Sony BMG was outed on October 31, 2005, for including anti-copying software that employed "rootkits," a technique that made it impossible for users to uninstall without damaging their Windows installation, and which opened them to new security vulnerabilities. Subsequently, Sony was also outed for using a piece of spyware called MediaMax, from SunnComm, which also created security vulnerabilities.
One class action suit in the US has been settled, while other suits and government legal actions are pending in several US states, Ireland, Canada and Italy. It's not known yet whether Sony will face legal reprisals from the US government for the military and government computers that were infected with its software.
* Sony released at least 34 titles in Canada with sales of approximately 120,000 CDsLink
* Sony waited two extra weeks to begin recalling CDs in Canada as compared to the United States
* Sony did not do enough to remove the CDs from store shelves. One of the named complainants purchased the CD on Boxing Day, weeks after the recall was announced and the complaint alleges that the CDs are still being sold.
Second, the complaint includes considerable analysis of Sony's alleged violation of both consumer protection and national privacy legislation. Given the analysis, the question that immediately comes to mind is whether the Privacy Commissioner of Canada and the Competition Bureau have launched investigations into the Sony rootkit incident. If not, why not?
(Sony taproot graphic courtesy of Sevensheaven)