Sony settles 'rootkit' class action lawsuit

Sony BMG has struck a deal with the plaintiffs in a class action lawsuit over copy-restriction software it used in music CDs, according to a settlement document filed at a New York court Wednesday.

The record label has agreed to compensate buyers of CDs that contained the XCP and MediaMax DRM programs and to provide software utilities to allow consumers to uninstall both types of software from their computer.

The furor over Sony's DRM software began at the end of October when a U.S. programmer discovered that XCP software on a Sony music CD had installed copy-restriction software on his computer that was hidden using a rootkit. Antivirus companies later discovered Trojan horses that exploited this software to avoid detection and found that another type of Sony DRM, MediaMax, also posed a security risk.

During November a number of individuals filed cases against Sony at courts across America. These cases were granted class action status Dec. 1.

Sony BMG met lawyers from the firm handling the class action suit in early December and engaged in "virtual round-the-clock settlement negotiations", according to the settlement filing, which has been posted on the Sunbelt Software Web site.

In the settlement filing, Sony states that it will immediately recall all XCP CDs and replace them with non-content-protected CDs. It has also agreed to offer incentives to U.S. customers to "ensure that XCP CDs are promptly removed from the market." Sony first released details about its CD recall scheme in late November.

Customers who exchange their XCP CD can either download three albums from a list of over 200 titles, or claim a cash payment of $7.50 and a free download of one album. To claim this compensation, customers must return their XCP CDs to Sony or provide the company with a receipt showing they returned or exchanged the CD at a retailer after Nov. 14.

Sony is not recalling MediaMax CDs, but has agreed to compensate buyers of these albums by allowing them to download one free album, as well as offering them MP3 versions of the music on the MediaMax album.

The settlement filing is awaiting approval by the U.S. District Court for the Southern District of New York.

Ingrid Marson of ZDNet UK reported from London.

[SqlserverCode]

Interesting

Sony is not recalling MediaMax CDs, but has agreed to compensate buyers of these albums by allowing them to download one free album, as well as offering them MP3 versions of the music on the MediaMax album.
??????
So If I buy 1 album I can download another album and get mp3's of the same album
What if I buy the album and don't put it in my PC that way I could get two CD's (+ rootkit) for the price of one (techically 3, but 2 are the same music)

http://otherthingsnow.blogspot.com/

[d0x]

this is a load of crap

I cant beleive they arent being punished, this is the biggest load of bull in recent memory. Sony should be fined, they broke the law, they lied and if average joe did the same thing he would probably get jail time and a hefty fine to go with it. Screw Sony, ill never buy a product made by them again no matter what it is.

[Dachi]

Don't spend the $7.50 all in one place

I wonder if I hacked one of Sony's computer systems and installed a rootkit on it if id also be fined $7.50.

[M C]

Class-action lawsuits blow.

The lawyers will undoubtedly receive a multimillion-dollar fee, while the "class" gets $7.50 each and Sony gets off without any real punishment.

[herkamur]

oooh... MP3's to replace a CD

Wow, how generous. You can get inferior MP3 replacement versions of songs that you had on CD. Somehow I'm not impressed.

[Michael G.]

What's Missing in This Deal?

So let's get the facts straight here. If someone purchased an XCP rootkit CD for $15.00, this is what they get for returning it to Sony: $7.50(half the cost of the CD) and a $7.50 album download from a limited list of albums that they probably won't use, fearing that their computer will become infected again with the download. So what's missing in this deal? Compensation for the waste of time and effort that it took for anyone with an XCP CD to get rid of the rootkit, not to mention any damages that may have permanently occurred. In the end, Sony comes off with a sweet deal indeed. As for myself, I wouldn't let these weasels close to my computer with a download even if they paid me $750.00.

[heystoopid]

cheap as always!

What a cheap solution, offer this for cheap solution to only north american residents, where as the bulk 75% of this illegal trojanware infection is in every other country in the world!

Also , who can forget the fictitious public recall announcement, of all 'XCP' disks, where only AMAZON.COM, did the recall, and all other retaillers, just kept on selling the junk to the unsuspecting public!

Further all, other country divisions, of SONY BMG, point blank refuse to accept any responsibility whatsover, for any division that include this very illegal security nightmare software!, on it's audio cd's sold at retail level, in either home country and/or if exported as well(probably expains the 'No export, delete at the border part of the EULA! as exposed by EFF').

Oh well, at least we now know, you the customer, in any country in the world is always last, will only ever remain so to be treated as either criminals or sheep to be fleeced at every opportunity!

For me, I will totally avoid the purchase of any new technology created by and/or sold by all that is SONY, for who knows what hidden unwanted extra's and software that compromises computer security comes with these devices?

To me the motto of SONY in this century is "BUY CHEAP at wholesale from other makers mostly & SELL AT MAXIMUM PREMIUM PRICES TO FLEECE THE PUBLIC!"

Ah choices, don't you love them!

[booboo1243]

This fascinating phenomenon

is called "inflation", my dear friend.

"Accept certain inalienable truths: prices will rise, politicians will philander, you too will get old"

[computerlegalexperts.com]

Columbia Records / What about the Artists?

After buying Harry Connick Jr.?s CD, "Harry for the Holidays," from the Columbia Records, which is a subsidiary of the Sony Corporation, I could not help but notice the "burn" on the CD was abnormal. An examination of the CD showed that there were no .cda files. When I loaded the CD onto my computer, the CD attempted to load a software program known as "CDExtra."

Mr. Connick's management company is surprised and did not authorize any DRM program to be loaded onto his CD. The question remains, "How will this affect the artists such as Mr. Connick, Jr.?"

The executives and all parties that are responsible for deploying this scheme to the general public should be held to the same standard as Kevin Mitnick.

