[IP] Sony reaches provisional settlement in rootkit fiasco

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Sony reaches provisional settlement in rootkit fiasco
From: David Farber <dave@xxxxxxxxxx>
Date: Thu, 29 Dec 2005 15:34:11 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <p0620074cbfd9f36bb09d@[192.168.1.101]>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Michael Geist <mgeist@xxxxxxxxx>
Date: December 29, 2005 3:16:31 PM EST
To: dave@xxxxxxxxxx
Subject: Sony reaches provisional settlement in rootkit fiasco

Dave,

Reports today indicate that a provisional settlement has been reachedin the U.S. Sony rootkit class actions. While the settlement stillrequires court approval, it makes for an interesting read since itmay provide the starting point for a future statute that protectsagainst the misuse of digital rights management technologies.Proposed settlement at

http://www.sunbelt-software.com/ihs/alex/sonysettleme23423423434nt.pdf

My blog posting (posted below) summarizes some key provisions andargues that the deal may provide the basis for a future DRMProtection Act.<http://www.michaelgeist.ca/index.php?option=com_content&task=view&id=1052>


MG

The Start of a DRM Protection Act

Given the Canadian focus on my blog, I should note up front that thesettlement does not apply to Canadians, who for the moment are leftwith no compensation and no protection against ongoing DRM misuse.This is very troubling given the fact that more than affected 100,000CDs have been distributed in Canada. Sony BMG Canada should step upand immediately offer the same terms to Canadian consumers andundertake to abide by the same restrictions found in the settlementagreement.

The settlement has two broad goals: compensate consumers for the harmthey suffered from both the XCP and Media Max DRM software and placelimits on Sony's use of DRM. The compensation for XCP purchasersincludes the replacement of the CD with a version without copy-protection and the choice of either (i) US$7.50 plus one free albumdownload or (ii) three free album downloads (Sony will select atleast 200 eligible titles). The compensation for Media Max offersfewer free album downloads. The most notable aspect of this part ofthe settlement is that Sony will undertake to provide the freedownloads from at least three music download services including AppleiTunes. The irony of Sony being forced to offer Apple iTunesdownloads when a prime reason for inserting the DRM software was tocombat Apple iTunes should not be lost on anyone.

More interestingly (at least to non-class action lawyers) is theundertakings on Sony's future DRM use. The company has agreed to thefollowing limitations on the use of copy-protection software until 2008:


   1. No further use of XCP or Media Max

2. Ensure that the DRM will not be installed on users' computersuntil the user accepts the end-user license agreement3. Ensure that an uninstaller for the copy-protection software ismade readily available to consumers

   4. Fully disclose any updates to the copy-protection software

5. Ensure that the EULA accurately discloses the nature andfunction of the software in plain English6. Obtain comments about the EULA from an independent oversightperson7. Obtain an expert opinion that the copy-protection softwaredoes not create security vulnerabilities8. Only collect limited personal information necessary to provideenhanced CD functionality9. Include full disclosures of the copy-protection software onthe CD jewel case10. Fix any software vulnerabilities that may arise from the copy-protection software

While many of these obligations should be standard operatingprocedure and not require a court approved settlement, the fullpackage provides the starting point for a future Digital RightsManagement Protection Act. Much like the settlement, a DRMPA mustinclude consumer protections, privacy protections, securityprotections, interoperability, and appropriate oversight. Ratherthan pushing for protection for DRMs, it is apparent that we needprotection from DRMs and DRMPA would be a smart step in thatdirection. Such a statute would be the best legacy of the Sonyrootkit fiasco.


--
**********************************************************************
Professor Michael A. Geist
Canada Research Chair in Internet and E-commerce Law
University of Ottawa, Faculty of Law
57 Louis Pasteur St., Ottawa, Ontario, K1N 6N5
Tel: 613-562-5800, x3319     Fax: 613-562-5124
mgeist@xxxxxxxxx              http://www.michaelgeist.ca




-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Shock, awe and Hobbes have backfired on America's neocons
Next by Date: [IP] blogsafety.com
Previous by thread: [IP] Shock, awe and Hobbes have backfired on America's neocons
Next by thread: [IP] blogsafety.com
Index(es):
- Date
- Thread