Sony BMG rootkit debacle settlement

Sony has been fined $1.5 million in penalties and costs to reimburse Californians and Texans whose computers were affected by the illegally installed digital rights management software (antipiracy software) on some of their music CDs. Consumers will be reimbursed up to $175.00 to offset the cost of repairs incurred when removing the software. Consumers without proof of the cost of repairs are still eligible for $25.00.

To date there are 40 states that have settled the law suit with Sony. The total settlement amount is up to $5.75 million. For a list of the 40 states affected by the settlement see the Massachusetts Attorney Generals Office.

The CDs might contain XCP or MediaMax 5.0 designation on the CD label and some are labeled as “Content Protected” on the front upper-left corner. 52 CD titles were manufactured with the antipiracy software. A full list of the titles affected can be found here.

California Attorney General Bill Lockyer estimates that 450,000 Californians purchased Sony BMG CDs that used rootkit technologies. Texas estimates 130,000 people purchased the CDs. An estimated 12.6 million cds were sold between January 2005 and November 2005.

The antipiracy software was created by First 4 internet, a U.K. based company. When the user accepted the terms of a license agreement on their Windows PC, rootkit software was installed that was virtually undetectable to all but the most experienced user and most antivirus software. Rootkits run at a very low level in the Windows operating system. A rootkit is a set of tools that hide any trace of an intruder, but can maintain full (“root”) access to a previously compromised operating system.

The software did not affect CD players in stereo systems.

Terms of the settlement also ban Sony from distributing CDs with bundled Digital Rights Management software technology without proper disclosure.

The rootkit was discovered by Mark Russinovich of Sysinternals.

Claim forms are available on a special Sony website with instructions on how to seek reimbursement for repairs to damaged computers. Consumers have 180 days to file claims.

Back to Bill’s Blog | Bill’s Links and More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.