Steven Moshlak
www.computerlegalexperts.com

[GrandpaN1947]

$7 for a trashed computer?

From a company like Sony this is not surprising. What will be surprising is the huge numbers of people that won't buy Sony products from now on.

A friend of mine got a nice new Sony CD for Christmas. I won't bore you with the horror story but let's just say it's costing him hundreds of dollars and lot's of time and lost data to recoup. He's really pissed off! He's also one example of a pissed off EX Sony product buyer.

I suggest you learn from his example and do the same.

[Lord_alda]

Boo-hoo!

Get over it people I don't really give a dam, unless they give me my album back which they did. So am all done with that, and I had already removed the rootkit with ease (granted I removed it when they released the help line on it). But if your going to blame someone why don't you blame the guy who exposed the whereabouts of the rootkit in full details (eventually leting hackers in on this little item), but more specifically why? would you let this stop you from buying their other products?(that simply absurd). If you want to quit buying something stop buying sony BMG products (even though you wouldn't get to listen to your favorite artisit). Its no different then napster suddenly embedding rootkits in their product, but most of all would you really go smash your SONY sxdr just because discovered a root kit!?

In the case of Magicd if your going to blame somebody blame windows, for being retardedly vulnerable to attacks.

[wynnb]

Commerical Music CDs - Just say no!

What part of iTunes don't people understand? Just download the tunes and burn the CD.

[heystoopid]

It's a Red Herring!

Until such time it is approved ratified and sealed by the Federal Court, it remains as unfinished business!

Be a red herring!

Man these, Karl Rove Clones are sure working overtime to convince the suckers, like the funny ha ha gotcha again non existent recall!

[skeptik]

Justice served

So the RIAA gets to collect thousands of $$$ from grandmothers and 12 yr olds for downloading even a single song, but Sony only has to pay $7.50 for actions that cost each consumer hundreds to repair their PC?
Keep in mind that the RIAA never proved any loss, just espoused the theory that loss was occurring. Shouldn't each consumer be granted the same assumption - that the highest loss possible actually did occurr and they need to be compensated for that loss to keep them economically viable?

[aabcdefghij987654321]

Only 1 suit settled so far - there's more still in litigation

Sony isn't in the free and clear yet, there's still the suit by the Texas Atty General and that one has criminal penalties unlike the class-action suit which was a civil penalties case.

[Anon-Y-mous]

Now time to sue Microsoft for allowing this in the first place

Sony is just the end-cause of this debacle.

The ROOT cause is Microsoft that knowingly ships an operating system that ALLOWS programs to be secretly installed without any warning to the user that a ROOT KIT is being installed. This wasn't even a "bug" or "exploit"--It is absolutely WRONG intended behavior.

What if your car computer accepted upgrades from a CD placed in your dashboard player? Then your car brake system fails due to 50% CPU use because of the root kit? Who's to blame then? -- Delco the CD player maker or GM the car maker..... GM would be blasted. MSFT is no different in this case and is 90% at fault and needs to be held accountable.

Therefore MSFT is next in line for damages, and I am betting will pay a heck of a lot more in the end than Sony did for destroyed computers.

Sony is a terrible company.

I am so frustrated by this. None of it makes any sense. In order to receive a settlement from Sony, you have to be delivered back into using their products? If anything, the settlement should entitle people to back out what will be their last interaction.

Where's the compensation for any service fees people had to pay while getting their computers fixed?!

This just smells of a bunch of greedy lawyers and high level executives having a well-fed meeting. In this meeting, they use the dark corporate arts to conjure a forced patronage campaign disguised as a settlement.

When questioned about it, all they have to do is shrug their shoulders and say "What's wrong?"
They made a "settlement", but it doesn't have any of the makings of a settlement. Evil and greedy people are at play here.

People of the Earth! Do not buy Sony. Put down your brand loyalty to an image. It's a wolf in sheep's clothing designed to sap you dry.

Sony is not the perfect consumer product provider they claim to be. Their products are designed to fail - forcing you to buy new almost every year. Products that have software have crippling restrictions that are never mentioned as the products are advertised.

Ever since the mid-90s, Sony shifted their policies and marketing towards the "Best Buy" segment and have never looked back.

This pretty much sums up Sony:
Mediocre, fault-prone products with invasive software where applicable.

[the1kingarthur]

NOT GOOD ENOUGH!

This is a chance to send a message to all the corrupt greedy evil corporations that have raped the consumers, and stolen all our rights to privacy, and limited all other rights including freedom of speech. I say that no one should accept this settlement, and demand at the least $ 1000,00 per person plus 10 FREE Music CD's with NO COPY PROTECTION OR SPYWEAR. Some say it will bankrupt Sony. SO WHAT! This will force them to sell ownership of American Companies BACK TO AMERICANS.

Read and pass this along

[pottymouth]

EFF short changes consumers

I don't know how many of you have actually read the proposed settlement agreement but given my experience in these matters(yes I am a lawyer) it is very apparent to me that this was a behind the doors/secretive settlement that will only benefit the class action lawyers and SonyBMG, why do you think it serttled so quickly? As someone else pointed out, the settlement does nothing for consumers whose computers were damaged or that will be damaged in the future and in fact the only way a consumer who has been damaged is to file an individual lawsuit which we all know will never happen. This stinks. And on top of that, the organization that was at the settlement table and that was supposed to be protecting our rights, the EFF, sold out too. The only way to fight this is for there to be enough people to "opt-out" of the settlement which might cause Sony to back out of the agreement. Right now that threshold is 1000, surely we can get over 1000 people together to derail this thing? One last thing, note how the attorneys fees to be paid has not yet been disclosed, again very sneaky here.