the public. It’s tempting to blame the vendors, but the fact that Sony-BMG shipped two separate dangerous products has to be part of the calculus too. There’s plenty of blame to go around.

As it turned out, Sony-BMG took most of the public heat and shouldered most of the financial responsibility. That was pretty much inevitable considering that Sony-BMG had the deepest pockets, was the entity that consumers knew, and had by far the most valuable brand name. The lawsuit looks like an attempt by Sony-BMG to recoup some of its losses.

The suit will frustrate SunnComm’s latest attempt to run from its past. SunnComm had renamed itself as Amergence Group and was trying to build a new corporate image as some kind of venture capitalist or start-up incubator. (This isn’t the first swerve in SunnComm’s direction – the company started out as a booking agency for Elvis impersonators. No, I’m not making that up.) The suit and subsequent publicity won’t help the company’s image any.

The suit itself will be interesting, if it goes ahead. We have long wondered exactly what Sony knew and when, as well as how the decision to deploy the dangerous technology was made. Discovery in the lawsuit will drag all of that out, though it will probably stay behind closed doors unless the case makes it to court. Sadly for the curious public, a settlement seems likely. SunnComm/Amergence almost certainly lacks the funds to fight this suit, or to pay the $12 million Sony-BMG is asking for.


  1. Official confirmation. Also, intent to possibly counter-sue



    [Long SunnComm/Amergence press release deleted here. Follow the link if you want to read it. — Ed]

  2. Yep. they have dropped it. Their are some new entries under the County Clerk minutes…


  3. Pleonastic, too. Unless the fact that all DRM is bad but not everything bad is DRM makes it not quite.

  4. Bryan Feir says


    Oxymoron isn’t the right word: oxymoron means a self-contradictory statement, such that ‘Bad DRM’ would be something inherently impossible.

    A more accurate word would be that it’s a tautology.

  5. How does this public lawsuit help SONY? Any investor in the company must surely think the management would be lunatics for dragging this business back into the public eye.

    Whoever gave the go ahead at sony for this to proceed should be investigated internally to check whether they took short positions on Sony’s stock.

  6. Why does that site require a captcha merely to read material? The purpose of a captcha is to prevent bot postings and therefore to prevent spam. If the material is read-only, with no submission forms or discussion threads or guestbooks or whatnot, then no captcha is needed. And if they have such forms captchas are only needed on those forms.

  7. Jacques Briel says

    “I don’t think SunnComm’s investors are a target here. They have suffered enough already.”

    I don’t think it matters anymore to SunnComm (The Amergence Group) investors. The share price is currently 0.65 and that is following a 1000 to 1 reverse split. An original (un split share) in SunnComm that was worth about 10 cents when the Sony-BMG fiasco happened is worth just $0.00065 today.

    It actually posted an all time low of $0.00020 ($0.20 post split) today, but when this fact was highlighted and ridiculed on some message boards, a token trade at $0.65 was put through just before the close to make it look up for the day. This is the chart


  8. Don,

    I don’t think SunnComm’s investors are a target here. They have suffered enough already.

  9. Anonymous,

    I take it from point 1 that SunnComm/Amergence isn’t telling the whole truth.

    Contrary to the impression left by their statement, their own product caused serious trouble. Had XCP never been released, the SunnComm problems would still have been discovered.

    Point 2 is, umm, a real stretch. BMG had ‘final authority’ about how SunnComm’s product worked?

  10. Hal,

    SunnComm’s product wasn’t the one with a rootkit. It had other serious security and privacy problems, but no rootkit.

  11. Anonymous says

    Did the Suncomm product include a rootkit? I thought that it did not – the rootkit was in the XCP effort produced by F4I.

    In their defence, Suncomm said, according to press reports,

    “Amergence believes (that the problem) resulted primarily from 1) Sony’s under-tested release of a competitor’s technology, and 2) BMG’s ‘final authority’ input in determining the functional specifications of the MediaMax copy protection.”

    Do we take it that from point 1 that Sony and F4I are at fault on the basis that had XCP never been released, the furure would never have occurred, Mediamax would never have got found out, and Suncomm would have got away with it?

  12. The word “rootkit” seems rather conspicuous by its absence in your article here, even to the point of some strained circumlocutions. Wasn’t that by far the most common term used to describe the Sony software and what was wrong with it? Do you disagree with that usage?

