Sony Settles Rootkit CD Suit With Texas, California - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
01:22 PM

Sony Settles Rootkit CD Suit With Texas, California

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees, and Sony will refund up to $175 to people in those states who spent money to repair computers.

Sony BMG Music Entertainment settled lawsuits with California and Texas Tuesday that stemmed from the November 2005 disclosure that the company's audio CDs were planting spyware-style rootkits on users' PCs without their knowledge.

Under terms of the agreements, each state will receive $622,000 in damages and $128,000 to cover legal costs and fees. Sony BMG will also refund up to $175 to each resident of Texas and California who spent money to repair computers damaged by attempts to uninstall the rootkit code used to mask Sony's CD copy-protection software.

The Attorneys General of both states had filed lawsuits last year charging Sony with unfair business practices and/or violations of anti-spyware statutes.

"Texans deserve to be protected from harmful, hidden files that threaten their privacy or the integrity of their computer systems," said Texas Attorney General Greg Abbott in a statement. "Our first-in-the-nation action against Sony BMG shows that consumer privacy will be vigorously protected."

California's head law enforcement officer also weighed in. "Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn't inflict security vulnerabilities on computers," said Attorney General Bill Lockyer in a rival statement.

According to Lockyer, some 450,000 Californians purchased Sony BMG CDs that used rootkit technologies, but he didn't estimate the number eligible for refunds under the settlement. Texas estimates pegged the number of rootkit CD buyers at 130,000.

The brouhaha began in November 2005 when independent researcher Mark Russinovich, who has since gone on to work for Microsoft, disclosed that Sony BMG had used a rootkit to "cloak" digital rights management software on PCs that had played the company's CDs. Later analysis by Russinovich and others found that uninstalling the code could damage the computer, and that hackers could exploit the rootkit to plant other malicious code.

Sony's first attempt to deal with the problem was a debacle; the patch it issued made some computers crash.

Earlier this year, Sony settled several class-action lawsuits, including one filed by the Electronic Frontier Foundation.

The California settlement judgment can be downloaded as a PDF from here, while the Texas settlement is available here.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll