* This document hasn't been updated since Sept 2006, some of the links may no longer be functional.

Questions about the Settlement:

Why does EFF think the settlement is a good deal for purchasers of the Sony BMG CDs?

EFF agreed to the settlement because we believe it provides a good compensation package for the group of people who purchased the CDs but did not experience any hardware damage as a result. This means purchasers whose claim is primarily based on their purchase of the CDs and experiencing the hassle of having to patch or uninstall their systems, or in the case of MediaMax 3, having had files installed prior to giving you a chance to agree.

EFF's goals for purchasers of the CDs were to :

  1. Stop production of any more CDs by Sony BMG with the bad DRM on them.
  2. Get people non-DRM'd/non-EULA'd versions of their music.
  3. Get this relief to people quickly, rather than after years of legal wrangling. This is in part why some of things in the settlement, like uninstallers, were available before the settlement itself was announced.
  4. Get people some free music, or in the case of those who were at risk from the XCP rootkit, a choice of some money for their trouble.
  5. Ensure that people get notice. Sony BMG has agreed to use the banner functionality on some of its CDs to give individual notice to purchasers at the time they put the CD into their computers, as well as put notices on many artists websites and purchasing adwords giving notice more broadly. We're still working with Sony about what these will look like, but EFF believes that taking extra steps to give people notice of the need to patch their systems, and of the settlement, is important.
  6. Ensure independent security testing and pre-launch EULA review of any future DRM, with a report to the lawyers involved in the case of at least the security testing.
  7. Agree to a quick process for response by Sony BMG, involving independent security reviewers and enforced by the court, in the event of any future discovery of a security flaw in their DRM.

There's much more in the settlement than that, of course, but for the purchasers these were EFF's core goals and the settlement meets them all. That's why we think the settlement is a good deal and we endorse it.

What's this Sony settlement all about, anyway?

EFF believes that for the past several years, Sony BMG has been pressing music CDs that contain flawed and overreaching computer programs designed to limit your ability to make copies or transfer music onto unapproved portable media players. Sony BMG used two different programs: Extended Copy Protection ("XCP") and MediaMax (with two versions, 3.0 and 5.0). A number of serious security, privacy and consumer protection issues surfaced with use of Sony BMG's DRM discs on computers running Windows operating systems, and numerous class action lawsuits were filed against Sony BMG. To settle these lawsuits, Sony BMG and the class have agreed to this settlement. Sony BMG does not agree with all of the claims in this lawsuit.

Why should I be worried about Sony BMG's DRM on my CDs?

Sony BMG's DRM software programs create serious security, privacy and consumer protection issues that have hurt music lovers everywhere. Both XCP and MediaMax version 5 discs can compromise the security of your computer, and all versions of the Sony DRM can compromise your privacy. More information regarding the privacy and security risks of this software and the Sony BMG litigation is available here.

How do I tell if I've bought a Sony BMG CD with XCP or MediaMax software?

You can either check the lists Sony has released identifying CDs with XCP, MediaMax 5.0, MediaMax 3.0 titles, or use our Spotter's Guide.

Short version of the Spotter's Guide: For both XCP and MediaMax 5.0 CDs, you'll see "CONTENT PROTECTED" in the spine on the left-most edge, along with the IFPI copy-protection logo. You will generally see a "Compatible with" disclosure box on the bottom of the back of the CD. Along with compatibility information, the box also includes a URL where you can get help. The wording "www.sunncomm.com/support/sonybmg; README.HTML" lets you know that MediaMax is on the disc, while "?cp.sonybmg.com/xcp:README.HTML" indicates XCP.

CDs with MediaMax version 3 are much harder to spot, since they generally only mention MediaMax in the hard-to-read fine print. See our Spotter's Guide.

I bought a Sony BMG CD with XCP software on it. How does the settlement compensate me?

The settlement agreement provides several benefits for XCP CD buyers. Under the terms of the settlement, you can exchange your CD for an identical CD that does not contain DRM, and also download clean MP3 versions of the music on that CD. Second, for every CD you return, you are eligible for either:

  1. a cash payment of $7.50, plus one free download from a list of approximately 200 titles in the Sony BMG catalogue; or
  2. three free downloads from this list.

To get your clean CD, cash, and downloads, you must return your XCP CD to Sony BMG or to the store where you bought the CD (not all retailers will accept the returns, though Sony BMG is encouraging them to do so) and then submit a claim form (which will available shortly). If you return the CD to a retailer, you will need to include a receipt showing your return. Sony BMG will then send you the cash (which may take the form of a debit card) and promotional codes that you can use to download the music from one of three different services (including iTunes).

Some important notes: To get the additional downloads and/or cash, you have to affirm that you ran the XCP Update or the XCP Uninstaller, available here. You must have purchased the XCP CD before February 1, 2006. EFF also strongly suggests that you install and run updated virus protection and anti-spyware software. Some suggestions: Ad-Aware, Spybot Search & Destroy, AVG Anti-Virus, Symantec, Kaspersky.

