31.1.07

What's really happening in the Sony Rootkit case

Boycott SonyServeral people pointed me today to this article (in Portuguese), that says that (my translation):

With this new deal, Sony agrees to take off all kind of restrictions on how consumers use the music contained in the CDs, and not to gather information about their clients for marketing purposes.

During the next two years, Sony will also have to give a tool to uninstall the copy protection software and fixes to repair eventual damage in consumers PCs.

That said, people were assuming that "Sony BMG Music will stop shipping discs with DRM". That's completely out of focus on this settlement. As you can read in the official press-release,

The settlement requires clear and prominent disclosure on the packaging of Sony BMG’s future CDs of any limits on copying or restrictions on the use of playback devices. It bars the company from installing content protection software without obtaining consumers’ authorization, and, if Sony BMG conditions consumers’ use of its CDs on installation of the content protection software, it must disclose that requirement on the product packaging.

In addition, the settlement bars Sony BMG from using the information on consumers’ listening preferences that it has already gathered through the monitoring technology it installed and bars them from using the information to deliver ads to those consumers. For future CDs containing such technology, the agreement requires that, before transmitting information about consumers, their computers or their use of the CD, Sony BMG must clearly disclose on consumers’ computer screens what the technology will do, and obtain consumers’ consent. If it conditions consumers’ use of its CDs on their agreement to have information collected, Sony BMG must disclose that condition clearly on the CDs’ packaging.

The settlement bars Sony BMG from installing or hiding content protection software that prevents consumers from finding or removing the software, and requires that it provide a reasonable and effective way to uninstall any content protection software. It requires that for two years, Sony BMG provide an uninstall tool and patches to repair the security vulnerabilities created on consumers’ computers by previously installed software. The company is required to advertise these free fixes on its Web site.

As part of the settlement, Sony BMG will allow consumers to exchange CDs containing the concealed software purchased before December 31, 2006 for new CDs that are not content-protected, and will be required to reimburse consumers up to $150 to repair damage that resulted directly from consumers’ attempts to remove the software installed without their consent. Sony BMG is required to publish notices on its Web site describing the exchange and repair reimbursement programs.

Sony BMG also is required to provide financial inducements to retailers to return the CDs that create security problems for consumers’ computers. For CDs already in its stock that are sold to retailers, Sony BMG is required to disclose on the product packaging the restrictions on use and the security vulnerabilities.

Finally, the settlement contains record-keeping and reporting provisions designed to allow the agency to monitor compliance with its order.

Quite different, heh?

Oh, and by the way, while it's good that they're being punished by being ordered to fix their mess, notice that they're not paying any fines by breaking the law, and their DRM practices are still accepted.