Skip

Sony Sues PS3 Hackers
January 11, 2011 11:21 PM   Subscribe

In late December 2010, fail0verflow, a team of European hackers, demonstrated that the Playstation 3's security was fundamentally flawed and managed to obtain the encryption key used by the device (see previous discussion). Utilizing the techniques developed by the fail0verflow team, iPhone hacker George Hotz released the encryption key publically, which enables the execution of arbitrary code on the console. Now Sony is suing both George Hotz and members of the fail0verflow team.

Both George Hotz and fail0verflow have updated their websites with the legal papers they've received. fail0verflow maintains their innocence, stating that they have never published any keys or code that could be used to breach the PS3, and that their only motivation was to get the OtherOS functionality back on the device.
posted by nhamann (157 comments total) 25 users marked this as a favorite

 
It strikes me that there's a really huge jurisdiction question here. Where is Sony filing suit? Which country? Whose laws?
posted by Chocolate Pickle at 11:27 PM on January 11, 2011


Where is Sony filing suit? Which country? Whose laws?

That'd be Sony, in the sovereign state of Sony, and by the authority of the Sony Accords. I'm pretty sure that's more than good enough to have most governments asking "how high?" these days.
posted by vorfeed at 11:31 PM on January 11, 2011 [28 favorites]


LOOK EVERYBODY IT'S BARBRA STREISAND
posted by obiwanwasabi at 11:32 PM on January 11, 2011 [6 favorites]


LOOK EVERYBODY IT'S BARBRA STREISAND

DON'T LOOK
posted by TwelveTwo at 11:34 PM on January 11, 2011 [7 favorites]


Where is Sony filing suit? Which country? Whose laws?

If they do it in Sweden, then Sony can also have fail0verflow charged with sex by surprise.
posted by PareidoliaticBoy at 11:45 PM on January 11, 2011 [25 favorites]


It strikes me that there's a really huge jurisdiction question here. Where is Sony filing suit? Which country? Whose laws?

Engadget has mirrored the legal documents here. IIRC, Sony has filed suit in California, while Geohot lives in New Jersey. Not sure what extradition treaties exist between the two coasts.
posted by inpHilltr8r at 11:49 PM on January 11, 2011 [5 favorites]


Where is Sony filing suit? Which country? Whose laws?

Well, it looks like the court orders they're linking here were filed in the US by SCEA:

UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION

[...]

SCEA has alleged that Defendants have violated the Digital Millennium Copyright 15 Act (“DMCA”) 17 U.S.C. §1201, et seq.; the Computer Fraud and Abuse Act (“CFAA”), 18 16 U.S.C. § 1030, et seq.; and has alleged contributory copyright infringement arising out of 17 the Copyright Act, 17 U.S.C. §501, et seq.; as well as related state and common law claims for violation of the California Comprehensive Computer Data Access and Fraud 19 Act, Cal. Penal Code § 502, et. seq., breach of contract, tortious interference with contractual relations, trespass and common law misappropriation.
posted by kid ichorous at 11:51 PM on January 11, 2011


Where is Sony filing suit? Which country? Whose laws?

San Mateo County, California.
Defendant Hotz, against whom this motion initially is being brought, has established considerable contacts with the District in connection with his unlawful conduct. Upon information and belief, Defendant George Hotz is bound by the “Playstation Network Terms of Service and User Agreement” (the “PSN User Agreement”), ¶14 of which states in relevant part that “both parties submit to personal jurisdiction in California and further agree that any dispute arising from or relating to this Agreement shall be brought in a court within San Mateo County, California.” Further, upon information and believe, in connection with his unlawful conduct, Hotz has utilized an account via PayPal, a company located in San Jose, California, and therefore derives a financial benefit through his unlawful conduct in this district. Bricker Decl. at ¶31, Exh. DD. Mr. Hotz is also unlawfully demonstrating and distributing a circumvention device or component thereof through YouTube, a widely used and interactive website located in Mountain View, California. Id. ¶25, Exh. W. Mr. Hotz has also discussed his unlawful conduct through Twitter, a widely used and interactive website
located in San Francisco, California.
-- the Motion for a Temporary Restraining Order, p. 1
posted by Monday, stony Monday at 11:52 PM on January 11, 2011 [3 favorites]


So they're saying he distributed the circumvention device through YouTube? I fail to see how he did that.
posted by JauntyFedora at 12:08 AM on January 12, 2011


Knowledge is power: http://www.youtube.com/user/fail0verflow
posted by inpHilltr8r at 12:10 AM on January 12, 2011


I think that, eventually, all this is going to come down to a "reasonable man" argument.

Somewhere, sometime, some legal eagle working for a defendant like fail0verflow, will step in front of some handpicked, quasi-Every Man jury, in some horrendously important jurisdiction(s), and say:

"Your Honor, if it please the Court, the prosecutor has enough evidence to convince even an idiot that our client is not only guilty, but damn perverse, wherever humanity's greater interests can still remain, even temporarily, for discussion.

We however, on hardly any other grounds, than the thinnest base of usual procedure in this court's jurisprudence, must advance the argument that our client, although clearly responsible for everything the prosecutor alleges, can not be considered, by any "reasonable man," to be "guilty."

"After all, your Honor, and High Justice(s) all (if so the Court be formed), our client has vowed, solemnly, to pay us. And no "reasonable man," faced with the evidence against him that the prosecution in this case has amassed, could possibly promise to pay his defense attorneys in full, if he did not hold the key to the proof of his innocence, and believe himself to be innocent, and able, after acquittal, to fully discharge his obligations for the time and expertise of his defense council. To suggest otherwise, by judicial action, is to directly impunge the reputation of the defendant's legal counsel in representation, and create a moot court for any subsequent consideration of greater guilt or innocence."

"So convinced of this are we, his defense representatives, that we expect his appearance, immediately, or, at least within the quarter hour..."
posted by paulsc at 12:12 AM on January 12, 2011 [1 favorite]


Widely used and interactive? Oh noes!
posted by lumensimus at 12:14 AM on January 12, 2011


They say essentially the same thing in the complaint, pp. 3-6, for Hotz (who's apparently in Massachussets) and Bushing (San Francisco). But for Cantero (Spain), they say:
(c) On information and belief, Cantero is a member of FAIL0VERFLOW, a group of hackers who have conspired and continue to conspire to engage in unlawful circumvention of the TPMs in the PS3 System. On information and belief, Cantero has used software updates delivered by SCEA for his PS3 system. Additionally, Cantero has used and continues to use github.com, an interactive online software sharing community based in San Francisco, California, to post and distribute throughout the Internet, including to persons in this district, the code and software tools derived from FAIL0VERFLOW's circumvention of the TPMs in the PS3 System. On information and belief, Cantero has committed and continues to commit unlawful acts directed to SCEA in California, knowing that the brunt of the harm resulting from this conduct will be suffered by SCEA in California. On information and belief, individually or as a member of FAIL0VERFLOW, Cantero also has conspired and continues to conspire with Hotz on circumvention activities involving, among other things, the PS3 System.
And then they say:
16. Venue is proper in this judicial district under 28 U.S.C. §§ 1391(b) and (c) because a substantial part of the events or omissions giving rise to the claims occurred here, a substantial part of the subject property is located here, the Defendants' conduct has been directed into this district, and harm to SCEA has occurred in this district.
posted by Monday, stony Monday at 12:19 AM on January 12, 2011


Make no mistake: Sony is pissed about this, because all PS3s everywhere are absolutely, irrevocably compromised. The boot signing key has been released, and the complementary public key is burned into the ROM of all existing consoles. This means that anyone, anywhere, can write any firmware they like, and make it look as though it has been 'blessed' by Sony.

