A letter posted online yesterday by Sony BMG Music Entertainment reads as follows:
November 16, 2005
To Our Valued Customers:
You may be aware of the recent attention given to the XCP content protection software included on some SONY BMG CDs. This software was provided to us by a third-party vendor, First4Internet. Discussion has centered on security concerns raised about the use of CDs containing this software.
We share the concerns of consumers regarding these discs, and we are instituting a program that will allow consumers to exchange any CD with XCP software for the same CD without copy protection. We also have asked our retail partners to remove all unsold CDs with XCP software from their store shelves and inventory. We will make further details of this program available shortly.
We deeply regret any inconvenience this may cause our customers and we are committed to making this situation right. It is important to note that the issues regarding these discs exist only when they are played on computers, not on conventional, non-computer-based CD and/or DVD players.
Our new initiatives follow the measures we have already taken, including last week’s voluntary suspension of the manufacture of CDs with the XCP software. In addition, to address security concerns, we provided to major software and anti-virus companies a software update, which also may be downloaded at http://cp.sonybmg.com/xcp/english/updates.html . We will shortly provide a simplified and secure procedure to uninstall the XCP software if it resides on your computer.
Ultimately, the experience of consumers is our primary concern, and our goal is to help bring our artists’ music to as broad an audience as possible. Going forward, we will continue to identify new ways to meet demands for flexibility in how you and other consumers listen to music.
Sony BMG Music Entertainment’s letter here: http://blog.sonymusic.com/sonybmg/archives/111505.html
Sony-BMG also offers a FAQ page here: http://cp.sonybmg.com/xcp/english/faq.html
Bloomberg reports, “Sony BMG, a joint venture created last year by Sony Corp. and Bertelsmann AG, produced about 4.7 million discs of artists including Celine Dion and sold 2.1 million of them. The recall comes as record companies are entering their strongest sales period ahead of the Christmas holiday. ‘It’s a big mistake. They shouldn’t have done it,’ said Leigh, an analyst at Inside Digital Media Inc. in Tampa, Florida. ‘They were so concerned about piracy that they were not careful about how they would control it. They shot themselves in the foot.’ Installed on about 50 recordings distributed by Sony BMG, XCP was designed to prevent illegal duplication by limiting the number of copies that could be made once a title has been installed on a personal computer. However, the technology could also be used to monitor the users’ online activity and made PCs vulnerable to computer viruses… ‘The continued chasing of copyright protection technology is like chasing the white whale,’ Leigh said. ‘It’s an obsession that destroys the people obsessed by it.'”
Full article here.
Related information: Red Book audio CD standard.
Advertisements: The New iMac G5 – Built-in iSight camera and remote control with Front Row media experience. From $1299. Free shipping.
The New iPod with Video. The ultimate music + video experience on the go. From $299. Free shipping.
We see Sony addressing the XCP malware-style ‘root kit’ issue for Windows users, but we see no mention of Sony’s other SunnComm-laced CDs that can install kernel extensions on Mac OS X which is what prompted our boycott of all Sony products in the first place. This is highly troubling, to put it mildly. Therefore, based on a strong consensus of our readership, MacDailyNews and iPodDailyNews are continuing to boycott all Sony products until this and other “copy-protected CD” issues are addressed appropriately by Sony and recommend that our 2.2+ million unique visitors per month from 136 countries worldwide do the same.
For some more information, Larry Loeb writes for Security IT Hub, “Sony says it will discontinue distribution of its DRM software, which could pose a “rootkit” security threat to users. But does that include the OS X version? Sony is reportedly pulling its digital rights management “rootkit” from the market. But it isn’t reporting everything. ‘The Sony copy-protection software does not install itself on Macintosh computers or ordinary CD and DVD players,’ Reuters reported today [Nov. 11]. There’s just one problem with that statement: it happens to be flat-out wrong. While the XCP version of copy protection is for Windows, there is another Mac-only version of copy protection installed by Sony/BMG CDs.”
Loeb writes that the Sony SunnComm CDs contain a Mac OS X application in the “enhanced” section of the CD called, start.app, that presents a EULA and upon the users’ agreement, “actually installs two kernel extensions, PhoenixNub1.kext and PhoenixNub12.kext, in the OS X system files. These turn out to be part of a DRM codebase developed by SunnComm. According to the SunComm Web site, their MediaMax DRM allows for a limited amount of CD burns from the source material, and then will block further copying. The DRM also can make time-expiring (or number-of-play-expiring) copies of the tracks… So, while Sony may be backing down from its acts regarding Windows modification, it is yet to be seen whether the recent firestorms will cause it to pull the DRM installed on Macs.”
Sony BMG infected music CDs could be good for consumer rights – November 16, 2005
Microsoft to remove Sony BMG malware – November 15, 2005
Sony BMG infected music CDs could lead Sony into ‘big-league legal trouble’ – November 15, 2005
EFF publishes open letter to Sony-BMG calling for recall of all infected Sony-BMG CDs – November 15, 2005
Boycott Sony – November 14, 2005
Sony BMG ‘temporarily suspends’ production of music CDs with copy-protection scheme – November 11, 2005
Boycott Sony products: Sony music CDs can install kernel extensions on Mac OS X – November 10, 2005
Computer security firm: ‘Stinx’ virus hides within Sony’s copy protection scheme – November 10, 2005
Sony sued over copy-protected CDs – November 10, 2005
SonyBMG antics may well cause public to turn on them and turn many people onto Apple Macs – November 06, 2005
Report: Sony copy-protected CDs may hide Windows rootkit vulnerability – November 01, 2005
Analyst: Sony BMG’s boycott of Apple’s iTunes Music Store Australia won’t last long – October 24, 2005
Apple launches iTunes Music Store Australia – October 24, 2005
How to beat Apple iPod-incompatible Sony BMG and EMI copy-protected CDs – October 04, 2005
Japan music labels look to impose ‘iPod Tax’ while Sony, Warner still not signing with Apple iTunes – October 10, 2005
Why aren’t Sony, BMG, Warner, Victor making their artists’ music available on Apple’s iTunes Japan? – October 06, 2005
Sony and Warner holding out on Apple iTunes Music Store Australia – September 08, 2005
Musicians stage mutiny against Sony, defiantly offer music via Apple’s iTunes Music Store – August 10, 2005
Sony BMG and EMI try to force Apple to ‘open’ iPod with iPod-incompatible CDs – June 20, 2005
New Sony BMG copy-protected CDs lock out Apple iPod owners – June 01, 2005
Record company causes Apple to hit ‘pause’ on Australian iTunes Music Store – May 05, 2005