The Sony BMG copy protection rootkit scandal was a 2005 scandal resulting from Sony BMG's implementation of copy protection measures on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and "phone home" with reports on the user's private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.
Sony BMG initially denied that the rootkits were harmful. It then released, for one of the programs, an "uninstaller" that only un-hid the program, installed additional software that could not be easily removed, collected an email address from the user, and introduced further security vulnerabilities.