All the other keys have been compromised too, but the loss of the boot key means that they can't be replaced with new ones. No matter what Sony does, any authorization scheme that depends on the PS3 to attest to anything or decrypt anything can be broken, because hackers can boot new custom firmware to analyze the code and/or extract the new keys. They can then modify the local firmware to simulate any test Sony is trying to run, and baldfacedly lie about the results.

This also means that BluRay is irrevocably compromised, because any new decryption keys that Sony issues can be extracted from the firmware. It was broken already, but now it'll be relatively trivial to get new decryption keys for BluRay, instead of taking some work each time.

It means that, for any game security to exist at all on the PS3, it will have to all be reimplemented server-side, and it will likely be limited to PC-type DRM approaches. And Sony can't patch BluRay at all, unless they're either willing to force a phone-home decryption method (which may also be crackable with custom firmware), thus invalidating all the non-networked BluRay players in the world, or else invalidate every PS3 they've ever shipped and start over from zero.

So they're really, really angry; they have no reasonable way to lock people into using their content the way Sony wants them to. I doubt they'll prevail in court, but they have craploads of money, and are probably going to try to bankrupt George Hotz and the failOverflow team.

Both the 360 and the Wii have been cracked for a long time, and both seem to be doing just fine, and BluRay was independently cracked years ago. In terms of actual fiscal impact on Sony, it probably wouldn't matter that much; the real customers will keep buying software. But Sony will be much more dependent on the goodwill of its customers, rather than being able to make them subservient through technical means, and it strikes me that these lawsuits are perhaps not the best way to generate goodwill.

Likewise, it appears to have only been goodwill that kept the PS3 unhacked this long. When OtherOS existed, hackers weren't very interested in trying to crack the system as a whole. Sony didn't expose the graphic hardware to Linux, however, and that's what drove George Hotz to originally crack the hypervisor.... and which prompted Sony to immediately remove OtherOS from all those millions of machines. And that, in turn, sparked the failOverflow team... angry that they had lost a feature they paid for, they blew the entire security edifice into sand.

Having open hardware, in other words, was a security feature, not a bug. The PS3 was more open than the alternatives, and in direct consequence, its security lasted much, much longer. Some of the hardware was still inaccessible, and the original crack came about to try to get at it. Sony reacted by closing the system down, and the resulting crack to to re-open it took down their entire security system.

Letting people use the hardware they paid for is a very good idea.
posted by Malor at 12:20 AM on January 12, 2011 [239 favorites]


Yeah, Sony are probably going to burn the house to the ground and salt the earth. It doesn't entirely surprise me that they are going to be bigger assholes about this than Microsoft, Nintendo or Apple when they got jailbroken, but there we are.

I'll be keeping my OtherOS this time.
posted by jaduncan at 12:32 AM on January 12, 2011 [2 favorites]


I imagine I'll continue to buy games that interest me, although I am worried about the potential damage in regards to mods and hacks in online play. On the other hand, goddamn, I can't wait for the glorious moment when my PS3 can finally play a fucking .mkv file.
posted by Ghidorah at 12:35 AM on January 12, 2011


I'm just glad my decision following the Sony rootkit exposure back in 2005 to never, ever buy a Sony product again keeps getting validated.
posted by brokkr at 12:51 AM on January 12, 2011 [25 favorites]


I hope some hacker releases a firmware patch that annihilates that whole "Downloading new preview from the Internet" bullshit.
posted by Ritchie at 12:59 AM on January 12, 2011


It's actually going to be an interesting argument regarding who stole from who, given that Sony sold a feature and then remotely took it back.
posted by effugas at 1:05 AM on January 12, 2011 [8 favorites]


Does this mean Linux gets another SPU?
posted by ryanrs at 1:22 AM on January 12, 2011


Oh Playstation 3 don't take it so hard, they're just playing with you.
posted by From Bklyn at 1:30 AM on January 12, 2011


Malor, as always, excellent comment.
posted by JHarris at 1:41 AM on January 12, 2011


This is a job for Anonymous!
posted by 3mendo at 1:46 AM on January 12, 2011 [1 favorite]


Does this mean Linux gets another SPU?

Yes, as well workable full screen video and 3d graphics due to proper video card exposure (it's a Nvidia chip, so drivers aren't too hard).
posted by jaduncan at 1:47 AM on January 12, 2011


Unless you're NVidia.
posted by inpHilltr8r at 1:49 AM on January 12, 2011 [30 favorites]


It's actually going to be an interesting argument regarding who stole from who, given that Sony sold a feature and then remotely took it back.

Eh, they probably have this covered six ways from Sunday in the fine print already.
posted by Dr Dracator at 3:34 AM on January 12, 2011


I look forward to XBMC on PS3 just for the sheer MPD of it.
posted by srboisvert at 3:36 AM on January 12, 2011 [1 favorite]


This key is too long to be a mefi username. Too bad.
posted by inigo2 at 3:50 AM on January 12, 2011 [9 favorites]


And Sony can't patch BluRay at all, unless they're either willing to force a phone-home decryption method (which may also be crackable with custom firmware), thus invalidating all the non-networked BluRay players in the world, or else invalidate every PS3 they've ever shipped and start over from zero.

Hmm, looks like we're still on schedule then...
posted by EndsOfInvention at 3:51 AM on January 12, 2011 [1 favorite]


fail0verflow maintains their innocence, stating that they have never published any keys or code that could be used to breach the PS3opened a device that they owned, which is not morally wrong

FTFT
posted by DU at 3:57 AM on January 12, 2011 [4 favorites]


It is very interesting to me that using the internet to do certain kinds of work means being punished in California.

I am donating to the EFF in honor of Sony.
posted by fake at 4:08 AM on January 12, 2011 [5 favorites]


This is almost as funny as the Metreon becoming a Target.
posted by bukvich at 5:33 AM on January 12, 2011 [5 favorites]


Sounds to me that geohot and fail0verflow are clearly, legally wrong. Also that this is going to be the perfect case to push all the way the assertion that once I get hardware paid for and into my house, it is now my hardware and the manufacturer has no more authority on what I do to it.* That question needs to get hashed out already, and I think the reasonable person is on the hackers' side. I hope the defendants have some good financial contributors, because this is going to get ugly.

*However, I think it's ok for the manufacturer to restrict what is done with it, in the sense that their gaming networks are still theirs. In that case, their beef would have to be, not that the machines were hacked, but that someone used a hacked machine on their service against the TOS. They're just pissed that that won't be able to detect/enforce this any more.
posted by ctmf at 5:55 AM on January 12, 2011 [1 favorite]


Plus, isn't Sony going to have to show that their damages aren't just wishful evil empire thinking? I mean, if I figure out a way to force everyone to drink only ctmf brand lemonade and then someone makes their own, my claim that they cost me money is both true, and ridiculous.
posted by ctmf at 5:59 AM on January 12, 2011


Didn't the Library of Congress bless jailbreaking recently? This doesn't fall into that class?
posted by ph00dz at 6:00 AM on January 12, 2011


With my ctmf lemonade glass, that is. Licensed only for authorized beverages. It reports back to me what you drink so I can make it leak if I want.
posted by ctmf at 6:01 AM on January 12, 2011 [1 favorite]


News flash: encryption doesn't work if you give your enemy* the key, the plain-text, and the cipher device.

* also known as your customer
posted by odinsdream at 6:02 AM on January 12, 2011 [11 favorites]


@ctmf
so Sony creates a system with a fatal flaw, sells it --probably knowing of said flaw but not giving a damn because of DRM and all that crap-- and the hackers that reveal said wrong and prove they are inherent to the manufacturing, not to any hacking, are wrong for revealing said flaw?

how does that make fail0verflow legally wrong? am missing your point.
posted by liza at 6:04 AM on January 12, 2011


I doubt they'll prevail in court, but they have craploads of money, and are probably going to try to bankrupt George Hotz and the failOverflow team.

