January 30, 2007 10:22 AM PST

Sony settles with FTC in rootkit case

Sony BMG Music Entertainment announced on Tuesday that it has reached a proposed settlement with the Federal Trade Commission over the controversial embedding of antipiracy software its CDs without users' knowledge.

The antipiracy software, otherwise known as a rootkit, could not only limit the use of the CDs but could also pose serious security risks, according to the FTC. The controversy erupted two years ago, when it came to light that Sony was embedding copy protection software, or digital rights management technology, in its CDs.

Under the proposed settlement, consumers would be able to exchange their Sony BMG CDs through June 31 and may also receive reimbursements of up to $150 to repair damage their computers may have sustained when users attempted to remove the rootkit software.

The proposed settlement also calls for Sony BMG to disclose limitations on consumers' use of the music CDs, prohibits the company from collecting user information for marketing purposes and probibits it from installing software without users' consent. Sony is also required to provide a way for users to easily uninstall the rootkit software.

"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairman Deborah Platt Majoras said in a statement. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

The FTC will hold public hearings on the proposed settlement through March 1, after which the Commission will make a final decision.

"We are pleased to have reached this agreement with the FTC," Sony BMG said in a statement.

Sony has already recalled millions of CDs into which the rootkit technology had been embedded, as well as paid a total of $5.75 million in fines to 41 states. In those states, it has paid $175 in reimbusements per consumer who incurred computer damage when attempting to remove the rootkit software.

See more CNET content tagged:
proposed settlement, Sony BMG Music Entertainment, rootkit, settlement, antipiracy

6 comments

Join the conversation!
Add your comment
Sony may be squre with the United States of America
but they're not square with me. It will be a long, long, long time before I forget this.
Posted by gw188397 (45 comments )
Reply Link Flag
Not good enough
The only way to stop this type of behavior is to make the settlement more punitive. Sony BMG needs to made into an example.
Posted by ArbitraryThinker (30 comments )
Reply Link Flag
A step in the right direction. Jail time and not being able to do rootkits
at all would have been even better.

Now if we can get them to do the same with Microsoft over WGA we can do 2 in a row.
Posted by slim-1 (229 comments )
Reply Link Flag
Different classes of criminals
I can see now that there are different classes of criminals in the USA.

You can do jail time for breaking an entry if you are not wealthy and did it one time. Or you can settle with the FTC if are wealthy and did it millions of times.

So what's next? Perhaps a phone manufacturer that installs a hidden microphone so that they can listen to my phone calls and sell the info to telemarketers? Or a refrigerator with hidden camera so they can track my usage of the appliance? How about a washing machine with hiden control that communicates with RFID tags on detergent packaging so the manufacturer can control the quality of the results based on their current deals with manufacturers of detergents? Or a car with hiden transmitter that allows the manufacturer to determine if you've done anything that might void your warrantie?

If the result is a settlement and the financial gain is higher than fine then why not? After all corporate thieves are not subject to the same laws as petty thieves!
Posted by hadaso (468 comments )
Reply Link Flag
classes is right...
Any individual can get the same white gloves treatment. All they have to do is pour millions into the coffers of connected politicians.
Posted by skeptik (590 comments )
Link Flag
You've got that right...
Individual copyright violators face fines of $250,000 per title and 5 years in prison. Where are the punitive fines and jail terms for the criminals who violate the rights of consumers?
Posted by vm019302 (85 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.