Quantcast
HITS Daily Double
"It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year. I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."
——New York Attorney General Elliot Spitzer

FALLOUT CONTINUES IN SONY BMG XCP FIASCO

Elliot Spitzer Commences Investigation, With District of Columbia Latest to File Class Action Suit
And so it continues. No, that’s not strong enough. And so it gets even uglier...with yet another class action suit filed against Sony BMG over the whole XCP “rootkit” fiasco and the office New York Attorney General Elliot Spitzer now involved in the case.

Following the leads of California and Texas, a class action suit has been filed in the District of Columbia against Sony BMG. The suit was filed by a D.C. resident on behalf of the general public of the District. A provision in the District of Columbia's Consumer Protection and Procedures Act allows a resident to act as a "private attorney general" and to seek relief on behalf of the general public, although the individual is being represented by a law firm (Finkelstein, Thompson & Loughran). The suit alleges that Sony deceptively installed software on users' computers, compromised the security of users' computers and that Sony's purported attempts to curb the damage caused by its spyware programs have created even greater security risks for Sony's consumers.

Perhaps even more damning for (and threatening to) the company, however, is that New York Attorney General Eliot Spitzer has gotten into the act. Last week, Spitzer sent out investigators, disguised as consumers, who were able to purchase XCP CDs in New York more than a week after Sony BMG had recalled the discs. The stores included Wal-Mart, Best Buy, Sam Goody, Circuit City, FYE and Virgin Megastore.

"It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year," Spitzer wrote in a statement. "I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony."

A spokesperson for Sony BMG told Business Week Magazine that the company “is committed to getting all copies of the 52 affected titles off store shelves. We appreciate the attorney general's reinforcement of our efforts, and we [have] sent a follow-up message [to retailers] to remind them to remove XCP content-protected CDs from their inventory." The company currently has a mail-in exchange program, though it seems quite obvious from Spitzer’s initial investigation that not all stores are yet complying. Sony BMG reportedly shipped nearly 5 million CDs containing the XCP software, with 2.1 million reportedly sold before the proverbial cat was let out of the bag.

Spitzer’s office is urging consumers to not buy the affected discs and if they already have, to return them immediately to the retailer for a refund. No further details have been given regarding Spitzer’s efforts, although a spokesperson said the office is continuing to look into the matter.

Even Homeland Security has gotten involved, with an official at the government agency accusing SBMG of compromising computer security.

Business Week also reports that the XCP problem is affecting artists as well. Neil Diamond’s new 12 Songs CD—the most successful of the affected product—apparently wasn’t hurt, at least according to sales statistics. But country artist Van Zant’s Get Right With a Man plummeted on Amazon.com’s bestseller chart after it was revealed to include XCP software. The group’s manager, Ross Schilling of Vector Management, told the magazine that Sony BMG didn’t have enough replacements lined up when the CDs were pulled, meaning that Van Zant’s CD was missing from shelves during what is usually the busiest shopping weekend of the entire year. Now that retailers have pulled the CD, there's potential for a 50- to-60k loss, Schilling told Business Week.

Add to this the $100,000 per violation that Texas Attorney General Greg Abbott is seeking in connection with his state’s class action suit and ... well, can anybody say “Ouch!”?