|
|
Posted by anthonyberet on 01/20/06 11:33
From CNET:
http://news.com.com/Sony+BMG+faces+the+music/2010-7348_3-5975695.html?tag=html.alert
Sony BMG Music Entertainment, feeling the legal heat over the
copy-protection software in millions of its music CDs, last week was
sued in both Texas and California.
By exploiting a hole in the copy protection code, virus writers could
modify an old Trojan horse to take advantage of the powerful, though
inadvertent, shielding provided by the Sony software. Sony eventually
announced that, as part of a review of its digital rights management
strategy, it would suspend production of CDs that contain this
particular copy-protection technology.
Too late to avoid the legal blowback. In Texas, the attorney general is
seeking $100,000 for each alleged violation of the state's "Consumer
Protection Against Computer Spyware Act." The California lawsuit is a
class action that seeks compensatory damages, disgorgement of profits
and punitive damages.
The Electronic Frontier Foundation, which is co-counsel in the
California case, says that Sony BMG caused damage by virtue of the
First4Internet XCP software and the SunnComm Technologies MediaMax tool
included in more than 24 million of Sony's music CDs.
The XCP and SunnComm technologies were unwittingly installed by
millions of music customers when they used the Sony CDs in their
Windows-based computers. Researchers found that the XCP technology was
designed to include many of the qualities of a "rootkit." According to
the EFF, the software was developed to conceal its presence and
operation from the computer's owner. Once installed, the code degraded
system performance, opened new security vulnerabilities, and installed
updates through an Internet connection to Sony BMG's servers, EFF alleges.
The nature of a rootkit makes it extremely difficult to remove. That
often leaves reformatting the computer's hard drive as the only
solution. When Sony BMG offered a program to uninstall the XCP software,
the installer reportedly opened even more security vulnerabilities in
users' machines.
EFF argues that the MediaMax software installed on more than 20 million
CDs is similarly problematic. It apparently installs files on the users'
computers even if they click "no" on the End User License Agreement, and
it allegedly does not include a means to fully uninstall the program.
In addition, EFF says the software transmits data about users to
SunnComm through an Internet connection whenever purchasers listen to
CDs, allowing the tracking of listening habits--even though the license
states that the software will not be used to collect personal information.
When users repeatedly requested an uninstaller for the MediaMax
software, EFF maintains that they were eventually provided one, but only
after they had provided more personal information. The group also
asserts that security researchers have determined that SunnComm's
uninstaller creates significant security risks for users, as the XCP
uninstaller did.
Satisfaction shortfall
EFF has expressed satisfaction that Sony BMG has taken steps in
acknowledging the security risks caused by the CDs with XCP software,
including a recall of the infected discs. However, the group maintains
the measures still fall short of what Sony needs to do to fix the
problems caused to customers. "Sony BMG has failed entirely to respond
to concerns about MediaMax, which affects over 20 million CDs--10 times
the number of CDs as the XCP software," EFF declared.
Unless plaintiffs' attorneys are satisfied by remedial and other steps
taken by Sony BMG, the litigation will proceed. Of course, Sony BMG will
be entitled to its day in court, and it will be allowed to present any
available defenses to seek to excuse its conduct.
[Back to original message]
|