Sony BMG Settles FTC Rootkit Case

Sony BMG has settled with the Federal Trade Commission, agreeing to reimburse consumers up to $150 for damage to the computers caused by the label's use of rootkits to prevent piracy of its discs.

The company had settled a similar case with 39 states and the state of California late last year. Like those settlements, Sony BMG admits no wrongdoing, and must provide tools to help uninstall the rootkit software. In addition, it would be required to post notices of the settlement on its Web site for two years.

"Installations of secret software that create security risks are intrusive and unlawful," said FTC Chairman Deborah Platt Majoras. "Companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content."

In a statement, the FTC said the software "exposed consumers to significant security risks and was unreasonably difficult to uninstall." It was used to monitor listening habits and prevent discs from being copied more than a preset number of times.

Exchanges of discs with the rootkit software would be accepted through June 31, 2007, the FTC ordered.

The commission vote to accept the settlement was unanimous at 5-0, and would be open to public comment for the next 30 days. After that time, the FTC would decide whether to make the ruling final.

Sony BMG was not returning requests for comment on the decision as of press time.