Slashdot Mirror
Sony Files Lawsuit Against PS3 Hacker GeoHot
Kayot writes "George Hotz, or, as he is known on the internet, GeoHot, has been served court papers. Shorty after Team fail0verflow discovered faults in the PS3's TPMs, Geohot and others figured out how to extract the long sought after holy grail encryption keys. Apparently Sony is not pleased and is very keen on defending their poorly defended system with the US legal system. The basis is that GeoHot released programs that allow the signing of homebrew which can be used to make PSN-like games out of normal PS3 games. However GeoHot has never supported any form of piracy and in fact has taken a constant stance against it."
Sue that information right off the Internet! It'll work, we promise.
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
Do you post as "magnoliafan" on moviepoopshoot.com?
Today's weirdness is tomorrow's reason why. -- Hunter S. Thompson
A lawsuit was pretty much inevitable; Sony needs to show its shareholders that it's doing something. To be honest, I find it hard to imagine that they won't succeed in making Mr. Hotz's life very... expensive indeed. Of course, with the cat now well and truly out of the bag on PS3 security, anything they do now can't really be more than a mixture of revenge and deterrence.
The real question for Sony (and other console developers) is how they pitch the longer term response to this. With hindsight, it now appears that the long-legendary PS3 security set-up wasn't so stellar after all. Prior to Sony's removal of OtherOS, there were only tiny cracks in the wall and Sony could reasonably have expected it to last several more years. Following the removal of OtherOS, the demolition of Sony's safeguards was swift and ruthless.
One possible inference, therefore, is that Sony's decision to grant PS3 users a "walled garden" in which they could - to some extent - do what they wanted with the system was what really provided the PS3 with its 5-year immunity from piracy. The commercially-minded piracy people, and the bored teenagers who wanted to play pirated games, just weren't good enough to break a console's security (even if major flaws did exist) and the people who were good enough; they weren't interested, as they could already do what they wanted with the system.
If I were Nintendo, Sony or Microsoft, I would now be urgently investigating the possibility of incorporating a similar "walled garden" OtherOS equivalent into my next generation hardware. Yes, the numbers who might actually use it would probably be small - and yes, said users aren't worth much commercially as they probably don't buy many games, but 5 years of no piracy on the system is a pretty big payback.
Not to mention... This is the company that fought for fair use copying rights back in the Betamax decision. They invented a device that enabled movie and TV piracy, and fought vigorously to defend its use. How the times have changed...
I am scientifically inaccurate.
The DMCA makes it illegal, in the USA, to circumvent copy-prevention mechanisms on a device, or to remove copy-prevention from a piece of media, or to distribute equipment to do the same. There are a few enumerated exceptions. Initially, this meant encryption researchers could perform this work with the explicit consent of the manufacturer on the condition that they immediately inform the manufacturer if they are successful. There are now a few fair-use and accessibility provisions too. None of those apply in this case.
In simple terms, it's illegal because they passed a new law to make it illegal.
No kidding!!! What do you say at this point?
And removing emulation. Both of which are features printed "on the box." I wonder if they press it if Geohot could begin a class action lawsuit? I know there's a ton of nerds out there who'd be foaming at the mouth.
From all that I have read and followed the ONLY reason it has not been cracked earlier was because OtherOS existed and removed the need to crack it from those that actually had the skill to do so. The second they removed "OtherOS" they gave a huge number of experts a reason to crack it.
Sony did it to themselves.
Do not look at laser with remaining good eye.
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
Sorry Sony, don't know how that happened. My cat jumped on the keyboard.
What's interesting if you read the complaint is that some of it is predicated on enforcing the EULA that's presented when logging into PSN and when downloading firmware updates. Have these ever been tested before in US courts?
Because of the removal of the "OtherOS" option, Geohot can claim he was just restoring functionality that people were already licenced to have. It can be circumvention, if its restoring a feature you paid for. He could claim he was repairing the system.
This is going to throw a serious kink into the case, something that Sony has never had to deal with before in court. They may not even want to see it get to court.
George Hotz's work has been mirrored by Carnegie Mellon professor David Touretzky, known for his excellent work towards freedom of speech on the Internet through his publication of The Secrets of Scientology. Dave Touretzky has repeatedly shown himself willing to accept whatever the MAFIAA et al will throw at him.
And I'm tired of people not bothering to read up on anything before commenting on it. The hacks that Geohot and the fail0verflow team performed were done on a similar timeframe to hacking the Wii/360, i.e. 12 months max. The reason it didn't show up for 4 years was because nobody was trying very hard, thanks to the Other OS feature allowing you to run your own code out of the box. The fail0verflow team very clearly made this point during their CCC presentation, which is in the link to their original story in the summary.
I like to think of online DRM as something akin to a college -- you pay for lessons until you learn something.
I am not a lawyer (yet... hopefully next week, though,) so this isn't legal advice as much as a deconstruction of their complaint. In terms of mistakes, their first mistake was to sue the members of fail0verflow. It's true that one of them lives in the US, but three of them live in Europe, where the courts are extremely protective of their own citizens. They're gonna have problems with the fact they are trying to sue them under the DMCA (not applicable in Europe), service of process (to serve process on them will literally take months, and if they mess it up, the foreign court could ignore the judgment), proper forum (they say that the EU members have signed a TOS with SCEA, when logic would dictate, seeing as they live in Europe, that they signed one with SCEE, and so they should technically be sued in London or somewhere like that), and personal jurisdiction. They also have to contend with the DMCA exceptions.
The first claim for relief involves the DMCA, which I never studied in law school, and so I'll defer to people who actually know that to explain why that claim wouldn't work. The second claim is where things start to slide into the realm of insanity. The Computer Fraud and Abuse Act was a law designed to make it illegal to break into systems that the person DOESN'T OWN. Breaking into your own system (just like breaking into own house), is not supposed to be illegal. So, the only way that this claim would work is if Sony had an ownership interest in the PS3 that they sold you. The fourth claim is rather similar, just based on California state law. The seventh claim for relief is where they go into some strange parallel universe. There, they claim trespass. Trespass is when you invade someone else's property. But how could it be their "property" when they sold you the system? After all, the UCC's implied warranty of title gives any good-faith purchaser for value a clean title to the goods they have purchased. They did access the system, but they bought the system. This means that once you buy the system, you own what's in the system. Well, not everything, mind you, seeing as Sony still owns the actual copyright to the software on the system, but you get the point. What they are essentially claiming here is that the EULA that they require to sign before using your PS3 gives them back an ownership interest in the system sufficient for them to be able to raise trespass claims.
Normally, this kind of thing is dealt with through an EULA (meaning, hacking is a breach of contract), but here they seems to be claiming that the EULA grants them an actual ownership interest in what they sold you. If they were to get relief on those claims, what's to stop others from including contracts included with what they sell you from saying that to use what they have sold you, that you must acknowledge them as the owner of what they just sold you? I dunno, this just seems like another chink in the very concept of private property. Oh well, discuss.