Sony BMG on Tuesday settled lawsuits with consumers in Texas and California whose computers were infected with spyware hidden on CDs.
The attorneys general of both states filed lawsuits last year charging the music giant with unfair business practices and violations of anti-spyware statutes.
Under the terms of the settlement, each state will receive US$750,000 in damages and legal fees. Sony will also refund up to $175 each to consumers in Texas and California who paid to have the spyware, which left computers vulnerable to hackers, removed from their computers.
Sony must also destroy any existing CDs embedded with the problematic digital rights management (DRM) technology, continue working to withdraw those CDs from the marketplace, and submit to independent, third-party monitoring of any software-enhanced music CDs for the next five years.
Sony manufactured more than 12.6 million CDs with two kinds of DRM software between January 2005 and November 2005.
Privacy a Top Priority
Both attorneys general pledged privacy protection to their citizens.
“Texans deserve to be protected from harmful, hidden files that threaten their privacy or the integrity of their computer systems,” said Texas Attorney General Greg Abbott. “Our first-in-the-nation action against Sony BMG shows that consumer privacy will be vigorously protected.”
California Attorney General Bill Lockyer echoed Abbott’s stance: “Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn’t inflict security vulnerabilities on computers.”
Consumers will have 180 days to file a refund claim. Refund claims must be submitted in a form available on Sony BMG’s Web site, and must include a description of the harm done to their computers and documentation of repair expenses.
Sony’s trouble started about 13 months ago, when SophosLabs detected a Trojan horse that exploited the controversial software.
Through the process of investigation, it was discovered that Sony failed to disclose in the outer packaging the presence of the unannounced software, which was loaded on consumers’ computers without their knowledge or consent when they played the CDs.
Sony also failed to adequately inform consumers about “enhancement” software placed on certain CD discs. The enhanced CDs, when inserted into computers, allowed Sony to communicate via the Internet with the user’s IP address, which in turn permitted the company to send unsolicited advertisements to the consumer’s PC.
The music giant initially denied that its anti-piracy program presented a security risk, issuing a statement that said it would “reexamine all aspects of our content protection initiative to be sure that it continues to meet our goals of security and ease of consumer use.”
The company also said it would offer exchanges to consumers who purchased the DRM software-laden discs. The Texas and California lawsuits forced the issue.
Should DRM Go Away?
The Sony fiasco is further evidence that DRM needs to get the old heave-ho, according to Inside Digital Media Senior Analyst Phil Leigh. However, music industry executives would first have to admit they were wrong before a paradigm shift could occur.
“Music industry executives won’t abandon DRM until they can find a face-saving justification,” Leigh told TechNewsWorld. “The industry will present it in a way that makes it look like it’s their idea rather than an admission of any mistake.”
Ultimately, DRM will go by the wayside, he concluded.