Security

Rulings in PS3 jailbreaking suit should worry you

A judge recently ruled in Sony's suit against a PS3 jailbreaker that visitors to his Website are subject to subpoena. This is only the beginning of the problems in this case.

George Hotz has become well-known for his iPhone hacks. In fact, he traded an unlocked iPhone for quite an impressive package: a Nissan 350Z and eight iPhones that had not yet been unlocked. That comes out to roughly USD $30K in trade value. He stated he was planning to distribute the locked iPhones to the other members of the team who worked on the unlocking hack with him.

More recently, he has become embroiled in legal troubles as a result of his efforts to jailbreak the Sony Playstation 3. Apparently unfamiliar with the concepts of privacy, ethics, and physical ownership of a device, to say nothing of the EFF's victory for jailbreakers, federal magistrate Joseph Spero has issued rulings contrary to any good sense (PDF), as reported in the Wired article Judge Lets Sony Unmask Visitors to PS3-Jailbreaking Site:

  • Sony has been given the go-ahead to subpoena visitor IP address records to the defendant's Website, to find out who has visited the site.
  • Sony has also been granted a subpoena to get data from YouTube . . .
  • . . . Google . . .
  • . . . and Twitter.

The domain hosting provider in question is Bluehost, one of the most popular Webhosts on the Internet that people who know anything about security and Webhosting do not avoid as a matter of course. The overly broad demands in this subpoena include:

Documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms

Further requirements include:

Any other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service

It seems the only limitation the judge was willing to place on Sony's free-for-all access to information about people who may not have ever done anything wrong (nor even illegal) is specifying that the data must somehow be related to the geohot.com site Hotz maintained.

Sony's excuse for this data collection claims that all this data is needed to prove that Hotz "distributed" the offending information on the site (which in fact only requires hosting provider Bluehost to deliver the number of times the specific files in question were accessed, and not who accessed them), and to show that many of the people who accessed his site were in California so that Sony can pursue the case in San Francisco (for courts more likely to prove biased in Sony's favor) rather than New Jersey where Hotz lives.

The problems revolve around the Digital Millennium Copyright Act and related legislation. Part of the hack involves the use of a decryption key that was distributed in the system's firmware -- once again proving the folly of DRM as a "security" measure. The whole idea revolves around the Digital Rights Management (DRM) software distributor trusting that all users will either be stupid or sympathetic to the distributor's desires. Distribution of DRM keys has figured quite large in technology news in the past as well, specifically in the case of HD-DVD and Blu-Ray copy protection. Courts ultimately ruled that printing a decryption key on a t-shirt did not constitute a violation of law.

In addition to a decryption key, Hotz also offered the tools to make use of the key to jailbreak the PS3. Distribution of such tools is also prohibited by the DMCA, which has turned out to be one of the most problematic laws signed into law during President Bill Clinton's term in the White House.

EFF staff attorney Corynne McSherry said of the ruling:

I think the these subpoenas, the information they seek, is inappropriate.

In addition to this incredible understatement, she also sent a letter to Spero describing the subpoenas as "overly broad." For an example of what "overly broad" means in this case, consider that:

  • The YouTube subpoena requests data identifying viewers of a video demonstrating the Hotz hack, including "documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video."
  • The Google subpoena requests visitor logs for the Blogger account "geohotps.3", maintained by Hotz.
  • The Twitter subpoena requests "documents sufficient to identify all names, addresses, and telephone numbers associated with the Twitter account."

Among the charges filed against Hotz are:

  • Breach of Contract (PlayStation Network User Agreement)
  • Contributory copyright infringement
  • Misappropriation
  • Tortious interference
  • Trespass
  • Violating California Comprehensive Computer Data Access and Fraud Act
  • Violating the Computer Fraud and Abuse Act
  • Violating the Digital Millenium Copyright Act

Some of these will likely seem patently ridiculous to readers, but the most ludicrous example ("Trespass") will probably be thrown out. One charge in particular may have especially far-reaching implications that the judge in this case probably does not even remotely grasp, though -- the claim that acting out of accord with the PlayStation Network User Agreement constitutes breach of contract. There is a lot of legal ambiguity surrounding the enforceability of license agreements, which have so far resisted being permanently identified by case law as "contractual" in nature, for good reasons. The disconcerting possibility that Sony might win a breach of contract suit against Hotz for a user license issue could result in significant loss of freedom for consumers to use what they purchase as they see fit, and even further narrowing of the protections afforded by the doctrine of fair use.

