Sony recalls XCP protected discs

Finally. Sony announced yesterday that it will be withdrawing XCP-protected audio discs from stores and offering exchanges to any customer who purchased the discs. Details are still forthcoming, but it appears that customers will be safe from purchasing infected discs. The recall does not apply to audio discs that are protected by the Sunncomm provided MediaMax software.

The recall comes on the heels of an open letter to Sony from the EFF, urging them to:

  • recall the infected products (including Sunncomm protected discs)
  • publicize the security risks
  • address misstatements in marketing materials (which claim that the DRM “is not malicious and does not compromise security”)
  • offer refunds
  • compensate customers for damage caused by the infected products
  • thoroughly test any future DRM software for security risks
  • certify in the packaging for every DRM’d disc that the product does not contain concealed software, does not phone home, does not initiate downloads without consent, provides an uninstaller, does not provide security risks, and will not damage the customer’s computer or data.

The letter closes, “We look forward to hearing that you are in the process of implementingthese measures by 9:00am PST on Friday, November 18, 2005.” This suggests that the EFF is in fact contemplating that lawsuit that was rumored last week. (thanks, Boing Boing)

Not a bad list, all in all, and my hat’s off to the EFF for spelling it out. One thing was not requested, which I would have liked to have seen: that Sony stop crippling its products with DRM altogether.

4 Responses to “Sony recalls XCP protected discs”

  1. Dennis M. Yates Says:

    I still won’t buy any Sony products.

    Anyway, one of the additions to the list is for Thomas Hesse, CEO, the man who dismissed the problems with his flippant remark about why people who don’t know about rootkits shouldn’t care about them, should personally call a press conference where he apologizes to his customers.

    A few resignations/firings also wouldn’t be out of order.

  2. Matt C Says:

    I probably don’t need to remind anyone here, but let’s not forget the assertion that XCP’s cloaking component “is not malicious and does not compromise security.” This was after Russinovich’s analysis, and is still up as of today, when a worm exploiting this component has been found already.

    Sony is either completely incompetent or completely dishonest.

  3. Jason C Says:

    I think that a class action lawsuit is in order. Sony should be liable for potentially thousands of dollars in damage per installation.

    Period.

  4. Matt Delaney Says:

    Let this be a good time to remind everyone that the EFF is a non-profit, and hiring attorneys to fight for you and me is not cheap. Click on the site and send them $20 if you can spare it…

Leave a Reply

You must be logged in to post a comment.