American Green Inc (ERBB)

[IBurnPurpleKush]

"Those Who Do Not Learn History Are Doomed To Repeat It." -Mark Twain.

hahahahahahahhahahah how much has erbb dropped? 11 cents-3 cents? over 50 percent down! WEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!!!!!!!!!!!!!!!!!

http://www.theregister.co.uk/2004/09/27/sunncomm_death_or_glorry/

Quote:
A less publicized but more complex battle has been taking place between SunnComm and what seems to be a small group of disgruntled shareholders. These apparent SunnComm investors have filled Internet message boards with detailed information that basically claims the company is at worst a sham and at best a deceptive business. The postings describe a string of odd acquisitions, somewhat misleading financial press releases and dubious product announcements that should have the US SEC (Securities and Exchange Commission) kicking off an Enron-like crackdown, according to the SunnComm haters.

After reading hundreds of pages of SEC filings and other SunnComm documents, we were quite shocked when an actual human answered the company's main number. The case made by the shareholders - one of whom has spent four weeks e-mailing us information about SunnComm - made it seem like a stuttering voicemail message would be all the company could afford in the way of a receptionist. - 27 Sep 2004

GO TO PAGE 2.

http://www.otcmarkets.com/stock/ERBB/filings

Item 1 Name of the issuer and its predecessor (if any)

On January 6, 2012, the name of the Issuer became Tranzbyte Corporation, previously
known as:

11/12/1998: TI-Mail Inc.
08/14/2000: Desert Winds Entertainment, Inc.
11/06/2002: SunnComm, Inc.
04/19/2004: SunnComm Technologies, Inc.
06/14/2007: The Amergence Group, Inc.
03/08/2011: Altitude Organic Corporation

On May 9, 2014 the Company changed its name to American Green, Inc.

the "haters" were right :)

http://en.wikipedia.org/wiki/MediaMax_CD-3

http://en.wikipedia.org/wiki/2005_Sony_BMG_CD_copy_protection_scandal

Sony BMG copy protection rootkit scandal
From Wikipedia, the free encyclopedia
(Redirected from 2005 Sony BMG CD copy protection scandal)


Sony BMG XCP audio CD player
The Sony BMG CD copy protection rootkit scandal of 2005–2007 concerns deceptive, illegal, and potentially harmful copy protection measures implemented by Sony BMG on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software which provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Both programs could not be easily uninstalled, and they created vulnerabilities that were exploited by unrelated malware. Sony claims this was unintentional. One of the programs installed even if the user refused its EULA, and it "phoned home" with reports on the user's private listening habits; the other was not mentioned in the EULA at all, contained code from several pieces of open-source software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.

Sony BMG initially denied that the rootkits were harmful. It then released, for one of the programs, an "uninstaller" that only un-hid the program, installed additional software which could not be easily removed, collected an email address from the user, and introduced further security vulnerabilities.

Following public outcry, government investigations, and class-action lawsuits in 2005 and 2006, Sony BMG partially addressed the scandal with consumer settlements, a recall of about 10% of the affected CDs, and the suspension of CD copy protection efforts in early 2007.

Contents [hide]
1 Background
2 Copy-protection software
2.1 XCP rootkit
2.2 MediaMax CD-3
3 Legal and financial problems
3.1 Product recall
3.2 Texas state action
3.3 New York and California class action suits
3.4 Other actions
3.5 Copyright infringement
4 Company and press reports
5 See also
6 Footnotes
7 References
8 External links
Background[edit]
In August 2000, statements by Sony Pictures Entertainment US senior VP Steve Heckler foreshadowed the events of late 2005. Heckler told attendees at the Americas Conference on Information Systems "The industry will take whatever steps it needs to protect itself and protect its revenue streams... It will not lose that revenue stream, no matter what... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source - we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC... These strategies are being aggressively pursued because there is simply too much at stake."[1]

In Europe, BMG created a minor scandal in 2001 when it released Natalie Imbruglia's second album, White Lilies Island, without warning labels stating that the CD had copy protection.[2][3] The CDs were eventually replaced.[2][3] BMG and Sony both released copy-protected versions of certain releases in certain markets in late 2001,[4][5] and a late 2002 report indicated that all BMG CDs sold in Europe would have some form of copy protection.[6]