Isn't this the exact purpose of the DMCA anti-circumvention provisions?
posted by smackfu at 6:04 AM on January 12, 2011


ph00dz, the exception only applies to mobile phones. The actual text is:

Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

posted by papercrane at 6:05 AM on January 12, 2011


ph00dz: that was a very targeted exemption for cell phones, and then only for compatibility. General reform is needed for everything else
posted by adamsc at 6:07 AM on January 12, 2011


I doubt they'll prevail in court, but they have craploads of money, and are probably going to try to bankrupt George Hotz and the failOverflow team.

Which is a bit strange. Sony has to know that the suit won't put the cat back in the bag. And they also have to know that they're not going to squeeze enough money out of the defendants to even recoup the cost of litigation. That means the goal of the suit is punitive; Sony wants to punish Hotz and fail0verflow and, Sony hopes, deter future hacking efforts.

But of course that won't work. At best it will just push future hacking efforts to countries that don't have DMCA-style anti-circumvention laws.

Plus, isn't Sony going to have to show that their damages aren't just wishful evil empire thinking?

Statutory damages are available in circumvention cases. Further, Sony would have significant actual damages between piracy and (perhaps more importantly) cheating. I honestly think cheating will be the biggest fallout here. Any game developer that made the mistake of trusting the client will have huge problems, and even those that don't trust the client will still see things like wall hacks and night vision.
posted by jedicus at 6:13 AM on January 12, 2011


how does that make fail0verflow legally wrong? am missing your point.

It's pretty clear from the rest of his comments that he mistyped.
posted by kmz at 6:14 AM on January 12, 2011


Weird, papercrane... I just sort of assumed that applied to all devices, given that the differences between a phone and a computer and a game console aren't that major these days. Ahhh well... just another example of the Man bringing us down.

I would think, though, they're gonna have a hard time convincing a jury that the hackers did anything wrong, particularly since the Fail0verflow video (mentioned in the complaint) so explicitly states their reasons for their actions: restore lost Linux functionality.
posted by ph00dz at 6:14 AM on January 12, 2011


so Sony creates a system with a fatal flaw, sells it --probably knowing of said flaw but not giving a damn because of DRM and all that crap-- and the hackers that reveal said wrong and prove they are inherent to the manufacturing, not to any hacking, are wrong for revealing said flaw?

The Kakistocrats!
posted by ryoshu at 6:19 AM on January 12, 2011 [1 favorite]


liza: a flaw, but not a flaw in the functionality of the machine. It does what Sony wants it to do and what they claimed it would do as a game platform just fine. Between the DMCA and the licensing agreement, you can be pretty sure that the hackers have no black-and-white text justification to stand on. They're going to have to argue that the DMCA and licensing agreements were not reasonable and/or applicable, especially in light of the "take back a feature we sold you" scenario of OtherOS compatability. I'm on their side. (I'm also not a lawyer. That's just how I'm perceiving this)
posted by ctmf at 6:22 AM on January 12, 2011


News flash: encryption does work if you give your enemy the key, the plain-text and the cipher device. That's the entire nature of public-key encryption.

However, It doesn't work if you totally screw up the implementation, and where you should have generated a random number, you thought you could be lazy and just use a static one. My understanding is because of that error, the fail0verflow team was able to reverse engineer the private key and totally undermine the PS3 system.
posted by Static Vagabond at 6:23 AM on January 12, 2011 [1 favorite]


how does that make fail0verflow legally wrong? am missing your point.

Sony's main argument is that fail0verflow violated this part of the US copyright laws. To wit: "No person shall circumvent a technological measure that effectively controls access to a work protected under this title."

Now you might say "Aha! The encryption was flawed! How can that effectively control access to a work?" But the statute defines effective control to mean "if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work" (emphasis added). In this case, parts of the PS3 are encrypted, and in the ordinary course of operation of the device those parts cannot be decrypted without the application of information (the decryption key) given by the authority of the copyright owner.

That's the basic theory of the suit.
posted by jedicus at 6:30 AM on January 12, 2011 [1 favorite]


However, It doesn't work if you totally screw up the implementation, and where you should have generated a random number, you thought you could be lazy and just use a static one. My understanding is because of that error, the fail0verflow team was able to reverse engineer the private key and totally undermine the PS3 system.

I meant both keys, which is essentially what Sony did by not using proper random number generators.
posted by odinsdream at 6:42 AM on January 12, 2011


Sony has to know that the suit won't put the cat back in the bag.

A nontrivial part of thier strategy is probably to put this specific group of hackers out of business and to send a message to the next round of hackers aiming at cracking the PS4 or the iSony tablet, whatever they have coming up. And you can't underestimate the desire to flex corporate power and crush a rebellious individual, just because they can. This is what they bought those laws to do, if they don't use them, all that lobbying money was a wasted investment. Geohot has been one of the scene leaders and a semi-celebrity in breaking devices of all flavors, a high profile win against him would buy time and street cred for Sony and the entire corporate IP/copyright scheme. At least in the corporate centered mindset of Sony legal.
posted by T.D. Strange at 6:42 AM on January 12, 2011 [1 favorite]


"No person shall circumvent a technological measure that effectively controls access to a work protected under this title."

My city's public library system lends e-books. As in most such arrangements, the e-books are crippled with Adobe DRM. Said DRM makes getting said e-books into the mobile reading device of one's choice a major nuisance. Some googling and some Python are able to dispose of that nuisance.

Removing DRM from an e-book is like opening a coconut. There's a deep satisfaction in forcibly cracking open that hard shell to savor the sweet flesh within.

Extrapolating from this, the guys who busted the PS3 must have known the profoundest of pleasures.
posted by Joe Beese at 6:48 AM on January 12, 2011 [3 favorites]


(I am not a lawyer. I worked for SOE from 2008 to 2010.)

If I was a gigantic media company and someone completely compromised my media player -- this is exactly the behavior I would engage in. I would utterly ruin the lives of the people involved, to send a message that keying my car is a dumb move to make.

Is this morally right? Probably not. But publicly traded companies _literally must do something_ when their core business is compromised like this. If they don't make _commercial best efforts_ in response to a problem, they can lose shareholder confidence or open themselves up to lawsuits and the like. Large companies are always open to large lawsuits, and it is usually better to be on offense. Hence, this suit.
posted by andreaazure at 6:56 AM on January 12, 2011


As a PS3 owner and casual gamer could somebody tell me what the hell all this means?

Or is this more of a STFU noob thing?
posted by chugg at 7:25 AM on January 12, 2011


I mean the encryption key hacking part, not the lawsuit part.
posted by chugg at 7:25 AM on January 12, 2011


I'm just glad my decision following the Sony rootkit exposure back in 2005 to never, ever buy a Sony product again keeps getting validated.
Yeah, it's like how can you boycott a company that you're already boycotting like three times over.
It's actually going to be an interesting argument regarding who stole from who, given that Sony sold a feature and then remotely took it back.

...

Eh, they probably have this covered six ways from Sunday in the fine print already.
The fact that you can write something down doesn't actually make it legally binding. You cannot, for example, just change a contract without giving someone the opportunity to opt out.

But beyond that, what the fuck? This is one reason I don't buy the whole "Piracy is morally wrong" argument. What about all the ways corporations screw customers, or people who aren't customers. Leving aside the truly fucked up stuff like pollution, lobbying for war, and all that other nastiness. What about simple things like locking phones to providers, crappy DRM systems that go under and make playing songs impossible to play, trying to end net neutrality, and every other nit-picky little bullshit thing companies do to either make money or maintain control over something?

