Sony BMG gives Canadians ‘raw deal’ in rookit settlement

Canadian consumers are being handed a raw deal by entertainment conglomerate Sony BMG Music Entertainment Corp, according to an Ottawa-based public interest watchdog.

The Canadian Internet Policy and Public Interest Clinic (CIPPIC) yesterday criticized Sony BMG, alleging the company was practicing “double standards” by withholding from Canadian consumers warnings and protections it offered US customers.

CIPPIC executive director Phillipa Lawson said her organization’s complaint stems from Sony BMG’s efforts to remove from the Canadian settlement key elements that would prevent it from gathering personal data. “Sony BMG regularly sues consumers in the US on the basis of this information, and in the past has tried to do so in Canada.”

Several class action suits were filed in Canada against Sony BMG in connection with the practice of surreptitiously planting digital rights management technologies on music CDs, including a “rootkit” technology that left the users’ computer vulnerable to malicious attackers.

An Ontario court approved on Thursday a settlement deal that had the music company offering $8.40, a replacement CD and free downloads of selected CDs to customers who purchased the CDs containing digital rights management (DRM) programs .

CIPPIC contends the Canadian settlement falls short of what was provided to U.S. Sony customers.

“There are clearly some double standards at play. Sony BMG agreed to take a number of steps that protected U.S. customers, but [the company] is not willing to provide the same to Canadian consumers,” said Lawson.

Meanwhile, Sony BMG Music (Canada) Inc. issued a statement yesterday simply saying, the company “is pleased that Justice Winkler approved the Ontario settlement.”

Lawson told IT World Canada that CIPPIC’s complaint filed on Thursday before the Privacy Commissioner’s Office demanded that Sony be investigated and fined for “wrongful conduct” and “violation of Canadian privacy and competition laws.”

“Sony BMG’s position shows its true colours: it will only respect consumer rights if forced to,” said David Fewer, CIPPIC staff counsel, in a press statement yesterday.

CIPPIC filed similar complaints with the Commissioner of Competition, the Directors of Consumer Services Bureau, the President of Office de la Protection du Consummateur in Quebec and the Privacy Commissioners of British Columbia and Alberta.

In 2005, Sony BMG began installing XCP (Extended Copy Protection) software in some of its CDs. This digital rights management (DRM) software, which used rootkit cloaking techniques normally employed by hackers, was found to be a security risk.

The software is able to read and transmit IP addresses, thereby identifying the user and sending personal information back to Sony BMG, said Lawson.

She said Sony can use this information to go after file sharers.

When the practice was uncovered, it brought a storm of controversy and legal troubles over the company.

A lawsuit was successfully brought by a number of parties in the US against Sony BMG in November last year.

The total cost of the settlement is not known but Sony admitted it sold in North America only 52 CD titles with XCP, and 34 CD titles with another DRM program called MediaMax.

The company also promised all CDs containing the copy protection code would be recalled.

The Sony BMG Music (Canada) Inc. website lists 86 CD titles containing protection programs. The site contains instructions on how to uninstall the program from the customer’s computer.

The U.S. settlement requires that a third party test for security vulnerabilities, any Sony CD with content protection software.

The entertainment company must ensure that DRM software will not be installed in a buyer’s machine without that buyer’s explicit permission and that ready access to an uninstaller feature be made available.

If a security problem is found after the software is released, Sony BMG must notify security experts and work with them to address the problem quickly. In addition, Sony must adequately disclose the nature and function of the software to buyers before they buy a Sony CD.

These stipulations “have been deliberately and explicitly excluded from the Canadian Settlement Agreement,” Fewer pointed out in his submission before the Superior Court of Quebec.

Fewer also said that in a sworn affidavit, Christine Prudham, vice president of legal and business affairs for Sony BMG Canada, said that consumer protection was provided to U.S. buyers in response regulatory action “based on unique US legislation.”

Prudham’s affidavit said “no Canadian government authority has commenced any inquiry into Sony BMG Canada concerning Sony BMG Canada’s use of the Software.”

Lawson, however, took exception to this statement. “This argument just doesn’t hold water. They didn’t protect their customers because no one complained?”

“We want the privacy commissioners to step in and clarify Sony’s obligations with respect to the gathering of personal information, because it’s obvious that Sony BMG doesn’t understand its privacy obligations, said Lawson.

Meanwhile, two other settlement approval hearings have been scheduled for Sept. 28 in Montreal and Sept. 29 in Victoria.

QuickLink 61337

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now