May 22, 2006 6:01 PM PDT
Sony rootkit settlement gets final nod
- Related Stories
Seeking changes to the DMCAMarch 31, 2006
Sony rootkit victims in every state, researcher saysJanuary 17, 2006
Sony's rootkit fiascoNovember 21, 2005
New Sony CD risk identifiedNovember 18, 2005
FAQ: Sony's 'rootkit' CDsNovember 11, 2005
Sony halts production of 'rootkit' CDsNovember 11, 2005
The agreement (click for PDF) covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after Aug. 1, 2003. Those customers can file a claim and receive certain benefits, such as a nonprotected replacement CD, free downloads of music from that CD and additional cash payments.
The court action picked up last fall when security researchers discovered vulnerabilities posed by two pieces of software, First4Internet's XCP and SunnComm's MediaMax, which are automatically installed on a user's computer upon loading certain Sony BMG music CDs. The software's presence was masked by a "rootkit" that can make the PC more vulnerable to viruses and other hacker attacks.
The software also allegedly transmitted information about the listener's computer use back to Sony BMG, although a company-commissioned privacy assessment later determined that it collected only "non-personal information tied to a particular album and its usage."
At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a U.S. District Court in New York to make it official.
Sony BMG had already begun taking steps to remedy the situation. It yanked the affected discs off the shelves, suspended production of CDs containing the technology and issued a recall of the 4.7 million XCP CDs, offering MP3 downloads in return.
Under the terms of the final settlement, Sony BMG definitively agreed to continue halting manufacture or distribution of CDs containing the two programs. (It stopped using XCP on its products in November 2005 and ceased using MediaMax about a month later, according to court filings.)
For the duration of the settlement, which lasts until the end of 2007, the company is expected to take a number of steps before putting any new copy protection software on its wares. These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.
Sony BMG told CNET News.com on Monday that it was "pleased" that the settlement in this case had secured the court's final approval.
Electronic Frontier Foundation Legal Director Cindy Cohn, whose organization participated in the settlement negotiation process on behalf of the plaintiffs, urged anyone in possession of the offending CDs to stake their claims against Sony. Doing so, she predicted, may send a message to Sony BMG and other music labels to "think twice before wrapping songs in DRM."
Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general, as well as inquiries from the Federal Trade Commission and other state attorneys general, according to the text of the settlement. That document indicated that the company would pursue similar settlements in those cases, too.
4 commentsJoin the conversation! Add your comment