The fact that you paid off some politician to make what you do "legal" doesn't mean it's not stealing from the customer in some sense. Taking away OtherOS functionality on a whim really is as much a form of "stealing" as copyright infringement -- but even more so it actually takes something away from someone.
Sony's main argument is that fail0verflow violated this part of the US copyright laws. To wit: "No person shall circumvent a technological measure that effectively controls access to a work protected under this title."
Doesn't that require you to actually pirate a game, though? They did not by bypass any copyright controls at all, they simply created tools that could, with a lot more work, form the core of some system to do so later on. The DMCA, I think would apply here:
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
That's what they used to try to stop DeCSS, where a judge ruled that software code could considered a "device". But the problem is this:
(3) As used in this subsection—

(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

So two important points here: 1) they didn't do anything with actual piracy of games, so there was no actual copyright infringement going on. They subverted the system, but not to "gain access to the work". Also, interestingly they got a signing key not an encrypting, copyright protection key. So I wonder how that would play out in court.

And also the DMC says this:
(f) Reverse Engineering.—
(1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
...
(3) The information acquired through the acts permitted under paragraph (1), and the means permitted under paragraph (2), may be made available to others if the person referred to in paragraph (1) or (2), as the case may be, provides such information or means solely for the purpose of enabling interoperability of an independently created computer program with other programs, and to the extent that doing so does not constitute infringement under this title or violate applicable law other than this section.
(4) For purposes of this subsection, the term “interoperability” means the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged.
And it does seem like the code was developed that way. There is no imediate way to pirate games at all with the tools that were released. You can run your own code, but there aren't any piracy tools. However, people certainly could build those tools around the code.

Furtheremore there is a whole section on cryptographic research as well. I'm not going to quote all of it but it seems that the way the information was presented, would qualify (with an academic presentation at an at 27C3)
posted by delmoi at 7:26 AM on January 12, 2011 [3 favorites]


As a PS3 owner and casual gamer could somebody tell me what the hell all this means?

It's possible to run non-Sony approved programs on the PS3, forever. Linux, emulators, hacked games, copied games, you name, you got it. Because the master key is compromised, Sony can't do much about it, any patch they release to try and stop unauthorized software will already itself be compromised.
posted by T.D. Strange at 7:28 AM on January 12, 2011 [1 favorite]


Is this morally right? Probably not. But publicly traded companies _literally must do something_ when their core business is compromised like this. If they don't make _commercial best efforts_ in response to a problem, they can lose shareholder confidence or open themselves up to lawsuits and the like. Large companies are always open to large lawsuits, and it is usually better to be on offense. Hence, this suit.
First of all, although people often say that corporations are legally required to make as much money as possible for their shareholders, I've actually heard that this is not true. And secondly shareholder lawsuits almost always lose.
posted by delmoi at 7:30 AM on January 12, 2011


Further, upon information and believe, in connection with his unlawful conduct, Hotz has utilized an account via PayPal, a company located in San Jose,California, and therefore derives a financial benefit through his unlawful conduct in this district.

Notwithstanding the atrocious grammar, what is up with them namedropping Paypal? They bring up Paypal and never again does it come up in the document.
posted by crapmatic at 7:41 AM on January 12, 2011


Doesn't that require you to actually pirate a game, though?

No. The decryption key lets you get at lots of other stuff that is still copyrighted, such as the various boot loaders and the like. It's all copyrighted software.

they didn't do anything with actual piracy of games, so there was no actual copyright infringement going on

Circumvention doesn't require an underlying act of infringement. If you circumvent an access control to gain access to a work you have a valid license to, that's still circumvention. It's enough to "avoid, bypass, remove, deactivate, or impair a technological measure," and arguably they did just that. Few would argue that the PS3 control measures are not now significantly impaired.

The reverse engineering section is not the end-run you seem to think. "Interoperability" is narrowly defined as "the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged." It has much more to do with things like file formats and network protocols than installing new software on a device.

Furthermore there is a whole section on cryptographic research as well.

Like reverse engineering that's a narrow exception that probably doesn't apply here. For one thing, it requires that "the person made a good faith effort to obtain authorization before the circumvention." Did Hotz and the members of fail0verflow do that? I don't recall that from the presentation that fail0verflow gave. It also requires that "the person lawfully obtained the encrypted copy," which is debatable given that they almost certainly violated the terms of service at some point.
posted by jedicus at 7:41 AM on January 12, 2011


Notwithstanding the atrocious grammar, what is up with them namedropping Paypal? They bring up Paypal and never again does it come up in the document.

Because they're probably going to subpoena the Paypal records.
posted by jedicus at 7:42 AM on January 12, 2011


Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.
posted by Threeway Handshake at 7:43 AM on January 12, 2011 [1 favorite]


No. The decryption key lets you get at lots of other stuff that is still copyrighted, such as the various boot loaders and the like. It's all copyrighted software.
It's not a decryption key, it's a signing key. The bootloaders are decrypted, otherwise they wouldn't work. What this will allow is new bootloaders to be signed and loaded into the system.
posted by delmoi at 7:44 AM on January 12, 2011


Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.
I don't think fail0verlow had any interest in pirating games or running Linux. Rather they were mainly interested in social status and being known as really good hardware hackers.
posted by delmoi at 7:46 AM on January 12, 2011 [4 favorites]


Notwithstanding the atrocious grammar, what is up with them namedropping Paypal? They bring up Paypal and never again does it come up in the document.

Because they're probably going to subpoena the Paypal records.


Actually, its more likely that they're trying to establish minimum contacts between the defendants and the state of California, so that it will be proper for the California court to exert personal jurisdiction over the defendants. Since none of the defendants live in California, they need to go through this extra hoop. By using the services of a California company, Sony is claiming, the defendants have availed themselves of California law enough so that they could have foreseen being haled into court there.
posted by Inkoate at 7:46 AM on January 12, 2011 [1 favorite]


This is what they're looking for: Minimum contacts on Wikipedia.
posted by Inkoate at 7:48 AM on January 12, 2011 [1 favorite]


It's not a decryption key, it's a signing key. The bootloaders are decrypted, otherwise they wouldn't work. What this will allow is new bootloaders to be signed and loaded into the system.

And signing and installing a new bootloader likely infringes copyright by creating a derivative work. In any case, wherever you start from the end result is the same: it's an essential part of impairing or bypassing the access control on the copyrighted work.

Anyway, I didn't mention it in my early comment, but they're also hitting them up for contributory infringement. In that case, it's not necessary that Hotz or fail0verflow pirate anything themselves. "A contributory infringer is "one who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another."" A & M Records, Inc. v. Napster, Inc., 114 F. Supp. 2d 896 (ND Cal. 2000). Further, actual knowledge isn't even required; "a defendant incurs contributory copyright liability if he has reason to know of the third party's direct infringement." Id.

Hotz and fail0verflow know that this can be used to infringe copyright and they know that it almost certainly will be. fail0verflow practically admitted as much in the presentation. And there's little doubt that they have materially contributed to that infringing conduct, even if they didn't induce or cause it.
posted by jedicus at 7:57 AM on January 12, 2011


Honest question: Why does Sony want to limit the amount of software that can run on their boxes? Wouldn't they sell more of them it if was wide open?
posted by LastOfHisKind at 7:58 AM on January 12, 2011


Circumvention doesn't require an underlying act of infringement. If you circumvent an access control to gain access to a work you have a valid license to, that's still circumvention. It's enough to "avoid, bypass, remove, deactivate, or impair a technological measure," and arguably they did just that. Few would argue that the PS3 control measures are not now significantly impaired.

Actually in Chamberlain Group, Inc. v. Skylink Technologies, Inc. the Federal Circuit held that DMCA prohibitions must be tied to copyright rights to fit the balance copyright embodies.
posted by papercrane at 8:00 AM on January 12, 2011


Why does Sony want to limit the amount of software that can run on their boxes? Wouldn't they sell more of them it if was wide open?

'Wide open' is probably a bit too far. In this case, for example, the keys being available means that cheating is likely to become a massive problem.

