In the Matter of:

SONY BMG Music Entertainment.

Respondent.

This Assuranceof Voluntary Complianceor Discontinuance('oAssurance") is enteredinto by the

AttorneysGeneral of the Statesof Alabama,Alaska, Arizona, Arkansas,Connecticut, Delawareo

Florida,Idatro,Illinois, Indiana,Iow4 Kentucky,Louisian4 Maine, Maryland, Massachusetts,

Michigan,Mississippi, Montana" Nebraska, Nevada, New Jersey,New Mexico,,

North Carolina,North Dakota,Ohio, Oklahoma,Oregon, Pennsylvania, Rhode Island, South

Dakota,Tennessee, Vermont, Virginia, Washington,West Virginia, Wisconsin,and Wyoming, and by the Attorney Generalfor the District of Columbia("the States"),acting pursuantto their respectiveconsumet protection statutes,r and BMG Music Entertainment(.SONy

I ALABAMA: AlabamaDeceptive Trade Practices Act, Ala. Codeg 8-19-1,et seq.;ALASKA: Unfair TradePractices and Consumer Protection Act, AS 45.50.471,-etseq.;ARIZbNA: Arizonaconsumer lrf{191, A.R.s. $ 44-1521et seq.;ARKANSAS: Ark. stat.Ann., g 4-gg- l0l et seq.;COIYNECTICUT: Conn.Gen. Stat. $ 42-110a,et seq.; DELAWARE: Consumer FraudAct,6 Del.C.$251l, et seq.;DISTRICT OF COLUMBI* Districrof Columbia ConsumerProtection Procedures Act, D.C. Code$ 28-3901et seq.; FLORIDA: Deceptiveand Unfair TradePractices Act, Fla. Stat.Ch. 501.201et seq.;IDAHO: IdahoConsumer protection Act, IdahoCode $ 48-601,et seq.;ILLINOIS: ConsumerFraud and Deceptive Business PracticesAct, 815ILcs 505/l et seq.;INDIANA: Ind.code Ann. $24-5-b-5-l;IowA: Iowa ConsumerFraud Act, Iowa Codesection714.16; KENTUCKY: ConsumerProtection Act, Ky. Rev. Stat.$$ 367.1l0 to 367.990;LOUISIANA: Unfair Tradepractices and Consumer ProtectionLaw,La. Rev. Stat.Ann. $$51:1401to 5|:1420;MAINE: MaineUnfair Trade PracticesAct, 5 M.R.S.A.sections 207 and209;MARYLANDI MarylandConsumer protection Act, Md. code Ann.,com. Law g 13-101,et seq.;MASSACHUSETiS: Massachusetts ConsumerProtection Act, G.L. c. 93A; MICHIGAN: MichiganConsumer protection Act, MCL 4,45.901et seq.;MISSNSIPPI: ConsumerProtection Act, Siction 75-24-1,et seq.,Mississippi CodeAnnotated of 1972;MONTANA: Unfair TradePractices and ConsumerProtection Aci, Mont.Code Ann. $$ 30-14-101to 30-14-142;NEBRASKA: Consumer Protection Act. Neb.

22357424v1 BMG"). SONY BMG understandsthat additionalStates may determineto enterinto this

Assurance,and may do so by a processagreed to by SONY BMG, which requiresthat any such

additionalState indicate its intentionto enterinto this Assuranceon or beforeJanuary 4,2007.

I. BACKGROTTNI)

l. SONY BMG, a joint ventureformed in2004 betweenSONY Corporationof America

andBertelsmann AG, disfiibutes,markets, and sells audio compact discs ("CDs,,'as further definedbelow).

2. BetweenJanuary and November2005, SONY BMG distributed79 CD titles that

containedone oftwo Windows-compatibleDigital RightsManagement (.DRM")

programs:(l) eXtendedCopy Protection ("XCP"), licensedto SONY BMG by First 4 ,

Ltd., a U.K. company("First 4 Internef); or (2) Medialr4axVersion 5.0, licensed to SONY

Rev. Stat.$$ 59-1601, et. seq.( 2004) and Neb. Rev. Stat.g 87-301,et seq.(Reissue 1999;Cum. Supp.2004;IYEVADA: TradeRegulation and Practicis Act, Nev. Rev. Stat.gg 41.600'593.360, et seq.;NEW JERSEY:New JerseyConsumer Fraud Act, N.J.S.A.56:8-i et seg.;NEW MEXICo: UnfairPractices Act, N.M. Stat.Ann. gg 57-12-lto 57-12-22;NEw YORK: N.Y. Gen.Bus. Law gg 349&3so andExecutive Law $ or(tz); NORTH CAROLINA: N.G.G.S.g 75-1.1,et seq.;NoRTH DAKOTA: N.n.c.c. gg5l-15-0t, et seq.; OHIOI OhioConsumer Sales Practices Act, R.C. 1345.01et seq.;OKLAHOMA: Oklatroma ConsumerProtection Act, l5 OS $751,et seq.;O'NEGON:Oregon Unlawful Tradepractices Act, OregonRevised Statutes 646.605, et seq.;PEIYNSYLVLwIA: PennsylvaniaUnfair Trade Practicesand Consumer Protection Law, 73 P.S. 201-1,et seq.;RIIODE fSLAXn: R.I. Gen. Law, $ 6-13.1'1,et seq.;SOUTH DAKOTA: DeceptiveTrade Practices and Consumer Protection,SDCL Ch.37'24;TENNESSEE: TenneiseeConsumer Protection Actof 1977, Tenn.Code Ann. Sec.47-18-101, et seg.; VERMONT: ConsumerFraud Act- 9 Vt. Stat.Annot. ch. 63; VIRGINIA: virginia consumerprotection Act, va. code gg sg.l-196,et seq.; WASHINGTON: Unfair BusinessPractices Consumer Protection Act, nCW 19.86ti.itq.; wEsT VIRGINIA: w.va. Code,$ 46A-6-101,et seq.;wlscoNslN: wis. Stat.Ann. gg TilYOMING: 100.18and 100.20; and Wyo.Stat. $ 40-12-101.

22357424v1 BMG by SunnCommInternational Inc., an Arizonacompany ("SunnComm"). DRM software,

in this context,refers to computerprogftlms designed to limit the copiesor transfers,through the

useof a computer,of the copyrightedmusic on a CD. The softwareat issuehas no effecton non-computer-basedplayers.

