Slashdot Mirror
Sony Files Lawsuit Against PS3 Hacker GeoHot
Kayot writes "George Hotz, or, as he is known on the internet, GeoHot, has been served court papers. Shorty after Team fail0verflow discovered faults in the PS3's TPMs, Geohot and others figured out how to extract the long sought after holy grail encryption keys. Apparently Sony is not pleased and is very keen on defending their poorly defended system with the US legal system. The basis is that GeoHot released programs that allow the signing of homebrew which can be used to make PSN-like games out of normal PS3 games. However GeoHot has never supported any form of piracy and in fact has taken a constant stance against it."
Sue that information right off the Internet! It'll work, we promise.
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
You should be sure to take down any keys which appear on popular social networking sites.
I mean it worked brilliant with 09 F9
Sony: They're fucking clown shoes. If they were real, I'd beat the shit out of them for being so stupid. I can't believe the US legal system would have anything to do with this shit. I, for one, will be boycotting Sony. Who's with me?
I've got some photographs, I'd like to show them to you. Though you don't know the girls You'll recognise the view..
Again, the "enabling" provision of the DMCA pops up. It's like these lawyers have never heard of the phrase "necessary but not sufficient." Yes, GeoHot's tools can be used to enable piracy, but they're not enough on their own. You also need a computer. Maybe Sony should sue computer makers for contributing to the problem. Regardless, the lawsuit is over so far. They weren't seeking damages, just a restraining order over the information. GeoHot decided to put the information back up on his site, so we'll see what happens there.
I am scientifically inaccurate.
A lawsuit was pretty much inevitable; Sony needs to show its shareholders that it's doing something. To be honest, I find it hard to imagine that they won't succeed in making Mr. Hotz's life very... expensive indeed. Of course, with the cat now well and truly out of the bag on PS3 security, anything they do now can't really be more than a mixture of revenge and deterrence.
The real question for Sony (and other console developers) is how they pitch the longer term response to this. With hindsight, it now appears that the long-legendary PS3 security set-up wasn't so stellar after all. Prior to Sony's removal of OtherOS, there were only tiny cracks in the wall and Sony could reasonably have expected it to last several more years. Following the removal of OtherOS, the demolition of Sony's safeguards was swift and ruthless.
One possible inference, therefore, is that Sony's decision to grant PS3 users a "walled garden" in which they could - to some extent - do what they wanted with the system was what really provided the PS3 with its 5-year immunity from piracy. The commercially-minded piracy people, and the bored teenagers who wanted to play pirated games, just weren't good enough to break a console's security (even if major flaws did exist) and the people who were good enough; they weren't interested, as they could already do what they wanted with the system.
If I were Nintendo, Sony or Microsoft, I would now be urgently investigating the possibility of incorporating a similar "walled garden" OtherOS equivalent into my next generation hardware. Yes, the numbers who might actually use it would probably be small - and yes, said users aren't worth much commercially as they probably don't buy many games, but 5 years of no piracy on the system is a pretty big payback.
The DMCA makes it illegal, in the USA, to circumvent copy-prevention mechanisms on a device, or to remove copy-prevention from a piece of media, or to distribute equipment to do the same. There are a few enumerated exceptions. Initially, this meant encryption researchers could perform this work with the explicit consent of the manufacturer on the condition that they immediately inform the manufacturer if they are successful. There are now a few fair-use and accessibility provisions too. None of those apply in this case.
In simple terms, it's illegal because they passed a new law to make it illegal.
No kidding!!! What do you say at this point?
Leave it to a MegaCorp to do the wrong thing.
Dear Sony, All you are doing is now causing this information, that you want kept secret, to become mainstream news. Remember DeCSS? It was a minor thing until the Last batch of idiots sued the guy and it became wide spread and copied 800,000 times overnight.
So I suggest you hire some competent people to run your legal department, as they really do not know what that are doing.
Do not look at laser with remaining good eye.
From all that I have read and followed the ONLY reason it has not been cracked earlier was because OtherOS existed and removed the need to crack it from those that actually had the skill to do so. The second they removed "OtherOS" they gave a huge number of experts a reason to crack it.
Sony did it to themselves.
Do not look at laser with remaining good eye.
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
Sorry Sony, don't know how that happened. My cat jumped on the keyboard.
