Sony finally settles case with the FEDs over rootkit DRM fiasco

The last chapter in Sony’s infamous attempt to stem piracy has been announced today, with the company agreeing to compensate users for damaged PCs.

The Federal Trade Commission (FTC) announced today that a settlement had been reached concerning the rootkit DRM that Sony had secretly embedded on music CDs sold to customers.

Windows users were informed that they couldn’t listen to the CD on their PC without first agreeing to install the anti-piracy program, which merely advised that "it will install a small proprietary software program" that will remain there "until removed or deleted."

The CDs in question then secretly installed rootkit software that not only limited the copying of music from the purchased music CDs but, also employed programming techniques normally associated with computer viruses to hide from users and prevent them from removing it.

The Sony code modifies Windows so you can’t tell it’s there, a process otherwise known as "cloaking." and surreptitiously sends data about you to Sony. And it can’t be removed; trying to get rid of it damages Windows.

"Here you have one of the biggest name-brand corporations on the planet getting into what many people in other circumstances would consider hacking," said Richard Smith, a security and privacy consultant based in Boston. "That’s just not acceptable."

It was also discovered that the techniques used by the hidden software to conceal its files from the user and to make them harder to remove could also be used by virus writers and hackers to hide malicious files on any PC running the anti-piracy software.

After much public outcry and concern from computer security experts, a tool was offered by Sony to "fix" the software which, adding insult to injury, removed only the "cloaking" itself and not the rootkit.

As Sony’s site reads, "This option will remove all XCP and associated content protection files, including service/processes, registry entries and folders from your computer….(but) this uninstaller will not remove the detection tool itself."

In any event, the damage had already been done to both PC users worldwide as well to its image and credibility among music CD customers.

Lawsuits were the inevitable result of its misdeeds, and the FTC stepped in to address consumer protections and rights.

Last month, the company settled similar cases with more than 40 states, agreeing to pay more than $4 million USD and also to reimburse customers who purchased the music CDs in question but, but the concerns of the federal government still remained.

The FTC said the software "exposed consumers to significant security risks and was unreasonably difficult to uninstall." It also restricted the number of copies that could be made and monitored consumers’ listening habits to send them marketing messages.

The settlement announced today between the FTC and Sony fully addresses the concerns of consumers and provides compensation for those whose PCs may have been damaged by the anti-piracy software.

The terms of the settlement include:

*Allow consumers to exchange through the end of June affected CDs purchased before Dec. 31, 2006, and reimburse them up to $150 to repair damage done when they tried to remove the software.
*Clearly disclose limitations on consumers’ use of music CDs.
*Barred from using collected information for marketing and prohibited from installing software without consumer consent.
*For two years, Sony BMG also must provide an uninstall tool and patches to repair the security vulnerabilities on consumers’ computers and must advertise them on its Web site.

This move by the FTC should finally put the matter to rest from a legal standpoint but, for millions of music listeners throughout the world the matter is far from over.

digg_url = ‘http://digg.com/tech_news/Sony_finally_settles_case_with_the_FEDs_over_rootkit_DRM_fiasco’;

RELATED NEWS AND “HOW TO” GUIDES:
Darn DRM, will our music ever be set free?
Record companies want ISPs to block access to file-sharing websites
Is 2007 the year the CD died?
Download more than 2000 albums for free on "Jamendo"
Darn DRM, will our music ever be set free?
BitTorrent torrent sites & search engines
uTorrent – A Beginner’s guide to BitTorrent downloading
Stream Rock N’ Roll Concert Classics for free on “Wolfgang’s Vault”
20,000 YouTube music videos at your fingertips
vNES: play Nintendo games in your internet browser
Watch The Simpsons, The Office, Jackass, South Park, Lost, X-Men, and More On-Demand For Free

SOULXTC: “walkin’ the streets of P2P”

Related Posts

1. Sony Incident Leads Government to Consider Rootkit Ban
2. Sony Settles Canadian Class Actions over Rootkit
3. Spitzer Gets on Sony BMG’s Case
4. Microsoft will wipe Sony’s ‘rootkit’
5. Devaluing the Product Part II – Sony Music CDs Threaten PCs