Copy-protection software[edit]
The two pieces of copy-protection software at issue in the 2005–2007 scandal were included on over 22 million CDs[7] marketed by Sony BMG, the record company formed by the 2004 merger of Sony and BMG's recorded music divisions. About two million of those CDs,[7] spanning 52 titles, contained First 4 Internet (F4I)'s Extended Copy Protection (XCP), which was installed on Microsoft Windows systems after the user accepted an EULA which didn't mention the software. The remaining 20 million CDs,[7] spanning 50 titles,[8] contained SunnComm's MediaMax CD-3, which was installed on either Microsoft Windows or Mac OS X systems after the user was presented with an EULA, regardless of whether the user accepted it (although Mac OS X prompted the user for confirmation when the software sought to modify the OS).

XCP rootkit[edit]
Main article: Extended Copy Protection
The scandal erupted on October 31, 2005, when Winternals (later acquired by Microsoft) researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".[9]

Anti-virus firm F-Secure concurred, "Although the software isn't directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits. ... Thus it is very inappropriate for commercial software to use these techniques."[10] After public pressure, Symantec[11] and other anti-virus vendors included detection for the rootkit in their products as well, and Microsoft announced it would include detection and removal capabilities in its security patches.[12]

Russinovich discovered numerous problems with XCP:

It creates security holes that can be exploited by malicious software such as worms or viruses.
It constantly runs in the background and excessively consumes system resources, slowing down the user's computer, regardless of whether there is a protected CD playing.
It employs unsafe procedures to start and stop, which could lead to system crashes.
It has no uninstaller, and is installed in such a way that inexpert attempts to uninstall it can lead to the operating system to fail to recognize existing drives.
Soon after Russinovich's first post, there were several trojans and worms exploiting XCP's security holes. Some people even used the vulnerabilities to cheat in online games.[13]

Sony BMG quickly released software to remove the rootkit component of XCP from affected Microsoft Windows computers,[14] but after Russinovich analyzed the utility, he reported in his blog that it only exacerbated the security problems and raised further concerns about privacy.[15] Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. He also reported that it installed additional software that could not be uninstalled. In order to download the uninstaller, he found it was necessary to provide an e-mail address (which the Sony BMG Privacy Policy implied was added to various bulk e-mail lists), and to install an ActiveX control containing backdoor methods (marked as "safe for scripting", and thus prone to exploits).[16][17]

On November 18, 2005, Sony BMG provided a "new and improved" removal tool to remove the rootkit component of XCP from affected Microsoft Windows computers.

MediaMax CD-3[edit]
Main article: MediaMax CD-3
[icon] This section requires expansion. (April 2013)
Legal and financial problems[edit]
Product recall[edit]
On November 15, 2005 vnunet.com announced[18] that Sony BMG was backing out of its copy-protection software, recalling unsold CDs from all stores, and offering consumers to exchange their CDs with versions lacking the software. The Electronic Frontier Foundation compiled a partial list of CDs with XCP.[19] Sony BMG was quoted as maintaining that "there were no security risks associated with the anti-piracy technology", despite numerous virus and malware reports. On November 16, 2005, US-CERT, part of the United States Department of Homeland Security, issued an advisory on XCP DRM. They said that XCP uses rootkit technology to hide certain files from the computer user, and that this technique is a security threat to computer users. They also said one of the uninstallation options provided by Sony BMG introduces further vulnerabilities to a system. US-CERT advised, "Do not install software from sources that you do not expect to contain software, such as an audio CD."[20]

Sony BMG announced that it had instructed retailers to remove any unsold music discs containing the software from their shelves.[21] It was estimated by internet security expert Dan Kaminsky that XCP was in use on more than 500,000 networks.[22]

CDs with XCP technology can be identified by the letters "XCP" printed on the back cover of the jewel case for the CD according to SonyBMG's XCP FAQ.[23]

On November 18, 2005 Reuters reported that Sony BMG would exchange affected insecure CDs for new unprotected disks as well as unprotected MP3 files.[24]

Information about the swap can be found at the Sony BMG swap program website.[25] As a part of the swap program, consumers can mail their XCP-protected CDs to Sony BMG and be sent an unprotected disc via return mail.

