Sony offers new CDs, MP3s for recalled discs

Sony BMG Music Entertainment released details Friday of a virtually unprecedented CD recall program that will allow music buyers to exchange recently purchased CDs with copy protection for new discs and MP3s.

The company is responding to widespread security worries over copy protection technology contained on 52 albums released over the last year. When put in a Windows-based computer's CD player, the discs install antipiracy technology on a hard drive that exposes the PC to the risk of viruses and other hacker attacks.

Sony said on Friday that customers who have purchased any of the affected CDs can mail the discs back to the company using instructions found on the record label's Web site. Once they have sent in the discs, customers will also be provided with a link to download MP3s of the songs on the album.

"This nightmare makes it rather clear that Sony doesn't really care about customers, not only in the way they want to spy on you (and open the door to your pc for any hacker) but rather in the way the handled the whole situation."
--Ki Ji

"Sony BMG is reviewing all aspects of its content protection initiatives to be sure that they are secure and user-friendly for consumers," the company said in a statement. "As the company develops new initiatives, it will continue to seek new ways to meet consumers' demands for flexibility in how they listen to music, while protecting intellectual-property rights."

The recall of 4.7 million compact discs, along with the exchange offer for the roughly 2.1 million discs sold with the copy protection technology included, is an expensive step for a record company that has been battered by criticism online and in other media for the past two weeks.

The copy protection software, created by British company First 4 Internet, hid traces of itself on hard drives using a powerful programming tool called a "rootkit," a technique sometimes used by virus writers to similarly mask the presence of an infection on a PC.

Because of flaws in the rootkit, Sony's software was left open enough such that other, malicious software could take advantage of its presence on a computer to hide itself. Several pieces of malicious software have already appeared online that piggyback on the copy protection to vanish in a PC, opening the computer to outside attacks.

Security researchers have found flaws not only in the original First 4 Internet software, but also in an uninstaller tool temporarily distributed by Sony that could directly allow an attacker access to a PC.

The Sony exchange offer is immediately available, and the company will pay all shipping charges in both directions, it said. Discs are already being pulled off retail shelves and are no longer available at online stores, including Amazon.com.