Skip to Content


Sony BMG Music Entertainment; Analysis of Proposed Consent Order To Aid Public Comment

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 13286


Federal Trade Commission.


Proposed consent agreement.


The consent agreement in this matter settles alleged violations of federal law prohibiting unfair or deceptive acts or practices or unfair methods of competition. The attached Analysis to Aid Public Comment describes both the allegations in the draft complaint and the terms of the consent order—embodied in the consent agreement—that would settle these allegations.


Comments in response to this notice must be received on or before March 23, 2007.


Interested parties are invited to submit written comments. Comments should refer to “Sony BMG Music, File No. 062 3019,” to facilitate the organization of comments. A comment filed in paper form should include this reference both in the text and on the envelope, and should be mailed or delivered to the following address: Federal Trade Commission, Office of the Secretary, Room 135-H, 600 Pennsylvania Avenue, NW., Washington, DC 20580. Comments containing confidential material must be filed in paper form, must be clearly labeled “Confidential,” and must comply with Commission Rule 4.9(c). 16 CFR 4.9(c) (2005).[1] The FTC is requesting that any comment filed in paper form be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions. Comments that do not contain any nonpublic information may instead be filed in electronic form as part of or as an attachment to e-mail messages directed to the following e-mail box:

The FTC Act and other laws the Commission administers permit the collection of public comments to consider and use in this proceeding as appropriate. All timely and responsive public comments, whether filed in paper or electronic form, will be considered by the Commission, and will be available to the public on the FTC Web site, to the extent practicable, at As a matter of discretion, the FTC makes every effort to remove home contact information for individuals from the public comments it receives before placing those comments on the FTC Web site. More information, including routine uses permitted by the Privacy Act, may be found in the FTC's privacy policy, at​ftc/​privacy.htm.

Start Further Info


Matthew Daynard (202/326-3291), Bureau of Consumer Protection, 600 Pennsylvania Avenue, NW., Washington, DC 20580.

End Further Info End Preamble Start Supplemental Information


Pursuant to section 6(f) of the Federal Trade Commission Act, 38 Stat. 721, 15 U.S.C. 46(f), and § 2.34 of the Commission Rules of Practice, 16 CFR 2.34, notice is hereby given that the above-captioned consent agreement containing a consent order to cease and desist, having been filed with and accepted, subject to final approval, by the Commission, has been placed on the public record for a period of thirty (30) days. The following Analysis to Aid Public Comment describes the terms of the consent agreement, and the allegations in the complaint. An electronic copy of the full text of the consent agreement package can be obtained from the FTC Home Page (for January 30, 2007), on the World Wide Web, at​os/​2007/​01/​index.htm. A paper copy can be obtained from the FTC Public Reference Room, Room 130-H, 600 Pennsylvania Avenue, NW., Washington, DC 20580, either in person or by calling (202) 326-2222.

Public comments are invited, and may be filed with the Commission in either paper or electronic form. All comments should be filed as prescribed in the ADDRESSES section above, and must be received on or before the date specified in the DATES section.

Analysis of Agreement Containing Consent Order To Aid Public Comment

The Federal Trade Commission has accepted, subject to final approval, an agreement containing a consent order from Sony BMG Music Entertainment (“Sony BMG” or “respondent”).

The proposed consent order has been placed on the public record for thirty (30) days for receipt of comments by interested persons. Comments received during this period will become part of the public record. After thirty (30) days, the Commission will again review the agreement and the comments received, and will decide whether it should withdraw from the agreement or make final the agreement's proposed order.

This matter involves respondent's use of content protection software, also known as Digital Rights Management (DRM) software, embedded on its music CDs and the use of a proprietary media player on many of these CDs that must be used to listen to them. When played on a Windows-based computer, Sony BMG's DRM software is installed on consumers’ computers and restricts the use of the audio files and other digital material on the CDs. In addition, the “XCP” and “MediaMax 5.0” versions of respondent's DRM software create security vulnerabilities on consumers’ computers, and, when consumers’ computers are connected to the Internet, the media player monitors users’ listening habits and sends back relevant advertisements.