3. XCP andMediaMax version 5.0 andthe initial versionsof their associateduninstall

programsrendered users' computersvulnerable to different securityexploits.

4. In 2003, Music Group,a predecessorto SONY BMG, begandistributing

CDsthat includeda DRM progftlmcalled MediaMax version 3.0, which alsowas licensed to

SONY BMG by SunnComm.

XCP

5. In April2005, SONY BMG beganselling the first of 52 titles that includedXCP on the

CDs.2Approximately 5 million SONY BMG CDsthat containedXCP wereshipped to retail,

and,of these,consumers purchased approximately 3 million. TheseCDs canbe played on computetswith CD-ROM drives as well as on stereosor other non-computer-baseddevices with CD playingcapabilities.

6. SONY BMG usedXCP to protectits intellectualproperfy and that of artistsand "casual songwritersfrom wtrat is known in the industryas piracy"- the copyingof CDs by consumerswho then distributephysical copies to othersor makethe audio files availableto othersvia peer-to-peerfile-sharing networks. XCP preventsusers from making unlimited digital copiesof a CD andcontrols the meansby which the musiccan be playedon a Windows-based

2 The list of XCP CD titles is availableat http: //www. sonybmgcdtechsettl em ent. com/pdfsD( cpritl es.pdf.

22357424v1 computer.In an effort to preventconsumers from avoidingor disablingthese contol fimctions, "cloak," First 4 Internetdesigned XCP to hide,or a numberof the program'sfiles and

operations.XCP is ableto do this by meansof a driver. A driver is a specifictype of computer

software,typically developedto allow interactionbetween the operatingsystem and hardware

devicessuch as CD-ROMs. The driverused in XCP, calledo'aries.sys," prevents users from "$sys$" viewing files thatbegin with the prefix tluoughstandard Windows graphic tools suchas

Windows Exploreror AddlRemovePrograms.

7. Becauseof First 4 Internetdesign measures, XCP createsa securityvulnerability on

Windows-basedcomputers on which the softwareis installedby creatingthe possibility that

maliciouscode, such as viruses, worrns, or Trojans,may usethe prefix $sys$to hide from the

consumerand from securitysoftware.

8. Consumersattempting to removeXCP from their computersrunning Windows operating "AddlRemove systemcould not do so using the standard Program"applet in the Windows

ControlPanel. Sophisticatedusers may havebeen able to locateXCP on their computersand attemptto removeit manually. RemovingXCP manuallycan result in the disablingof the CD-

ROM drive, which would preventthe consumerfrom listeningto, or using, any CD on their computeruntil additionalremedial measures are taken. In addition,certain third-party anti-virus and anti-spywaresoftware attempted to removeXCP from consumers'systems, which in certain instancesalso resulted in disablingthe CD-ROMdrive.

9. SONY BMG did not providean XCP uninstallerprogram on the CDs containingthe XCp

DRM software.Initially, SONY BMG requiredconsumers to obtainan XCP uninstallerby email. SONY BMG requiredthese consumers to provideinformation including the CD title,

22357424v1 locationpurchased, and email addressfor the consumer.After a consumerprovided this

information,SONY BMG providedthe consumerwith a uniquelink to downloadthe uninstaller.

This link couldonly work for that particularconsumer.

10. The originalXCP uninstaller,designed by First 4 Internet,created an additionalsecurity

vulnerability. Oncethe uninstallerpatch was executed on a computerit createdthe possibility

that a consumerwho inadvertentlyvisited a maliciouswebsite (i.e., a sitedesigned to forcethe

installationof virusesor othermalicious code) could inadvertently download, install, and run

additionalprograms without the consumer'sknowledge or consent.

I l. SinceDecember 4,2005, SONY BMG hasprovided through its websitea new uninstaller

for XCP that can be downloadedfrom the Internet,for free, without the consumerproviding any personalinformation. This uninstallerhas been tested and confirmedto be safeand effective.

12. In November2005, SONY BMG instituteda recallprogram for CDs containingXCp.

This program,which remainsongoing, allows consumers to refurnXCP CDs,and receive replacementCDs without copyprotection, at no charge.The recallprogram also provides financialincentives for retailersto returnunsold XCP CDs to SONY BMG. In addition,SONY

BMG voluntarilyceased shipping XCP CDs from warehousestock to retailers,and destroyed unsoldwarehouse stock of CDswith XCP. DespiteSONY BMG's efforts,approximately 3 million of theseCDs have not beenretumed.

22357424v1 MediaMax 5.0

13. SONY BMG releasedCDs containingMediaMax 5.0 beginningin May 2005. A total of

27 titleswere produced with the MediaMar 5.0 software.6.9 million CDs containingMedialvlax

5.0 weredistributed by SONY BMG.3

14. MediaMaxsoftware presents consumers with an End UserLicense Agreement (*EULA") at the time the MediaMaxCD is first placedin a computer.But, becauseof SunCommdesign measures,MediaMax 5.0 installsseveral files on consumers'hard drives prior to the presentation of a EULA' i.e.,the programinstalls 13 MediaMan files consistingof 15.8megabytes.

15. Medialvla:ralso installs a drivermeant to interferewith copyingfrom protectedCDs.

Evenif a consumerdeclines the EULA, the downloadedfile or files remainon the computerand the driver remainsloaded unless and until the consumerre-boots the computer.In some situationsthe MediaMax driver is activateddespite the consumernot consentingto the EULA.

16. Consumersattempting to removeMedialvlax 5.0 from their computersrunning the

Windows operatingsystem could not do so using the standard"Add/Remove Program" applet in the WindowsControl Panel.

17. SONY BMG did not providea programto uninstallMediaMax 5.0 on the CDs containingthe MediaMax DRM software.

18. Becauseof SunCommdesign measures, MediaMax 5.0 alsocreated a security wlnerability on computersrunning the Windowsoperating system. MediaMax installed into a directorythat allowed any subsequentuser of the computerto modiff its contents- evenif the

3 The list of MediaMaxCDs (bothversion 5.0 andversion 3.0) is availableat http: //www. sonybmgcdtechsettlement. com/pdfs/lvlMTitles. pdf.

