Hiding spyware on CDs to cost Sony $1.5 million

Hiding spyware on CDs to cost Sony $1.5 million

LOS ANGELES — Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle lawsuits brought by California and Texas over music CDs that installed a hidden anti-piracy program on consumers’ computers.

Not only did the program itself open up a security hole on computers but attempts to remove the software also damaged computers.

Announced Tuesday, the settlements cover lawsuits over CDs loaded with one of two types of copy-protection software — known as MediaMax or XCP.

Under the terms of the separate settlements, each state will receive $750,000 in civil penalties and costs.

In addition, Sony BMG agreed to reimburse consumers whose computers were damaged while trying to remove the XCP software. Customers in both states can file a claim with Sony BMG to receive refunds of up to $175.

State officials estimate some 450,000 compact discs carrying the XCP software were sold in California, and about 130,000 were sold in Texas.

Customers have 180 days to file claims, which must include a description of how their computer was harmed and documentation of repair expenses.

Some who used certain anti-spyware software to remove the programs installed by the CDs ended up with a glitch that caused their computer CD-ROM drives to be disabled.

As part of the settlements, Sony BMG also agreed not to distribute any compact discs loaded with any copy-protection software that hinders computer users from easily locating it or removing it from their computers.

The record company also agreed to improve how it discloses to consumers whether its CDs come loaded with software.

“Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn’t inflict security vulnerabilities on computers,” California Attorney General Bill Lockyer said. “To its credit, Sony BMG learned this lesson and has stopped the practices that led to this lawsuit.”

According to the complaint filed by Lockyer, Sony BMG did not disclose in the outer packaging the presence of the software, which was loaded on consumers’ computers without their consent when they played the CDs on their computers.

The software also was downloaded in a hidden file, state officials claimed.

In a news conference Tuesday in Austin, Texas Attorney General Greg Abbott said the settlement sent a clear message.

“Texans deserve to be protected from harmful hidden software that threatens their privacy or the security of their computers,” he said.

In a statement, Sony BMG said it was pleased to reach agreements with the two states.

Sony BMG began including MediaMax on some of its discs in August 2003 and introduced XCP in January 2005. Both programs limited the number of copies of a disc a user can make.

But word began to spread on the Internet in late 2005 that the software on the CDs potentially could make computers vulnerable to hacking. Some suggested the company was using it to spy on consumers.

The company maintained it did not use any of the software programs to collect or retain personal data about the consumers without their consent.

Too bad it is just Texas and California.

yeah i know…