Feeds

Sony 'rootkit' settlement clamps down on DRM

Deal paves way for kinder, gentler music label

Top three mobile application threats

Sony BMG has agreed to settle with a group of plaintiffs in a New York class action lawsuit relating to the DRM software that triggered consumer outrage and a PR disaster for the company. As part of the settlement, Sony will compensate those who purchased infected CDs and fix their computers.

The preliminary settlement was revealed in a filing with the US District Court for the Southern District of New York. It covers people who purchased or used a CD with Sony's now infamous XCP (Extended Copy Protection) software or the equivalent MediaMax software produced by Sony BMG partner Sunncomm. While both sets of DRM have their problems, XCP gained particular notoriety for opening up a security hole on computers that hackers were quick to exploit.

Under the terms of the settlement, Sony BMG would agree to provide the following:

  • Compensation for buyers of XCP CDs and MediaMax CDs
  • Software utilities to update and uninstall XCP and MediaMax software from consumers' computers
  • An agreement by SONY BMG to immediately recall of XCP CDs, and not manufacture MediaMax CDs for a period of at least two years
  • A series of injunctive measures governing any SONY BMG CDs manufactured with content protection software over the next two years
  • Defendants’ agreement not to collect personal information on Settlement Class Members through XCP, MediaMax and future content protection software, without their express and affirmative consent
  • Defendants’ agreement to waive certain rights currently contained in the EULAs for XCP and MediaMax CDs and software
  • A “most favored nations” provision that would enhance the benefits available to all Settlement Class Members if Defendants provide additional benefits to a subset of Settlement Class Members through an agreement with any government authority

Sony BMG has already put a program in place that allows consumers to exchange infected CDs for clean ones, and this settlement clearly dictates that this practice continue with Sony BMG providing free shipping of the CDs and encouraging stores to replace the goods.

To nudge consumers to act on the settlement, Sony BMG will be required to offer two different incentive packages. In addition to receiving a DRM-free version of their original CD, consumers will have the option of picking up a $7.50 cash payment and promotion code that allows them to download one of 200 albums. Or they can pick up a promotion code that allows for three album downloads. Interestingly, Sony must also work to make the downloads available on iTunes.

In addition, "Under the Settlement, SONY BMG will be enjoined from using XCP and MediaMax software on audio CDs they manufacture. SONY BMG will implement several changes to its policies and procedures concerning content protection software and the EULAs associated with that software. These changes will ensure that the content protection software will not be installed without the user’s express consent, will be removable from the user’s computer, and will not render the user’s computers vulnerable to known security risks. In addition, the EULA’s will be written in plain English and will accurately describe the nature and function of the content protection software."

The settlement - available here in PDF - must still be approved by the court.

Given the scope of the settlement, it's hard to take Sony BMG's earlier nonchalance about the incident seriously. It would seem the company's DRM suppliers have a lot of work to do in order to meet these new guidelines. ®

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.