The Federal Trade Commission (FTC) has announced that record label Sony BMG is to reimburse consumers up to $150 for damages caused to their PC by hidden anti-piracy software embedded into music CDs. Is this enough to protect consumers?
Will this send a message to big companies that it's wrong to compromise customer's computers in the name of DRM?Back in 2005, Sony BMG shipped more than 12 million CDs from artists such as The Coral, Alicia Keys, Dido, the Foo Fighters and the Backstreet Boys (about 7 million of these CDs were sold), each loaded with either XCP or MediaMax anti-piracy programs which installed itself on consumers' computers without their knowledge or consent. These programs installed a rootkit to cloak the copy-protection software on user's PCs which put them at risk from hackers. To make things worse, the ActiveX uninstaller released for XCP (which was developed not by Sony but a company called First4Internet) contained a serious vulnerability. The FTC said the anti-piracy software used by Sony "exposed consumers to significant security risks and was unreasonably difficult to uninstall".
The Sony BMG copy-protection fiasco bought home the fact that big companies are willing to go to extraordinary lengths to protect their property - even going as far as compromising user's PCs in the process.
Sony BMG, which agreed to the settlement figure but did not admit a law violation must allow consumers to exchange affected CDs bought before 31 December 2006, and compensate them up to $150 to repair damage to their PCs.
Is this enough? Will this send a message to big companies that it's wrong to compromise customer's computers in the name of DRM?