Skip to main content

Sony BMG Settling State Rootkit Suits

It’s been more than a year since Sony BMG’s Music CD rootkit fiasco came to a head, and now Sony BMG, one the world’s four largest music distributors, has agreed to pay the state of California $750,000 to settle a lawsuit stemming from the blowout.

For folks who don’t remember (or who are new the whole thing) Sony BMG shipped almost 30 million selected music CD titles with embedded copy protection software (XCP or MediaMax) to prevent the music CDs from being copied via computers. If the CDs were inserted into a PC, they could only be played using the embedded player software, and copying or encoding the tracks wasn’t permitted. Unfortunately, once hackers figured out the software, Sony BMG’s little installed surprises also exposed computer users to serious security threats. The whole shebang blew up in Sony BMG’s face (in part due to the company’s disingenuous attempts to sweep everything under the rug), the company was forced to offer consumers non-protected versions of the CDs, free song downloads, refunds, and promise not to do anything like that again. At least, for a little while.

But all the lawsuits haven’t quite gone away, as Sony BMG’s settlement with California shows. Although it still must be approved by a judge, the record company will pay California $750,000 in penalties and fees; it will also provide refunds of up to $175 to California consumers who can document damage to their computers caused by DRM software embedded in Sony BMG music CDs. Consumers will have 180 days to file their claim.

Los Angeles County deputy district attorney general Tom Papageorge said Sony BMG sold an estimated 12.6 million CDs with the embedded software between January and November 2005, with about 930,000 of those going to some 450,000 California consumers.

“Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn’t inflict security vulnerabilities on computers,” said California attorney general Bill Lockyer, in a statement. “To its credit, SONY BMG learned this lesson and has stopped the practices that led to this lawsuit. But the settlement further protects consumers by prohibiting similar conduct in the future and requiring Sony BMG to pay consumers back for out-of-pocket expenses they incurred to repair harm to computers caused by the software.”

The California settlement follows on the heels of a similar agreement hammered out in Texas earlier this week. That agreement also provides for up to $175 in compensation for consumers whose computers were damaged by the software, or $25 in compensation to consumers who cannot substantiate out-of-pocket expenses to repair their PCs. The Texas settlement also provides for consumers to receive non-protected audio CDs and/or MP3 files of the music they purchased, depending on the DRM software Sony BMG embedded in the CD.

Analysts and legal commentators expect that other states and the Federal Trade Commission will reach similar agreements with Sony BMG over the course of 2007.

Editors' Recommendations