Looks like the Sony BMG rootkit contains LAME (an open-source MP3 encoder) and that they (or First 4) are not in compliance with the terms of the LAME license.
According to (apparently) Brenno de Winter:
This software is licensed under the so called Lesser Gnu Public License (LGPL). According to this license Sony must comply with a couple of demands. Amongst others, they have to indicate in a copyright notice that they make use of the software. The company must also deliver the source code to the open-source libraries or otherwise make these available. And finally, they must deliver or otherwise make available the in between form between source code and executable code, the so called objectfiles, with which others can make comparable software.
Of course, Sony BMG got this rootkit from First 4, so perhaps First 4 didn’t do their homework.
Link here .