Slashdot Mirror
Sony Files Lawsuit Against PS3 Hacker GeoHot
Kayot writes "George Hotz, or, as he is known on the internet, GeoHot, has been served court papers. Shorty after Team fail0verflow discovered faults in the PS3's TPMs, Geohot and others figured out how to extract the long sought after holy grail encryption keys. Apparently Sony is not pleased and is very keen on defending their poorly defended system with the US legal system. The basis is that GeoHot released programs that allow the signing of homebrew which can be used to make PSN-like games out of normal PS3 games. However GeoHot has never supported any form of piracy and in fact has taken a constant stance against it."
Sue that information right off the Internet! It'll work, we promise.
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
Again, the "enabling" provision of the DMCA pops up. It's like these lawyers have never heard of the phrase "necessary but not sufficient." Yes, GeoHot's tools can be used to enable piracy, but they're not enough on their own. You also need a computer. Maybe Sony should sue computer makers for contributing to the problem. Regardless, the lawsuit is over so far. They weren't seeking damages, just a restraining order over the information. GeoHot decided to put the information back up on his site, so we'll see what happens there.
I am scientifically inaccurate.
Do you post as "magnoliafan" on moviepoopshoot.com?
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
A lawsuit was pretty much inevitable; Sony needs to show its shareholders that it's doing something. To be honest, I find it hard to imagine that they won't succeed in making Mr. Hotz's life very... expensive indeed. Of course, with the cat now well and truly out of the bag on PS3 security, anything they do now can't really be more than a mixture of revenge and deterrence.
The real question for Sony (and other console developers) is how they pitch the longer term response to this. With hindsight, it now appears that the long-legendary PS3 security set-up wasn't so stellar after all. Prior to Sony's removal of OtherOS, there were only tiny cracks in the wall and Sony could reasonably have expected it to last several more years. Following the removal of OtherOS, the demolition of Sony's safeguards was swift and ruthless.
One possible inference, therefore, is that Sony's decision to grant PS3 users a "walled garden" in which they could - to some extent - do what they wanted with the system was what really provided the PS3 with its 5-year immunity from piracy. The commercially-minded piracy people, and the bored teenagers who wanted to play pirated games, just weren't good enough to break a console's security (even if major flaws did exist) and the people who were good enough; they weren't interested, as they could already do what they wanted with the system.
If I were Nintendo, Sony or Microsoft, I would now be urgently investigating the possibility of incorporating a similar "walled garden" OtherOS equivalent into my next generation hardware. Yes, the numbers who might actually use it would probably be small - and yes, said users aren't worth much commercially as they probably don't buy many games, but 5 years of no piracy on the system is a pretty big payback.
The DMCA makes it illegal, in the USA, to circumvent copy-prevention mechanisms on a device, or to remove copy-prevention from a piece of media, or to distribute equipment to do the same. There are a few enumerated exceptions. Initially, this meant encryption researchers could perform this work with the explicit consent of the manufacturer on the condition that they immediately inform the manufacturer if they are successful. There are now a few fair-use and accessibility provisions too. None of those apply in this case.
In simple terms, it's illegal because they passed a new law to make it illegal.
No kidding!!! What do you say at this point?
Leave it to a MegaCorp to do the wrong thing.
Dear Sony, All you are doing is now causing this information, that you want kept secret, to become mainstream news. Remember DeCSS? It was a minor thing until the Last batch of idiots sued the guy and it became wide spread and copied 800,000 times overnight.
So I suggest you hire some competent people to run your legal department, as they really do not know what that are doing.
Do not look at laser with remaining good eye.
From all that I have read and followed the ONLY reason it has not been cracked earlier was because OtherOS existed and removed the need to crack it from those that actually had the skill to do so. The second they removed "OtherOS" they gave a huge number of experts a reason to crack it.
Sony did it to themselves.
Do not look at laser with remaining good eye.
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
Sorry Sony, don't know how that happened. My cat jumped on the keyboard.
I tried to boycott Sony, but they haven't actually made anything I want for quite a while, so now I'm just passively not buying anything from them.
