The reimbursement was part of a broader settlement proposal Sony BMG reached with the Federal Trade Commission, which had claimed that the digital rights management software Sony unleashed on consumers in 2005 violated federal laws.
Sony BMG, the music division of Sony, shipped the software in 12 million CDs on 52 titles. Retailers sold 7 million of the disks, which installed the DRM software on computers without any warning to consumers. The application restricted the types of portable devices that the music could be played on, placed limits on the number of copies, and monitored consumers listening habits, sending the information back to Sony for marketing purposes, the FTC said.
In addition, the software, which was designed to hide itself in a computer, was unreasonably difficult to remove and left consumers' computers more vulnerable to attacks from hackers, who could exploit the application's cloaking mechanism.
In agreeing to the FTC settlement, Sony did not admit to breaking any laws. The agreement is now open to public comment for the next 30 days, after which the FTC will decide whether to make it final.
"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairwoman Deborah Platt Majoras said in a statement. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."
Under the settlement proposal, consumers can return and get replacements for affected CDs bought before Dec. 31, 2006. Sony BMG would reimburse consumers up to $150 for damages caused by the security software and its removal. The exchange and reimbursement program would expire after June 31, 2007.
The record company also agreed to clearly disclose limitations on the use of CDs in the future, and not to install software without first getting consent from consumers. In addition, any information collected by the destructive software would not be used for marketing.
The deal would also require Sony BMG to provide an uninstall tool and patches to repair security vulnerabilities, and advertise them on its Web site for two years. The company would also have to post notices of the settlement, and the reimbursement and repair program. Sony has launched a site that contains the required information.
Sony BMG in December settled similar cases with 41 states, and the District of Columbia, agreeing to pay $4.25 million to reimburse consumers. The company, a joint venture between Sony Corp. and Bertelsmann AG, suffered considerable embarrassment in the snafu, which attracted extensive media coverage.