Sony BMG Rootkit Settlement Reaffirms Key Consumer Rights
(202) 637-9800 x106
WASHINGTON -- The Federal Trade Commission's landmark settlement with Sony BMG Music Entertainment over the company's surreptitious installation of "rootkit" technology on its customers' computers reaffirms the fundamental right of computer users to make informed decisions about what software they install.
In comments submitted to the FTC today, CDT praised the commission for the settlement reached earlier this month. In 2005, Sony BMG shipped a number of compact discs that included a new form of digital rights management (DRM) technology. When consumers attempted to play the discs on their computers, the DRM surreptitiously installed "rootkit" software. The DRM was designed to function in the background, where it was invisible to the average user. The DRM not only allowed Sony to monitor its customers' activities but by opening the door to that surveillance, it also exposed affected computers to serious security threats. CDT's comments are available at http://www.cdt.org/copyright/20070227sonycomments.pdf .
"This settlement makes clear that consumers must be given the first and last word about what ends up on their computers," said David Sohn, CDT staff counsel. "As laid out in the settlement, not only must companies clearly inform users about and get consent before installing software on their computers, they must also provide adequate information and resources to allow consumers to remove technology that they no longer want. These are important principles for DRM and for the software market in general. "
CDT specifically praised three key provisions in the settlement:
- The first was that Sony BMG must clearly disclose the presence of DRM software and obtain affirmative consumer consent before installing the software. This requirement promotes the principle that consumers -- not software distributors -- should be in control of which applications are installed on their computers.
- Second, the FTC has required Sony BMG to obtain affirmative consumer consent prior to transmitting information about consumers, their computers, or their use of content back to Sony BMG servers. This requirement reflects the fact that this kind of information transfer is a significant event from the consumer perspective, and that consumers deserve to be informed and given a choice about the collection and use of this information.
- Finally, the FTC has continued to promote the best practice of requiring software distributors to provide a reasonable and effective mechanism for consumers to uninstall their software.
CDT also offered recommendations for refining the settlement to give it even more teeth, including obtaining a commitment to carefully review new software for security vulnerabilities.
About CDT: The Center for Democracy and Technology works to promote democratic values and constitutional liberties in the digital age. With expertise in law, technology, and policy, CDT seeks practical solutions to enhance free expression and privacy in global communications technologies. CDT is dedicated to building consensus among all parties interested in the future of the Internet and other new communications media.