22357424v1 userwas not designatedas the computer'sadministrator. This couldmake it easierfor malicious

userswho had local accessto a computerto obtain enhancedprivileges on that machine,

potentially running dangerousprograms that they otherwisewould not havebeen able to run.

19. SONY BMG providedvia the Interneta SunnComm-developedpatch to eliminatethe

securityvulnerability associated with MediaJr{a"x5.0 anda SunnComm-developeduninstall

program. The SunnCommuninstaller also createda vulnerability similar to the original

Medialvlax5.0 vulnerability. SinceDecember 8,2005, SONY BMG hasmade available at no

charge,through its website,a SunnComm-developedpatch for MediaMa,r5.0 andaSunnComm-

developeduninstaller that havebeen confirmed to be safeand effective.

MediaMax3.0

20. BertelsmannMusic Group,a predecessorto SONY BMG, first releasedCDs containing

MediaMax3.0 in 2003. A total of 35 titles werereleased with MediaMax3.0. Since2003, approximately10.3 million CDs containingMedialvlax 3.0 softwarewere distributed by SONy BMG or its predecessor.

21. In November2AA5,SONY BMG ceasedthe manufacturingof CDs containingeither versionof Medialvlax.

22. No securityvulnerabilities have been reported in Medialvla:r3.0. However,a small portionof the software(less than with 5.0)installs on the harddrive prior to presentationof the

EULA, and,as with MediaMax5.0, no uninstaleris providedwith the cD.

EnhancedCDs "Enhanced 23. CD" is an industryterm indicatingthat the CD containsbonus content in additionto music,such as music videos or links to specialInternet-based content. All of the 52

22357424v1 CD titles that containedXCP, andsix of the 27 tiilesthatcontained MediaMan 5.0, also

containeda particularenhanced CD function referredto asthe o'banner."The bannerfunction is

technologicallyunrelated to the DRM software.The banneris a smallarea on the user's

computerscreen that initially will displayan imageof the artistfound on the CD. If the useris

connectedto the Internet,an updatedimage (e.g., a morecrurent picture of the artist)may be

suppliedand will appearin the bannerspace. The bannerfunction involvesthe user'scomputer

sendingto SONY BMG (or, in the caseof MediaMa:rCDs, to SunnComm)the Intemet Protocol

address("IP address")of the computercontacting the server. This is generallythe IP addressof

a proxy serverbelonging to the consumer'sIntemet provider, but canbe an IP addressassociated

with the consumer'sown computer. The bannerfunction alsoresults in sendingthe servera

numericalidentifier associated with the title of the SONY BMG CD beingplayed on the "privacy computer'sCD-ROM drive. A audif'conductedby an outsideconsultant has confirmedthat the bannerfunctionali$ was not being usedto collect personalinformation or to monitorlistener habits.

Infornation on the CD Packasing

24. The Statescontend that SONY BMG fails to discloseon the CD packagingcertain materialterms and conditionsof the CDs containingXCP or Medialvla,rDRM software.

Specifically,the Statescontend that SONY BMG doesnot disclosethe following:

. on cDs with DRM, the fact that DRM softwaremust be installedon a

consumer'scomputer in orderto fully usethe CD on a Windows-basedcomputer,

andthat the CD doesnot includeany progftlm to uninstall or deactivatethe software;

22357424v1 The precisenature of the limitations that the DRM softwareplaces on the

consumer'sability to makecopies of the music;

on XCP cDs, the fact thatthe XCP softwarecloaks files on a consumer's

computer;

on MediaMax cDs, the fact that someMedialvla:< software components

automaticallyinstall and arenot removedeven if a consumerfails to acceptthe

EULA; and

on enhancedcDs, the fact that information is transmittedto and from soNy

BMG or sunncommsimply as a resultof the consumerplaying the cD on his or

her Intemet-connectedcomputer.

The Statescontend that, without disclosureof this information,consumers do not havethe

opportunityto makean informed decisionbefore choosing to buy a CD and, becausemany retail

storeslimit a consumer'sright to obtaina refundof an openedCD, that this failureto disclose providesconsumers with little or no choicebut to keepa CD they may not haveotherwise purchased.

EULA Terms

25. The Statescontend that SONY BMG alsofails to disclosematerial information in the

EULA. Specifically,the Statescontend that SONy BMG:

' Doesnot fully disclosethe truenature and effect of the DRM software,when it is "a describedas small proprietarysoftware progmm. . . intendedto protectthe

audiofiles embodiedon the CD, and. . . facilitateyour useof the digital content;"

22357424v1 "cloaking" Failsto disclosethe usedby XCP or the pre-EULAinstallation of

certainfiles by MediaMax;

Doesnot fully describethe Medialvlor installationprocess, when it is statedthat "[a]s soonas you haveagreed to be boundby the termsand conditions of the

EULA, this CD will automaticallyinstall . . . ;" and

Fails to disclosethat information may be transmittedto and from the consumer's

computeracross the Internetwhen the CD is playedin the computer.

The EULA further includesseveral provisions that the Statescontend unfairly restrict a consumer'suse of the musicCD andlimit the consumer'slegal rights, including:

"hold A harmless"clause thatpurports to hold SONY BMG harmlessfor any

damagearising out ofthe useof the CD;

The right for SONY BMG to revokea consumer'suse of the CD if that consumer

fails to install softwareupdates;

The loss of useof the cD if the consumerfiles for bankruptcy,including a

provisionrequiring the consumerto deleteany electroniccopies of the musicon

his or her computer;and

A waiver of a consumer'sright to a frial by jury for any issuearising from the use

of the cD, and an agreementthat any legal disputewill takeplace inNew york

courts.

The Statescontend that becausethese provisions are disclosed only afterthe CD hasbeen openedand likely cannotbe retumedto a retailer,consumers may be boundto theseterms if they

10 22357424v1 want to listen to the CD on their computer,without havinghad the opportunityto makean

informeddecision in purchasingthe CD.

26. SONY BMG previouslyhas taken to providerelief for consumersregarding the

issuesraised by the XCP andMedialvlax CDs. SONY BMG hasprovided additional relief

pursuantto a court-approvednationwide settlement of consumerclass action litigations. The

classaction settlementincludes an ongoingprogram under which consumerswith XCP CDs can

receivecash and free downloads and consumers with MediaMaxCDs canreceive free

downloads.In orderto addressadditional concerns of the States,the Statesand SONY BMG

agreethat it is appropriateto enterinto this Assurance.