Should I return my XCP CDs to the store or directly to Sony BMG?

You should return the CD to the store IF the store offers refunds or merchandise credit. Amazon.com and the Army and Air Force Exchange Service have stated that they will provide full refunds for those who return. Other stores may follow suit and you should urge your local retailer to do so. Your eligibility for the benefits above is not dependant on whether you get refunds or merchandise credit from the retailer. If you return directly to Sony BMG, they will only provide the benefits outlined above. However, Sony BMG will pay for the postage.

I bought a Sony BMG CD with MediaMax software on it. How does the settlement compensate me?

The settlement agreement provides several benefits for MediaMax CD buyers. If you bought a Sony BMG MediaMax CD that contains version 3.0 of the MediaMax software, you will be able to download a clean MP3 version of the music on the CD. If you bought a Sony BMG MediaMax CD that contains version 5.0, you will be able to download a clean MP3 version of the music on the CD and also an additional album chosen from a list of approximately 200 titles in the Sony BMG catalogue.

To get your clean MP3 and additional download (where applicable), you must submit a claim form (which will be available shortly) along with a proof or purchase (either the UPC code cut from the CD cover, a purchase receipt, a credit card, cancelled check, or bank statement showing the purchase, or the CD itself). Sony BMG will then send you a promotional code that you can use to download the music from one of three different services (including iTunes).

Some important notes: To get the clean MP3 and download, you have to affirm that you have run the MediaMax Update or the MediaMax Uninstaller, available here. You also must have purchased the MediaMax CD before December 31, 2006. EFF also strongly suggests that you install and run updated virus protection and anti-spyware software. Some suggestions: Ad-Aware, Spybot Search & Destroy, AVG Anti-Virus, Symantec, Kaspersky.

Here's a quick summary:

If you bought a CD with this software... You are eligible for...
XCP
  1. An identical CD that does not contain DRM
  2. A clean MP3 version of the music on that CD.
  3. For every CD you return:
MediaMax 3.0
  • A clean MP3 version of the music on that CD
MediaMax 5.0
  1. A clean MP3 version of the music on that CD
  2. One additional download from this list of approximately 200 album titles in the Sony BMG catalogue.

How do I know whether I have MediaMax Three or Five?

Check the list of MediaMax 3 discs and MediaMax 5 discs to see which ones you own. It can be challenging to identify which is which from looking at the CD itself, but you can also use our Spotter's Guide.

When do I get the clean versions and additional downloads? Can I send my CD back right now?

Yes. You can return your XCP CD now, and receive a clean CD in exchange. However, the rest of the settlement benefits will not be available until the settlement is approved and a notice to the class has been issued. Official notice of the settlement to the class (via newspaper ads, Google ads, email and other means) will be issued by February 15, 2006. Once that notice goes out, the class can begin submitting claims for benefits. You should get your benefits within 6-8 weeks of submitting the proof of claim form.

I think my CD drive was seriously damaged by the XCP or MediaMax software. Do I have to give up my claims against Sony BMG for this injury?

No. The settlement does not release claims for:

  • damage to a computer or network resulting from interactions between the XCP Software or the MediaMax Software and your computer (e.g., damage to your hard drive);
  • damage related to your reasonable efforts to remove the XCP Software or the MediaMax Software; or
  • copyright, trademark or other claims arising from the development of the MediaMax Software or the XCP Software, or any uninstallers or updates thereto.

You may still sue Sony BMG for any such claims, whether or not you choose to take advantage of the settlement benefits. As part of the settlement process, Sony BMG agreed to waive its overreaching New York forum selection clause and $5 limit on damages, so you can take them to your local small claims court for your damages.

See here for more information about the small claims process.

What claims will the settlement release?

If you participate in the settlement, you agree to give up claims relating to allegations in the lawsuits against Sony BMG, such as claims challenging Sony BMG's disclosures about the software (or lack thereof) and claims regarding the nature of the software (such as the use of a rootkit in the XCP software).

I don't like this settlement. How do I opt out?

If you don't want to participate in the settlement and get the settlement benefits, and you want to keep the right to sue Sony BMG on your own about any of the claims that this settlement resolves, then you must take steps to opt out. If you want to exclude yourself from the settlement, you must send a letter by mail clearly indicating your name, address and telephone number and stating that you "request to be excluded from the Settlement Class in the Sony BMG CD Technologies Litigation," and you must sign the letter. You also must state the title of the XCP CD or MediaMax CD that you bought, received or used. More information about opting out will be included in the settlement notices that will go out by February 15, 2006.

Important Note: You must opt-out by MAY 1, 2006.

I've heard that the XCP and MediaMax software came with a highly restrictive end user license agreement (EULA). Does the settlement do anything about the EULA?