What's interesting if you read the complaint is that some of it is predicated on enforcing the EULA that's presented when logging into PSN and when downloading firmware updates. Have these ever been tested before in US courts?
If you're playing a FPS on a console, then everytime you get shot you are the victim of an aimbot.
I stand by my earlier comments. Sony must either enable homebrew or it will be enabled later without their consent. This is not difficult:
First, make a homebrew/hobby developer package and sell it. The SDK and hardware provided ABSOLUTELY MUST be absolutely identical in every way to that supplied to commercial developers. Pricing should be high enough to make a direct profit (Since there will be fewer games sold for these units), but low enough to be obtainable. Say, $1500-2500 or so. There should be no software support entitlement (to control costs), and a non-disclosure agreement on any proprietary technologies in the SDK.
Second, make a homebrew/hobby version of the PSN. There is already a developer version of the PSN, and this would ensure that everyone stays separated. Access to the homebew/hobby PSN must be conditioned upon acceptance of the non-disclosure agreement. Then create some message boards or forums in the PSN. This would enable the hobby/homebrew programmers to communicate with and support one another while being assured they are in compliance with the NDA. Consider allowing commercial developers access to the hobby/homebrew PSN as well, so if we find anything interesting they get access to it too.
The third item is the only item that is really new. There should be some sort of release mechanism where games can be released from the homebrew/hobby community to the rest of the world running retail hardware. This shouldn't be free - Sony needs to pay their bills, and it would discourage releasing crap that sucks. Homebrew releases should be prevented from generating profit for the programmer, to keep commercial developers from using the homebrew SDK as a cheap substitute for the commercial SDK. The homebrew developer would pay Sony's QA costs, and once the QA passes, the release is cryptographically signed and becomes a free item in the PSN online store. If the game has serious commercial potential, perhaps an agreement could be made between Sony and the programmer for a full commercial release, with Sony keeping the majority of the proceeds. This is so there is an incentive for upgrading from the homebrew SDK to the commercial SDK if you are interested in making a profit.
It is of EXCEEDINGLY VITAL importance that the only difference between a commercial SDK and homebrew SDK be the software support entitlement and ability to generate a profit.
If there are ANY technical limitations in the homebrew SDK that are not present in the commercial SDK, people will be motivated to jailbreak, and we will have the present situation all over again.
As long is there is no reason to jailbreak the machine other than piracy, everyone wins. (Except the pirates, and nobody important cares about them.)
In addition, the presence and popularity of this homebrew/hobby SDK would also give Sony more credibility when prosecuting pirates.
Because of the removal of the "OtherOS" option, Geohot can claim he was just restoring functionality that people were already licenced to have. It can be circumvention, if its restoring a feature you paid for. He could claim he was repairing the system.
This is going to throw a serious kink into the case, something that Sony has never had to deal with before in court. They may not even want to see it get to court.
Anyone who is a serious enough PC gamer to look down on consoles should be experienced enough to know that the "aim-assist" console gamers get and an "aim-bot" are two incredibly different animals.
So... "Aim-assist" locks on to targets for you, so you don't have to aim, and an "aim-bot" does the same thing...
I don't think they are different animals at all. An aim-bot doesn't require any aiming at all, and aim assist requires you to point your weapon in the general direction of the enemy.
It's the difference between having a machine aim for you, and having a machine aim for you after you aim in the enemy's general direction... Not so much a difference at all considering that any console playing noob can aim in your general direction to enable their "aim-bot". So, basically, it's the same thing.
Once you reach a certain level of skill the aim-assisting aim-bot will actually hinder your aim. It's hard to compensate for lag or projectile travel time when a game changes my aim for me. Additionally, most console games do not let you disable the auto-aim.
Case and point: I'm trying to shoot the strategic target -- an enemy that is carrying a more lethal weapon than the enemy that just charged past him brandishing a knife. The auto-aim decides that I would rather shoot the closer yet harmless moron that is almost in my sights than the enemy sniper that actually is in my sights, thus throwing off my aim by locking onto the less lethal target, and I'm killed by the sniper. The knifer continues to charge towards my dead body exclaiming, "Tea Bag Time, Biach!" and is killed by the trip mine that was protecting my position... WTF is the purpose of securing my position or keeping my cool and choosing the strategic target if the Auto-Aim-Bot won't let me aim where I want?
