EFF Files Class Action Lawsuit Against Sony BMG

By Michael Santo
Contributing Writer, RealTechNews

It was inevitable once the Electronics Frontier Foundation (EFF) started asking for input on consumers’ experiences with the Sony XCP copy protection software. Today the EFF filed a class action lawsuit against Sony BMG. The lawsuit covers not just the First4Internet XCP DRM, but the SunnComm MediaMax copy protection software Sony BMG has also used.

The suit, to be filed in Los Angeles County Superior court, alleges that the XCP and SunnComm technologies have been installed on the computers of millions of unsuspecting music customers when they used their CDs on machines running the Windows operating system. Researchers have shown that the XCP technology was designed to have many of the qualities of a “rootkit.” It was written with the intent of concealing its presence and operation from the owner of the computer, and once installed, it degrades the performance of the machine, opens new security vulnerabilities, and installs updates through an Internet connection to Sony BMG’s servers. The nature of a rootkit makes it extremely difficult to remove, often leaving reformatting the computer’s hard drive as the only solution. When Sony BMG offered a program to uninstall the dangerous XCP software, researchers found that the installer itself opened even more security vulnerabilities in users’ machines. Sony BMG has still refused to use its marketing prowess to widely publicize its recall program to reach the over 2 million XCP-infected customers, has failed to compensate users whose computers were affected and has not eliminated the outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different, but similarly troubling problems. It installs files on the users’ computers even if they click “no” on the EULA, and it does not include a way to fully uninstall the program. The software transmits data about users to SunnComm through an Internet connection whenever purchasers listen to CDs, allowing the company to track listening habits — even though the EULA states that the software will not be used to collect personal information and SunnComm’s website says “no information is ever collected about you or your computer.” If users repeatedly requested an uninstaller for the MediaMax software, they were eventually provided one, but they first had to provide more personally identifying information. Worse, security researchers recently determined that SunnComm’s uninstaller creates significant security risks for users, as the XCP uninstaller did. Source: EFF

We Say: If nothing else, this fiasco has turned the spotlight on DRM. Maybe the title of this AP article (via Information Week) says it all: “Sony BMG Blunder Shows Digital Rights Management May Be Doomed”. A quote from the AP article: “I think they’ve set back audio CD protection by years,” said Richard M. Smith, an Internet privacy and security consultant. “Nobody will want to pull a `Sony’ now.”

As I said earlier today … all this hassle and the DRM can be defeated with some tape. Let’s not forget that besides this lawsuit, Sony BMG is also facing at least six other class action lawsuits nationwide and an action by the Texas Attorney General. Maybe the industry needs to take a step back and decide if it’s really worth it.