Well well well, it would appear that not only is Sony rootkitting hundreds of thousands of Windoze PC’s around the world, along with making peoples PCs even more insecure when they try and remove it, but they also appear to be possibly infringing peoples copyrights by distributing LGPL libraries as part of their rootkit.
Now the LGPL is a lot less straightforward that the GPL so this looks a lot less clear, but there does appear to be code from two different LGPL libraries in a single ActiveX control installed by the rootkit. To me that looks like it’s covered under section 2 of the LGPL, which implies section 4, which says:
You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.
If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.
In other words, if my reading is correct then they should be required to distribute the source code to their library, or be in violation of the license and thus infringe the copyright of the original authors. Now people like the BSA call this “software piracy”. I wonder if they’ve been tipped off about this possible infringement ?