The state of Texas sued Sony BMG Music Entertainment on Monday for allegedly installing spyware through its copyright protection software on music CDS, making it the first state to bring legal action against the music giant in the month-old controversy.

This is the third lawsuit that Sony faces over the issue, but the first action brought by a government agency.

Separately, the Electronic Frontier Foundation, a nonprofit organization that works on protecting digital rights, also filed suit against the music company on Monday. A class-action suit was filed by consumers in California last week.

The Texas lawsuit alleges New York-based Sony BMG violated a recently passed Texas law, the Consumer Protection Against Computer Spyware Act of 2005, that protects consumers from hidden spyware. The state’s attorney general’s office is seeking civil penalties of $100,000 for each violation of the law, attorneys’ fees, and investigative costs.

“Sony has engaged in a technological version of cloak-and-dagger deceit against consumers by hiding secret files on their computers,” said Greg Abbott, attorney general for Texas. “Consumers who purchased a Sony CD thought they were buying music. Instead, they received spyware that can damage a computer, subject it to viruses, and expose the consumer to possible identity crime.”

The EFF alleged Sony has “failed entirely” to respond to concerns not just about its XCP software but also another antipiracy tool, MediaMax, that the company uses. EFF has said that MediaMax affects over 20 million CDs—10 times the number of CDs that carry the XCP software.

"Consumers have a right to listen to the music they have purchased in private, without record companies spying on their listening habits with surreptitiously installed programs," said Kurt Opsahl, staff attorney for EFF.

"Between the privacy invasions and computer security issues inherent in these technologies, companies should consider whether the damage done to consumer trust and their own public image is worth its scant protection," he said.

EFF’s suit will be filed in the Los Angeles County Superior Court. Two law firms known for their roles in class-action cases—Green Welling, and Lerach, Coughlin, Stoia, Geller, Rudman, & Robbins—have joined EFF in the case.

Sony BMG is also facing another class-action suit.On November 1, consumers in California filed suit alleging the music giant failed to disclose the digital rights management system it has on its CDs (see Sony Spyware Draws Lawsuits).

Sony BMG, which is a joint venture between Sony and Gutersloh, Germany-based Bertelsmann, didn’t return phone calls from RedHerring.com seeking comment on the suits.

Sony’s woes began when security specialists discovered that its CDs used XCP technology that automatically installs files on Windows-based personal computers to protect copyrights (see Sony CDs Install Spyware: Firm).

The files could cause users’ computers to become vulnerable to computer viruses and other forms of attack, said Texas officials.

Outcry Prompts Recall

Sony distributed the technology on 52 CDs by various artists that had been on sale for nearly eight months. After an outcry by critics, Sony recalled the CDs (see Sony BMG swears Off Spyware).

However, the attorney general’s investigators said they were able to purchase numerous titles at Austin retail stores as recently as Sunday evening.

Sony BMG has said its XCP technology merely prevents unlimited copying, and does not gather personal information about a computer user. However, the attorney general’s investigation claimed the technology remains hidden and active at all times after installation, even when Sony’s media player is inactive, prompting concerns about its true purpose.The Texas suit alleges a phantom file is installed to conceal the XCP files from the user, thus making it difficult for the user to remove the files from a computer.

“They [Sony] didn’t think they were evil, they were just protecting their IP and they got caught up in the market,” said Ted Schadler, analyst with Forrester Research. “But now the tar brush of viruses is painting Sony BMG black.”

Mr. Schadler said the lawsuits and the hoopla over the CDs will have huge implications for the management of digital copyrights. Companies will have to look at alternate approaches for digital copy protection.

“This whole thing puts back CD copy protection a long way,” said Mr. Schadler.