A scandal erupted in 2005 regarding Sony BMG's implementation of deceptive, illegal, and harmful copy protection measures on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software which provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware.
Sony claims this was unintentional. One of the programs installed, even if the user refused its end-user license agreement (EULA), would still "phone home" with reports on the user's private listening habits; the other was not mentioned in the EULA at all, contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.
Sony BMG initially denied that the rootkits were harmful. For one of the programs, it released an "uninstaller" that only un-hid the program, installed additional software that could not be easily removed, collected an email address from the user, and introduced further security vulnerabilities.
After public outcry, government investigations, and class-action lawsuits in 2005 and 2006, Sony BMG partially addressed the scandal with consumer settlements, a recall of about 10% of the affected CDs, and the suspension of CD copy protection efforts in early 2007.