But yes, it probably would've been to Sony's advantage to continue to support the installation of Linux and other operating systems.
posted by jedicus at 8:01 AM on January 12, 2011


Why does Sony want to limit the amount of software that can run on their boxes? Wouldn

Depends on how Sony makes their money. Is it on the hardware, or is it on per-game license fees? If the latter, it's pretty clear why they want to prevent unlicensed or pirated software.
posted by smackfu at 8:02 AM on January 12, 2011


Why does Sony want to limit the amount of software that can run on their boxes? Wouldn't they sell more of them it if was wide open?

Because this way they can make sure that the software being run is theirs and anything being run via that software results in them getting cash.
posted by dazed_one at 8:08 AM on January 12, 2011


Actually in Chamberlain Group, Inc. v. Skylink Technologies, Inc. the Federal Circuit held that DMCA prohibitions must be tied to copyright rights to fit the balance copyright embodies.

You're reading the case too broadly. What I said was "Circumvention doesn't require an underlying act of infringement." That is, one can circumvent an access control without separately infringing copyright. The Chamberlain case basically stands for the proposition that "§ 1201 applies only to circumventions reasonably related to protected rights." Unlike that case, which dealt with garage door openers, the circumvention here is most definitely related to protected rights.

Furthermore, as the court explained "Defendants who traffic in devices that circumvent access controls in ways that facilitate infringement may be subject to liability under § 1201(a)(2). Defendants who use such devices may be subject to liability under § 1201(a)(1) whether they infringe or not." (emphasis added).

That last sentence in particularly is pretty much precisely what I said.
posted by jedicus at 8:10 AM on January 12, 2011


As a PS3 owner and casual gamer could somebody tell me what the hell all this means?

The tl;dr version of my long post above: the PS3 will only run code that has been cryptographically signed by a secret key that only Sony possessed. They screwed up the implementation of their encryption, and the hackers were able to derive their private key through some reasonably simple math.

Simple upshot is that anyone can now make code that the PS3 will run... since the private key is now public, anyone that has it can sign their code and make it look like it's been blessed by Sony.

The complex upshot is that anyone with the technical expertise can replace the firmware entirely. This is what has Sony really upset, because crackers can now modify the PS3 to run pirated games, defeating all internal copy-protection checks, and can publish images letting the general public do so as well. Sony has few, if any, technical methods to stop it.

There's lots of much more interesting reasons to modify the firmware, though... among other things, the PS3 makes a very nice little media center box, but the included software has annoying limitations. It's quite likely that you'll see much better media software for the unit in the next six months to a year.

The CPU in the PS3 is weird, and it's not a very good general-purpose computing device, but in a few niches (like video decoding), it's an amazingly fast device. One potential use is as a network-mounted transcoder for video files... with the right software, it should be able to transcode high-def videos down to iPhone or iPad formats much, much faster than a standard PC. It can take an hour or more on even a fast PC to transcode a full movie. With the right software, I wouldn't be shocked to see a PS3 cut that time to fifteen minutes.
posted by Malor at 8:10 AM on January 12, 2011 [4 favorites]


Depends on how Sony makes their money. Is it on the hardware, or is it on per-game license fees? If the latter, it's pretty clear why they want to prevent unlicensed or pirated software.

They were losing a significant percentage on every console, I believe that they've finally dropped the production costs on the new slimline units to about even or maybe even in the black. Most of the profits come from frist party games and 3rd party liscense agreements.
posted by T.D. Strange at 8:10 AM on January 12, 2011


Honest question: Why does Sony want to limit the amount of software that can run on their boxes? Wouldn't they sell more of them it if was wide open?

Right now if you want to create and sell a PS3 game, you have to do it via Sony to let them verify the game is not inappropriate (the won't let someone sell a porn game for example), or malicious (a game that secretly steals your credit card number). I don't know much about it but I don't doubt that Sony make money out of this (i.e. games producers must pay Sony to release a game on the PS3). So right now, Sony get money for every PS3 game sold.

If the system was wide open, I could create my own PS3 game and sell it and Sony would make no money out of that whatsoever.

Games consoles are often sold at a loss or for very small profit - the majority of the profit from the PS3 (and Xbox, and Wii) comes from game sales. A console will always cost a bunch of money to manufacture, but when a game has made back its production costs you're selling 50p worth of plastic and paper for £40. Sony would rather sell a lower number of PS3s and more software than the other way round.
posted by EndsOfInvention at 8:13 AM on January 12, 2011


And there's little doubt that they have materially contributed to that infringing conduct, even if they didn't induce or cause it.

I think, in the case of fail0verflow, there can't be any liability. They didn't violate any copyrights, and didn't publish any code. All they did was describe how Sony screwed up, and I can't see that falling under the DMCA.

geohot's in more trouble, though, since he allegedly published the derived boot key. It's worth pointing out, however, that he hasn't induced anyone to copy anything, and probably falls under the cryptographic research exemption.
posted by Malor at 8:16 AM on January 12, 2011


This is what has Sony really upset, because crackers can now modify the PS3 to run pirated games, defeating all internal copy-protection checks, and can publish images letting the general public do so as well. Sony has few, if any, technical methods to stop it.

I honestly think cheating is at least as big a problem as piracy. Soon every online multiplayer game will be suspect. This may do considerable damage to the value of the PlayStation Network.
posted by jedicus at 8:18 AM on January 12, 2011 [7 favorites]


Ah, jedicus, that make sense. It is too bad, I think tying circumvention to intent is the ideal compromise for me. I guess I was being too hopeful.
posted by papercrane at 8:19 AM on January 12, 2011


It's worth pointing out, however, that he hasn't induced anyone to copy anything, and probably falls under the cryptographic research exemption.

As I explained above, inducement isn't necessary, and he probably doesn't fall under the research exemption.

All they did was describe how Sony screwed up, and I can't see that falling under the DMCA.

They described it in significant detail, and they did produce code even if they hadn't distributed it yet (the presentation mentioned that code would be available soon). Trafficking in circumvention measures is part of the DMCA, but circumvention alone is also enough, and they basically admitted to that. Sony will likely seek the impoundment or at least the discovery of any computers containing the code that fail0verflow developed.

And there's more bases for liability here than just the DMCA. Terms of service violations, for example.
posted by jedicus at 8:24 AM on January 12, 2011


If the system was wide open, I could create my own PS3 game and sell it and Sony would make no money out of that whatsoever.

I don't think there's a lot of concern with homebrew game studios producing games without Sony licenses. I think the concern is more that this can make piracy easier, and they're worried it means people won't publish for the PS3.
posted by kafziel at 8:27 AM on January 12, 2011


Soon every online multiplayer game will be suspect. This may do considerable damage to the value of the PlayStation Network.

If end users do not pay for access to it (unlike, say, Xbox Live), what monetary value does it have, such that Sony could claim damages?
posted by Blazecock Pileon at 8:31 AM on January 12, 2011


As long as I can continue to Play "Red Dead Redemption", I don't give a fuck.

I do give a fuck. I just like talking about how awesome Red Dead Redemption is.
posted by KevinSkomsvold at 8:36 AM on January 12, 2011 [2 favorites]


All this does is remind me that the DCMA and TOS are deeply fucked legal concepts, both against the public interest.
posted by klangklangston at 8:44 AM on January 12, 2011 [3 favorites]


Soon every online multiplayer game will be suspect. This may do considerable damage to the value of the PlayStation Network.

If end users do not pay for access to it (unlike, say, Xbox Live), what monetary value does it have, such that Sony could claim damages?