II. DEFINITIONS "Clear l. and Conspicuous"or "Clearlyand Conspicuously" means (a) in a written

statementor communication,material that is presentedin sucha font, size,color, location,word

choice,and contrastagainst the backgroundin which it appears,compared to the other matter

with which it is presented,so that it is readily understandable,noticeable, and readable,or (b) in

an oral statementor communication,material that is presentedin suchspeech and word choiceso that it is readilyaudible, noticeable, and clear. If the statementor communicationmodifies, explains,or clarifies other informationwith which it is presented,it must be presentedso that it

is in closeproximity to the otherinformation so that it is easilynoticeable and readily understandableand it must not be obscuredin any manner. A statementmay not contradictany otherinformation which is presented.

tl 22357424v1 'oCompact "CD" 2. l)isc" or refersto compactdiscs used primarily to storemusical content "Redbook" in standard audio format. This includesstandard music CDs and the "Redbook' audioCD sideof a DualDisc. "Computer" 3. meansany generalpuqpose programmable computing device with a central processorand a memorycapable of computingfunctions and storing or receivinginformation,

including, but not limited to, desktopdevices, laptop or portabledevices, personal digital

assistants,minicomputers or other suchdevices. .'DRM" "Digital 4. ot RightsManagement'o software means any softwareresiding on a CD and that, when installedon a computer,player or machine,acts to limit, control, track or otherwisemanage an enduser's use of the CD's musicalcontent.a .'EULA'means 5. an End UserLicense Agreement for DRM software.5 ooPatch'o 6. meansa smallpiece of softwaredesigned to updateor fix problemswith a computerprogram. "Retailer" "Distributor" 7. or meansany individual,partnership, corporation, association, or othergroup, however organized, known by SONY BMG to sell or distributeSONY BMG

CDs. *SOhlY 8. BMG'means SONY BMG Music Entertainment,its subsidiaries,predecessors, successors(including, without limitation, its parentsand affrliatesto the extentthat the recorded music businesscarried out through SONY BMG may in the future be carriedout by SONY a The Statestake no position in this Assuranceconcerning the propriety of limiting the numbers of copiesof CDsconsumers may make. 5 The Statestake no position in this Assuranceconcerning the propriety of requiring consumers to executeEULAs as to DRM software.

t2 22357424v1 Corporationof Americ4 BertelsmannAG, or an affrliate thereof)and currentand former assigns, agents,representatives, shareholders, officers, administrators, directors, board of directors, attomeys,servants, and employees. "XCP" 9. meansthe versionof eXtendedCopy Protection software developed by First 4

Internetand utilized on corlmercialCDs in public releasebeginning in or aboutApril 2005.

"MediaMax" 10. meansversions 3.0 and5.0 of the Digital RightsManagement software developedby SunncommInternational, Inc. andutilized by SONY BMG on commercialCDs.

III. ASSI,]RANCES

CDs SUBJECT TO THIS ASSURANCE l. Theterms of this Assuranceshall apply to all CDs soldor distributedby SONY BMG for which SONY BMG controlsthe masters.The termsof this Assuranceshall not apply to any

CDs for which SONY BMG doesnot controlthe masters,i.e., where SONY BMG is primarily acting as a contractorto facilitate the distributionor saleof a CD, whosecontent a third party controls. SONY BMG agrees,however, to makea good faith effort to ensurethat CDs for which

SONY BMG doesnot contol the mastersadhere to the termsand conditionsof this Assurance.

SOTTWARE INCLUDED ON FUTURE CD RELEASES

2. SONY BMG shallnot manufacture,distribute, or otherwiseplace into the streamof commerceany CD containingDRM or other software,designed for installationon the hard drive of the user'scomputer, that employsany technology or any methodto hide or cloakany files, directories,or registry entriesin sucha mannerthat a usercannot locate them throughstandard andordinary methods available on the computeroperating system. Methods of hiding or

l3 22357424v1 cloakingfiles that areprohibited include, but arenot limited to, creatingrandom or deceptive

files names,directory folders, formats, or registryentries; and misrepresenting the purposeor efilectof files directory folders, formatsor regis@ entries. Standardand ordinary methods,as referredto in this Assurance,include methods normally made available to the consumerto view files, includinghidden files, without specificknowledge or expertiseby the consumer.Standard

and ordinary methodsdo not include concealingfiles from the graphicalinterface of the

Microsoft Windows operatingsystem, regardless of securitysettings, such that a consumercan only view the files throughthe commandprompt.

3. SONY BMG shallnot includeDRM softwareon any CDs SONY BMG manufactures, distributes,or otherwiseplaces in the streamof commerceunless the softwarecomplies with all of the termsof this Assurance.

4. On CDsthat SONY BMG manufactures,distributes, or otherwiseplaces in the streamof commercein the future, SONY BMG shall not include DRM softwarethat is downloadedor copiedto the harddrive unlessthe softwarecomplies with all of the following requirements:

A. The usermust be providedwith a Clear arid Conspicuousoption to declinethe

installationof the files;

B. If the userdeclines the softwareinstallation, no files may be installedon the hard

drive; and

C. All of the materialterms and conditions of the functionsand features of the

softwaremust be Clearlyand Conspicuously disclosed immediately prior to

installationon the harddrive of any software. Material termsand conditions

include,but arenot limited to:

t4 22357424v1 1) The fact, if true,that computerfiles mustbe installedon a consumer's

computerin order for the consumerto listen to, copy, or transferthe music

via that computer;

2) The fact, if true, that any softwareto be installedon the hard drive may

consumesystem resources when the CD is not in useon the computer;

3) The fact, if true, that the CD includesany form of DRM software,and the

generallimitations that the DRM softwareimposes on the useof the CD

(i.e.,the limited numberof copiesthat the DRM softwarepermits a

consumerto make);

4) The fact, if true, that playing the CD in a computermay causeinformation,

including but not limited to an IP address,to be fansmitted acrossthe

Internet;

s) The specificfile formats,if limited,to which the musicalcontent can be

convertedusing the DRM softwareand a referenceto a hyperlink for more

informationabout conversion to otherfile formats,if applicable;

6) The fact, if true, that a consumerwill be requiredto acceptthe termsand

conditionsof a licenseagreement prior to beingable to listento or

otherwiseaccess the CD on a computer;

7) A referenceto a hyperlink or other sourcewhere consumers may obtain

anyrecoilrmended updates or patches,including, but not limited to,

securitypatches; and

8) Any other materialterms or conditions.

l5 22357424v1 5. For the first 12months of distributionof any CDs with DRM softwareintended for

installationon the hard drive, distributedafter the eflective dateof this Assurance,a suiltmary,

plain-Englishversion of the disclosuresrequired by ParagraphIII.4 aboveshall alsobe Clearly

and Conspicuouslypresented on a printed insert,of the type referredto in the as a

blow-in card.

