By Keith Regan E-Commerce Times
01/30/07 1:51 PM PT
The Federal Trade Commission announced Tuesday that the music company agreed to settle charges that it embedded potentially damaging anti-piracy software in some of its CDs without the knowledge of buyers. In the settlement, Sony BMG will allow consumers to exchange the CDs and reimburse them for up to $150 to fix any damage to their computers.
Music label Sony BMG has reached a settlement with the Federal Trade Commission (FTC) over charges that it violated federal law by installing spyware and digital rights management (DRM) software onto music CDs without telling consumers.
The deal calls for Sony BMG to allow consumers to exchange CDs purchased before the end of 2006 for new discs that do not contain the secret software. That offer will be good through June 31, 2007.
In addition, Sony agreed to reimburse consumers up to US$150 each to repair damage to their computers that they may have suffered in trying to remove the software. Although the process for reimbursing repair costs has not yet been disclosed, the settlement suggests that the consumer will have to submit documentation that their computer was damaged.
The controls installed on Sony CDs -- sometimes referred to as a rootkit but formally known as extended copyright protection, or XCP -- limited the number of devices that could play the music CD, restricted the number of copies that could be made and contained technology that monitored users' listening habits. Sony could use this data to send targeted marketing messages.
The FTC had also claimed that the software "exposed consumers to significant security risks and was unreasonably difficult to uninstall."
As part of the settlement, Sony BMG agreed to clearly disclose limitations on consumers' use of music CDs and said it would stop using data collected for marketing purposes. Sony also agreed to stop installing software without consumer consent and to provide users with an easy means of uninstalling unwanted programs.
"Installations of secret software that create security risks are intrusive and unlawful," said FTC Chairman Deborah Platt Majoras. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."
In the Past
The settlement could help bring to an end an embarrassing episode for Sony BMG and one that ignited a far-ranging debate about DRM tools and about the consumer's right to know what programs might be hidden on CDs and other media.
Sony BMG had argued that it needed to take the extra steps to prevent music piracy. The controls were seen as too restrictive by many, however. For instance, songs ripped from the CDs onto computers could
not be loaded onto iPods.
The FTC argued that it was "deceptive for Sony BMG to fail to disclose adequately that software would be installed on consumers' computers, and that the software would limit consumers' copying and use of the CDs on their computers."
It was also a violation of federal law, the agency argued, to install tracking software for marketing purposes without users' knowledge and consent.
Future Sony CDs must bear "clear and prominent disclosure" of any restrictions on copying or transferring songs to other media.
Sony is not barred from collecting marketing data via its CDs. However, if users are required to participate in a Sony-driven marketing program as a condition of buying a CD, that have to be informed in advance of the purchase.
Sony BMG must also make an uninstall and repair tool available for two years and advertise those tools on its Web site. Details of the reimbursement program for computer repairs will be made available on the Sony BMG Web site.
It's not clear how much financial exposure Sony BMG faces through the settlement, though as many as 3 million CDs were sold that contained the "extended copyright" technology. The settlement does not constitute an admission of wrongdoing by Sony BMG, the FTC said.
Missed Target
Previously, Sony BMG had settled private lawsuits brought because of the rootkits, as well as actions from individual states including Texas and California.
Sony's use of hidden software came to light in late 2005, when an Internet security firm posted a warning about a Trojan circulating that the Sony BMG software to possibly allow an attackers to control a user's PC remotely.
The majority of business PC users quickly began to recognize the added protections as a security threat, security firm Sophos said. "Sony took aim at music pirates, but succeeded only in shooting itself in the foot," said Graham Cluley, senior technology consultant at Sophos.
Sony moved to quickly stop sales of the enhanced CDs and recalled those already sold.
Other music companies were testing their own DRM enhancements around the same time. Some may have been convinced to back off by the firestorm that erupted over the Sony BMG revelations, however.
Adding copying restrictions to CDs can significantly harm music sales, even among consumers who had no intention of illegally swapping songs, according to JupiterResearch analyst David Card. "Fundamentally, it's a bad idea," he said.
Priceline, Travelocity, Cingular Pay Small Change to Settle Adware Case January 30, 2007
As part of the settlement of a lawsuit brought by the New York State Attorney General's Office over the use of adware as a marketing tool, Priceline, Travelocity and Cingular agreed to pay $35,000, $30,000 and $35,000, respectively, to New York to cover penalties and investigatory costs.
Related Stories
Sony Antes Up $1.5 Million to Settle DRM Suits December 21, 2006
Sony failed to adequately inform consumers about "enhancement" software placed on certain CD discs. The enhanced CDs, when inserted into computers, allowed Sony to communicate via the Internet with the user's IP address, which in turn permitted the company to send unsolicited advertisements to the consumer's PC.
Apple Battery Debacle Could Be Big Blow to Sony August 30, 2006
Earlier this year, Sony made changes to its manufacturing process to reduce the amount of contaminant particles in its batteries. The company did not think the older batteries were dangerous, however. "We didn't have confirmation of incidents until relatively recently," said Sony spokesperson Rick Clancy.
Related News Alerts
More by Keith Regan
Yahoo Slaps Fresh Coat of Gloss on Microsoft Deal Defense June 30, 2008
With its shareholders meeting set to take place in less than five weeks, Yahoo has put together a 32-page presentation, emphasizing why the investors should vote to keep the current board in place. The company also reiterated why it chose to partner with Google instead of letting Microsoft buy part of it.
French Court Stings eBay With $63M Judgment Over Knockoff Sales June 30, 2008
eBay is planning to appeal a ruling by a French court that ordered it to pay $63 million to the luxury goods maker Louis Vuitton Moet Hennessey. The court also barred the online auctioneer from selling four brands of perfume on its Web sites accessible in France.
New Auto Loan Leads Marketplace Shifts Into Drive June 30, 2008
Reply.com's move into the auto finance market is a logical one the company, as automotive advertising spending is moving online in increasingly greater amounts. The company is partnering with the Detroit Trading Company to create a massive repository of auto finance leads online.
Headline Feeds
calls for Sony BMG to allow consumers to exchange CDs purchased before the end of 2006 for new discs that do not contain the secret software. That offer will be good through June 31, 2007.
Talkback: 