Well, I would stop playing online games if everyone was using hacked consoles to cheat, so I'd buy a lot fewer games. There are a lot more decent multiplayer focussed games around now than decent single-player ones.
posted by EndsOfInvention at 8:52 AM on January 12, 2011


And signing and installing a new bootloader likely infringes copyright by creating a derivative work.
I'm not really sure why that needs to be the case. The bootloader is just like the BIOS on a PC, except even simpler. Just like Compaq's BIOS didn't infringe on IBM's, there's no reason a new bootloader would need to use Sony's old code.
posted by delmoi at 9:01 AM on January 12, 2011


I'm reading up on the Zippo case, as I find it just sort of "throw anything against the wall and see if it meets minimum contact" that they list Hotz' use of Twitter and Youtube as being reason for California to have jurisdiction.

The PSN agreement stating all court fun will happen in California is a lot more damning IMO.
posted by cavalier at 9:02 AM on January 12, 2011


Just like Compaq's BIOS didn't infringe on IBM's, there's no reason a new bootloader would need to use Sony's old code.

First, that presumes anyone making a new bootloader actually does a proper cleanroom job, which seems pretty unlikely in this case. Second, there's an argument that the bootloader is part of a larger copyrighted work (all of the firmware as a whole), and so even installing a cleanroom-produced bootloader would create a derivative work.

And anyway, even if the bootloader is cleanroomed and even if it's not held to be part of a larger work, the point remains that anyone who publishes the keys (i.e. Hotz) and probably anyone who points out in substantial detail how to derive the keys (i.e. fail0verflow) is still liable for contributory infringement. The keys may be a couple of steps removed from the underlying direct infringement (game piracy, modification of games for cheating, whatever), but the keys are without a doubt the linchpin of the whole process. Hotz and fail0verflow's actions materially contributed to the now-inevitable infringement, and they knew or should have known that infringement would result from their actions. That's pretty much all Sony has to prove.
posted by jedicus at 9:11 AM on January 12, 2011


I really don't understand this. If I tell you that, "firing a gun is accomplished by pulling the trigger," and then you go buy a gun and shoot someone with it, am I liable for murder?
posted by Cool Papa Bell at 9:17 AM on January 12, 2011 [1 favorite]


Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.

That's a pretty narrow view of things. Homebrew is about more than just pirating games. It's also about enabling the hardware you bought to do things it's entirely capable of doing, but for some reason or another the developers decided you shouldn't be able to do. Let's say you want to watch a DVD with your Wii. Nintendo doesn't provide any software for doing so, even though there is no technical reason the hardware couldn't do this pretty basic function. If you have a Wii that has been hacked to enable homebrew, you already have a device that can play DVDs hooked up to a TV. Why bother with another hunk of plastic when you've got one that can do it already?
posted by arcolz at 9:20 AM on January 12, 2011 [2 favorites]


I really don't understand this. If I tell you that, "firing a gun is accomplished by pulling the trigger," and then you go buy a gun and shoot someone with it, am I liable for murder?

No, of course not. You can't generalize the logic of the anti-circumvention statute because it's a specifically written statute, not a broad statute or general legal rule.

Here is the logic of the anti-circumvention statute: Digital works are extremely easy to copy, in violation of copyright. It is possible to make such works harder to copy with access controls. But those access controls can be circumvented. If people are not legally prevented from circumventing the access controls, then the access controls are effectively useless. Therefore we will make circumventing access controls illegal.

Now you might say, well shoot, why not just sue the underlying infringers for infringement and foget about the access controls? The main reason is that there are likely to be many, many infringers but only a relative handful of people who create the means to circumvent access controls. This lets copyright holders go up the food chain, so to speak, and target a smaller group.

Of course, it hasn't actually worked in practice and virtually every piece of DRM falls eventually, despite copyright holders' attempts to sue people for it. But that's the motivation and the theory.

One reason why this approach can't be generalized to something like banning the discussion of ways to kill people is that the First Amendment protects that kind of thing, whereas the Copyright Clause seems to give Congress the ability to impinge upon free speech in order to make copyright work. Just how true that is is a matter of some debate, but that's the idea.
posted by jedicus at 9:28 AM on January 12, 2011 [5 favorites]


I should note that as a matter of policy I don't like the way copyright is structured right now, but this case is about reality and practice, which are very different from what many people (myself included) might wish. Wishing that what Hotz and fail0verflow did was legal or disliking what Sony is doing are all well and good, but wishful thinking won't change what the law is. I hope people don't interpret my comments as supporting Sony or damning Hotz or fail0verflow, as I intend neither.
posted by jedicus at 9:38 AM on January 12, 2011 [4 favorites]


Understood, jedicus, but the means of infringement here seems to be merely instructing others in how it could be accomplished, rather than providing an actual service or the actual key itself. Taken the logic to an extreme, Sony seems to saying that any mere discussion of defeating encryption is infringement. That abstract knowledge is dangerous all by itself. Which is ludicrous, of course.
posted by Cool Papa Bell at 9:39 AM on January 12, 2011


Fail0verflow: Just FYI everybody, one of the jailhouse doors has a lock that doesn't work.

George Hotz: Holy shit, Fail0verflow is right and it happens to be the southeast door from the mess hall.

Sheriff Sony: You guys are going down for making my jail insecure!
posted by localroger at 9:39 AM on January 12, 2011 [1 favorite]


Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.

That was what made Sony's original strategy seem so brilliant: sure, most of the people capable of using security compromises want to play pirated games. But it turns out that the people capable of creating security compromises just want to play with your nifty hardware. Give those people a way to play with your nifty hardware that doesn't incidentally involve letting their less capable friends pirate games, and you're gold. Sony turned the DRM problem from "theoretically unsolvable" to "theoretically unsolvable, but in practice nobody will bother solving it", which from a business perspective is just as good.

Just as good until they screwed themselves over, anyway. When they made CDs that rooted computers, and got a slap on the wrist from a corrupt judicial system, maybe that made them too cocky? Retroactively yanking features from already-sold products is pretty vile, but it probably never occurred to them that their contract violations might result in any proportionate punishment.
posted by roystgnr at 9:50 AM on January 12, 2011 [2 favorites]


the means of infringement here seems to be merely instructing others in how it could be accomplished, rather than providing an actual service or the actual key itself

Yes and no. On the one hand, yes, fail0verflow didn't quite go as far as distributing code. But on the other hand, they announced that they were planning to, and Sony was probably trying to put a lid on things quickly. And besides which, they clearly did circumvent access controls while developing the software, so they may well be liable for those relatively private acts of circumvention. You might say, "but surely the damage there was minimal to non-existent," and the answer there is statutory damages.

Whether or not their in-depth discussion of how the hack was accomplished is sufficient to amount to trafficking in a circumvention device or contributory infringement remains to be seen, but I would not be surprised if a court ruled that it was close enough. For example, I could see a court ruling that it was a material contribution to what Hotz did, which was itself a material contribution to the now-inevitable direct infringement, and thus fail0verflow is liable for contributory infringement.
posted by jedicus at 9:52 AM on January 12, 2011


Fail0verflow: Just FYI everybody, one of the jailhouse doors has a lock that doesn't work.

If we are making weird analogies, wouldn't telling someone how to pick the lock be more appropriate? Locks aren't perfect and just because they are pickable doesn't mean they "don't work".
posted by smackfu at 9:57 AM on January 12, 2011


How far back does material contribution go? Does it include the person (or their employer, Sony) who put in a fixed number?

As I read it, they did not make software which circumvents the copy-preventing encryption of a protected work; they worked out a result which might allow someone else to get a step closer to that. That one could write software using their techniques (and plenty of other techniques along the way) which would be able to circumvent some kinds of DRM is completely incidental to their purpose.

Regarding the bootloaders, you could have made derivative bootloaders before, you just couldn't sign them. I see arguing that the signing procedure is like their seal/watermark, which you would normally copyright (or is that a trademark?) even though the actual signature a developer produced would never match any that Sony produced (just ones that Sony could, hypothetically, produce).
posted by a robot made out of meat at 10:00 AM on January 12, 2011


I have zero sympathy for Sony on this. They made an improper encryption system and it was broken.