XCP AI\D MEDIAMAX SOFTWARE

6. SONY BMG shall not manufacture,distribute, or otherwiseplace into the streamof

cornmerceCDs containingXCP software.

7. SONY BMG shall not manufactureany additionalCDs containingMedialvlar software..

8. SONY BMG shalldestroy any existingCDs containing Medialvlax software that are

cunentlyin wholesalestock.

9. SONY BMG shallcontinue,for 12 months from the dateof this Assurance,its current voluntary programof providing financial incentivesto retailersfor the return of XCP CDs.

SONY BMG shall expandthe incentiveprogram to include identicalincentives for the return of

MediaMax5.0 CDs.

10. SONY BMG shallcontinue, for at least12 months from the dateof this Assuranceoits "keyword "bannering" programof using buyso"'and on capableCDs to give consumersnotice of the known forms of securityvulnerabilities to their computersand of information consumers can obtain regardingthe protectionof their property. The "keyword buys" and "bannering"shall alsodisclose to consumersany knownloss of functionalitythat can occur following useof XCP or MediaMax CDs,including, but not limited to, the disablingof a CD-ROM drive. SONY

BMG shallconsider in goodfaith any suggestionsthe Statesmay offer concerningpossible

l6 22357424v1 adjustmentsto the specific termsof the keyword buys programand the languagedisplayed to

oonsumersin connectionwith the relevantlinks andlanding pages. SONY BMG shalladopt

proceduresto monitorand ensure that suchkeyword buys result in consumersreceiving a Clear

and Conspicuouslink on the first pageof returnedresults. The return result shall provide a

wamingof the securityvulnerabilities and direct consumers to additionalinformation on XCP

and MediaMax patchingand removal. SONY BMG shall adoptprocedures to monitor and

ensurethat bannerads function properly andprovide consumerswith a Clear and Conspicuous

warning of known forms of securitywlnerabilities andthe websiteaddress to obtain additional

information on XCP and MediaJr4a:

11. SONY BMG shallcontinue, for a periodof at leasttwo yearsfrom the EffectiveDate of

this Assurance,to provideClear and Conspicuous and easily navigable instructions on its

websitefor uninstallingXCP and MediaManand for implementingany patchthat hasbeen

distributed. The uninstall andpatching instnrctions shall be clearly written and easyto access,

follow, and perform. To the extentthat accessingthe instructionsrequires clicking on one or morehyperlinks, the first link shallbe Clearlyand Conspicuously identified on the homepageof the SONY BMG website,as shalla link to the list of affectedCDs. Onlinetechnical support shall continueto be providedto assistconsumers in the processof uninstallingor patchingthe softwareor with any relatedquestions or concems.SONY BMG shallalso continue, for a period of at leasttwo yearsfrom the dateof this Assurance,to maintainon its websitea list of the affectedXCP andMediaMa:< CDs. After the endof the two yearperiod, SONY BMG may in its discretionrelocate or removelinks from its websiteto the patch,uninstaller or list of affected

CDs. To the extentthat this paragraphor otherprovisions of this Assurancerequire SONY

t7 22357424v1 BMG to postor provideinformation via the Intemet,it shallconstitute full compliancewith this

Assuranceif the informationis providedin detailon the classaction settlement website

(www.sonybmgcdtechsettlement.com),the website of the appropriatesoftware licensor or

anotherwebsite, provided that a Clearand Conspicuouslink leadingto the information is providedon the homepageof SONY BMG's website.

DISCLOSURESTO CONSI,]MERSON CD PACKAGING

12. For any CD releasedafter the Effective Date that containsDRM software,the outer packagingmust Clearly and Conspicuously disclose, at a minimum:

A. which operatingsystems are required to play the CD or usethe DRM software;

B. the fact, if true,that to play, copy,or transferthe contentsof the CD on a

computer,DRM softwaremust be installedon the hard drive, and will require

the consumerto acceptthe termsof a EULA;

C. the numberof copies,if limited,that canbe madeof the CD; and

D. the specificcompatible file formats,if limited,to which the musicalcontent may

be convertedusing the DRM software,and the URL of the websitethat

consumerscan visit for additionalinformation about conversion to other file

formats,the DRM software,or other featuresof the CD. The identified website

will include informationregarding items (A) through(c) above,as well as,

whereapplicable, customer service contact information and information about

the specificfile formatsto which the CD audiofiles may be convertedfor

personaluse.

l8 22357424v1 If a EULA mustbe accepted,the outerCD packageshall also disclose any limitationson useof the CD if the userdeclines the EULA, andshall provide SONY BMG's websiteand tell the consumersthat they may find the full termsand conditionsof EULA on the website.

EULA TNRMS

13. SONY BMG shallnot includeany of the following termsand conditions in any EULA for DRM softwareon CDs releasedafter the Effective Datenand shall not enforcethe following termsand conditions in any existingEULA includedwith softwareon existingCDs:

A. A limit on a user'sability to transfermusic to anymedia player or portable

device,provided, however, that sucha prohibitionmay be includedin the EULA

if noticeof this restrictionis Clearlyand Conspicuously disclosed to the

consumeron the CD jewel case;

B. A prohibition on the private resale of the CD, provided, however, that SONY

BMG shall be permittedto require a consumerto deleteor destroyall copiesof

the musicalcontent prior to resaie;

C. A prohibitionagainst removing or deletingany DRM files SONY BMG placesor

will placeon the person'scomputer;

D. A requirementthat the userwaive or limit any rights or causesof action against

soNY BMG for any damagearising out of the normaland proper use of the cD;

E. A provisionallowing soNY BMG to terminatethe licenseagreement for a

person'sfailure to timely updateany music or DRM files SoNY BMG placesor

will placeon the person'scomputer; or

t9 22357424v1 F. A provisionallowing SONY BMG to terminatethe licenseagreement upon a

person'sfiling of a voluntaryor involuntarybankruptcy petition.

