May 22, 2006 6:01 PM PDT

Sony rootkit settlement gets final nod

Related Stories

Seeking changes to the DMCA

March 31, 2006

Sony rootkit victims in every state, researcher says

January 17, 2006

Sony's rootkit fiasco

November 21, 2005

New Sony CD risk identified

November 18, 2005

FAQ: Sony's 'rootkit' CDs

November 11, 2005

Sony halts production of 'rootkit' CDs

November 11, 2005
A federal judge on Monday gave final approval to a settlement in a class action suit against Sony BMG Music Entertainment over anticopying software the company had embedded in some music CDs.

The agreement (click for PDF) covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments.

The court action picked up last fall when security researchers discovered vulnerabilities posed by two pieces of software, First4Internet's XCP and SunnComm's MediaMax, which are automatically installed on a user's computer upon loading certain Sony BMG music CDs. The software's presence was masked by a "rootkit" that can make the PC more vulnerable to viruses and other hacker attacks.

The software also allegedly transmitted information about the listener's computer use back to Sony BMG, although a company-commissioned privacy assessment later determined that it collected only "non-personal information tied to a particular album and its usage."

At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official.

Sony BMG had already begun taking steps to remedy the situation. It yanked the affected discs off the shelves, suspended production of CDs containing the technology and issued a recall of the 4.7 million XCP CDs, offering MP3 downloads in return.

Under the terms of the final settlement, Sony BMG definitively agreed to continue halting manufacture or distribution of CDs containing the two programs. (It stopped using XCP on its products in November 2005 and ceased using MediaMax about a month later, according to court filings.)

For the duration of the settlement, which lasts until the end of 2007, the company is expected to take a number of steps before putting any new copy protection software on its wares. These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

Sony BMG told CNET on Monday that it was "pleased" that the settlement in this case had secured the court's final approval.

Electronic Frontier Foundation Legal Director Cindy Cohn, whose organization participated in the settlement negotiation process on behalf of the plaintiffs, urged anyone in possession of the offending CDs to stake their claims against Sony. Doing so, she predicted, may send a message to Sony BMG and other music labels to "think twice before wrapping songs in DRM."

Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general, as well as inquiries from the Federal Trade Commission and other state attorneys general, according to the text of the settlement. That document indicated that the company would pursue similar settlements in those cases, too.

See more CNET content tagged:
Sony BMG Music Entertainment, settlement, class action, rootkit, copy protection


Join the conversation!
Add your comment
I got one of the Mediamax cd's, "Kasabian" self titled. Awesome cd.

Because I have version 1.0 of the mediamax cd, Sony wants me to ship the cd to them, and they would give me a free download of the album... ***!!! Why should I pay to send back the cd, just to get a drm-crippled lossy compressed file downloaded? Damn BS on Sony's part.
Posted by wazzledoozle (288 comments )
Reply Link Flag
I hope they fail in all things.
Posted by Stan Johnson (322 comments )
Reply Link Flag
Sony BMG = clueless morons
To Sony BMG execs: Good job of shooting yourselves in the foot, people! As if music buyers aren't annoyed enough about your high prices, you have to pull a brain-dead stunt like this and really **** them off. Not to mention the fact that it didn't work and it was easy enough to bypass. And don't bother to cry about yet another quarter with declining music sales - we already know why people won't buy your products.
Posted by Get_Bent (534 comments )
Reply Link Flag
Sony messing with Audio CDs
I have the Shakira: Grandes Exitos album and can't listen to it on
my computer nor can I feed my iPod with it. I don't use my CD
player or Sony Hi-Fi system anymore. Changing CDs on a Hi-Fi
system is so passé. So I find Sony trying to prevent me from
listening to the music I bought from them on my home media
computer just simply infuriating. It makes me not want to buy
anything Sony anymore. After this rootkit debacle I doubt they will
regain my trust. If Sony wants to treat consumers like criminals
then it will alienate it's (past/current/potential future) customers
Posted by digantasaha (21 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.