Thursday, December 29, 2005

Sony Falls on the Rootkit Sword -

In what has to be one of the fastest filing-to-settlement class action lawsuits on record (no pun intended) Sony/BMG settled the action claimin violations of the Computer Fraud and Abuse Act, Trespass to Chattel, and other claims. In what reads more like a confession than a settlement agreement, Sony agrees inter alia, to (1) take remedial steps for those who were affected by the rootkit laden CD's, (2) provide some compensation, by way of a free CD, download or coupon, (3) issue remediating (rootkit and vulnerabilit removal) software for the rootkit software already in the wild, (4) not collect consumer information, and (5) to have subsequent software issuances certified by an security expert as effective and will not create any known security vulnerabilities.

The document reads more like confession than it does a settlement. Notable is what the class action plaintiff's retained relating to reservation of rights to sue for consequential damages:
"The Settlement’s release of claims does not include claims for consequential damage to a computer or a network that may or are alleged to sult from interactions between XCP or MediaMax software and other software or hardware installed on those computers or networks. (¶¶ II.O., VIII.B.) The release excludes these claims out of concern that such claims for consequential damage to a computer or network may raise questions concerning the predominance and manageability requirements under Rule 23(b)(3) of the Federal Rules of Civil Procedure. (¶¶ II. O., VIII.B.) If the Settlement is approved, Settlement Class Members who wish to asset such claims may do so in small claims court or other venues.

Happy New Year to All.