Lawyers in a class action lawsuit filed against Sony BMG, First 4 Internet and SunnComm last month have submitted a preliminary settlement, which calls for Sony to stop manufacturing CDs with XCP and MediaMax DRM, provide replacement discs, and make cash payments to affected customers.
Lawsuits were filed on November 14 in New York and other states by Girard Gibs and Kamber & Associates, and class action status was granted December 1. The cases claimed that Sony’s digital rights management, which attempts to stop computer users from copying a CD’s audio tracks to a hard drive, is invasive and damaging to computer systems.
Sony employed technology from First 4 Internet (F4I) that uses a “rootkit” to hide the DRM and prevent its removal. Shortly thereafter, it was discovered that Sony’s other copy protection software, SunnComm MediaMax, also poses a security risk and installs without a user’s permission.
The two sides met in early December and began “virtual round-the-clock” negotiations about reaching an agreeable settlement. According to the settlement filing viewed by BetaNews, the goal was to provide prompt relief to affected customers and “limit the risk that these consumers’ computers would be vulnerable to malicious software.”
The settlement terms include all customers who “came into possession of or otherwise used” at least one CD with MediaMax or XCP software on it since August 1, 2003. Sony BMG resellers and distributors are not included, nor are former and current employees of the company.
Sony will continue its exchange program to replace XCP affected CDs with “clean” DRM-free copies and enable customers to download MP3 versions from its Web site. In addition, the company will offer a choice of two incentive packages to ensure XCP CDs are removed from the market.
“Incentive #1” will provide customers with a cash payment of $7.50 and a free download of one album from a list of more than 200 titles. “Incentive #2” removes the cash payment but allows for downloads of three albums.
The downloads will be handled using a promotion code with three major music download services, of which one will be Apple’s iTunes. Promotion codes will be valid for six months. Owners of MediaMax CDs, meanwhile, will be offered MP3 versions of the music and one free album download.
In order to be eligible, an individual must return the XCP laden CD to Sony, or provide the company with a receipt showing the return or exchange of the CD at a retailer after November 14. A claim form will be required, as will verification that XCP was uninstalled or updated.
As part of the settlement Sony will continue to issue the XCP Update software, which removes the rootkit cloaking mechanism, and make available a full uninstaller. An update to correct the MediaMax vulnerability will also be issued, and Sony has agreed to work with security professionals to ensure the software is free of known vulnerabilities.
In addition, the three defendants have agreed not to use the data collected from MediaMax and XCP, and will no longer collect personal information from any copy protected CD without a user’s express consent. An independent third party will be hired to verify this requirement for 2006 and 2007, and the results will be posted on Sony’s Web site.
The defendants will also waive certain provisions of the XCP and MediaMax license agreements, including the restricted use of audio files and requirement that the DRM be updated.
Until 2008, Sony has agreed not to manufacture or distribute CDs with the XCP software, and will no longer manufacture MediaMax 3.0 or MediaMax 5.0 CDs. Unlike albums with XCP, MediaMax CDs currently in circulation will not be recalled.
If Sony decides to ship CDs with new copy protection software before 2008, it must ensure the DRM will not be installed without proper consent, make an uninstaller readily available to customers, and ensure it will not create known security vulnerabilities.
The company has additionally agreed to collect only limited information, such as IP address and data on the CD itself, and will include “a written disclosure in plain English that the CD contains content protection software and a brief description of the software.”
If approved, the class will be notified of the settlement terms through e-mail and advertising, and a hearing will be scheduled for a final approval. The current terms do not include an award of attorneys’ fees and reimbursement of costs, which could be in the millions.
As class members will release Sony BMG, F4I and SunnComm of all claims by agreeing to the settlement, they may opt out. If more than 1,000 individuals decide to opt out, Sony could withdraw from the settlement. F4I and SunnComm may also choose to be excluded before January 16, 2006, which would leave the companies open to individual lawsuits.
News source: Betanews