At the time the Sony rootkit came to light, the Canadian government in extracting its settlement with Sony made them promise to never do it again or they would open Sony up to tens, if not hundreds, of thousands of individual lawsuits.
In the USA, however, Sony fought tooth and nail to keep "promise not to do it again" provision out of the FTC settlement. ... So, in the USA, there is nothing to prevent Sony or anyone else from installing a rootkit on your PC.
Maybe US Attorney Carmen Ortiz should go after the chairman at Sony like she did with Aaron Schwartz.
Political and not-for-profit RoboCalls are not exempt from the DoNotRoboCall law.
Penalties for political RoboCalls are the imprisonment of the candidate for 20 years, no exceptions. In the case of RoboCalling on behalf of ballot initiatives the the vote goes against the desired outcome of the RoboCaller. The officers and directors of the payor for the RoboCall are presumed to be the initiators of the RoboCall; penalties are the same as commercial RoboCallers. In the case of "front" organizations, strict liability is passed through to the real backers of the initiative.
Penalties for not-for-profits is the same as previously stated for [presumably] for-profits. In addition, the not-for-profit is dissolved with all proceeds from its liquidation going to the US Treasury.
A facility implemented by the telcos and enabled by default would put every phone number served by the telco on a DoNotRoboCall list. Consumer could un-subscribe to the DoNotRoboCall list by using a *xx facility the telcos use to let consumers tweak their own telco service options to enable or disable this feature.
Telcos would implement an out-of-band signaling mechanism where a signal is sent to the originator of the all calls. RoboCallers would have to implement technology to recognize the out-of-band signal and terminate the call immediately before the call rings through to the consumer; a timeout facility is implemented by the telco that if the call does not terminate in (2 seconds (pick a number)) then the telco puts the call through to the consumer. The consumer on detecting a RoboCall presses a *xx number on the telephone keypad. The remainder of the call is recorded by the telco. The telco is required to listen to each call recorded by the DoNotRoboCall facility and determine its validity. RoboCall operators would have to upgrade/replace their existing RoboCall equipment immediately; no grandfathering of existing equipment is allowed. If the RoboCaller lets a call go through to someone on the DoNotRoboCall list, then the RoboCaller is considered in violation of the law.
National legislation would be necessary that says that any RoboCaller that dials a phone number with anti-robocall enabled is liable for payment, say $10,000 per call, via the telco to the consumer. The telco is permitted to take a small portion of the payment to implement the DoNotRoboCall feature.
Violation of the DoNotRoboCall mechanism is also a criminal offense where the officers and directors of the robocalling entity are strictly and personally liable for each and every violation. Financial penalties become the personal liabilities of the owners, officers and directors of the RoboCalling entities and are not shielded by normal "corporate shield" law. After a first conviction, mandatory sentencing of 20 years for ALL owners, officers and directors is the law of the land. Fines cannot be discharged by bankrupcy. Community property laws do not shield spouses under the principle that the spouses benefitted from the ill-gotten gain of the RoboCaller. The US Marines may be deployed to any nation that shields assets of a RoboCaller.