legal counsel, Ottawa-based Canadian Internet Policy and Public Interest Clinic (CIPPIC)


A federal judge on Monday gave final approval to a class action lawsuit that was brought against Sony BMG after the entertainment company included a pair of invasive and potentially dangerous copy protection programs on an estimated 15 million music CDs. You have to commend Sony BMG for doing the right thing here.David Fewer>Text

The agreement ends one chapter in a public relations disaster for the entertainment company, which must still contend with a lawsuit brought against it by the state of Texas for violation of state antispyware laws.

Commendable, but contentious…that’s how many Canadian consumers may view Sony BMG’s agreement to partially compensate them for a digital rights management (DRM) gone awry.

And at least one Canadian legal expert agrees. “You have to commend Sony BMG for doing the right thing here. Rather than dragging this litigation out, the company has quickly agreed to address consumer harm,” said David Fewer, legal counsel, Ottawa-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).

Sony BMG issued a statement Monday saying it was pleased with the settlement.

Sony BMG Music Entertainment began distributing XCP (Extended Copy Protection) software in some of its products last year. This digital rights management software, which used rootkit cloaking techniques normally employed by hackers, was found to be a security risk.

Hoping to put some of the heat behind it caused by security flaws made public early November, Sony BMG recalled millions of its CDs and, together with SunnComm International Inc. and First 4 Internet Ltd., agreed to a settlement in a class-action lawsuit, according to U.S. court documents.

Under the court-approved settlement, Sony BMG will offer a cash payment of US$7.50 plus one album download to any customer willing to return an affected CD to Sony BMG, or who can provide proof of purchase.

Alternatively, customers can download up to three albums free of charge. Customers affected by a second copy protection system, MediaMax, are to be offered free downloads only.

Fewer said Sony BMG’s settlement will be executed under conditions that will help ensure that the company implements future DRM systems in “a responsible and forthright manner.”

However, the lawyer questioned the adequacy of the compensation. “Sony BMG has offered only US$ 7.50, a replacement CD and three downloads as compensation for the worst of its DRM. To put that in perspective, the average cost of a service call to repair an infected computer is in excess of $100.”

In addition, he said, by offering free downloads, Sony BMG is “effectively shifting part of the cost of compensating consumers to its artistes who don’t get paid for free downloads. Financially, this is a good deal for Sony BMG.”

The lawsuit was brought by a number of parties against Sony BMG in November, after researcher Mark Russinovich revealed the company was installing copy protection software using cloaking or rootkit techniques. The software was extremely difficult to de-install, and could, in certain circumstances, make a user’s PC unstable and open to criminal hacking, it was claimed.

The total cost of the settlement is not known, but Sony BMG has admitted that 52 CDs used XCP, and 34 used MediaMax, all on CDs that shipped in the North America. All CDs affected by copy protection code will be recalled.

Significantly, Sony BMG has also agreed to submit to independent oversight of its DRM development and the drafting of its end-user license agreements (EULAs) for a period of two years.

The class action settlement also requires the three companies to stop manufacturing Sony BMG CDs with XCP or MediaMax 3.0 or 5.0 software and to make available updates to fix all known security vulnerabilities caused by the products.

The companies will also provide software programs to uninstall XCP and MediaMax safely and agree to fix any future security vulnerabilities that may be discovered in MediaMax and any other content protection software installed on Sony BMG CDs, according to the court documents.

The companies also pledge to provide independent verification that personal information about users of Sony BMG CDs has not and will not be collected through XCP or MediaMax. They also will ensure that any other content protection software they may use in the future will be clearly disclosed, independently tested and readily uninstalled, according to the court documents.

“This settlement gets music fans what they thought they were buying in the first place: music that will play on all their electronic devices without installing sneaky software,” said Cindy Cohn, legal director of the Electronic Frontier Foundation (EFF), in a statement Monday. The EFF represented plaintiffs in the case.

More information on the class action lawsuit, including lists of CDs that included the software in question, can be found at this Web site.

The EFF has information on the case as well, which can be found at this Web site.

Sony BMG still faces legal action by at least one other plaintiff, the attorney general of the state of Texas. This suit alleges that Sony BMG broke the Texas Consumer Protection Against Computer Spyware (CPACS) Act.

It would also be possible to users who reckon their PCs have been rendered unstable or insecure by the copy protection system to sue individually.

“If there is any single lesson legislators should take from this sad business, it is that consumers require statutory protection from harmful implementations of DRM,” Fewer said.

“Some suggest that the Sony BMG rootkit fiasco has set the cause of DRM back irreparably. I don’t agree. By making the dangers of DRM plain for all to see, Sony BMG has moved the cause of consumer-centric, responsible DRM implementations forward by at least a decade,” he said.

Sony Corp. executives have virtually admitted that the copy protection fiasco has cost the company a good deal of consumer good will.

“Clearly the perception out there is we shouldn’t be doing too much of that copy protection stuff,” Sony chairman and CEO Howard Stringer Stringer had said at the International Consumer Electronics Show (CES) in January this year.

While Stringer conceded that there was a need to balance consumer needs against those of artistes, he indicated this was easier said than done. “In the video business, moving forward, this is going to be something of a tug of war. Protecting the artiste’s right is not something that should be automatically dismissed by the push-and-pull generation. And we’re just going to have to tread very carefully.”

Stringer also said he was worried about the negative impact the controversy could have had on Sony as a whole because of Sony BMG’s actions. Sony BMG is a joint venture with Bertelsmann AG. “Every headline was about Sony, as if Sony Electronics was behind all of this and we took quite a beating but it was a Sony BMG copyright protection tradition and this was a bad situation. We obviously retreated from that position.”

“Sony as a company took a bit of a beating for it, which was somewhat unfair,” he said.

— With files from Robert McMillan John E Dunn and China Martens

<asset width="" height="" align="right" name="0

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now