INSTALLATION AIID REMOVAL OF SOF'TWARE

14. All DRM softwaredistributed by SONY BMG on CDsfor installationon computers runningMicrosoft's Windows operating system shall be configuredto automaticallyappear in "AddlRemove the Program"applet in the Windows Control Panel,which shall allow a consumer to removethe softwarein its entirety. The DRM softwareshall be Clearly and Conspicuously identified as softwaredistributed by SONY BMG on a CD. All DRM softwaredisfibuted by

SONY BMG on CDs for installationon computersrunning any other operatingsystem shall be removablethrough that system'sstandard software removal process.

15. The uninstallmethods described in paragraphIII.I4 aboveshall include (a) removinga softwareprogftrm from a computer;(b) removingall files, registrykeys, and componentsthat were addedto the computerwhen suchsoftware program was initially installed;(c) removingall files, registry keys,and componentsthat were subsequentlygenerated by suchsoftware progrrm; and (d) restoringall files, registry keys, and componentsthat suchsoftware program caused to be altered,provided that (a) the uninstall processneed not eraseinformation or datastored on the computerthat is essentialto core purposesof the contentprotection, such as information regardingwhether the userhad reachedthe limit of permittedcopies of the coveredproduct prior to uninstallingthe contentprotection; and (b) the uninstall methodsshall be designedso as to removefiles andregistry entries, disable drivers or terminateprocesses to a commercially reasonablestandard, which may includeallowing the survivalof smallamounts of codeor data that do not impairthe operationof the computeror operatingsystem.

20 22357424v1 16. SONY BMG shallnot requirethat a consumeraccept and install softwareas a condition of accessingthe musiccontent of the CD on a computer,unless the requirementsof this

Assuranceare followed.

PERSONAL IDENTIFYING INFORMATION

17. SONY BMG shall not manufacture,distribute, or otherwiseplace into the streamof commerceCDs that gather,collect, or storeany personalidentifying information without the "opt-in" consumer'sexpress consent via an method. "Expressconsent" shall mean a consumerosunambiguous acknowledgment and agreement with SONY BMG's useofpersonal identi$ing informationthat is objectivelyverifiable and obtainedthrough the useof an electronicacknowledgment that requiresthe consumerto affrmatively click on a checkbox or button acknowledgingreceipt of an explanationof the use,and acceptance of the explanation. "personal For purposesof this paragraph identiSing information'oincludes a person'sname, address,telephone number, email address,or other informationdisclosing the identity of a person,and any information regardingthe CDs listenedto by an identifiableperson, or any websitesvisited on an identifiableperson's computer, but doesnot includean IP address.Prior to obtaininga consumer'sexpress consento SONY BMG shallClearly and Conspicuously discloseits privacypolicy which shallinclude all materialinformation regarding SONY BMG's collectionand use of personalidenti$ing information.

RELEASES OF ENHANCED CDS AFTER THE EFFECTIVE DATE

18. With respectto EnhancedCDs released 90 daysor laterafter the EffectiveDate, SONY

BMG mustprovide notice prior to causingeither transmission or receiptof any information acrossthe Internet. Enhancedconnectivity either may requirean affirmative act by the consumer

2l 22357424v1 (e.g.,user must click a hyperlink)or may occurin the background(e.g., CD 'opingso'theInternet wheneveruser is online). If the connectionrequires an affirmativeact, it shallbe sufficientto disclosethe optionof connectingby usingclear, simple language on-screen at the point of connection,such as a text hyperlink or a floating dialog box that would appearwhen a cursor movedover the text hyperlink. If the connectionoccurs in the background,one of two typesof noticemust be provided,with the choicebetween them at SONY BMG's discretion:either (a) a terse,plain-English notice of the fact of suchconnectivity shall be providedClearly and

Conspicuouslyon the CD packaging(e.g. "Automatic InternetConnection"), dnd in the EULA and/orother on-screendisclosures that arepresented to the userprior to the first playbackor of the CD on a computer,or (b) an on-screennotice shall be provided,in the EULA acceptanceprocess, whereby the userhas the option to declineor turn off the background

Internetconnection. Whetherthe connectionrequires an affirmative act or occursin the background,basic information aboutany collection and useof consumers'information shall be disclosed,to the extentrequired by law and consistentwith the level of disclosureordinarily foundon major consumerwebsites, in the EULA and/orin a privacypolicy. Any privacypolicy shall be readily accessibleto the consumervia an Intemet link on the on-screenuser interface or by comparablemeans. Whetherthe connectionrequires an affirmative act or occursin the background,the consumershall havethe option throughthe softwareto terminatethe Internet connectionand disallow any further connection.

LANGUAGE OX'DISCLOSURES REQUIRED By ASSURANCE

19. All disclosuresrequired in this Assuranceshall be madein Englishand shall be available in Spanishand any otherlanguage the CD is marketedin, in the sameClear and Conspicuous

22 22357424v1 manneras required above, provided, however, that outsidepackaging disclosures generally may

be in Englishonly, unlessthe CD is marketedprimarily to a non-English-speakingaudience, in

which casethe outsidepackaging disclosures may at SONY BMG's discretionbe eitherin

Englishor in Englishand in the languageof the targetaudience, provided that all of the

disclosureson a particularCD aremade in full in both languages.Disclosures made in

electronicform may alwaysbe in Englishas the primarylanguage at SONY BMG's discretion, providedthat the userhas the option to selecta diflerent language.Technical computer terminologythat doesnot readily translateinto languagesother than English may alwaysappear

in Englishonly.

