Feeds

Texas puts Sony BMG in its sights

'Illegal spyware'

Reducing security risks from open source software

The Attorney General for the state of Texas filed a lawsuit against Sony BMG Music Entertainment on Monday, calling the media giant's copy-protection technology "illegal spyware".

The complaint alleges that Sony BMG violated the Texas Consumer Protection Against Computer Spyware (CPACS) Act, which includes provisions that punish those who hide software from a computer's owner. The focus of the legal action is a copy-protection program created by software firm First 4 Internet and used by Sony BMG to guard 52 CD titles.

The Extended Copy Protection (XCP) software hides itself and controls basic functions of the Windows operating system - tactics employed by the rootkits commonly used by online attackers. The software was included on some 4.7 million discs produced by Sony BMG, of which about 2.1 million were sold.

"Sony has engaged in a technological version of cloak and dagger deceit against consumers by hiding secret files on their computers," Texas Attorney General Greg Abbott said in a statement. "Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses and expose the consumer to possible identity crime."

With the lawsuit, Texas becomes the first state in the nation to sue Sony BMG for the company's role in installing the surreptitious copy-protection program on PCs. Following the discovery of the software three weeks ago, security experts, consumers and digital-rights advocates have taken the media giant to task, saying that Sony BMG's software makes computers insecure, does not adequately inform the user as to its function and cannot be uninstalled easily.

Sony BMG did not answer requests for comment on Monday.

At least a half dozen legal actions have already been filed or will be filed in the coming weeks, said sources at the firms involved in the cases. The same day as the Texas lawsuit, two law firms joined the Electronic Frontier Foundation, a digital rights advocacy group, to file a case in California court on Monday.

A lawyer in Los Angeles filed a class action lawsuit against Sony in citing three violations of consumer and business codes. Later that week, Italian digital rights group Associazione per la Libertá nella Comunicazione Elettronica Interattiva (ALCEI) filed a criminal complaint in the country to investigate whether Italian consumers were affected by the Sony BMG cloaking technology. Chicago-based law firm Cirignani Heller Harman & Lynch plans to file a lawsuit against Sony to recover damages caused to consumers by the media giant's copy protection scheme, an attorney with the firm said.

While the functionality and intent of Sony BMG's copy protection are at the heart of the lawsuits, they cases will also test whether consumers can give a company broad permission to install possibly detrimental programs on their systems. Moreover, the media giant constructed a number of hurdles to removing the program, including a privacy-invasive registration and the need to wait for a special identification number.

New York attorney Scott Kamber, who filed a class-action lawsuit against Sony BMG in a U.S. District Court in New York City last week, said that Sony BMG damaged consumers' computer systems with its code.

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
L33t haxxors compete to p0wn popular home routers
EFF-endorsed SOHOpelessly Broken challenge will air routers' dirty zero day laundry
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.