Remember a few years ago when a couple of lame copy-protection schemes were broken by stupidly-simple means? There was one where using a permanent marker on the CD removed the copy protection and another where holding down the shift key while launching the app removed it.

Hard-coding a number deep within an encryption scheme that should have been random is several steps away from those other hair-brained ideas, but it's still a stupid thing to do. Sony knew better, but they did it anyway. They could have prevented this by implementing it correctly, but they chose not to for some reason that I'm sure they won't ever talk about willingly.
posted by Revvy at 10:02 AM on January 12, 2011 [1 favorite]




How far back does material contribution go?

That may be one of the questions litigated in this case, assuming the parties don't settle. I could see some kind of intervening / superseding cause analysis coming out of it. Part of it also depends on whether fail0verflow had reason to know that copyright infringement would result from their actions.

As I read it, they did not make software which circumvents the copy-preventing encryption of a protected work; they worked out a result which might allow someone else to get a step closer to that.

fail0verflow did make such software, they just hadn't released it yet. They wanted to clean it up a bit before release.
posted by jedicus at 10:06 AM on January 12, 2011


It took 4 years to find a flaw in the system, I don't know if I would downplay the difficulty.
posted by smackfu at 10:08 AM on January 12, 2011


a) The post link claims that their software was to allow installing arbitrary software, not actually for copying or playing copied disks.

b) If they didn't release it, how can Sony prove what they did, let alone that it worked? I understand if the point is that Sony wants to scare them into not doing so.
posted by a robot made out of meat at 10:13 AM on January 12, 2011


"Right now if you want to create and sell a PS3 game, you have to do it via Sony to let them verify the game is not inappropriate (the won't let someone sell a porn game for example), or malicious (a game that secretly steals your credit card number). I don't know much about it but I don't doubt that Sony make money out of this (i.e. games producers must pay Sony to release a game on the PS3). So right now, Sony get money for every PS3 game sold."

There's another bit to this that may be important, and might address kafziel's comment re home brew game devs.

In order to properly develop a PS3 "core" game, one that can be sold on disc at retail, developers have to lease "dev boxes." These are special PS3 systems that have additional hardware and software systems in them specifically for game development, code testing, etc. They allow devs to install compiled code on them directly from another computer and then run the code to test the game.

These dev machines can only be leased directly from Sony, which costs a lot of money. It's sometimes quite difficult for developers to get their hands on even one of them because of the security requirements involved - dev boxes are very closely monitored and doled out strictly on as-needed, minimum number basis, and are taken back immediately after they are no longer needed. Usually the publisher has to handle getting the machines fro Sony to the developer, which can result in production delays. When I worked at a game studio, I think we were only able to get ONE of these, and it was like pulling teeth to do so.

Having the retail console cracked wide open probably means that anyone who wants to can now turn a $200 PS3 into a heretofore "priceless" PS3 Test Unit, thus avoiding paying tens of thousands per month to Sony. I think even scrupulous devs who lease a couple of dev boxes might not be able to resist being able to equip their entire office with hacked retail "dev boxes" without paying Sony; it could save literally millions on production budgets. It also creates an enforcement nightmare for Sony, in that now they will have to send people around to every PS3 developer every couple of months to try to determine whether they're using any cracked units as dev boxes.

This may not represent the kind of cash that pirating involves, but I'd guess this is also a concern for Sony.

Then again, this would allow serious pirates to make counterfeit retail game discs that are indistinguishable from the real ones and which will run on "honest" PS3s. Ouch....
posted by zoogleplex at 10:15 AM on January 12, 2011 [1 favorite]


The post link claims that their software was to allow installing arbitrary software, not actually for copying or playing copied disks.

Intent doesn't matter (very much) in this case, as both infringement and circumvention are strict liability torts. And anyway, you can see how "installing arbitrary software" is a superset of "playing copied disks."

If they didn't release it, how can Sony prove what they did, let alone that it worked?

Through the magic of discovery.
posted by jedicus at 10:22 AM on January 12, 2011


The legal discussion is fascinating, but more importantly (to me): is there a site with clear instructions detailing how a user might go about installing XBMC on their PS3? And a MAME emulator? And maybe a browser that can play Hulu so I don't have to plug my laptop into my TV to watch it? Because being able to do any of that would be fantastic.
posted by Thoughtcrime at 10:48 AM on January 12, 2011 [2 favorites]


Eponysterical!
posted by zoogleplex at 10:59 AM on January 12, 2011


smackfu: It took 4 years to find a flaw in the system, I don't know if I would downplay the difficulty.

According to them, they didn't start seriously looking at the PS3 until Sony took out OtherOS... it took about eight months to crack from there.
posted by Malor at 11:01 AM on January 12, 2011 [1 favorite]


This is the same Sony that basically said "let them eat cake" when it was proven that their music CD's were installing unauthorized software and creating security vulnerabilities on people's PC's when played?

Yeah, my heart's bleeding for them...
posted by de void at 11:14 AM on January 12, 2011 [3 favorites]


My company bought a PS3 specifically to run linux. This was several years ago. We were doing graphics research using the Cell processor and needed a development platform to run benchmarks. We looked at getting a system from IBM, but they wanted $20,000 for a Cell blade, plus a lot more for the chassis. But that's a stupid amount of money. Instead, we bought a PS3 with yellow dog linux preinstalled. The PS3 only cost a couple hundred bucks and did exactly what we needed.

I expect the system doesn't work anymore since Sony pulled linux support in one of their upgrades. But I haven't done any Cell work lately, so I haven't tried.

So if anyone is wondering if people bought PS3s just to run Linux, the answer is yes. Enough people did it to support non-sketchy online businesses selling PS3s with linux pre-installed.

We used our PS3 for research only. I don't think we ever purchased a PS3 game.
posted by ryanrs at 11:46 AM on January 12, 2011 [2 favorites]


I have just a general question: are there judges that specialize in technological cases like this? Is the law structured so it's similar enough to brick and mortar theft to apply the law across it? Is it likely that the judge who hears the case will just be sort of oblivious to the technical aspects of the case?

Law always seems so much more complicated when it's operating on top of technology that the average person probably doesn't really understand -- I guess it's the job of the prosecution and defense to also explain the technology for the jury/judge, right?
posted by codacorolla at 12:14 PM on January 12, 2011


are there judges that specialize in technological cases like this?

Not really (at least in the US). Generally speaking federal cases are assigned randomly (well, I think it's technically round-robin, but since you don't have control over when other people file it's effectively random). However, certain districts tend to see more technical cases than others. The Northern District of California is one of them, as you'd imagine.

In really complex cases judges can appoint special masters or experts to help break down the technical issues. But in general the courts rely on expert witnesses from the plaintiff and defendant to educate the court on the technical issues.

Whether there ought to be specialized trial courts for technical cases like patent cases (which this is not) or whether such cases are even appropriate for jury trial is a matter of some debate, mostly academic.
posted by jedicus at 12:23 PM on January 12, 2011 [1 favorite]


So if anyone is wondering if people bought PS3s just to run Linux, the answer is yes. Enough people did it to support non-sketchy online businesses selling PS3s with linux pre-installed.

People like the Air Force, even.
posted by MikeKD at 12:28 PM on January 12, 2011


jedicus wrote: "And there's more bases for liability here than just the DMCA. Terms of service violations, for example."

I do believe that if you sign up for PSN in Europe, you don't agree to the US terms of service, you agree to a different set with different jurisdiction. I'm not on the latest firmware at the moment (I wanted to keep my Linux, thanks), so I can't verify that.

Besides, it's not necessary to agree to the PSN terms of service to merely use a PS3 for playing games. PSN registration is not required to use the system.
posted by wierdo at 12:47 PM on January 12, 2011


Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.

