German court against root-kits
German tech news site Heise just reported that a reseller has to reimburse a customer for losses suffered installing a Sony rootkit-encumbered CD.
You may remember that Sony added a root kit ("XCP", essentially an invasive, self-installing piece of software that works the same way as many trojans do). For those who aren't able to read German, here's a translation:
The plaintiff (...) had purchased an Anastacia-CD by Sony from the defendant through eBay. When he attempted to play it on his computer, a warning message from his anti-virus software appeared, according to which a trojan called "rootkit.b" had been detected. The plaintiff then did a scan for malware on his three computers and "set a restore point". In the process, loss of data had occurred.
The judgement was performed by the municipal court in Hamburg-Wandsbek, so this is not the final say in the matter, especially not for all of Germany, but there is hope that this will come back to bite Sony, and that resellers will increase pressure on Sony to protect them from future issues like this, forcing a general recall of any leftover CDs, and that no company will try something as invasive, and as stupid again.
In the course of the claim, he requested 200 Euros for 20 work hours "during the run of the anti-virus software", as well as 100 Euros for ten hours needed to re-enter the lost data. In addition, he demanded compensation for loss of profit, since he had been unable to pursue his freelance business. He also demanded 800 Euros, that he had to pay an expert for restoring his network and about 185 Euros in lawyer's fees. In total his demands thus came to about 1500 Euros.
The court eventually ordered the seller to pay damages of about 1200 Euros. In the judge's opinion, the sold Music CD was defective in quality. The purchaser of a CD could expect it to be playable on a computer without invasive effects on his system. But after consulting an expert's report, it became clear that an application on the Sony CD had at least attempted to access the internet.
The seller of the CD was to answer for this defect. Although a music salesman could usually not be expected to check every copy of a music CD in advance, in this case the "not merely remote possibility" existed that the seller was aware of the issues surrounding the Sony products. On the other hand, the plaintiff did not have any responsibility. He had not acted differently "than to be expected from an average user in this situation". In particular, the defect "provoked" his reaction. Therefore, the court ordered the defendant to pay the demanded damages except for the lost profit. According to the plaintiff, the judgement has become final in the meantime.
Too bad about the seller, though. While he apparently was found to not really have performed due diligence after the Sony Root-kit fiasco, I think the wrong person was sentenced here. Someone responsible from Sony should really have been sitting on the bench here.
PS - I am not a lawyer, and everything on this page (and this site, actually) is just my personal opinion. I might have mis-translated a few legal terms, so when in doubt, go to the German translation for clarification.