Sony BMG has offered $7.50 or a free album to victims of the illicit copy-protection software its CDs clandestinely installed on customers' computers. The offer is part of a tentative settlement agreement in one of the many lawsuits filed against Sony. The software, manufactured by First 4 Internet and SunnComm, can damage a listener's computer, leave it vulnerable to attacks from hackers, and can be installed without the listener's knowledge or consent.
The class action suit settlement provides:
• A recall of all CDs containing First 4's XCP copy-protection
software, and an injunction against manufacturing any CD's containing
SunnComm's MediaMax software until at least late 2007 or early 2008.
Both MediaMax and XCP have been heavily criticized for their crippling
effects on users' computers, the lack of clear terms of consent to
install them, and in XCP's case, its own infringement on the copyright
of another software license.
()
• Limitations on Sony's ability to collect identifying data using XCP, MediaMax, and any future content protection software without the user's explicit consent or permission.
• The continuing recalls and exchanges of the copy-protected CDs with "clean" CDs that can be "ripped" to a computer's hard drive or copied onto blank CD's.
• Offering improved uninstaller applications for the MediaMax and XCP software. The previous uninstallers were criticized for not actually removing the software, and for causing new problems and vulnerabilities on users' machines. (/news04/2005/sony.html)
The settlement must still be approved by the U.S. Southern District Court of New York, where the lawsuit was initially filed. It does not affect other lawsuits against Sony, including those filed in Texas by state Attorney General Greg Abbott and the Electronic Frontier Foundation.
News of the settlement elicited a predictably wide response. Mark Russinovich, the Windows security analyst who first discovered the XCP "rootkit" software on one of his own computers was listed as an expert witness in the class-action suit. Posting on his blog, he said that "this specific circumstance has had a best-case outcome for those affected."
Russinovich's statement did not say whether he had been compensated for his expert-witness status.
Russinovich said that "users need to have enough plain-English information presented to them during a software installation, DRM-protected or otherwise, that helps them make an informed decision when they consider accepting a vendor's terms and the software's impact on their system."
Others criticized the settlement for merely formalizing what Sony was doing anyway -- recalling the copy-protected CD's -- and the relatively small cash offer.
CD's can range in price from $12 to $18 at music stores. And Sony's ability to collect personal information from its copy-protection software isn't actually removed by the settlement, merely limited by requiring the user's consent.
InfoWorld's Ed Foster stated that the settlement also doesn't prevent Sony from taking the same actions in the future. "[N]ext time it just has to disclose what it's doing a little more clearly and completely in its EULA. And come 2008, Sony is free to revert to the old EULA or, for that matter, to go find a new rootkit to use on its CDs."
