recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Sony Settles FTC Suit Over Music CD Spyware

Sony BMG Music Entertainment on Tuesday said that it had agreed to settle charges brought by the Federal Trade Commission for shipping dozens of music CDs -- that when played on a Microsoft Windows computer -- installed a hidden anti-piracy program that spied on users' listening habits and restricted the number of copies that could be made.

"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairman Deborah Platt Majoras said in a written statement. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

Majoras' comments echoed those of Stewart Baker, an assistant secretary at the Department of Homeland Security. He indirectly slammed Sony shortly after the scandal broke in November 2005.

The terms of the FTC settlement closely track those outlined in two similar settlements from cases brought by attorneys general in Texas and California. The FTC settlement requires Sony BMG to "clearly disclose limitations on consumers' use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software. The settlement also mandates that Sony BMG allow consumers to exchange the CDs through June 31 and reimburse consumers for up to $150 to repair damage to their computers that they may have suffered in trying to remove the software."

Sony's secret software actually employed techniques similar to those found in "rootkits," a term used to described some of the file-hiding tactics used by some of the most advanced computer viruses in circulation today.

Security experts found that viruses or attackers also could use Sony's software to hide on a user's PC. Indeed, a virus later appeared that took advantage of that capability. The company that built the software for Sony later issued a patch to help people remove the software. However, the patch ultimately introduced its own set of security and stability problems after it was installed.

For a more in-depth look at the issue, refer back to two dozen or so of my blog posts: Piracy.

By Brian Krebs |  January 31, 2007; 1:24 PM ET Fraud , From the Bunker , Misc. , Piracy
Previous: Web Advertisers Settle N.Y. Spyware Lawsuit | Next: In Praise of Phish Fighters

Comments

Please email us to report offensive comments.



Can't help feeling that SonyBMG has got away quite lightly with this. The rootkit that was installed with their CD's was an outrage...and the attitude of the company when they were exposed was scarcely better.
I now boycott Sony products as a matter of course...but I suspect this will all be forgotten about in a few weeks.
Also don't forget that credit for exposure of this fiasco should go to uber-geek Mark Russinovich

Posted by: Nick | January 31, 2007 3:33 PM

Probably you meant to say that Sony settled charges for shipping __millions of copies__ of dozens of music CDs . . .

I didn't purchase any of these, but I felt that everyone in the community was affected and not just certain music buyers. So I too have boycotted all Sony products from that time.

Posted by: Roger Sperberg | February 8, 2007 9:27 AM

The comments to this entry are closed.

 
 

©  The Washington Post Company