On November 29 then New York Attorney General Eliot Spitzer found through his investigators that, despite the recall of November 15, Sony BMG CDs with XCP were still for sale in New York City music retail outlets. Spitzer said "It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year, [and] I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."[26]

The next day, Massachusetts Attorney General Tom Reilly issued a statement saying that Sony BMG CDs with XCP were still available in Boston despite the Sony BMG recall of November 15.[27] Attorney General Reilly advised consumers not to purchase the Sony BMG CDs with XCP and said that he was conducting an investigation of Sony BMG.

As of May 11, 2006 Sony BMG's website offered consumers a link to "Class Action Settlement Information Regarding XCP And MediaMax Content Protection."[28] It has online claim filing and links to software updates/uninstallers. The deadline for submitting a claim was June 30, 2007.

As of April 2, 2008 Sony BMG's website finally offered consumers their explanation and list of affected CDs.[29]

Texas state action[edit]
On November 21, 2005, Texas Attorney General Greg Abbott sued Sony BMG.[30] Texas was the first state in the United States to bring legal action against Sony BMG in response to the rootkit. The suit was also the first filed under the state’s 2005 spyware law. It alleged that the company surreptitiously installed the spyware on millions of compact music discs (CDs) that consumers inserted into their computers when they play the CDs, which can compromise the systems.

On December 21, 2005, Abbott added new allegations to his lawsuit against Sony-BMG, regarding MediaMax.[31] The new allegations claimed that MediaMax violated the state's spyware and deceptive trade practices laws, because the MediaMax software would be installed on a computer even if the user declined the license agreement that would authorize its installation. Abbott stated, "We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music", and "Thousands of Texans are now potential victims of this deceptive game Sony played with consumers for its own purposes." In addition to violations of the Consumer Protection Against Computer Spyware Act of 2005, which allowed for civil penalties of $100,000 for each violation of the law, the alleged violations added in the updated lawsuit (on December 21, 2005) carried maximum penalties of $20,000 per violation.[32][33]

New York and California class action suits[edit]
Class action suits were filed against Sony BMG in New York and California.[34]

On December 30, 2005, the New York Times reported that Sony BMG has reached a tentative settlement of the lawsuits, proposing two ways of compensating consumers who have purchased the affected recordings.[35] According to the proposed settlement, those who purchased an XCP CD will be paid $7.50 per purchased recording and given the opportunity to download a free album, or be able to download three additional albums from a limited list of recordings if they give up their cash incentive. District Judge Naomi Reice Buchwald entered an order tentatively approving the settlement on January 6, 2006.

The settlement is designed to compensate those whose computers were infected, but not otherwise damaged. Those who have damages that are not addressed in the class action are able to opt out of the settlement and pursue their own litigation.

A fairness hearing was held on May 22, 2006 at 9:15 am at the Daniel Patrick Moynihan United States Courthouse for the Southern District of New York.

Claims had to be submitted by December 31, 2006. Class members who wished to be excluded from the settlement must have filed before May 1, 2006. Those who remained in the settlement could attend the fairness hearing at their own expense and speak on their own behalf or be represented by an attorney.

Other actions[edit]
In Italy, ALCEI (an association similar to EFF) also reported the rootkit to the Financial Police, asking for an investigation under various computer crime allegations, along with a technical analysis of the rootkit.[36][37]

The US Department of Justice (DOJ) made no comment on whether it would take any criminal action against Sony. However, Stewart Baker of the Department of Homeland Security publicly admonished Sony, stating, "it's your intellectual property—it's not your computer".[38]

On November 21, the EFF announced that it was also pursuing a lawsuit over both XCP and the SunnComm MediaMax DRM technology. The EFF lawsuit also involves issues concerning the Sony BMG end user license agreement.