I am TheRaven on Soylent News
What's interesting if you read the complaint is that some of it is predicated on enforcing the EULA that's presented when logging into PSN and when downloading firmware updates. Have these ever been tested before in US courts?
I stand by my earlier comments. Sony must either enable homebrew or it will be enabled later without their consent. This is not difficult:
First, make a homebrew/hobby developer package and sell it. The SDK and hardware provided ABSOLUTELY MUST be absolutely identical in every way to that supplied to commercial developers. Pricing should be high enough to make a direct profit (Since there will be fewer games sold for these units), but low enough to be obtainable. Say, $1500-2500 or so. There should be no software support entitlement (to control costs), and a non-disclosure agreement on any proprietary technologies in the SDK.
Second, make a homebrew/hobby version of the PSN. There is already a developer version of the PSN, and this would ensure that everyone stays separated. Access to the homebew/hobby PSN must be conditioned upon acceptance of the non-disclosure agreement. Then create some message boards or forums in the PSN. This would enable the hobby/homebrew programmers to communicate with and support one another while being assured they are in compliance with the NDA. Consider allowing commercial developers access to the hobby/homebrew PSN as well, so if we find anything interesting they get access to it too.
The third item is the only item that is really new. There should be some sort of release mechanism where games can be released from the homebrew/hobby community to the rest of the world running retail hardware. This shouldn't be free - Sony needs to pay their bills, and it would discourage releasing crap that sucks. Homebrew releases should be prevented from generating profit for the programmer, to keep commercial developers from using the homebrew SDK as a cheap substitute for the commercial SDK. The homebrew developer would pay Sony's QA costs, and once the QA passes, the release is cryptographically signed and becomes a free item in the PSN online store. If the game has serious commercial potential, perhaps an agreement could be made between Sony and the programmer for a full commercial release, with Sony keeping the majority of the proceeds. This is so there is an incentive for upgrading from the homebrew SDK to the commercial SDK if you are interested in making a profit.
It is of EXCEEDINGLY VITAL importance that the only difference between a commercial SDK and homebrew SDK be the software support entitlement and ability to generate a profit.
If there are ANY technical limitations in the homebrew SDK that are not present in the commercial SDK, people will be motivated to jailbreak, and we will have the present situation all over again.
As long is there is no reason to jailbreak the machine other than piracy, everyone wins. (Except the pirates, and nobody important cares about them.)
In addition, the presence and popularity of this homebrew/hobby SDK would also give Sony more credibility when prosecuting pirates.
Because of the removal of the "OtherOS" option, Geohot can claim he was just restoring functionality that people were already licenced to have. It can be circumvention, if its restoring a feature you paid for. He could claim he was repairing the system.
This is going to throw a serious kink into the case, something that Sony has never had to deal with before in court. They may not even want to see it get to court.
George Hotz's work has been mirrored by Carnegie Mellon professor David Touretzky, known for his excellent work towards freedom of speech on the Internet through his publication of The Secrets of Scientology. Dave Touretzky has repeatedly shown himself willing to accept whatever the MAFIAA et al will throw at him.
And I'm tired of people not bothering to read up on anything before commenting on it. The hacks that Geohot and the fail0verflow team performed were done on a similar timeframe to hacking the Wii/360, i.e. 12 months max. The reason it didn't show up for 4 years was because nobody was trying very hard, thanks to the Other OS feature allowing you to run your own code out of the box. The fail0verflow team very clearly made this point during their CCC presentation, which is in the link to their original story in the summary.
I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
I am not a lawyer (yet... hopefully next week, though,) so this isn't legal advice as much as a deconstruction of their complaint. In terms of mistakes, their first mistake was to sue the members of fail0verflow. It's true that one of them lives in the US, but three of them live in Europe, where the courts are extremely protective of their own citizens. They're gonna have problems with the fact they are trying to sue them under the DMCA (not applicable in Europe), service of process (to serve process on them will literally take months, and if they mess it up, the foreign court could ignore the judgment), proper forum (they say that the EU members have signed a TOS with SCEA, when logic would dictate, seeing as they live in Europe, that they signed one with SCEE, and so they should technically be sued in London or somewhere like that), and personal jurisdiction. They also have to contend with the DMCA exceptions.
