Texas Attorney General Greg Abbott yesterday bolstered his pending November lawsuit against Sony BMG Music Entertainment, adding a number of new allegations that reflect harm to consumers who purchased certain CDs.
The original suit alleged the company surreptitiously installed spyware using so-called “XCP” technology on millions of CDs that consumers unwittingly download onto their computers when they play the CDs.
In his latest allegations against the music giant, Abbott invoked the Texas Deceptive Trade Practices Act. The Attorney General alleges the company’s “MediaMax” technology for copy protection violates the state’s spyware and deceptive trade practices laws.
Consumers who use these CDs are offered a license agreement, he argued, but even if consumers reject that agreement, files are secretly installed on their computers that pose additional security risks to those systems.
“We keep discovering additional methods Sony used to deceive Texas consumers who thought they were simply buying music,” Abbott said. “Thousands of Texans are now potential victims of this deceptive game Sony played with consumers for its own purposes.”
A Failure to Communicate
Abbot’s new lawsuit asserts Sony failed to clearly warn consumers of the harm its copy protection software could cause when installed on consumers’ personal computers, and the fact that files secretly embedded in certain CDs purchased from retailers would likely compromise computers.
In addition, Abbott is taking action to minimize the number of consumers who become potential victims of Sony’s spyware on millions of certain CDs by various artists. In a letter sent yesterday, he urged retailers who continue to carry the tainted 52 CD titles to take quick action to remove them.
“These CDs open the door for malicious hackers to target consumers’ computers. Hackers may be using the Sony files to install viruses, malware or even commit identity theft,” Abbott warned. “Retailers that continue to sell these CDs may be just as liable under the law as Sony.”
In addition to violations of the Consumer Protection Against Computer Spyware Act of 2005, which allows for civil penalties of US$100,000 for each violation of the law, today’s amended suit alleges violations of the Texas Deceptive Trade Practice Act. Penalties under this law can be a maximum of $20,000 per violation.
Class Action Suits Arise
Christopher Norgaard, intellectual property attorney and partner in the Los Angeles office of Ropers Majeski Kohn & Bentley, told the E-Commerce Times that the Sony case raises a host of potential legal issues and may help point to a reexamination of the copyright protection circumvention restrictions that have been codified in the Copyright Act.
“The Texas Attorney General has now sued Sony BMG for violating the state’s deceptive practices and spyware laws, and various class action plaintiffs are lining up to bring similar suits based on allegations that Sony BMG did not adequately disclose the loading of its proprietary player and copy protection files onto users’ computers, and that the files can facilitate hacking and cause performance problems in computers using Windows software,” Norgaard said.
Rock and Roll?
Sony and its fellow members of the Recording Industry Association of America (RIAA) have been on a roll, with the Supreme Court’s Grokster decision and with subsequent settlements by which BitTorrent, Grokster and others have curbed file-sharing software.
Norgaard said the Sony BMG software and any similar software may provide certain defendants who are sued by the RIAA with a fair use defense for downloading copyrighted songs without permission of the copyright owner.
“If a user has purchased a Sony BMG CD, and now fears performance or security problems if he or she plays the purchased CD, it is at least arguably fair use for the user to download an unauthorized copy, such as with peer to peer file-sharing software,” Norgaard said.
More generally, Norgaard said the RIAA’s argument that declining music CD sales have been and are the result of illegal copying will encounter at least a minor bump, as concerned users may look to other legal and illegal means of obtaining recorded music.
Reviewing the DMCA
The Digital Millennium Copyright Act (DMCA) provides that “no person shall circumvent a technological measure that effectively controls access to” a copyrighted work (with an exception for certain classes of works and their users who can show their ability to make noninfringing use would be otherwise impaired). “Circumvention” includes removal, bypassing or deactivation.
“Read literally, this provision could expose to liability anyone seeking to remove XCP, MediaMax or similar copy protection players or systems without the permission of Sony BMG,” Norgaard said. “As it continues to review the DMCA with respect to hardware such as PC-based tuners and digital video recorders, Congress should keep Sony BMG in mind.”
So, lets see if I get this right. If I install Sony’s malware, they are guilty of violating Texas anti-spyware/malware laws. But, if I remove it, I AM in violation of the DCMA? Can you say dualing lawsuits?