It was reported on December 24, 2005 that then-Florida Attorney General Charlie Crist was investigating Sony BMG spyware.[39]

On January 30, 2007, the U.S. Federal Trade Commission (FTC) announced a settlement with Sony BMG on charges that their CD copy protection had violated Federal law[40]—Section 5(a) of the Federal Trade Commission Act, 15 USC 45(a)—by engaging in unfair and deceptive business practices.[41] The settlement requires Sony BMG to reimburse consumers up to $150 to repair damage that resulted directly from their attempts to remove the software installed without their consent.[40] The settlement also requires them to provide clear and prominent disclosure on the packaging of future CDs of any limits on copying or restrictions on the use of playback devices, and ban the company from installing content protection software without obtaining consumers’ authorization.[40] FTC chairwoman Deborah Platt Majoras added that, "Installations of secret software that create security risks are intrusive and unlawful. Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customer use of their products so consumers can make informed decisions regarding whether to purchase and install that content."[42][43]

Copyright infringement[edit]
Main article: Extended Copy Protection § Copyright violations
Researchers found that Sony BMG and the makers of XCP also apparently infringed copyright by failing to adhere to the licensing requirements of various pieces of open-source software whose code was used in the program,[44][45] including the LAME MP3 encoder,[46] mpglib,[47] FAAC,[48] id3lib,[49] mpg123 and the VLC media player.[50]

In January 2006, the developers of LAME posted an open letter stating that they expected "appropriate action" by Sony BMG, but that the developers had no plans to investigate or take action over the apparent violation of LAME's source code license.[51]

Company and press reports[edit]
NPR was one of the first to report on the scandal on November 4, 2005.[52] Thomas Hesse, Sony BMG's Global Digital Business President, told reporter Neda Ulaby, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

In November 7, 2005 article, vnunet.com summarised Russinovich's findings,[53] and urged consumers to avoid buying Sony BMG music CDs for the time being. The following day, The Boston Globe classified the software as spyware and Computer Associates' eTrust Security Management unit VP Steve Curry confirmed that it communicates personal information from consumers' computers to Sony BMG (namely the CD being played and the user's IP address).[54] The methods used by the software to avoid detection were likened to those used by data thieves.

The first virus which made use of Sony BMG's stealth technology to make malicious files invisible to both the user and anti-virus programs surfaced on November 10, 2005.[55] One day later Yahoo! News announced that Sony BMG had suspended further distribution of the controversial technology.

According to ZDNet News: "The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases." The uninstall program obeys commands sent to it allowing others "to take control of PCs where the uninstaller has been used."[56]

On November 8, 2005, Computer Associates decided to classify Sony BMG's software as "spyware" and provide tools for its removal.[57] Speaking about Sony BMG suspending the use of XCP, independent researcher Mark Russinovich said, "This is a step they should have taken immediately."[58]

On December 6, 2005, Sony BMG said that 5.7 million CDs spanning 27 titles were shipped with MediaMax 5 software. The company announced the availability of a new software patch to prevent a potential security breach in consumers' computers.

Sony BMG in Australia released a press release indicating that no Sony BMG titles manufactured in Australia have copy protection.[59]

Sony BMG copy protection rootkit scandal
From Wikipedia, the free encyclopedia
(Redirected from 2005 Sony BMG CD copy protection scandal)


Sony BMG XCP audio CD player
The Sony BMG CD copy protection rootkit scandal of 2005–2007 concerns deceptive, illegal, and potentially harmful copy protection measures implemented by Sony BMG on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software which provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Both programs could not be easily uninstalled, and they created vulnerabilities that were exploited by unrelated malware. Sony claims this was unintentional. One of the programs installed even if the user refused its EULA, and it "phoned home" with reports on the user's private listening habits; the other was not mentioned in the EULA at all, contained code from several pieces of open-source software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.

Sony BMG initially denied that the rootkits were harmful. It then released, for one of the programs, an "uninstaller" that only un-hid the program, installed additional software which could not be easily removed, collected an email address from the user, and introduced further security vulnerabilities.

Following public outcry, government investigations, and class-action lawsuits in 2005 and 2006, Sony BMG partially addressed the scandal with consumer settlements, a recall of about 10% of the affected CDs, and the suspension of CD copy protection efforts in early 2007.