Yes. The settlement requires Sony BMG to waive several offensive provisions in the XCP and MediaMax EULAs, including provisions forbidding fair use, resale of the CDs, and full use of the CDs if you fail to install an update or go bankrupt. Because the clean CDs and music will not contain DRM software, the license agreement won't apply to that music.

I've heard Sony BMG used the software to collect information about me. What will happen to that information?

Sony BMG asserts that it collects only information about album titles, artists, IP address and non-personally identifiable information. The settlement requires Sony BMG to destroy information it collects, including logs of IP addresses, within 10 days of collecting the data.

Does the settlement do anything to prevent similar problems from happening again?

Yes. If Sony BMG decides to use DRM in the future, it must have that software tested for security vulnerabilities by a third party, ensure that the DRM does not install without explicit permission, and provide ready access to an uninstaller. If a security problem is found after the software is released, Sony BMG is required to notify security experts and work with them to address the problem quickly. In addition, Sony BMG must adequately disclose the nature and function of the software to music buyers BEFORE they buy. Because of the settlement, these terms will be a court order, which Sony BMG must obey or be held in contempt.

Is EFF going to pursue its California case?

All of EFF's cases against Sony BMG will be settled by this settlement.

How does this settlement affect state and federal government actions?

It doesn't. The settlement that was submitted to the court on December 28 does not resolve the lawsuits and investigations being pursued by state attorneys general and the Federal Trade Commission. If the state attorneys general and/or the FTC are able to obtain additional relief for consumers, that relief will become part of this settlement. EFF has been in touch with various government investigators, and will continue to work with them.

Does this settlement mean that EFF supports EULAs and DRM?

Absolutely not. EFF's opposition to unfair EULAs and ill-advised DRM schemes is stronger than ever. EFF believes the Sony BMG debacle is an object lesson in why DRM is bad for artists, music labels and music fans. And, EFF believes there is no need to ship CDs with onerous EULAs when copyright laws provide ample protection for artists and record labels. For more on EFF's fight against bad DRM and bad EULAs, see our DRM page and our whitepaper about EULAs.

What does the settlement do about the EULA problems?

It gets purchasers completely out from under the EULA, as well as the DRM. Everyone who bought any of the CDs, whether XCP, Mediamax 3 or Mediamax 5, can get MP3 versions of their music with no EULA whatsoever and of course no DRM.

In addition, we also have required Sony-BMG to waive major portions of their EULA for those people who retain the disks, including allowing for fair use and eliminating (in most cases) the ridiculous provisions limiting damages forcing you to New York to sue and eliminating your rights if you go into bankruptcy.

For future CDs with EULAs -- none are being produced now -- Sony agrees to allow a "first look" at the EULA by an independent third party, but also has agreed to ongoing discussions with EFF about their future use of EULAs as well as DRM.

Is there a chance that Sony will be required to do more than what is in this settlement?

Yes. We know several attorneys general are looking at this case and EFF has been advising several of them, suggesting additional actions that we think are appropriately demanded by Attorneys General. The lawsuit brought by the Texas Attorney General's office against Sony BMG is not affected by this settlement and will continue. The settlement provides that if any of the regulators, like the Attorneys General, secure additional relief all members of this settlement class will get it. In other words, the settlement sets a floor, not a ceiling.

Will this settlement affect any possible criminal charges against Sony.

No. We aren't aware of any criminal prosecutions now, or that any are being considered, but if a prosecutor decides to bring charges, nothing in this settlement will prevent that. Only prosecutors can bring criminal cases -- EFF cannot.

What about the alleged violations of the GPL that I've heard about?

Anyone who wants to bring those claims, still can. They are preserved by this settlement. Only people who hold the rights to the GPL'd code can bring those claims, not the general public or EFF. EFF has notified folks in the open source community about the reports of GPL violations and they are investigating. EFF remains willing to assist.

What if additional security flaws are discovered in the XCP or Mediamax 3 or 5 DRM schemes?

The best way that consumers can protect themselves is to ditch their bad CDs and download the MP3 files, or, in the case of XCP disks, send them in and get CD versions without DRM. Then uninstall the DRM by using one the uninstallers (XCP Uninstaller, MediaMax Unistaller).

For any future DRM that Sony decides to put on disks -- they aren't putting any DRM on any CDs right now -- Sony has agreed to independent security review before they ship any disks to the public with DRM. Sony has also agreed to continue discussions with EFF about Sony's future use of DRM.

And if security vulnerabilities are discovered in any future DRM, Sony BMG has agreed to a process where they need to react quickly to any reports, including investigating claimed vulnerabilities and developing patches or other fixes. The process also requires them to notify the lawyers involved if they cannot patch the problem quickly. The process is subject to court order, making it easy for the lawyers to go back and get the court involved if Sony doesn't live up to its promises.