Sony settles with FTC over rootkit CDs

Sony BMG Music violated federal law by selling CDs with spyware on them, which monitored their listening habits so Sony could send marketing messages, the company agreed yesterday, Internet News reports. The software included a "rootkit" that cloaked the existence of the data-collection software.

The FTC said Sony agreed to allow consumers' to exchange the infected CDs for regular versions and to pay up to $150 if PCs were damaged.

"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairman Deborah Platt Majoras said in a statement.

"Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

Sony just paid $4.25 million in a class-action lawsuit. The settlement with the FTC requires Sony to disclose copying limitations in the future and bars the company from collecting data for marketing purposes.