Music giant Sony BMG filed suit against The Amergence Group (formerly SunnComm International) this week, claiming that a version of the company's MediaMax copy protection software, which shipped on more than 6 million CDs, was defective and caused harm to its consumers.
The lawsuit, announced by The Amergence Group, stems from the 2005 discovery by two independent research groups that dozens of Sony BMG's music titles included digital-rights management software which used hiding techniques more commonly found in rootkits and spyware to prevent removal of the protections. The initial discovery implicated the Extended Copy Protection (XCP) software created by First4Internet (now Fortium Technologies), but researchers soon found that Version 5 of SunnComm International's MediaMax software had similar problems.
Sony BMG protected at least 27 music titles with MediaMax Version 5, including albums by Alicia Keys, Britney Spears and Santana. The copy-protection software installed itself on users' PCs even if the person clicked "No" to the end-user license agreement and did not include a way to uninstall the program. Moreover, the software had a vulnerability that could allow an attacker to gain additional access to the user's PC, researchers and digital-rights groups claimed.
Sony BMG's lawsuit to recoup its loses from the incidents is the latest fallout from a nearly two-year saga that hurt the already tarnished reputation of digital-rights management systems. Following the November 2005 discovery of the rootkits, federal, state and consumer groups filed lawsuits against Sony BMG citing violations of consumer and business codes. The company settled most of the lawsuits in late 2006 and came to terms with the Federal Trade Commission in January of this year. The incident likely lent volume to Apple CEO Steve Jobs' call for protection-free music, which several music companies have already heeded.
Sony BMG declined to comment on the lawsuit or whether it planned further legal action related to its copy-protection problems. Fortium Technologies stated in a comment sent to SecurityFocus that the company had come to a mutual agreement with Sony BMG in 2005 to release each other from liability.
If you have tips or insights on this topic, please contact SecurityFocus.
UPDATE: The article was updated with a comment from Fortium Technologies, stating that the firm and Sony BMG had signed a mutual release agreement. Sony BMG declined to comment on the subject of possible legal action against Fortium.
Posted by: Robert Lemos