Wednesday, January 03, 2007

Sony Settles DRM Class Action in 40 States & DC

Knowledgeable Cyberspace Law Committee members will recall that our own Eran Kahana presented a great 'Hot Topics' discussion at last Spring's Business Law Section Spring Meeting in Tampa, Florida regarding the Sony DRM fiasco. For Section members, you can grab a copy of the materials from that presentation here. Eran and his fellow member Elizabeth Bowles are now slated for publication in a future published in the current issue of the Section's monthly Business Law Today, discussing this matter with a bit more hindsight, and focusing on how businesses might avoid stepping into such public relations nightmares by being a bit less cavalier about use of electronic contracting but rather being a bit more willing to open up to the consumers who are being impacted.

But, what about the 'rest of the story' for Sony?

On December 21, 2006, forty states and the District of Columbia settled with Sony BMG Music Entertainment ("Sony") regarding the anti-copying software which was installed allegedly without consumer knowledge or agreement via music compact discs distributed in 2005. On December 21, Sony entered into an Assurance of Voluntary Compliance or Discontinuance and agreed to pay $4.25 million to the states, and also to pay up to $175 per consumer who incurred damage while trying to uninstall the software.

Sony has also agreed that it will not distribute music CDs with DRM software without first going through a series of corporate reforms, and that it will replace all of the affected CDs at no charge. I note that Sony has gone to great lengths to publish a 3rd party's audit report, which states the auditor's opinion that Sony never took advantage of any access it might have had to individual's personal information by way of the DRM software. (Personal identity information might have been the lurking issue underneath all of the discussions about people's computers getting trashed by the software that was getting the major press.)

Maybe this will mean a great deal for those of us who were ultimately concerned about the sanctity of our own computers, as well as the use of electronic contracting techniques to 'sneak' unexpected terms by unsuspecting consumers. In the end, those are the issues that should have mattered through this whole discussion.

But, one sitting above the fray might suspect that the public outcry was really less about computer sanctity and the majesty of knowing-contract, and really just another public protest against the whole concept of DRM. In that regard, the victory here is short-lived and rather meaningless. As I stare right now at my own iPod, of which about 25% is filled with tunes I downloaded off of Apple's store, I realize that the battle over copy protection is being waged (and likely won) through less obnoxious means than secretive software that takes over my computer's root functions. (And, before you ask—The other 75% are copies from my own purchased CDs—What do you take me for?)

(Fleming's aside: If you still believe regular folks were really up in arms over the 'sanctity of the computer' instead of just protesting copy-protection, I'd suggest that all of us tech-savvy readers, of which I suspect most of you reading this might be, go back and look carefully at your Uncle Alfred's vintage 1999 Windows ME machine, which he's just happy with using every day for e-mail and the occasional Web surf, particularly since he found all of those nice smiley-faced icons for his mouse that that one Web site was offering for free one day last year... Same goes for your 15 year old niece's machine that you get called about every few months because her home page keeps changing to some oddball search engine without warning instead of her boyfriend's mySpace page. You guys with me now? OK.)

Information on the Sony settlement is available here. For the time being I have posted a copy of the Assurance document here. (Given very limited space, I won't leave that document up for more than a couple of weeks, so get your copy soon!).

(Irony time: One of the 10 states that had not settled with Sony as of December 21 was my own home state of Minnesota—The company that is processing the consumer claims for the settlement is located in (you guessed it) Minnesota. What does that say about us? Anyway, I can't find any resource to find out which other states might have opted in since December 21.)

(UPDATE: I should have noted that California and Texas also entered into their own settlement with Sony apart from this 40 state thing. I have not had time to peruse whether the $175 to consumer part will apply to Californians and Texans as well. New York is apparently part of the 40 state thing, even though it had an earlier settlement with Sony from December, 2005.)

(Another aside: Is there any doubt that keyword advertising has come of age? Sony was obligated to publicize this settlement as follows:

SONY BMG shall continue, for at least 12 months from the date of this Assurance, its program of using “keyword buys” ” and “bannering” on capable CDs to give consumers notice of the known forms of security vulnerabilities to their computers and of information consumers can obtain regarding the protection of their property. The “keyword buys” and “bannering” shall also disclose to consumers any known loss of functionality that can occur following use of XCP or Media Max CDs, including, but not limited to, the disabling of a CD-ROM drive. SONY BMG shall consider in good faith any suggestions the States may offer concerning possible adjustments to the specific terms of the keyword buys program and the language displayed to consumers in connection with the relevant links and landing pages. SONY BMG shall adopt procedures to monitor and ensure that such keyword buys result in consumers receiving a Clear and Conspicuous link on the first page of returned results. The return result shall provide a warning of the security vulnerabilities and direct consumers to additional information on XCP and MediaMax patching and removal. SONY BMG shall adopt procedures to monitor and ensure that banner ads function properly and provide consumers with a Clear and Conspicuous warning of known forms of security vulnerabilities and the website address to obtain additional information on XCP and MediaMax patching and removal.

So, that means you now get this when you search for SONY DRM on Google (click to see a bit bigger):

Surely this is the coming of age for keyword advertising, no?

No comments: