Sony settles with FTC in rootkit case

The antipiracy software, otherwise known as a rootkit, could not only limit the use of the CDs but could also pose serious security risks, according to the FTC. The controversy erupted two years ago, when it came to light that Sony was embedding copy protection software, or digital rights management technology, in its CDs.

Under the proposed settlement, consumers would be able to exchange their Sony BMG CDs through June 31 and may also receive reimbursements of up to $150 to repair damage their computers may have sustained when users attempted to remove the rootkit software.

The proposed settlement also calls for Sony BMG to disclose limitations on consumers' use of the music CDs, prohibits the company from collecting user information for marketing purposes and probibits it from installing software without users' consent. Sony is also required to provide a way for users to easily uninstall the rootkit software.

"Installations of secret software that create security risks are intrusive and unlawful," FTC Chairman Deborah Platt Majoras said in a statement. "Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

The FTC will hold public hearings on the proposed settlement through March 1, after which the Commission will make a final decision.

"We are pleased to have reached this agreement with the FTC," Sony BMG said in a statement.

Sony has already recalled millions of CDs into which the rootkit technology had been embedded, as well as paid a total of $5.75 million in fines to 41 states. In those states, it has paid $175 in reimbusements per consumer who incurred computer damage when attempting to remove the rootkit software.