Feeds

Texas puts Sony BMG in its sights

'Illegal spyware'

Protecting users from Firesheep and other Sidejacking attacks with SSL

The Attorney General for the state of Texas filed a lawsuit against Sony BMG Music Entertainment on Monday, calling the media giant's copy-protection technology "illegal spyware".

The complaint alleges that Sony BMG violated the Texas Consumer Protection Against Computer Spyware (CPACS) Act, which includes provisions that punish those who hide software from a computer's owner. The focus of the legal action is a copy-protection program created by software firm First 4 Internet and used by Sony BMG to guard 52 CD titles.

The Extended Copy Protection (XCP) software hides itself and controls basic functions of the Windows operating system - tactics employed by the rootkits commonly used by online attackers. The software was included on some 4.7 million discs produced by Sony BMG, of which about 2.1 million were sold.

"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Texas Attorney General Greg Abbott said in a statement. "Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime."

With the lawsuit, Texas becomes the first state in the nation to sue Sony BMG for the company's role in installing the surreptitious copy-protection program on PCs. Following the discovery of the software three weeks ago, security experts, consumers and digital-rights advocates have taken the media giant to task, saying that Sony BMG's software makes computers insecure, does not adequately inform the user as to its function and cannot be uninstalled easily.

Sony BMG did not answer requests for comment on Monday.

At least a half dozen legal actions have already been filed or will be filed in the coming weeks, said sources at the firms involved in the cases. The same day as the Texas lawsuit, two law firms joined the Electronic Frontier Foundation, a digital rights advocacy group, to file a case in California court on Monday.

A lawyer in Los Angeles filed a class action lawsuit against Sony in citing three violations of consumer and business codes. Later that week, Italian digital rights group Associazione per la Libertá nella Comunicazione Elettronica Interattiva (ALCEI) filed a criminal complaint in the country to investigate whether Italian consumers were affected by the Sony BMG cloaking technology. Chicago-based law firm Cirignani Heller Harman & Lynch plans to file a lawsuit against Sony to recover damages caused to consumers by the media giant's copy protection scheme, an attorney with the firm said.

While the functionality and intent of Sony BMG's copy protection are at the heart of the lawsuits, they cases will also test whether consumers can give a company broad permission to install possibly detrimental programs on their systems. Moreover, the media giant constructed a number of hurdles to removing the program, including a privacy-invasive registration and the need to wait for a special identification number.

New York attorney Scott Kamber, who filed a class-action lawsuit against Sony BMG in a U.S. District Court in New York City last week, said that Sony BMG damaged consumers' computer systems with its code.

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.