Sony BMG Ends a Legal Nightmare

The label has quickly settled the class action over its "secret" copy-protection software. That's good for all parties -- including the future of digital music

As peace treaties go, it might be one of history's swiftest negotiations. On Dec. 28, Sony BMG settled a consolidated class-action lawsuit filed by consumers just six weeks earlier over particularly aggressive copy protections embedded in millions of the record label's CDs.

Sony BMG -- a joint venture of Sony (SNE) and Bertelsmann -- will give away millions of free downloads and CDs, shun similar copy-protection schemes, and establish rigorous oversight of the company's digital-rights management.

If the U.S. District Court for the Southern District of New York approves the deal in the coming weeks, as is expected, the settlement could set the groundwork for a broader détente between creative content providers -- such as Hollywood, the recording studios, and software designers -- and the growing number of consumers rankled by the industry's attempts to control what people can do with their legally purchased CDs, DVDs, and other digitized material. A Sony BMG spokesman declined comment, except to say the company was "pleased" with the arrangement.


  The deal puts an end to a whirlwind two months that began in late October, when a cyber-security blogger discovered that Sony BMG had installed so-called rootkit software on many of its music CDs. The program, which burrowed into listeners' PCs, was designed to prevent purchasers from making more than three copies of those disks.

But it had an insidious side effect. The rootkit secretly installed itself deep within the Microsoft (MSFT) Windows operating system. And because it was covertly buried in Windows, the program held great potential for hackers and virus writers, who could use it to attack any system where it was installed.

The hostile software was just part of the problem. The licensing agreement included with Sony BMG's CDs had its own eye-popping provisions. It allowed the music company to reclaim the CD if the purchaser declared bankruptcy, and prohibited audio buffs from reselling albums they had legally purchased.


  The news ricocheted through the Internet, bursting into the general media by early November. The record label blundered through the resulting public furor, first playing down the rootkit, then issuing a patch that only made the problem worse. On Nov. 17, it issued a mea culpa, recalling some 4 million CDs and abandoning the digital-rights management software in question.

Under terms of the settlement, consumers who purchased disks programmed with the rootkit can get a free replacement, $7.50 in cash, and a free download of one of 200 Sony BMG albums from one of three music-download sites, including Apple Computer's (AAPL) iTunes. Audiophiles who don't want to bother with a small check can forgo the cash in favor of three free album downloads. Consumers who bought CDs in 2003 and 2004, containing earlier versions of the copy-protection software, are offered free downloads of their disks' content.

Some of Sony BMG's biggest critics, including the Electronic Frontier Foundation -- a cyber-libertarian and privacy watchdog group that was among those suing the music company -- signed off on the deal for other reasons. As part of the settlement, Sony BMG will bring in an independent auditor to keep tabs on its digital-rights management software to ensure that it respects consumer privacy. The label was accused of using the rootkit to spy on its customers' listening habits, something it denies.


  Sony BMG will do rigorous testing to ensure that future copy-protection technologies don't expose purchasers' PCs to viruses and worms. It will conspicuously label copy-protected disks, as well as translate its end-user licensing agreement -- the box of mind-dulling fine print demanding that consumers click "I Accept" before a CD can be installed on a computer -- into plain English. The record company also will abandon the XCP and MediaMax digital-rights management technologies that came under fire.

That might sound like a common-sense approach to treating customers with honesty and fairness. Yet it actually breaks ground for an industry that's terrified by growing digital piracy, and diving for cover under increasingly aggressive -- and often sneaky -- content-protection schemes. If the settlement goes any distance toward restoring consumer trust in Sony BMG, it could lead to broader industry recognition that consumers are willing to work with content creators as long as those outfits don't go too far. And other labels that use MediaMax technology might reconsider their digital-rights management.

Sony BMG won't put a price tag on the deal, but estimates put it in the single-digit millions of dollars, not counting attorneys' fees. In pure financial terms, maybe the label got off easy. But in many ways, given the public flogging it endured over the holiday shopping season, the record company already has done its penance.

Before it's here, it's on the Bloomberg Terminal.