Sony DRM settlement passes final legal hurdle

A federal judge on Monday gave final approval to a endgame in a class action suit against Sony BMG Music Entertainment over anti-piracy software the company had embedded in some music CDs.

The agreement covers anyone who bought, received or used CDs containing what was revealed to be flawed digital rights management (DRM) software after 1 August, 2003. Those customers can file a claim and receive certain benefits, such as a non-protected replacement CD, free downloads of music from that CD and additional cash payments.

The court action picked up last autumn when security researchers discovered vulnerabilities posed by two pieces of software, First4Internet's XCP and SunnComm's MediaMax, which are automatically installed on a user's computer upon loading certain Sony BMG music CDs. The software's presence was masked by a "rootkit" that can make the PC more vulnerable to viruses and other hacker attacks. The software also allegedly transmitted information about the listener's computer use back to Sony BMG.

At least 15 different lawsuits were filed by class action lawyers against the record label, and the New York cases were eventually consolidated into one proceeding. The parties reached a preliminary settlement with Sony BMG in December, leaving it up to a judge in a US District Court in New York to make it official.

Sony BMG had already begun taking steps to remedy the situation. It yanked the affected discs off the shelves, suspended production of CDs containing the technology and issued a recall of the 4.7 million XCP CDs, offering MP3 downloads in return.

Under the terms of the final settlement, Sony BMG definitively agreed to continue halting manufacture or distribution of CDs containing the two programs. (It stopped using XCP on its products in November 2005 and ceased using MediaMax about a month later, according to court filings.)

For the duration of the settlement, which lasts until the end of 2007, the company is expected to take a number of steps before putting any new copy protection software on its wares. These steps would include submitting the software for review by an independent security expert and including a brief, written description of the copy protection tool on any CD that contains it.

Sony BMG told silicon.com sister site CNET News.com on Monday that it was "pleased" that the settlement in this case had secured the court's final approval.

Electronic Frontier Foundation legal director Cindy Cohn, whose organisation participated in the settlement negotiation process on behalf of the plaintiffs, urged anyone in possession of the offending CDs to stake their claims against Sony. Doing so, she predicted, may send a message to Sony BMG and other music labels to "think twice before wrapping songs in DRM".

Sony BMG still faces a separate lawsuit "over materially the same subject matter" from the Texas attorney general, as well as inquiries from the Federal Trade Commission and other state attorneys general, according to the text of the settlement. That document indicated that the company would pursue similar settlements in those cases, too.

Anne Broache writes for CNET News.com