Auto-aim is why I don't enjoy console FPS games -- that, and the inability to configure my controls the way I want them.
George Hotz's work has been mirrored by Carnegie Mellon professor David Touretzky, known for his excellent work towards freedom of speech on the Internet through his publication of The Secrets of Scientology. Dave Touretzky has repeatedly shown himself willing to accept whatever the MAFIAA et al will throw at him.
"The Highlander Defense!"
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
And I'm tired of people not bothering to read up on anything before commenting on it. The hacks that Geohot and the fail0verflow team performed were done on a similar timeframe to hacking the Wii/360, i.e. 12 months max. The reason it didn't show up for 4 years was because nobody was trying very hard, thanks to the Other OS feature allowing you to run your own code out of the box. The fail0verflow team very clearly made this point during their CCC presentation, which is in the link to their original story in the summary.
I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
Actually, Sony had announced they were removing OtherOS from the slim in August/September '09.
It angered hackers who didn't see why it needed to be removed, since it added no extra cost (as a software feature) to the console. In fact, it was only present on the "Fat" PS3 consoles when GeoHot announced his memory glitch exploit.
Another interesting fact in all of this is that GeoHot **HAD** the master key from that exploit. He didn't reveal it and pretty much left the scene at that point, only to return in full force when the Failoverflow guys made their big splash at the CCC over Christmas break.
I have some suspicions about some goings on behind the scene, but I'd prefer not to voice them and give Sony hearsay evidence of questionable veracity; nonetheless, GeoHot's exploit did allow hackers more access to the inner workings of the system. The release of the Jailbreak Exploit gave an unprecedented level of access to hackers, who were free to explore and map syscalls deep into the hypervisor. The Jailbreak dongle was a fairly clever combination of an entirely new exploit accessable with Sony's Service Jig mode. It is reasonable to assume, though not for sure, that GeoHot's exploit allowed the Jailbreak engineers to find that exploit.
GeoHot's stand against piracy is well known in the scene, and for Sony to pursue him like this is a bit ridiculous, but I expected this from the moment I first saw the CCC vids and the keys started getting published. Sony is no longer run by "hardware guys" - it's run by the people who came up from the ranks of the movie and recording industry arms of Sony. Their mindset is to sue first, ask questions later. Their case against George Hotz is full of holes that nay competent defense lawyer will drive bulldozers through and clean up.
Not to mention this is going before Judge Seeborg, previously heard of in these circles for his Facebook case - where the little guy won against the big guy. If he understands the technical issues at hand (as he seems to), and isn't bought off by Sony (which they WILL try and do), Sony doesn't stand a chance.
I am not a lawyer (yet... hopefully next week, though,) so this isn't legal advice as much as a deconstruction of their complaint. In terms of mistakes, their first mistake was to sue the members of fail0verflow. It's true that one of them lives in the US, but three of them live in Europe, where the courts are extremely protective of their own citizens. They're gonna have problems with the fact they are trying to sue them under the DMCA (not applicable in Europe), service of process (to serve process on them will literally take months, and if they mess it up, the foreign court could ignore the judgment), proper forum (they say that the EU members have signed a TOS with SCEA, when logic would dictate, seeing as they live in Europe, that they signed one with SCEE, and so they should technically be sued in London or somewhere like that), and personal jurisdiction. They also have to contend with the DMCA exceptions.
The first claim for relief involves the DMCA, which I never studied in law school, and so I'll defer to people who actually know that to explain why that claim wouldn't work. The second claim is where things start to slide into the realm of insanity. The Computer Fraud and Abuse Act was a law designed to make it illegal to break into systems that the person DOESN'T OWN. Breaking into your own system (just like breaking into own house), is not supposed to be illegal. So, the only way that this claim would work is if Sony had an ownership interest in the PS3 that they sold you. The fourth claim is rather similar, just based on California state law. The seventh claim for relief is where they go into some strange parallel universe. There, they claim trespass. Trespass is when you invade someone else's property. But how could it be their "property" when they sold you the system? After all, the UCC's implied warranty of title gives any good-faith purchaser for value a clean title to the goods they have purchased. They did access the system, but they bought the system. This means that once you buy the system, you own what's in the system. Well, not everything, mind you, seeing as Sony still owns the actual copyright to the software on the system, but you get the point. What they are essentially claiming here is that the EULA that they require to sign before using your PS3 gives them back an ownership interest in the system sufficient for them to be able to raise trespass claims.