SECURITY REVIEWS

20. SONY BMG shallobtain an assessmentand report ("Assessment") from a qualified, objective,independent, third-party professional, using procedures and standards generally accepedin the computersecurity profession, within onehundred and eighty (180) days after the signing of the Assurance,and annuallythereafter for the next (5) years,that:

A. confirms that, as to any CD with DRM softwarereleased during the period under

review,prior to the releaseSONY BMG obtainedreasonable assurances from an

independentoutside expert that the softwarewould not in ordinary usecreate

any securityvulnerability on consumers'computers;

B. setsforth any specificadministrative, technical, and physicalsafeguards that

SONY BMG hasimplemented and maintained during the reportingperiod to

protectthe securityand integrity of computersand systemswith which any

DRM-protectedCDs distributed by SONY BMG interact;

23 22357424v1 C. confirmsthat a'oprivacyaudit," similar in scopeto the oneavailable on SONY

BMG's websiteas of the dateof this Assurance,has been performed within the

precedingyear, and summarizesthe findings and any recommendationsof that

audit;

D. explainshow the safeguardsthat have been implemented meet or exceedthe

protectionsrequired by this Assurance;

E. certifiesthat SONY BMG's securityprogram is operatingwith sufficient

effectivenessto providereasonable assurance that the security,confidentiality,

and integrity of personalinformation is protectedand, for annualreports, has so

operatedthroughout the reportingperiod;

F. identifiesall non-DRMsoftware that has been distributed on SONY BMG CDs

during the reportingperiod and,for any softwareprogfttm that requires

installationon a computer'shard drive in orderfor the userto accessthe music

files on the CD, describesthe natureand function of the software,ensures that

suchsoftware complies with the samerequirements that are imposedon DRM

softwareby this Assurance;and

G. identifiesby nameand title the individual at SONY BMG responsiblefor

receivingand reviewing the Assessmentand for coordinatingSONY BMG's

softwaresecurity efforts on matterscovered by this Assurance.

21. EachAssessment shall be preparedby a personqualified as a CertifiedInformation

SystemSecurity Professional (CISSP) or asa CertifiedInformation Systems Auditor (CISA),or a personholding Global Information Assurance Certification (GIAC) from the SysAdmin,Audit,

24 22357424v1 Network,Security (SANS) Institute. SONY BMG shallprovide the Assessmentsupon request to any signatoryto this Assurance.Any of the firms previouslyretained by SONY BMG as

expertsin this matterare acceptable to the Statesfor the performanceof the Assessments.

NOTICE OF SECURITY FLAWS

22. SONY BMG shallnoti$ consumersof all securityflaws in DRM softwarecovered by this Assurancethat causeany material securityrisk or materialpotential for damageto consumers'computers, including materialvulnerability to virusesor ,damage to dataor file integrity. Noticemust be providedin the mostexpedient time possibleand without unreasonabledelay. Notice may be delayed(1) if law enforcementdetermines that notification impedesa criminal investigation,or (2) to determinethe scopeof the flaw and take reasonable

t stepsto prepareand distribute a patchor otherwiserestore the integrity of the DRM software. At a minimum,notice shall be madeby (l) emailif SONY BMG hasan emailaddress for the subjectpersons; (2) conspicuousposting of the noticeon SONY BMG's consumerwebsite; (3) bannerads to all enhancedCDs that both containthe flaw and havebanner functions; and (a) notificationto majorcomputer security providers. Notwithstanding any provision of this paragraphor this Assurance,SONY BMG may reasonablyconclude, by referenceto computer securityindustry nonns, that a particular flaw in DRM softwareis not material andthus doesnot requiredisclosure or patching.

FUTURE TESTING OF DRM SOFTWARE

23. SONY BMG shalladopt and implement policies and procedures to fully examineand test futureDRM softwarefor securitywlnerabilities, as well ascompliance with this Assurance.

Thesepolicies and procedures shall include,at a minimum:

25 22357424v1 A. SONY BMG shall retain an independent,third-party expertto test any future

DRM softwarefor securityflaws, compatibility conflicts, unauthorized

installations,or otherbehavior in conflict with this Assurance,prior to

manufacturingCDs with the software;

B. Promptlyupon leaming of any crediblereport of a securityrisk or otherharm

causedby SONY BMG's DRM software,SONY BMG shallpromptly perform its

own testsand/or submit the DRM to an independentthird party expertfor further

testing;

C. If testingconfirms any potential material security risk or otherharm, SONY

BMG shall take or causethe softwarevendor to take immediateremedial action

to correct,fix, or patch,the DRM softwareas well asto notiff consumersof the

risks associatedwith the DRM software,pursuant to the notice requirements

above;and

D. SONY BMG shallmaintain copies of all resultsfrom DRM testingfor at least

three(3) years,and shall, upon request of the States,provide copies of those

resultsto the AttorneysGeneral.

IV. REX'UNDS l. SONY BMG shallcontinue to providethe sameconsumer incentives required by the court-approved,nationwide class action settlement, In re SONY BMG CD Technologies

Litigation,No. 05 CV 9575(NRBXS.D.N.Y.) (May 24,2006)("Class Action"), throughJune

30,2007,for anyconsumer who retumsan XCP or MediaMa<5.0 CD, providedthat the person hasnot alreadyobtained relief for that CD. In providingsuch incentives, SONY BMG shallnot

26 22357424v1 be requiredto usethe sameadminishator as establishedin the ClassAction and may administer the incentivedistribution internally.

2. For a periodof 180days following the EffectiveDate of this Assurance,SONY BMG

shallprovide restitution to consumerswho usedXCP CDs in their computerand experienced the disablingof his or her CD-ROM drive. At the requestof any consumerwho purchaseda SONY

BMG CD containingXCP or MediaJr,Ia,rand experienced such damage, and who residesin one of the participatingStates, SONY BMG shallrefund the consumerthe greaterof $25.00or actual out-of-pocketexpenses to repairor replacehis or her computerup to a maximumof $175.00.

Any claim for compensationmust be submittedon a form, to be madeavailable on SONY

BMG's websiteand subject to the approvalof the States.The form whensubmitted must (i) be swornto underpenalty of perjury (providedthat notarizationwill not be required),(ii) be accompaniedby proof of purchaseof XCP (whichmay be in the form of a receipt,UPC code, evidencethat proof of purchasewas accepted in the ClassAction, or any othercredible evidence of suchpurchase), (iii) be accompaniedby documentationof out-of-pocketrepair expense if seekinggreater than $25.00, (iv) includea crediblebasic description of the natureof the harm allegedlycaused by the installation(provided that technicaldetail will not be required)and approximatelywhen the harm occurred,(v) requirethe consumerto certiS that no previous claim for restitutionhas been made as to the szrmecomputer, and (vi) grant a completerelease to

SONY BMG, includingits affiliates,for the specificdamage caused by suchCDs andfor which compensationis to be given. SONY BMG may,in its discretion,accept or rejectany claim for compensationthat fails to meetall of requirements(i) through(vi) above,including where the allegedharm described is contraryto the knownharm examined by SONY BMG's experts.