This is one non-lawyer's interpretation of events and implications, but in my experience there is no such thing as being too paranoid about the ill effects major corporations wish to impose on the lives of their own customers. There is likewise no such thing as being too concerned about their ability to get what they want by the simple expedient of throwing large sums of money at the court system.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

43 comments
malcolmreynolds
malcolmreynolds

...is still a court system full of lawyers and judges who barely, if at all, understand let alone the technology, but the implications to consumer liberty with every one of these ridiculous rulings and laws. I honestly wonder if anyone who worked on the DCMA law had ever even used any software besides Word and Internet Explorer. That said, I do see this trend ending. Slowly, and painfully, but it is ending. All we can really do is hope that what damage is done will be minimal or reversible. Frankly, any company with Terms of Service attached to a device I can't use without accepting them can politely draw succulently upon my scrotal sack. I could care less what idiocy Sony, Microsoft, or anyone else puts into a TOS agreement. Oh yeah, they talk big there, but I'd like to see most of that asinine sh*t enforced.

melias
melias

Check out the 19" rims on my ride! Damn, theres the FBI, gotta book!

jfairbairn
jfairbairn

What harm does he do? I love the fact it can be done and is. If you sell someone a device, then its theirs to do with what they will

ueitperson
ueitperson

Back in the old days if you bought the game Monopoly, Trouble, Candy Land and changed the rules for the way you played it at home with friends, and used different game pieces when they got lost, and put in a different box other than the one it came in, and resale at a garage sell 20 years later, could you get in trouble? More importantly does this topic matter other than right now? 20-30 years from now nobody is going to give a rats a$s. Rich people & companies with lawyers with deep pockets are such a travesty to American society. If they were smart they would reason with him and hire this guy instead of fighting against him. Then if they found out he was stepping a toe out of line while under their employment.... then they could go after him. Stupid rich people.

jsaubert
jsaubert

This is the sort of situation where I feel like I have a split brain. On the one side I understand Sony's concern and their need to make a show of not standing for the manipulation of their product. Hacking/moding can damage their system and circumvent things they have in place (for good or ill). Aside from making a scene they want some kind of legal backing so when users come up with issues on hacked/moded machines they can say "Sorry we don't have to fix this" and I do get why any company would want that assurance. On the other side I feel the owners of said machines have the right to use or abuse those machines as they wish. The modification of the device isn't really the issue. It's the connecting of that device to a SERVICE or SYSTEM where we come to the problem. Either way it's a dangerous precedent to set. The allowance of the manufacturer to control the use of their products owned by individuals could be far over reaching indeed however letting people manipulate services in ways not intended could be just as damaging.

itadmin
itadmin

Sony is not alone in grabbing hold of end users down there and squeezing hard. Monsanto prosecutes people using part of the crop grown of Monsanto genetically modified seed as seed for the next crop. They even prosecute people not using their seed but close to fields of genetically modified crops claiming these people can't rule out pollination from the nearby genetically modified crops. And there are most likely many more examples. The big corporation is replacing the dictators of the totalitarian state. There will always be powers willing to lean on the little man and they will always find willing lackeys.

djohns3999
djohns3999

I don't think that they could get subpoenas that broad if he was publishing kiddie porn

Deadly Ernest
Deadly Ernest

please tell me where this guy was living when he did these things. One of the distressing things I've notice in US courts of late is that they feel their laws can be applied to anyone around the world, despite international laws and courts saying they can't unless it's part of a specific agreement between the two countries. And it's that agreement bit is why so many of the ultra garbage US laws are being incorporated in to general trade agreements by command of the corporate owned US legislators. Shit, when has copyright laws had anything to do with normal trade activities, yet it's part of the FTA agreements for the last decade.

QAonCall
QAonCall

international law, or foreign laws being upheld by US courts? IP cases are going crazy too. I am actually surprised that wasnt their angle

BillGates_z
BillGates_z

Ever since the notorious use a Sony CD, get a free rootkit on your PC thing I just say no to everything Sony. There attitude just doesn't work for me.

bboyd
bboyd

They should trademark the Sony Superfluous Security Suite(tm). Double the fascist SS all the time. Sony working against your privacy, No Pain No Gain. Heck with attacking individual users machines, we want the entire internet.

dhickman
dhickman

Users can modify their devices all they want. It is when you reconnect those modified devices back onto the service with the intent of bypassing security, restrictions, etc. that you have committed an offense. Buying a hacked iPhone/PS3 is not a criminal offense. Turning it ON and accessing the phone/game provider's network is!

chriscollingwood
chriscollingwood

But do it as a paper print-out, in 6 pt font and make sure that the data runs to many, many reams of paper, by supplying every last bit of server log. Also, use an old printer with a failing laser head. Should make for interesting reading.