Contents [hide]
1 Background
2 Copy-protection software
2.1 XCP rootkit
2.2 MediaMax CD-3
3 Legal and financial problems
3.1 Product recall
3.2 Texas state action
3.3 New York and California class action suits
3.4 Other actions
3.5 Copyright infringement
4 Company and press reports
5 See also
6 Footnotes
7 References
8 External links
Background[edit]
In August 2000, statements by Sony Pictures Entertainment US senior VP Steve Heckler foreshadowed the events of late 2005. Heckler told attendees at the Americas Conference on Information Systems "The industry will take whatever steps it needs to protect itself and protect its revenue streams... It will not lose that revenue stream, no matter what... Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source - we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC... These strategies are being aggressively pursued because there is simply too much at stake."[1]

In Europe, BMG created a minor scandal in 2001 when it released Natalie Imbruglia's second album, White Lilies Island, without warning labels stating that the CD had copy protection.[2][3] The CDs were eventually replaced.[2][3] BMG and Sony both released copy-protected versions of certain releases in certain markets in late 2001,[4][5] and a late 2002 report indicated that all BMG CDs sold in Europe would have some form of copy protection.[6]

Copy-protection software[edit]
The two pieces of copy-protection software at issue in the 2005–2007 scandal were included on over 22 million CDs[7] marketed by Sony BMG, the record company formed by the 2004 merger of Sony and BMG's recorded music divisions. About two million of those CDs,[7] spanning 52 titles, contained First 4 Internet (F4I)'s Extended Copy Protection (XCP), which was installed on Microsoft Windows systems after the user accepted an EULA which didn't mention the software. The remaining 20 million CDs,[7] spanning 50 titles,[8] contained SunnComm's MediaMax CD-3, which was installed on either Microsoft Windows or Mac OS X systems after the user was presented with an EULA, regardless of whether the user accepted it (although Mac OS X prompted the user for confirmation when the software sought to modify the OS).

XCP rootkit[edit]
Main article: Extended Copy Protection
The scandal erupted on October 31, 2005, when Winternals (later acquired by Microsoft) researcher Mark Russinovich posted to his blog a detailed description and technical analysis of F4I's XCP software that he ascertained had been recently installed on his computer by a Sony BMG music CD. Russinovich compared the software to a rootkit due to its surreptitious installation and its efforts to hide its existence. He noted that the EULA does not mention the software, and he asserted emphatically that the software is illegitimate and that digital rights management had "gone too far".[9]

Anti-virus firm F-Secure concurred, "Although the software isn't directly malicious, the used rootkit hiding techniques are exactly the same used by malicious software to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits. ... Thus it is very inappropriate for commercial software to use these techniques."[10] After public pressure, Symantec[11] and other anti-virus vendors included detection for the rootkit in their products as well, and Microsoft announced it would include detection and removal capabilities in its security patches.[12]

Russinovich discovered numerous problems with XCP:

It creates security holes that can be exploited by malicious software such as worms or viruses.
It constantly runs in the background and excessively consumes system resources, slowing down the user's computer, regardless of whether there is a protected CD playing.
It employs unsafe procedures to start and stop, which could lead to system crashes.
It has no uninstaller, and is installed in such a way that inexpert attempts to uninstall it can lead to the operating system to fail to recognize existing drives.
Soon after Russinovich's first post, there were several trojans and worms exploiting XCP's security holes. Some people even used the vulnerabilities to cheat in online games.[13]

Sony BMG quickly released software to remove the rootkit component of XCP from affected Microsoft Windows computers,[14] but after Russinovich analyzed the utility, he reported in his blog that it only exacerbated the security problems and raised further concerns about privacy.[15] Russinovich noted that the removal program merely unmasked the hidden files installed by the rootkit, but did not actually remove the rootkit. He also reported that it installed additional software that could not be uninstalled. In order to download the uninstaller, he found it was necessary to provide an e-mail address (which the Sony BMG Privacy Policy implied was added to various bulk e-mail lists), and to install an ActiveX control containing backdoor methods (marked as "safe for scripting", and thus prone to exploits).[16][17]

On November 18, 2005, Sony BMG provided a "new and improved" removal tool to remove the rootkit component of XCP from affected Microsoft Windows computers.

