Sony BMG gives Canadians ‘raw deal’ in rookit settlement

Canadian consumers are being handed a raw deal by entertainment conglomerate Sony BMG Music Entertainment Corp, according to an Ottawa-based public interest watchdog.

The Canadian Internet Policy and Public Interest Clinic (CIPPIC) yesterday criticized Sony BMG, alleging the company was practicing “double standards” by withholding from Canadian consumers warnings and protections it offered US customers.

CIPPIC executive director Phillipa Lawson said her organization’s complaint stems from Sony BMG’s efforts to remove from the Canadian settlement key elements that would prevent it from gathering personal data. “Sony BMG regularly sues consumers in the US on the basis of this information, and in the past has tried to do so in Canada.”

Several class action suits were filed in Canada against Sony BMG in connection with the practice of surreptitiously planting digital rights management technologies on music CDs, including a “rootkit” technology that left the users’ computer vulnerable to malicious attackers.

An Ontario court approved on Thursday a settlement deal that had the music company offering $8.40, a replacement CD and free downloads of selected CDs to customers who purchased the CDs containing digital rights management (DRM) programs .

CIPPIC contends the Canadian settlement falls short of what was provided to U.S. Sony customers.

“There are clearly some double standards at play. Sony BMG agreed to take a number of steps that protected U.S. customers, but [the company] is not willing to provide the same to Canadian consumers,” said Lawson.

Meanwhile, Sony BMG Music (Canada) Inc. issued a statement yesterday simply saying, the company “is pleased that Justice Winkler approved the Ontario settlement.”

Lawson told IT World Canada that CIPPIC’s complaint filed on Thursday before the Privacy Commissioner’s Office demanded that Sony be investigated and fined for “wrongful conduct” and “violation of Canadian privacy and competition laws.”

“Sony BMG’s position shows its true colours: it will only respect consumer rights if forced to,” said David Fewer, CIPPIC staff counsel, in a press statement yesterday.

CIPPIC filed similar complaints with the Commissioner of Competition, the Directors of Consumer Services Bureau, the President of Office de la Protection du Consummateur in Quebec and the Privacy Commissioners of British Columbia and Alberta.

In 2005, Sony BMG began installing XCP (Extended Copy Protection) software in some of its CDs. This digital rights management (DRM) software, which used rootkit cloaking techniques normally employed by hackers, was found to be a security risk.

The software is able to read and transmit IP addresses, thereby identifying the user and sending personal information back to Sony BMG, said Lawson.

She said Sony can use this information to go after file sharers.

When the practice was uncovered, it brought a storm of controversy and legal troubles over the company.

A lawsuit was successfully brought by a number of parties in the US against Sony BMG in November last year.

The total cost of the settlement is not known but Sony admitted it sold in North America only 52 CD titles with XCP, and 34 CD titles with another DRM program called MediaMax.

The company also promised all CDs containing the copy protection code would be recalled.

The Sony BMG Music (Canada) Inc. website lists 86 CD titles containing protection programs. The site contains instructions on how to uninstall the program from the customer’s computer.

The U.S. settlement requires that a third party test for security vulnerabilities, any Sony CD with content protection software.

The entertainment company must ensure that DRM software will not be installed in a buyer’s machine without that buyer’s explicit permission and that ready access to an uninstaller feature be made available.

If a security problem is found after the software is released, Sony BMG must notify security experts and work with them to address the problem quickly. In addition, Sony must adequately disclose the nature and function of the software to buyers before they buy a Sony CD.

These stipulations “have been deliberately and explicitly excluded from the Canadian Settlement Agreement,” Fewer pointed out in his submission before the Superior Court of Quebec.

Fewer also said that in a sworn affidavit, Christine Prudham, vice president of legal and business affairs for Sony BMG Canada, said that consumer protection was provided to U.S. buyers in response regulatory action “based on unique US legislation.”

Prudham’s affidavit said “no Canadian government authority has commenced any inquiry into Sony BMG Canada concerning Sony BMG Canada’s use of the Software.”

Lawson, however, took exception to this statement. “This argument just doesn’t hold water. They didn’t protect their customers because no one complained?”

“We want the privacy commissioners to step in and clarify Sony’s obligations with respect to the gathering of personal information, because it’s obvious that Sony BMG doesn’t understand its privacy obligations, said Lawson.

Meanwhile, two other settlement approval hearings have been scheduled for Sept. 28 in Montreal and Sept. 29 in Victoria.

QuickLink 61337



Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now