TechWeb

Sony BMG Rootkit Settlement Proposal Submitted To Court

Dec 29, 2005 (12:12 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=175701275


Lawyers working the class-action lawsuit against Sony BMG Music filed a proposed settlement with a federal court Wednesday that if approved, would force Sony to stop making copy-protected CDs, pay affected customers a small fee, and provide replacement discs and/or other albums.

Several class action suits were filed in New York and California during November that claimed Sony's copy-protection technology, which had come under fire earlier in the month, damaged buyers' computers. On Dec. 1, the court consolidated about 10 pending class-action cases, and appointed two law firms, Girard Gibbs & de Bartolomeo of California, and Kamber & Associates of New York, to handle the combined suit.

According to the settlement papers filed with the U.S. District Court, Southern District of New York, "the parties engaged in virtual round-the-clock settlement negotiations" through most of December.

"The primary and overriding concern of the parties over the course of these lengthy, arms’-length negotiations was an effort to provide prompt relief to consumers affected by XCP and MediaMax software, in order to limit the risk that these consumers’ computers would be vulnerable to malicious software," the papers continued.

Among the provisions of the settlement, Sony BMG would be barred from using XCP or MediaMax technologies to copy-protect its music CDs, will continue to update the uninstall utilities for removing the XCP and MediaMax copy-protection schemes, and will offer two different incentive programs to buyers of XCP-protected discs so that they return copy-protected CDs.

Furthermore, until 2008, any copy protection scheme Sony BMG uses on its audio CDs must meet a slew of criteria, including ones which require that it get users' explicit permission before installing rights software, that uninstallers for the copy protection be available, and that a third party verify that the copy-protection technology doesn't present any security risk.




The first incentive plan would award buyers of XCP copy-protected CDs a cash payment of $7.50 and a free download of one album from a list of more than 200 titles in Sony's catalog. The second program allows for downloads of three albums, but dispenses with the cash. The downloads will be available from three different music services; Apple's iTunes will likely be one of the three. Buyers of MediaMax CDS, meanwhile, would be given a free download for each album they've bought -- again, from a library of some 200 titles -- and will also be able to download a non-protected version of the MediaMax-enabled disc they purchased.

Previously, Sony had admitted that its XCP and MediaMax copy protection software created a security risk, and had begun pulling protected CDs from store shelves.

Even if the settlement is approved by the court, that won't put an end to Sony BMG's legal woes. Texas Attorney General Greg Abbott sued Sony in November, citing his state's anti-spyware statues.

The Sony copy protection brouhaha began in early November when security researcher Mark Russinovich discovered that Sony's rights management scheme secretly planted a rootkit on users' machines.

A copy of the proposed Sony class-action settlement can be downloaded from Sunbelt Software's Web site.