MediaMax CD-3[edit]
Main article: MediaMax CD-3
[icon] This section requires expansion. (April 2013)
Legal and financial problems[edit]
Product recall[edit]
On November 15, 2005 vnunet.com announced[18] that Sony BMG was backing out of its copy-protection software, recalling unsold CDs from all stores, and offering consumers to exchange their CDs with versions lacking the software. The Electronic Frontier Foundation compiled a partial list of CDs with XCP.[19] Sony BMG was quoted as maintaining that "there were no security risks associated with the anti-piracy technology", despite numerous virus and malware reports. On November 16, 2005, US-CERT, part of the United States Department of Homeland Security, issued an advisory on XCP DRM. They said that XCP uses rootkit technology to hide certain files from the computer user, and that this technique is a security threat to computer users. They also said one of the uninstallation options provided by Sony BMG introduces further vulnerabilities to a system. US-CERT advised, "Do not install software from sources that you do not expect to contain software, such as an audio CD."[20]

Sony BMG announced that it had instructed retailers to remove any unsold music discs containing the software from their shelves.[21] It was estimated by internet security expert Dan Kaminsky that XCP was in use on more than 500,000 networks.[22]

CDs with XCP technology can be identified by the letters "XCP" printed on the back cover of the jewel case for the CD according to SonyBMG's XCP FAQ.[23]

On November 18, 2005 Reuters reported that Sony BMG would exchange affected insecure CDs for new unprotected disks as well as unprotected MP3 files.[24]

Information about the swap can be found at the Sony BMG swap program website.[25] As a part of the swap program, consumers can mail their XCP-protected CDs to Sony BMG and be sent an unprotected disc via return mail.

On November 29 then New York Attorney General Eliot Spitzer found through his investigators that, despite the recall of November 15, Sony BMG CDs with XCP were still for sale in New York City music retail outlets. Spitzer said "It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year, [and] I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."[26]

The next day, Massachusetts Attorney General Tom Reilly issued a statement saying that Sony BMG CDs with XCP were still available in Boston despite the Sony BMG recall of November 15.[27] Attorney General Reilly advised consumers not to purchase the Sony BMG CDs with XCP and said that he was conducting an investigation of Sony BMG.

As of May 11, 2006 Sony BMG's website offered consumers a link to "Class Action Settlement Information Regarding XCP And MediaMax Content Protection."[28] It has online claim filing and links to software updates/uninstallers. The deadline for submitting a claim was June 30, 2007.

As of April 2, 2008 Sony BMG's website finally offered consumers their explanation and list of affected CDs.[29]

Texas state action[edit]
On November 21, 2005, Texas Attorney General Greg Abbott sued Sony BMG.[30] Texas was the first state in the United States to bring legal action against Sony BMG in response to the rootkit. The suit was also the first filed under the state’s 2005 spyware law. It alleged that the company surreptitiously installed the spyware on millions of compact music discs (CDs) that consumers inserted into their computers when they play the CDs, which can compromise the systems.

On December 21, 2005, Abbott added new allegations to his lawsuit against Sony-BMG, regarding MediaMax.[31] The new allegations claimed that MediaMax violated the state's spyware and deceptive trade practices laws, because the MediaMax software would be installed on a computer even if the user declined the license agreement that would authorize its installation. Abbott stated, "We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music", and "Thousands of Texans are now potential victims of this deceptive game Sony played with consumers for its own purposes." In addition to violations of the Consumer Protection Against Computer Spyware Act of 2005, which allowed for civil penalties of $100,000 for each violation of the law, the alleged violations added in the updated lawsuit (on December 21, 2005) carried maximum penalties of $20,000 per violation.[32][33]

New York and California class action suits[edit]
Class action suits were filed against Sony BMG in New York and California.[34]

On December 30, 2005, the New York Times reported that Sony BMG has reached a tentative settlement of the lawsuits, proposing two ways of compensating consumers who have purchased the affected recordings.[35] According to the proposed settlement, those who purchased an XCP CD will be paid $7.50 per purchased recording and given the opportunity to download a free album, or be able to download three additional albums from a limited list of recordings if they give up their cash incentive. District Judge Naomi Reice Buchwald entered an order tentatively approving the settlement on January 6, 2006.

The settlement is designed to compensate those whose computers were infected, but not otherwise damaged. Those who have damages that are not addressed in the class action are able to opt out of the settlement and pursue their own litigation.

A fairness hearing was held on May 22, 2006 at 9:15 am at the Daniel Patrick Moynihan United States Courthouse for the Southern District of New York.