Normally, this kind of thing is dealt with through an EULA (meaning, hacking is a breach of contract), but here they seems to be claiming that the EULA grants them an actual ownership interest in what they sold you. If they were to get relief on those claims, what's to stop others from including contracts included with what they sell you from saying that to use what they have sold you, that you must acknowledge them as the owner of what they just sold you? I dunno, this just seems like another chink in the very concept of private property. Oh well, discuss.
Here's a real-world analogy to the world as Sony sees it:
Sony will sell you an automobile, however, you are only licensed to drive it on certain roads. In the future Sony will sell you new Road Packs at an additional charge. You may not purchase road non-Sony approved Road Packs. Also you are not allowed to modify the engine, tires, or any other aspect of your car except with Sony Authorized Replacement Parts at Sony Service Centers. Sony may, at its discretion, provide new engine firmware with proffered "improvements" along the way which you must accept or lose access to all Sony service. They may also download additional restrictions to disable your car if you attempt to drive on unapproved roads. Finally, although your car was originally certified for off-road driving and you may have purchased it in part based on that ability not offered by other cars, that ability has now suddenly been removed with no compensation for this loss by Sony. Now have nice day or we'll sue your pants off.
Would you buy that car? Would you feel bound to those terms after you "owned" that car?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They have not sued either George Hotz or Fail0verflow members. What they have done is file a motion for a TRO -- a Temporary Restraining Order -- which means most of the comments here are way off point and off target. None of the claims are things that will necessarily be added to a lawsuit, rather it's the kitchen sink approach, which is the standard MO for almost any legal accusations. In the event of an actual lawsuit, Sony will likely pick and choose its charges a bit more carefully to prevent anything from being potentially invalidated, including its EULA and/or the DMCA.
Here's what I'm wondering:
1) What is the function of a restraining order, and should they be used to allow companies to gag the public ex post facto? The damage has already been done here, and nothing George Hotz will do in the future will make it any worse than it is right now. While he *could* release a Custom Firmware (CFW) that enabled wholesale piracy, his first release deliberately excluded the requisite system calls. Further, he's stated that he won't facilitate piracy , and there's no reason to believe he actually will. IMO, this is a frivilous request, which makes it an abuse of the court.
2) Will Sony actually sue George Hotz, or anyone else? I think that's extremely doubtful. The case they have is extremely tenuous. First, the system has been unlocked, but nobody has actually created a circumvention device (other than the unrelated "PS Jailbreak" USB sticks) to allow piracy, which makes all of this one step removed. Second, it could be a public relations problem if a giant corporation seen to be abusive. Third, actually bringing this case to court could, as described above, put their EULA and the DMCA in jeopardy. Are software-based circumvention devices free speech? What about "homebrew" software, which is all that these efforts have allowed so far? I don't think Sony really wants these questions answered. What they want is to use intimidation tactics to try to frighten people into compliance.
https://www.eff.org/https-everywhere
So, the response is as expected: "This lawsuit is stupid", "Sony caused this to themselves", "They are an evil megacorp and should be hated"
What is Sony supposed to do?
Congratulate him? Send him a cake? Thank him for unlocking to true potential of their property? Obviously those ideas do not make money, which if memory serves, is the point of businesses. Suing seems very logical in my opinion, if you owned a company you would want to protect your interests too.
Geohot did nothing wrong, all he did was alter HIS hardware. This fact in my opinion should be and I believe is legal. The problem is that he shared it with the world. A proper analogy would be buying a gun, leaving it in a public area. Later that day someone is killed with the misplaced gun. Is the person that bought the gun liable? Yes, that is called gross negligence. While he may be against piracy he has enabled the world to do as such. If he was sued for each individual instance that his code was found on an offending system then so be it, he didn't commit the crime but he enabled it.
I'm tired of people expecting the ability to play hacked games is a right, its not. So for every one of you that says I want to run legal home brews, there are 100s of people who want the ability to play hacked games. I'm one of those weirdos who think people should be paid for the art they produce.
Finally, you all have the ability to never buy another Sony product ever again, and that is the most powerful weapon you have, because a corporation cannot survive without people purchasing their goods.
http://www.groklaw.net/pdf2/SonyvHotz-19.pdf
Geohot's fighting back.