Texas Attorney General Greg Abbott has expanded his pending lawsuit against Sony BMG Music Entertainment, charging the company with violating the state's laws covering deceptive trade practices.
In November, Abbott sued the New York-based company under the state's spyware law, alleging that Sony BMG embedded illegal spyware in several music CDs that contained digital-rights management (DRM) technology  .
The latest allegations claim that Sony's MediaMax copy-protection technology violates state laws in that the software is installed on users' computers even if those users reject the software's license agreement, posing additional security risks.
Deception Tactics
"We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music," said Abbott in a statement.
The Texas lawsuit asserts that the company failed to warn consumers of the harm its copy-protection software could cause when installed on PCs, and the fact that files secretly embedded in certain CDs purchased at retailers would likely compromise computers.
In addition, Abbott is notifying retailers who still carry the tainted 52 CD titles to remove them.
Sony Draws Fire
Sony drew a storm of protests in November after it was discovered that the XCP DRM program included on the 52 CDs has a cloaking feature that allows it to hide files on computers. Security researchers classified the program as spyware, saying it secretly transmits details about what music the PC is playing.
The XCP software also was used by the writers of malicious software to launch Trojan horse programs that could take advantage of the cloaking feature to enter computers undetected.
In addition to the Texas complaint, a class-action lawsuit has been filed against Sony in California and there has been talk of a similar complaint being filed in New York.
In response, Sony issued patches for both the MediaMax and XCP applications to address security issues and has recalled the affected CDs.
Good Intentions, Bad Execution
Security authority Sophos, which identified a Trojan that exploited Sony's XCP software, recently polled 1,500 PC users regarding the threat posed by the DRM technology and found that 98 percent of those users see the technology as a serious security hazard.
"Any time the copy protection code is cloaked, it provides a window for others to cloak what they are doing," said Greg Mastoras, senior security analyst at Sophos. "Sony did not think this through and consider the effect their DRM technology would have on consumers."
Sony's intentions were honorable, he said. "They wanted to stop music piracy and protect their artists, but they did this in a bad way and provided an opening for malware writers."
|