Claims had to be submitted by December 31, 2006. Class members who wished to be excluded from the settlement must have filed before May 1, 2006. Those who remained in the settlement could attend the fairness hearing at their own expense and speak on their own behalf or be represented by an attorney.

Other actions[edit]
In Italy, ALCEI (an association similar to EFF) also reported the rootkit to the Financial Police, asking for an investigation under various computer crime allegations, along with a technical analysis of the rootkit.[36][37]

The US Department of Justice (DOJ) made no comment on whether it would take any criminal action against Sony. However, Stewart Baker of the Department of Homeland Security publicly admonished Sony, stating, "it's your intellectual property—it's not your computer".[38]

On November 21, the EFF announced that it was also pursuing a lawsuit over both XCP and the SunnComm MediaMax DRM technology. The EFF lawsuit also involves issues concerning the Sony BMG end user license agreement.

It was reported on December 24, 2005 that then-Florida Attorney General Charlie Crist was investigating Sony BMG spyware.[39]

On January 30, 2007, the U.S. Federal Trade Commission (FTC) announced a settlement with Sony BMG on charges that their CD copy protection had violated Federal law[40]—Section 5(a) of the Federal Trade Commission Act, 15 USC 45(a)—by engaging in unfair and deceptive business practices.[41] The settlement requires Sony BMG to reimburse consumers up to $150 to repair damage that resulted directly from their attempts to remove the software installed without their consent.[40] The settlement also requires them to provide clear and prominent disclosure on the packaging of future CDs of any limits on copying or restrictions on the use of playback devices, and ban the company from installing content protection software without obtaining consumers’ authorization.[40] FTC chairwoman Deborah Platt Majoras added that, "Installations of secret software that create security risks are intrusive and unlawful. Consumers' computers belong to them, and companies must adequately disclose unexpected limitations on the customer use of their products so consumers can make informed decisions regarding whether to purchase and install that content."[42][43]

Copyright infringement[edit]
Main article: Extended Copy Protection § Copyright violations
Researchers found that Sony BMG and the makers of XCP also apparently infringed copyright by failing to adhere to the licensing requirements of various pieces of open-source software whose code was used in the program,[44][45] including the LAME MP3 encoder,[46] mpglib,[47] FAAC,[48] id3lib,[49] mpg123 and the VLC media player.[50]

In January 2006, the developers of LAME posted an open letter stating that they expected "appropriate action" by Sony BMG, but that the developers had no plans to investigate or take action over the apparent violation of LAME's source code license.[51]

Company and press reports[edit]
NPR was one of the first to report on the scandal on November 4, 2005.[52] Thomas Hesse, Sony BMG's Global Digital Business President, told reporter Neda Ulaby, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

In November 7, 2005 article, vnunet.com summarised Russinovich's findings,[53] and urged consumers to avoid buying Sony BMG music CDs for the time being. The following day, The Boston Globe classified the software as spyware and Computer Associates' eTrust Security Management unit VP Steve Curry confirmed that it communicates personal information from consumers' computers to Sony BMG (namely the CD being played and the user's IP address).[54] The methods used by the software to avoid detection were likened to those used by data thieves.

The first virus which made use of Sony BMG's stealth technology to make malicious files invisible to both the user and anti-virus programs surfaced on November 10, 2005.[55] One day later Yahoo! News announced that Sony BMG had suspended further distribution of the controversial technology.

According to ZDNet News: "The latest risk is from an uninstaller program distributed by SunnComm Technologies, a company that provides copy protection on other Sony BMG releases." The uninstall program obeys commands sent to it allowing others "to take control of PCs where the uninstaller has been used."[56]

On November 8, 2005, Computer Associates decided to classify Sony BMG's software as "spyware" and provide tools for its removal.[57] Speaking about Sony BMG suspending the use of XCP, independent researcher Mark Russinovich said, "This is a step they should have taken immediately."[58]

On December 6, 2005, Sony BMG said that 5.7 million CDs spanning 27 titles were shipped with MediaMax 5 software. The company announced the availability of a new software patch to prevent a potential security breach in consumers' computers.

