EFF Files Class Action Lawsuit Against Sony BMG]

[David Farber <dave () farber net>]

-------- Original Message --------
Subject:        EFF Files Class Action Lawsuit Against Sony BMG
Date:   Mon, 21 Nov 2005 12:30:04 -0800
From:   Joseph Lorenzo Hall <joehall () gmail com>
Reply-To:       joehall () pobox com
To:     Dave Farber <dave () farber net>
CC:     Fun @ SIMS <fun () sims berkeley edu>



EFF Files Class Action Lawsuit Against Sony BMG

<http://www.eff.org/news/archives/2005_11.php#004192>

Company Should Repair Damage to Customers Caused by CD Software

The Electronic Frontier Foundation (EFF), along with two leading
national class action law firms, today filed a lawsuit against Sony
BMG, demanding that the company repair the damage done by the
First4Internet XCP and SunnComm MediaMax software it included on over
24 million music CDs.

EFF is pleased that Sony BMG has taken steps in acknowledging the
security risks caused by the XCP CDs, including a recall of the
infected discs. However, these measures still fall short of what the
company needs to do to fix the problems caused to customers by XCP,
and Sony BMG has failed entirely to respond to concerns about
MediaMax, which affects over 20 million CDs -- ten times the number of
CDs as the XCP software.

"Sony BMG is to be commended for its acknowledgment of the serious
security problems caused by its XCP software, but it needs to go
further to regain the public's trust," said Corynne McSherry, EFF
Staff Attorney. "It is unconscionable for Sony BMG to refuse to
respond to the privacy and other problems created by the over 20
million CDs containing the SunnComm software."

The suit, to be filed in Los Angeles County Superior court, alleges
that the XCP and SunnComm technologies have been installed on the
computers of millions of unsuspecting music customers when they used
their CDs on machines running the Windows operating system.
Researchers have shown that the XCP technology was designed to have
many of the qualities of a "rootkit." It was written with the intent
of concealing its presence and operation from the owner of the
computer, and once installed, it degrades the performance of the
machine, opens new security vulnerabilities, and installs updates
through an Internet connection to Sony BMG's servers. The nature of a
rootkit makes it extremely difficult to remove, often leaving
reformatting the computer's hard drive as the only solution. When Sony
BMG offered a program to uninstall the dangerous XCP software,
researchers found that the installer itself opened even more security
vulnerabilities in users' machines. Sony BMG has still refused to use
its marketing prowess to widely publicize its recall program to reach
the over 2 million XCP-infected customers, has failed to compensate
users whose computers were affected and has not eliminated the
outrageous terms found in its End User Licensing Agreement (EULA).

The MediaMax software installed on over 20 million CDs has different,
but similarly troubling problems. It installs files on the users'
computers even if they click "no" on the EULA, and it does not include
a way to fully uninstall the program. The software transmits data
about users to SunnComm through an Internet connection whenever
purchasers listen to CDs, allowing the company to track listening
habits -- even though the EULA states that the software will not be
used to collect personal information and SunnComm's website says "no
information is ever collected about you or your computer." If users
repeatedly requested an uninstaller for the MediaMax software, they
were eventually provided one, but they first had to provide more
personally identifying information. Worse, security researchers
recently determined that SunnComm's uninstaller creates significant
security risks for users, as the XCP uninstaller did.

"Music fans shouldn't have to install potentially dangerous, privacy
intrusive software on their computers just to listen to the music
they've legitimately purchased," said EFF Legal Director Cindy Cohn.
"Regular CDs have a proven track record -- no one has been exposed to
viruses or spyware by playing a regular audio CD on a computer. Why
should legitimate customers be guinea pigs for Sony BMG's
experiments?"

"Consumers have a right to listen to the music they have purchased in
private, without record companies spying on their listening habits
with surreptitiously-installed programs," added EFF Staff Attorney
Kurt Opsahl, "Between the privacy invasions and computer security
issues inherent in these technologies, companies should consider
whether the damage done to consumer trust and their own public image
is worth its scant protection."

Both the XCP and MediaMax CDs include outrageous, anti-consumer terms
in their "clickwrap" EULAs. For example, if purchasers declare
personal bankruptcy, the EULA requires them to delete any digital
copies on their computers or portable music players. The same is true
if a customer's house gets burglarized and his CDs stolen, since the
EULA allows purchasers to keep copies only so long as they retain
physical possession of the original CD. EFF is demanding that Sony BMG
remove these unconscionable terms from its EULAs.

The law firms of Green Welling, LLP, and Lerach, Coughlin, Stoia,
Geller, Rudman and Robbins, LLP, joined EFF in the case. Sony BMG is
also facing at least six other class action lawsuits nationwide and an
action by the Texas Attorney General. EFF looks forward to
representing the voice of digital music fans in the resolution of
these disputes between Sony BMG and consumers.

For more on the Sony BMG litigation, see:
http://www.eff.org/IP/DRM/Sony-BMG/

EFF's open letter to Sony:
http://www.eff.org/IP/DRM/Sony-BMG/?f=open-letter-2005-11-14.html

Posted at 12:13 PM

--
Joseph Lorenzo Hall
PhD Student
UC Berkeley, School of Information (SIMS)
<http://josephhall.org/>

-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/