According to the FTC complaint, Sony BMG engaged in unfair and deceptive practices in distributing its content-protected CDs. The complaint contains two unfairness charges. The first count alleges that it was unfair for respondent to cause its DRM software, which exposed consumers’ to security risks, to be installed on consumers’ computers without adequate notification and consent. As alleged in the complaint, respondent's “XCP” DRM software contains cloaking technology that hides the existence of the software from the Windows Operating System. The cloaking technology creates a security vulnerability because malicious software that enters users’ computers can exploit the cloaking technology to conceal itself from the computers’ security software. In addition, respondent's “MediaMax 5.0” DRM software creates a “privilege escalation vulnerability” that could allow third parties who gain physical access to the computer but who have lower-privilege access to exercise full control over a consumer's computer running the Windows Operating System. Consumers could not reasonably prevent this injury because they did not know of the DRM software's existence or its harmful effects. The complaint therefore alleges that respondent's practices caused, or were likely to cause, substantial consumer injury that consumers could not reasonably avoid and which was not outweighed by countervailing benefits to consumers or competition.

The complaint further alleges as unfair respondent's practices in causing its DRM software that made computers insecure to be installed without providing a reasonable means to locate and/or remove it. As alleged in the Start Printed Page 13287complaint, Sony BMG's use of cloaking technology and the failure of the “XCP” and “MediaMax 5.0” software to appear in the Windows “Add/Remove” utility hid the existence of the software from consumers and their operating systems. In addition, respondent failed to make an uninstall tool readily available. The complaint alleges that, as a result, consumers incurred substantial costs in locating and removing the DRM software from their computers and in stopping its harmful effects. Thus, the complaint alleges that respondent's practices in failing to provide a reasonable means to locate and remove its DRM software caused, or were likely to cause, substantial consumer injury that could not be reasonably avoided by consumers and did not provide countervailing benefits to consumers or competition.

In addition, the complaint challenges, as deceptive, Sony BMG's failure to disclose adequately that its music CDs install onto computers software that materially limits their use by limiting the number of disc-to-disc copies that consumers can make, and by restricting consumers” ability to transfer to and play music on digital playback devices other than Sony BMG and Microsoft devices. Finally, the proposed complaint alleges as deceptive respondent's undisclosed inclusion of its media player, which monitors the artists that consumers listen to on their computers and displays advertising.

The proposed consent order contains provisions designed to enhance and expand upon respondent's programs to provide refunds to consumers and includes injunctive relief to protect against future consumer injury from similar acts and practices.

Part I of the proposed order requires Sony BMG to include on the front cover of the packaging for any content-protected CD a clear and prominent disclosure that important consumer information regarding limits on copying and use can be found on the rear of the product packaging. This provision also requires respondent to disclose more fully on the back cover that the CD will install software, if that is the case; has copying limits; and can only be used on certain playback devices. Part II bars Sony BMG from installing content protection software from a CD without consumers’ authorization. Specifically, before such software can be installed, respondent must disclose on the consumer's computer screen the information required by Part I and the consumer must have signaled her consent by clicking on a properly labeled button or taking a similar action. Further, in cases where Sony BMG conditions consumers’ use of its CDs on their installing content protection software onto their computers, Part III requires that respondent clearly and prominently disclose this requirement on the product packaging.