Sony BMG in Australia released a press release indicating that no Sony BMG titles manufactured in Australia have copy protection.[59]

Quote:
Sony Sues SunnComm Over Infamous Rootkit Fiasco
July 13, 2007
Font Bigger Font Smaller
Think back, the year was 2005 and the holiday season was around the corner. Unfortunately for Sony BMG, the holiday season wasn't a merry one. It was one incident that may have left a few public relations officials for Sony with a twitching eye. Of course, this incident was the Sony BMG Rootkit fiasco of 2005 and 2006. After months of media silence, now the case is on the move again, as Sony BMG is suing The Amergence Group Inc., the company formally known as SunnComm MediaMax International.

Many would argue that before the rootkit fiasco took off, very few even knew what DRM (Digital Rights Management) even was save for those "in the know". Once the fiasco firestorm emerged, one could easily argue that the explosion of press coverage on the issue made more people than ever aware of the shortfalls of DRM. The event, in itself, has many tying "unwanted DRM" to "Sony BMG" ever since. If there were only a couple things that left a black mark on Sony BMG's reputation, the rootkit fiasco would arguably be at least one of the worst incidents to ever hit the major record label.

Certainly, what transpired gained little sympathy from any parties. One of the few people who actually swooped to Sony BMG's side in the midst of the incident was the RIAA's president (Recording Industry Association of America) who offered the following, "They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me."

Thomas Hesse, president of Sony-BMG's Global Digital Business, told NPR News at the time, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"

Unfortunately, this didn't improve things. Sony offered a removal tool and tried removing affected CD's off of shelves, but despite this, the story became a public relations nightmare for SonyBMG.

Many arguments against P2P (Peer-to-peer) technology stems from malware cases and that legitimate customers wouldn't be affected by malware. Unfortunately, that argument was effectively stripped from their arsenal. Though the damage ran much deeper then that.

That was when the EFF stepped in and sued the record company on behalf of those affected by the technology. Eventually, SonyBMG agreed to settle and agreed to pay for damages caused by the First4Internet SunnComm MediaMax incident.

Remember though, SonyBMG is also a multi-national label. In early 2006, Canadians also filed lawsuits against Sony. There were a total of four class action lawsuits in Canada

Shortly after the lawsuits were launched, SonyBMG in the US began was paying up.

Then, SonyBMG offered a settlement to Canadians. In essence, the argument was that SonyBMG already payed losses and damages in the US, therefore, they shouldn't have to pay as much to Canadians. Right? Not good enough. That's when CIPPIC (Canadian Internet Policy and Public Interest Clinic) stepped in and lodged a complaint against the proposed settlement citing an extensive list of laws broken in the incident in several Canadian provinces. Not only that, there was suggestion that various commissioners would investigate the company over the technology. Also, while lobbying the Canadian government for anti-circumvention during this time, many that were arguing for DRM distanced their way from Sony BMG's DRM solution and started suggesting how DRM should also abide by strict privacy laws as well.

It would be difficult for things to get any worse for SonyBMG in North America. Thankfully, after a half a year of public relations beating after beating, there was one thing Sony could be thankful for, the story finally faded out of the larger public perception even though DRM has become more well known.

Now, after over a whole year of silence on the matter, things are starting to move again in an interesting direction. According to the Hollywood Reporter, Sony BMG has filed a summons in New york against The Amergence Group Inc. What does Amerigence Group have to do with the fiasco? This is the company formerly known as SunnComm International, one of the two companies that developed the questionable DRM technologies in the first place - namely the MediaMax DRM which is said to "phoned home" playlist information.

According to court documents, Sony BMG is seeking $12 million in damages caused by the technology. Said the report, "The music company accuses Amergence of negligence, unfair business practices and breaching the terms of its license agreement by delivering software that "did not perform as warranted."

Would this be an open and shut case? Not necessarily so. Amergence Group said that they'll be fighting Sony BMG in court saying that the allegations are unwarranted and stem from Sony's use of another copy protection technology. It was true, that there were two different technologies that sparked the controversy. Arguably, the more damaging technology was the First4Internet rootkit technology. The MediaMax technology was the technology that reported what users were listening to a database.

While not very common, media companies accusing anti-piracy organizations of wrong-doing and legally pursuing them isn't necessarily a first, this latest case seems to prove that this won't be the last either.