  13. In Reason We Trust says

    Imagine you or someone else here would install such malware on other people’s computers without permission. In most countries that is punishable by jail time. To me the Sony-BMG lawsuit against SunnComm looks more like a smoke screen. I do not believe that Sony-BMG had no clue about SunnComm. Sony-BMG must have well known what product they bought, and from whom. Sony-BMG put this product onto Sony-BMG CDs. I want to see that the Sony-BMG managers responsible for the criminal installation of DRM malware, the people who ORDERED it, are facing the same laws.
    Put the spotlight on Sony-BMG and blow holes into the smoke screen.

  14. The lawsuits against Napster reached the company’s investors. Is this case likely to deter investors from putting money into DRM? Software companies know how to defend themselves from user lawsuits, but when the plaintiff is a media company, the problem for the DRM vendor gets a lot harder.

  15. “Bad DRM”

    isn’t that kind of an oxymoron?

  16. @John:

    If you hadn’t mentioned Ceri’s trolling on Usenet groups for help (basically, “how do I hide a driver/spyware that runs when someone inserts a CD”), I would have.

    She clearly didn’t have a clue what she was doing in the first place.

    I go back and check periodically to see what phase of metamorphosis F4I is in — surprised they haven’t changed from Fortium to something else by now.

  17. Jacques Briel says

    ” don’t see any reports that Sony are taking any proceedings against XCP purveyors, First4Internet – who have also changed their name.”

    The reason I have heard for this is that both firms, F4I and SunnComm, were required to take out indemnity insurance to protect Sony/BMG from subsequent legal action if the products caused problems. It appears that SunnComm did not do this from what I have read in some forums. F4I may have done it, hence no action against them.

  18. I don’t see any reports that Sony are taking any proceedings against XCP purveyors, First4Internet – who have also changed their name. They are now called Fortium Technologies, and appear to have abandoned DRM systems for production disks, and are concentrating on products for pre-release samples etc. which will only play on pc’s.

    My recollection is that one of their XCP developers (sic) had previously been posting of forums, originally connected with hacking and spamming, and subsequently trying to glean information that would be needed to create an XCP sort of product that worked properly, and had been warned that what they were trying to do just could not be achieved. (Google for “Ceri Coburn” for more info.)

  19. Jacques Briel says

    “SunnComm had renamed itself as Amergence Group and was trying to build a new corporate image as some kind of venture capitalist or start-up incubator.”

    That is what they were saying they were trying to do, but in reality they were just trying to prolong their share printing scam. They had issued close to a billion shares (870 million), but then did a 1000 to 1 reverse split, ending up with just 870,000 ordinary shares. However, a few months prior to the split, they created a new class of share (preference share with voting rights) and authorized 30M of these. These shares, that were not to be issued to the general public, were not reverese split like the ordinary shares. So the ordinary shareholders who supported the company throughout the years and were the innocent victims of the pumping scams of management ended up, due to the reverse split, owning about 3.3% of the company that they previously had 100% of. It goes without saying who controls the 30M preference shares. You can verify this by typing “amergence group” into the search field here: https://esos.state.nv.us/SOSServices/AnonymousAccess/CorpSearch/CorpSearch.aspx
    Select the one company listed and then at the bottom of the first screen displayed, select “click here to view 29 actions…” Look at the action items for Dec 2006 and June 2007 to see what I mean.

    The reason I say that their new direction was just a farce is that if you read any of the Amergence Group PRs that describe their new business, they talk about finacing start up ventures, assisting with the problems new companies experience etc. The reality is that SunnComm (The Amergence Group) itself was unable to find any funding for itself. It was unable to merge with MediaMax Corporation, a long stated goal, even though MediaMax was located in the same building, had common management and was their exclusive sales agent. SunnComm planned to use MediaMax Corporation merger as a means to get off the pinksheets and become a reporting company, but they ended up with MediaMax been demoted to the pinksheets instead due to failing to report in a timely manner. MediaMax is currently in default (use above link with Mediamax as search).

    SunnComm (and MediaMax) couldn’t even pay their own rent and were evicted in May this year from their Phoenix premises shortly after changing the name to Amergence, owing the landlord Cofco $157K. They have recently been “moved” from their new premises in Scottsdale and no one seems to be able to contact them since.

    Link to eviction lawsuit:


    They haven’t paid the back rent yet on that case, nor a much larger amount owing ($600K+) in a lawsuit they lost against their previous s/w developer BTEK about 3 years ago.


    Sony will be lucky to get a penny out of them

  20. Remember the good old days, when the Suncomm stock pumpers used to visit here? I miss those guys. Looks like they are almost gone although they have changed their name to Amergence. Ride it to the bottom, guys!