apotheon
apotheon

> Frankly, any company with Terms of Service attached to a device I can't use without accepting them can politely draw succulently upon my scrotal sack. That's poetry, right there.

apotheon
apotheon

> On the one side I understand Sony's concern and their need to make a show of not standing for the manipulation of their product. Hacking/moding can damage their system and circumvent things they have in place (for good or ill). Are you saying you sympathize, or just that you can understand it? > Aside from making a scene they want some kind of legal backing so when users come up with issues on hacked/moded machines they can say "Sorry we don't have to fix this" and I do get why any company would want that assurance. That's a completely separate matter from whether or not they'll send you to jail for modding the unit. Corporations successfully assert their claim that they do not have to support end users all the time without suing people -- including in cases where the end users never even altered the product. Consider, for instance, the refusal of ISP tech support personnel to check network connectivity if the customer is not running MS Windows, with no lawsuits involved and no filing of criminal charges.

seanferd
seanferd

4 KP sites and 60,000 irrelevant domains. Nice, huh? This has been a problem all along, with Craigslist or KP sites. They don't use them as investigative tools, they just take them down or demand the site take down the "offending" content.. Stupid, if you ask me.

apotheon
apotheon

George Hotz is a New Jersey resident. > when has copyright laws had anything to do with normal trade activities, yet it's part of the FTA agreements for the last decade. It's just one reason among many that I wouldn't be surprised if residents of other countries interpreted FTA as "F*** The Americans". I live here (in the US), and even I am starting to see it that way.

seanferd
seanferd

But point taken. It will be even more fun with ACTA.

apotheon
apotheon

From the article: > Contributory copyright infringement That's one of the charges against Hotz. edit: emphasis tags

dhays
dhays

I don't have a PSx don't plan on having one for any reason. My son does have one, what he does with it is his business (he's 27). I still have an older Sony DVD recorder/VCR combo, works fine with a converter box. I used to have one with a digital tuner, but it kept messing up and they refunded my money. They don't make such a unit anymore. It is getting harder to find someone who does. My Sony TV works just fine. Sony computers are too expensive for my blood. Haven't jumped on BluRay bandwagon yet, either. Their attitude "is we want it all", just like every other company out there. e.g. Oracle, Microsoft, Apple, oil companies,,,, The word you used above there should read their. There is a place, their is the possesive pronoun.

J-R-Doe
J-R-Doe

Since the Sony root-kit debacle several years ago, and now this, Sony shares in my and my families life are on a NO buy hold. We bought a new wide screen tv last year (not Sony); the sales personnel could not fathom why I have a no buy on anything Sony. Now, I am torn when my wife wants to add BD to our home video experience; I didn't have to tell her why I wasn't overly thrilled, she simply said oh its Sony, eh.... There is almost no doubt how this suit will turn out with (bully) Sony's bucks against the common folks pennies..... Anyway, I have to wonder if Sony has any concept on how their actions right and/or wrong leave the bad taste in there potential customers mouths.... just my 2 cents..!!

mckinnej
mckinnej

I quit buying Sony a long time ago; so long that what I had has worn out and been trashed. I know my little lost revenue won't hurt them, but if enough people avoid them they will start to feel it. Sadly this will probably mean they will fight even harder and tick off more people. Lather, rinse, repeat in an endless cycle until they self destruct. Good riddance.

Sterling chip Camden
Sterling chip Camden

I upboated your comment. I'm not one who believes in absolute Evil, but Sony has almost persuaded me that there is such a thing.

Neon Samurai
Neon Samurai

I could see a civil case; I breached the end user agreement.. you can void my warrenty, maybe cut off my service and in extreme cases sue.. but this is all within civil law; it's a contract dispute between customer and service provider. A criminal offense though? That's absolutely insaine unless you can prove real, honest to goodness criminal intent. In that case, there is already laws for fraud. If I modify my device and reconnect to the network but it behaves as it should, you want that to be a criminal act? You really want this to fall under federal criminal law? This, in any way, equates to assault, robbery, murder or other truly criminal acts? And, why on earth should it be criminal for someone who had an Iphone with AT&T service to take that phone and instead get service from another provider? Isn't this the very basis of a capitalist free market? The consumer can choose to change service providers even if that means unlocking the phone from one provider's network so it can work with the other's? Good god man.. think about the reprecusions. Do you really want product vendors to dictate arbitrary terms to consumers with federal criminal enforcement? Will it next be a federal crime for me to paint my mobile phone a different colour? Maybe putting a sticker over the Apple logo on a notebook will result in a "breach of contract - logo display claws"; cover your apple, go to jail. (edit; speeling 'n stuf)

Twilight23
Twilight23

Why is connecting a jailbroken device to a service a violation? Provided you don't use the jailbroken device to violate terms of the service, there is no violation. jailbreaking iPhones is now officially excepted from the DMCA (eg not illegal in any way). The correct fix for all of this (which will never happen due to the massive amounts of corruption in Congress) is to repeal or at least heavily modify the DMCA (one of the worst pieces of legislation ever passed).