27 22357424v1 Copiesof any rejectionsshall be providedto the States.SONY BMG shallpublicize this claims

processon its websiteand via continuedbannering and keywordbuys as describedin Paragraph

l0 above.

3. SONY BMG shallconfirm that its expert(s)have investigated fully andidentified any

otherpossible damage that couldoccur to a consumer'scomputer based upon the installationof

XCP or Medialvlax.If the expertdetermines that otherpossible damage may occur,i.e., other

than the disablingof a CD-ROM drive dueto the applicationof third-party antivirus softwaren

SONY BMG shall provide restitutionto suchconsumers for any suchdamage on the sameterms describedabove.

V. PAYMENT

SONY BMG shallpay to the states84.25 million for attomeys'fees and investigative costs, consumereducation, litigation, enforcement, or local consumeraid funds;public protection funds; or consumerprotection pqposes as allowed by eachState at the discretionof eachState

Attorney General.6This paymentshall be madeto the Commonwealthof Massachusettsand providedto the MassachusettsAttomey General no laterthan by January4,2007. The

MassachusettsAttorney Generalwill hold the paymentfor the States,and shall promptly distributepayments to the Statesconsistent with an agreementamong the Statesfor the usesset forth in this paragraph.

u The paymentto the Commonwealthof Massachusettsshall be depositedinto the Local ConsumerAid Fund,pursuant to G.L. c. 12,$ 1lG.

28 22357424v1 VI. RELEASE

By executionofthis Assurance,each State that is apafi to this Assurancereleases SONY

BMG, all of its pastand present subsidiaries, affiliates, predecessors and successors (collectively "Released referredto as Parties")from all civil claims,causes of action,damages, fines, costs

andpenalties under the States'consumer protection stafutes, arising from any security-or disclosure-relatedconduct that is the subjectof this Assurance,as identifiedin SectionsI andIII of this Assurance,and occurringprior to the Effective Date of this Assurance.

VII. GENERAL PROVISIONS

l. This Assuranceshall be governedby the lawsof the States.Nothing in this Assruance shall be deemedto permit or authorizeany violation of the laws of any Stateor otherwisebe construedto relieveSONY BMG of any duty to complywith the applicablelaws, rules and regulationsof any State,nor shall anythingin this Assurancebe deemedto constitutepermission to engagein any actsor practicesprohibited by theselaws, rules or regulations.

2. Nothing in this Assuranceshall be construedto authorizeor requireany action by SONy

BMG in violationof applicablefederal, state or otherlaws. SONY BMG agreesthat this

Assuranceconstitutes an obligationof SONY BMG, legally enforceableby the Statesin accordancewith its terms.

3. This Assuranceshall be effectiveon the datethat it is executedby all parties("Effective

Date") and SONY BMG shall haveninety daysfrom the Effective Date to implementthe permanentinjunctive termscontained herein.

4. Therespective Attorneys General, without further notice, may makeapplication to any appropriatestate court for an order approvingthis Assurance,which shall be consideredan

29 22357424v1 Assuranceof VoluntaryCompliance or an Assuranceof Discontinuanceas provided by the

States'respective laws, or otherwisefile this Assurancein any appropriatestate court. In the

eventof any court filing of any kind by an Attorney Generalpursuant to this paragraph,the

respectiveAttorney Generalshall give contemporaneousnotice to SONY BMG, eitherby formal

serviceof processor by informaldelivery of the papersto SONY BMG or its counsel.

5. Nothing in this Assuranceshall be construedas a waiver of any private rights of any

person.

6. This Assurancedoes not constitutean approvalby the Statesof any of SONY BMG's

products,practices, or pastconduct, and SONY BMG will not makeany representation to the

contrary. Conversely,nothing in this Assurancewill be deemedto be an admissionby SONY

BMG of any wrongdoingor any kind or nature.

7. Notices,Compliance Reports, and other correspondence to SONY BMG or the Statesas requiredby this Assurancewill, unlessnotified otherwise,be providedto the partiesat their

addresseslisted in the signatureblocks below.

8. The undersignedrepresentative for eachparfy certifies that he or sheis fully authoized by the party he or sherepresents to enterinto the termsand conditionsof this Assuranceand to legallybind theparty he or sherepresents to the Assurance.

9. In the eventany law or regulationis enactedor adoptedby the federalgovernment or by any of the Stateswhich is inconsistentwith the termsof this Assurance,so that SONY BMG cannotcomply with both the statuteor regulationand the termsof this Assurance,the requirementsof the law or regulation,to the extentof the inconsistencyand after written notice

30 22357424v1 by SONY BMG, shallreplace any provision contained in this Assuranceso that compliancewith

the law or regulationshall be deemedcompliance in thesejurisdictions with this Assurance.

10. Uponthe writtenrequest of any State,SONY BMG agreesto providebusiness records or

documentsand sworntestimony suffrcient to enablethe Statesto monitor compliancewith this

Assurance,and to makeany requestedinformation availablewithin thirty days(30) of the

request,at the Office of the requestingAttorney Generalor at any other location that is mutually

agreeablein witing to SONY BMG andthe Attorney Generalof the State. This sectionshall in

no way limit the State'sright to obtain documents,information, or testimonypursuant to any

federalor statelaw, regulation,or rule.

31 22357424v1 T We the undersigned,who havethe authorityto consentand sign on behalfof the partiesin this matter,consent to the form andcontent of this Assuranceand to its entry:

Signedthis 20th day of December2006.

SONY Music Entertainment

By: DanielM. Mandil ExecutiveVice Presidentand Global General Counsel

32 22357424v1 In the Matter of:

SONY BMG Music Entertainment.

Respondent.

Decernber21,2006

Deputy Attomey General ConsumerFraud Prosecution Section

l24Halsey Street- 5'hFloor PostOffice Box 45029 Newark,New Jersey07101 (973)648-4s84

33