Regarding “enhanced connectivity” CDs (CDs containing respondent's proprietary media player that transmits non-personally identifiable information from consumers’ computers to respondent and displays promotional messages on consumers’ computers), Part IV of the proposed order, which applies to enhanced connectivity CDs that Sony BMG sells prior to the date that this order becomes final, prohibits respondent from using any information it collects through enhanced connectivity CDs for any marketing purpose and requires respondent to destroy such information within three days of receipt. Part IV also prohibits Sony BMG from using any such information to deliver advertising or marketing messages. Part V, which applies to enhanced connectivity CDs that Sony BMG sells after the order becomes final, requires that if, to use a CD on a computer, consumers must agree to have information collected about them, Sony BMG must disclose this condition clearly and prominently on the product packaging. Further, Part V prohibits Sony BMG from collecting any information using its enhanced connectivity CDs, unless it first discloses that the CD will collect information and/or send back advertising to the computer and obtains consumers’ consent to do so.

In connection with the marketing, advertising, or distributing of any CD, Part VI prohibits Sony BMG from installing content protection software that prevents consumers from readily locating or removing the software from the computer. This prohibition includes, but is not limited to, hiding, cloaking, using misleading or random names for, and misrepresenting the purpose or effects of any file, folder, or directory associated with such software.

Part VII requires that respondent provide a reasonable and effective means to uninstall its content protection software. Part VII also provides that Sony BMG is not required to uninstall the “counter” file of its software that determines whether the consumer has exceeded the permitted number of copies on the computer, as long as respondent discloses on consumers’ computer screens, prior to installing the content protection software, that this file will not be removed and the file does not impair, hinder, or otherwise adversely affect the computer's operation. Part VII further requires that Sony BMG, for a period of two years from the date that the order becomes final, continue to provide free uninstall tools and patches for XCP and MediaMax 5.0 and to disclose the existence of these tools on its Web site. In addition, Part VII of the order requires that Sony BMG notify consumers of the XCP and MediaMax 5.0 vulnerabilities and how to fix their computers, by extending its existing program of purchasing key words on search engines to one year after the date the order becomes final, and also by publishing a notice through its Web site.

Part VIII of the proposed order makes clear that all purchasers, prior to December 31, 2006, of XCP and MediaMax CDs are eligible to participate in its ongoing compensation program. Part VIII also requires Sony BMG to extend the period for accepting exchanges to six months after December 31, 2006. Further, Part VIII of the order requires that Sony BMG reimburse consumers up to $150 of their costs to repair computer damage resulting from their attempts to remove the XCP content protection software before respondent made an uninstall tool readily available. Finally, Part VIII requires Sony BMG to publish notices on its Web site informing consumers about the extended period for exchanging CDs and the “repair reimbursement” program.

Part IX of the proposed order requires that, before selling MediaMax CDs from its inventory, Sony BMG must make applicable disclosures about copying and use restrictions on the product packaging. In the case of MediaMax 5.0 CDs, Sony BMG also must disclose on the packaging that, if used on a computer, these CDs will create security vulnerabilities that consumers can eliminate with a patch that they can download, free of charge, from respondent's Web site, and establish an Internet connection through which Sony BMG will collect information from, and send back advertising to, the computer. Also, with respect to MediaMax 5.0 CDs that Sony BMG has sold to retailers, Part IX requires that it offer retailers the same financial incentives to return these CDs as those for XCP CDs. Further, Sony BMG must offer these incentives for two years after the date the order becomes final.

Parts X through XIII of the proposed order are record-keeping and reporting provisions. Part XIV provides that the order will terminate after twenty (20) years under certain circumstances.

The purpose of this analysis is to facilitate public comment on the proposed order, and it is not intended to constitute an official interpretation of Start Printed Page 13288the agreement and proposed order or to modify in any way their terms.

Start Signature

By direction of the Commission.

Donald S. Clark,


End Signature End Supplemental Information


1.  The comment must be accompanied by an explicit request for confidential treatment, including the factual and legal basis for the request, and must identify the specific portions of the comment to be withheld from the public record. The request will be granted or denied by the Commission's General Counsel, consistent with applicable law and the public interest. See Commission Rule 4.9(c), 16 CFR 4.9(c).

Back to Citation

[FR Doc. 07-1403 Filed 3-20-07; 8:45 am]