B.Kaatz
B.Kaatz

Look folks... By now we should *all* know how we should respond to such a request: From Chapter 4 of the Bastard Operator From Hell Official Archive: ============================================================ "Could you get my printouts out please. I need them urgently, and I printed them over 5 minutes ago." "Your username?" I ask. He gives it to me, and I write it down for later. "No worries at all!" I say, and head to the printers. There's a HUUUUUUUGE pile of printouts there, and sure enough, his is at the top of the pile. I pick it up, split it out of the rest and pour our ink-stained cleaning alcohol all over it, run it over a couple of times with the loaded tape trolley then slam it in the tape safe door some times as well. Beautiful. "Here's your printout" I say "Sorry about the delay, we've got a few printer problems." ============================================================ (quoted with permission from Simon Travaglia)

kevincoughlin
kevincoughlin

Back in the days of the big Microsoft suits, when MS was subpoenaed for email records they did that. Printed it out (filled up a warehouse until the fire marshal complained, then it was TWO warehouses). Lawyers came into court with interns pulling lots of little red wagons piled high with reams of print.

awgiedawgie
awgiedawgie

I've gotten into the habit of ignoring attrocious grammatical and spelling errors, as they are becoming more and more prolific. It makes reading these comments a lot easier, except when they are so bad it becomes difficult to understand what the author actually meant to say. That said, kudos to you for actually knowing the difference between "there" and "their".

apotheon
apotheon

Focus on high definition downloads when purchasing HD video. It's more convenient than Sony's archaic disk format anyway. (Is BluRay what you meant by BD?)

Deadly Ernest
Deadly Ernest

is that RIAA and Sony do NOT see it as people avoiding them for their behaviours, but see it as further justification of their position as they say the down turn in sales is due to people getting free or cheap pirate copies and not buying the originals. They do NOT recognise the concept of people saying "F you I'm not buying your products because of how you act." - until they recognise and accept that point, they won't even think they have to change.

apotheon
apotheon

I haven't bought an RIAA label's CDs since before the Sony rootkit. Since the rootkit, I've been avoiding Sony products in particular, too.

apotheon
apotheon

I had much the same thought -- and much the same reaction (including the upboat). A friend of mine who works for Sony remarked on this article with the words "Corporate is full of a55holes."

bboyd
bboyd

Upboated by Chip, One more off the Bucket list. Humor aside, I put everything Sony does under the microscope that known offenders earn.

da philster
da philster

Imagine Sony getting all uppity.............pretty rich for a company that planted rootkits on unsuspecting user equipment which created problems on such. Imagine.......

apotheon
apotheon

The economy in the US is overrun with ridiculous regulatory perversions, like the DMCA -- which makes a lot of copyright-related civil matters into criminal offenses.

Neon Samurai
Neon Samurai

Thankfully, it seems the bill in canada to legally require caps got struck down.

apotheon
apotheon

I didn't think about the fact you'd be dealing with transfer caps.

Neon Samurai
Neon Samurai

HD downloads for content is fantastic but eats bandwidth quick. Around these parts the major providers are also in the TV business. Stream gigs of HD from them; no problem, no deduction from your monthly limits. Stream any HD from "the other guy" and your monthly limit can be maxed out within days. Netflix has been doing rawring business and people's highspeed bills have reflected it. For me, the BD under the tv was due to the DVD dying; no reason not to support the newer and older format when replacing dead hardware for 100$. In the desktop, it was about upgrading the disk burner (hoping for read speeds) and bumping my 7.4 gig limit up to 25 gig or whatever BD disks max out at.

Deadly Ernest
Deadly Ernest

YouTube video about it in a way it goes viral.

apotheon
apotheon

Wouldn't it be beautiful if, every time someone bought a product that competes with a Sony product, that person sent an email or snailmail letter to someone at Sony explaining that the person bought a competitor's product because he or she does not trust Sony, disapproves of Sony's behavior toward its customers, and so on? The only problem with the idea is figuring out how to get people to do that.

Neon Samurai
Neon Samurai

don't even get me started on that particular curruption of justice