As usual the US govmunt settles for far less than it should...

Sony settles with FTC in rootkit case

By Dawn Kawamoto, CNET News.com
Published on ZDNet News: January 30, 2007, 10:22 AM PT
http://news.zdnet.com/2100-3513_22-6...l?tag=nl.r9491

Sony BMG Music Entertainment announced on Tuesday that it has reached a
proposed settlement with the Federal Trade Commission over the
controversial embedding of antipiracy software its CDs without users'
knowledge.

The antipiracy software, otherwise known as a rootkit, could not only limit
the use of the CDs but could also pose serious security risks, according to
the FTC. The controversy erupted two years ago, when it came to light that
Sony was embedding copy protection software, or digital rights management
technology, in its CDs.

Under the proposed settlement, consumers would be able to exchange their
Sony BMG CDs through June 31 and may also receive reimbursements of up to
$150 to repair damage their computers may have sustained when users
attempted to remove the rootkit software.

The proposed settlement also calls for Sony BMG to disclose limitations on
consumers' use of the music CDs, prohibits the company from collecting user
information for marketing purposes and probibits it from installing
software without users' consent. Sony is also required to provide a way for
users to easily uninstall the rootkit software.

"Installations of secret software that create security risks are intrusive
and unlawful," FTC Chairman Deborah Platt Majoras said in a statement.
"Consumers' computers belong to them, and companies must adequately
disclose unexpected limitations on the customary use of their products so
consumers can make informed decisions regarding whether to purchase and
install that content."

The FTC will hold public hearings on the proposed settlement through March
1, after which the Commission will make a final decision.

"We are pleased to have reached this agreement with the FTC," Sony BMG said
in a statement.

Sony has already recalled millions of CDs into which the rootkit technology
had been embedded, as well as paid a total of $5.75 million in fines to 41
states. In those states, it has paid $175 in reimbusements per consumer who
incurred computer damage when attempting to remove the rootkit software