facebook rss twitter

Sony BMG settles CD root-kit class-action suits

by Bob Crabtree on 24 May 2006, 15:27

Quick Link: HEXUS.net/qaftb

Add to My Vault: x

Electronic Freedom Foundation logo

The Electronic Freedom Foundation reports that a judge has granted final approval for a settlement in the Sony BMG CD root-kit class-action law suits. The agreement means that purchasers of affected CDs can have them replaced and also receive a small compensatory sum (US$7.50) and download three further CDs.

As well as compensating consumers, Sony BMG has to stop making CDs that use the First4Internet XCP and SunnComm MediaMax software, stop using several restrictive end-user license agreements (EULAs) and carry out a detailed security review before adding digital-right management tools to CDs in future.

Full terms of the settlement - with all all its legal technobabble - are available here (right-click to download) in PDF format. The EFF's press release about the settlement appears below but can be read here in its original form.

May 22, 2006
Judge grants final approval for Sony BMG CD settlement

Customers will get compensation for flawed copy-protection

New York - A U.S. District Court judge in New York gave final approval Monday to a settlement for music fans who purchased Sony BMG music CDs containing flawed copy protection programs.

"This settlement gets music fans what they thought they were buying in the first place: music that will play on all their electronic devices without installing sneaky software," said Electronic Frontier Foundation (EFF) Legal Director Cindy Cohn.

The claim process actually began back in February and provides anyone who purchased Sony BMG CDs that included First4Internet XCP and SunnComm MediaMax software with the same music without digital rights management (DRM). Some people are also eligible for additional downloads or a small cash settlement. Anyone who bought one of the affected CDs should start the claims process at http://www.eff.org/sony.

"Participating in the settlement is a way to show Sony BMG -- and the entire entertainment industry -- how important this issue is to you," said Cohn. "If you take the time to claim the product you deserve, maybe other music labels will think twice before wrapping songs in DRM."

The problems with the Sony BMG CDs surfaced last year when security researchers discovered that XCP and MediaMax installed undisclosed -- and in some cases, hidden -- files on users' Windows computers, potentially exposing music fans to malicious attacks by third parties. The infected CDs also communicated back to Sony BMG about customers' computer use without proper notification.

In addition to compensating consumers, Sony BMG was forced to stop manufacturing CDs with both First4Internet XCP and SunnComm MediaMax software. The settlement also waives several restrictive end user license agreement (EULA) terms and commits Sony BMG to a detailed security review process prior to including any DRM on future CDs.

EFF and its co-counsel -- Green Welling LLP; Lerach, Coughlin, Stoia, Geller, Ruchman and Robbins; and the Law Offices of Lawrence E. Feldman and Associates -- along with a coalition of other plaintiffs' class action counsel, reached the settlement after negotiations with Sony BMG in December of 2005.

Got something YOU want to say about the settlement? Well, get if off your chest in the HEXUS.community.


HEXUS - Microsoft targets Sony DRM and other rootkit malware
HEXUS - Sony BMG stops production of XCP copy-protected CDs
HEXUS - Bands sue Sony for massively underpaying music-download royalties
HEXUS - Pressure from EFF on CD copy-protection firm SunnComm pays off
EFF - More on the Sony BMG settlement

HEXUS Forums :: 7 Comments

Login with Forum Account

Don't have an account? Register today!
i am SO pissed with the EFF over this

sony's punishment for installing rootkits on millions of PCs? those who *know* about it, get 10p's worth of new disc, and some (essentially free) DRM'd downloads

1) rootkits are, by design, not detectable. people simply won't KNOW about this, and won't get *anything*

2) the tiny minority who are aware and claim, are costing sony almost nothing. seriously, if the entire cost of the settlement disappeared from the petty cash jar, nobody would notice.

at the same time, sony and the other record labels are claiming that a pirated music track costs them $150,000. that's per track.

if some kid in his bedroom had infected millions of PCs with malicious software and gotten caught, they'd not only have bankrupted themselves, their families, and their close friends - but they;d be in the big house, taking human booster shots from scary men named “jim”.

under *no* circumstances should the EFF have settled on this. anything less than the going rate for complete scrubdown & clean of an infected PC, with the onus on sony to track down each and every infected machine - and a complete legislative ban on implementing DRM again - amount to nothing more than a small slap on the wrist.
I remeber trying to explain to someone on the internet when a virus is a virus is a worm is a …..

and trying to explain that all code has potential to be malicous or nasty.

So, for pottential libal reasons, i will just simply refer too the rootkit as a potential for been malicous.

This rootkit hid itself, it casued security blackholes to virus scanners and misslead users too, its just plain wrong in every way.

How come sony dont even get fined for this? I bet you the lawyers for the class action group got more in “fees” than the $7.50 x people who complained.

Have your read the PDF?

The named plaintiff's should be getting up to $1,000 each.

I didn't mention this in the article cos the wording in the PDF document (p36 - ATTORNEYS’ FEES, COSTS AND INCENTIVE PAYMENTS TO NAMED PLAINTIFFS) is kind of will-they/won't-they - but every time I re-read the document, I become more convinced that they will get some cash.

What I don't know, though, is whether that means only the 13 plaintiffs named on page 1 are going to get a payout.
no every US citizen who bought one of these CD's is entitled I belive (but there were sevral lawsuits so it might not be the case) if they know about it. Unfortunately they were never prosecuted in the UK where they could have faced jail sentances
directhex, I so agree with you.