The first claim for relief involves the DMCA, which I never studied in law school, and so I'll defer to people who actually know that to explain why that claim wouldn't work. The second claim is where things start to slide into the realm of insanity. The Computer Fraud and Abuse Act was a law designed to make it illegal to break into systems that the person DOESN'T OWN. Breaking into your own system (just like breaking into own house), is not supposed to be illegal. So, the only way that this claim would work is if Sony had an ownership interest in the PS3 that they sold you. The fourth claim is rather similar, just based on California state law. The seventh claim for relief is where they go into some strange parallel universe. There, they claim trespass. Trespass is when you invade someone else's property. But how could it be their "property" when they sold you the system? After all, the UCC's implied warranty of title gives any good-faith purchaser for value a clean title to the goods they have purchased. They did access the system, but they bought the system. This means that once you buy the system, you own what's in the system. Well, not everything, mind you, seeing as Sony still owns the actual copyright to the software on the system, but you get the point. What they are essentially claiming here is that the EULA that they require to sign before using your PS3 gives them back an ownership interest in the system sufficient for them to be able to raise trespass claims.
Normally, this kind of thing is dealt with through an EULA (meaning, hacking is a breach of contract), but here they seems to be claiming that the EULA grants them an actual ownership interest in what they sold you. If they were to get relief on those claims, what's to stop others from including contracts included with what they sell you from saying that to use what they have sold you, that you must acknowledge them as the owner of what they just sold you? I dunno, this just seems like another chink in the very concept of private property. Oh well, discuss.
Here's a real-world analogy to the world as Sony sees it:
Sony will sell you an automobile, however, you are only licensed to drive it on certain roads. In the future Sony will sell you new Road Packs at an additional charge. You may not purchase road non-Sony approved Road Packs. Also you are not allowed to modify the engine, tires, or any other aspect of your car except with Sony Authorized Replacement Parts at Sony Service Centers. Sony may, at its discretion, provide new engine firmware with proffered "improvements" along the way which you must accept or lose access to all Sony service. They may also download additional restrictions to disable your car if you attempt to drive on unapproved roads. Finally, although your car was originally certified for off-road driving and you may have purchased it in part based on that ability not offered by other cars, that ability has now suddenly been removed with no compensation for this loss by Sony. Now have nice day or we'll sue your pants off.
Would you buy that car? Would you feel bound to those terms after you "owned" that car?
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
They have not sued either George Hotz or Fail0verflow members. What they have done is file a motion for a TRO -- a Temporary Restraining Order -- which means most of the comments here are way off point and off target. None of the claims are things that will necessarily be added to a lawsuit, rather it's the kitchen sink approach, which is the standard MO for almost any legal accusations. In the event of an actual lawsuit, Sony will likely pick and choose its charges a bit more carefully to prevent anything from being potentially invalidated, including its EULA and/or the DMCA.
Here's what I'm wondering:
1) What is the function of a restraining order, and should they be used to allow companies to gag the public ex post facto? The damage has already been done here, and nothing George Hotz will do in the future will make it any worse than it is right now. While he *could* release a Custom Firmware (CFW) that enabled wholesale piracy, his first release deliberately excluded the requisite system calls. Further, he's stated that he won't facilitate piracy , and there's no reason to believe he actually will. IMO, this is a frivilous request, which makes it an abuse of the court.
2) Will Sony actually sue George Hotz, or anyone else? I think that's extremely doubtful. The case they have is extremely tenuous. First, the system has been unlocked, but nobody has actually created a circumvention device (other than the unrelated "PS Jailbreak" USB sticks) to allow piracy, which makes all of this one step removed. Second, it could be a public relations problem if a giant corporation seen to be abusive. Third, actually bringing this case to court could, as described above, put their EULA and the DMCA in jeopardy. Are software-based circumvention devices free speech? What about "homebrew" software, which is all that these efforts have allowed so far? I don't think Sony really wants these questions answered. What they want is to use intimidation tactics to try to frighten people into compliance.
https://www.eff.org/https-everywhere