I've got a modchipped original Xbox that I used for XBMC that never saw a pirated Xbox game. Now that it's been cracked, I could sort of imagine getting a used PS/3 to use as an HTPC.
posted by Zed at 12:49 PM on January 12, 2011


I am not a lawyer, but I wonder whether it would be possible to make a legal case along the following (rough) lines. Sony's brain-damaged implementation, instantly recognizable as such by anyone "skilled in the art", constitutes gross negligence (or whatever the magic legal incantation might be) such that, in essence and effect, Sony circumvented (or sabotaged) their own anti-circumvention device. Therefore all responsibility for its circumvention is theirs.
posted by Crabby Appleton at 1:52 PM on January 12, 2011 [1 favorite]


Again, isn't this is a case of people pointing out the obvious hole only after they spent months and months finding it?
posted by smackfu at 2:05 PM on January 12, 2011


This is a case of a fundamental fatal flaw deliberately built into the software. Its discovery, given the application of expert effort, was inevitable.
posted by Crabby Appleton at 2:13 PM on January 12, 2011


Can someone explain how Sony could have implemented this correctly? I can grok some secret number-identifier (what they did). How would a random number provide any verification? what are the middle steps/constraints?

Also, is there any hope of blocking cheating on PSN? How does Xbox live do it (if they do)?
posted by milestogo at 2:23 PM on January 12, 2011


milestogo: Can someone explain how Sony could have implemented this correctly?

Sony uses the Digital Signature Algorithm to sign its code. When signing things with DSA, you use a value called k, that must be random and unique with each message. Here is a here is a well written and pretty easy to understand article about DSA's k value and why its randomness is so important.

Basically, if you use anything other than a random, unique number with each message, an attacker can determine the private key using some (relatively) basic math.
posted by grandsham at 2:33 PM on January 12, 2011


In very basic terms: the signature algorithm they chose takes as inputs three things:

(the thing you are signing), (the private key), (a random number)

mixes them together, and produces as output: (signature).

For that mixing-together process to be secure, the random number has to be a new, truly random number each time. Otherwise the signature contains some small traces of the private key. Collect enough signatures, and you can collect enough such small traces to reconstruct the entire private key.

A correct implementation uses a strong random number generator to obtain a new, unpredictable random number each time.

Sony's flaw was that their random number wasn't at all random. Their second flaw was that they did not catch this in code review.
posted by We had a deal, Kyle at 2:41 PM on January 12, 2011 [1 favorite]


Files are up at Carnegie Mellon now. That trophy that fail0verflow whipped up for their presentation really is spot on.
posted by longdaysjourney at 2:57 PM on January 12, 2011 [2 favorites]


The Chamberlain case basically stands for the proposition that "§ 1201 applies only to circumventions reasonably related to protected rights." Unlike that case, which dealt with garage door openers,

...and the firmware that runs inside them. I thought Chamberlin's argument was genius: the code that actually actuates the motor has an access control on it, same as a videogame that won't run unless the signature is valid. The way I read the decision, the judge seemed to ignore the law and rule based on "common sense" that it was stupid to prevent someone from opening her own garage door.

I guess what you're (jedicus) saying is that they weren't controlling access to the code because they wanted to protect the code, but they were protecting the contents of the garage.

--

It sounds like fail0verflow might only be guilty because they publicly disclosed that they'd privately circumvented. Really?

You might say, "but surely the damage there was minimal to non-existent," and the answer there is statutory damages.

But if we're talking about one or two PS3's cracked, that's a max of $25k each. Not peanuts, but not millions and not huge compared to the cost of defending against a large multinational with a bug up its ass.

Why hasn't Hotz been arrested the way Dmitry Sklyarov was? There are criminal penalties as well as civil.
posted by morganw at 3:01 PM on January 12, 2011


Files are up at Carnegie Mellon now.

And for reference, this is the professor that (among many other things) keeps a ton of Scientology materials up on the web, when few others were willing to risk the inevitable lawsuits and harassment. It's up for good.

Go CMU!
posted by inigo2 at 3:03 PM on January 12, 2011


It sounds like fail0verflow might only be guilty because they publicly disclosed that they'd privately circumvented. Really?

Liable, not guilty. This is a civil case. There are several other theories of liability in play, but that's the most solid one, in my opinion. For fail0verflow the contributory infringement theory is a little bit of a reach and the other causes of action are flimsier still.

Why hasn't Hotz been arrested the way Dmitry Sklyarov was? There are criminal penalties as well as civil.

Normally the Justice Department doesn't get involved unless the defendants are doing it for money. Remember, the criminal case was against Sklyarov and his employer, which sold a program that bypassed the DRM on Adobe ebooks.
posted by jedicus at 3:12 PM on January 12, 2011


are there judges that specialize in technological cases like this?

Yes and no. There isn't any formal designation, as far as I know. But the courts in Silicon Valley are well-practiced in the area of high tech litigation. San Mateo is a good jurisdiction to hear this case.
posted by ryanrs at 3:30 PM on January 12, 2011


These dev machines can only be leased directly from Sony, which costs a lot of money

They're very limited runs of highly custom hardware. They tend to get a lot cheaper as you get further into the cycle. Maybe 4-5 times consumer hardware at this point, not sure. Pre-launch, they're priceless.
posted by inpHilltr8r at 3:34 PM on January 12, 2011


Also, the dev machines are expensive and hard to get hold of in part because they are much more open systems - they have to be, since game developers update the game code daily (Can't run to Sony for a signed binary for every build) and they need to test and debug on a real console. A dev console would be a genuine treasure trove for anyone wanting to break the system.
posted by ymgve at 3:58 PM on January 12, 2011


Ahhh, yes, the white hat hackers, full of 'help' for everyone.
posted by Ironmouth at 4:23 PM on January 12, 2011


This is a case of a fundamental fatal flaw deliberately built into the software. Its discovery, given the application of expert effort, was inevitable.

Don't understand how the fact that something's inevitable makes any difference.

Its like a crack gang king. His death by murder is inevitable, but that doesn't excuse killing him.
posted by Ironmouth at 4:27 PM on January 12, 2011


Digital works are extremely easy to copy, in violation of copyright. It is possible to make such works harder to copy with access controls. But those access controls can be circumvented. If people are not legally prevented from circumventing the access controls, then the access controls are effectively useless. Therefore we will make circumventing access controls illegal.

Why not just make copying illegal and skip the controls? I'll tell you why. The content corporations believe they aren't useless and believe they actually do stop some copying, but know that they haven't fixed the problem of their diminishing returns on their investment. It MUST be some people are getting around the controls, so they make the controls more intrusive and hope that ups their profits. When that didn't make them more profitable they decided they needed to go after people who get around their controls. And here we are.

This idiocy won't stop until the big content providers are bankrupt.
posted by Mental Wimp at 4:33 PM on January 12, 2011


Eventually some 'industrialized' country is going to recognize how much this ridiculous war on information is costing them and will just opt out, and the US is going to get outcompeted by the countries that choose to do it.
posted by empath at 4:34 PM on January 12, 2011


Their second flaw was that they did not catch this in code review.

I don't buy for one second that this was a mistake they didn't know about.
posted by Revvy at 4:54 PM on January 12, 2011


I don't buy for one second that this was a mistake they didn't know about.

I've heard this from a few people, but I don't understand it. Given that it would have been relatively easy to generate different random numbers every time and that there seems to be no particular benefit to having such a flawed scheme, why are you so certain that the flaw was deliberate?
posted by jedicus at 6:52 PM on January 12, 2011 [1 favorite]


CPB: Taken the logic to an extreme, Sony seems to saying that any mere discussion of defeating encryption is infringement. That abstract knowledge is dangerous all by itself. Which is ludicrous, of course.
Ludicrous perhaps, but that doesn't keep it from being used to sue people. For example, remember the previously-noted copy protection scheme which relied on your not having disabled Windows Autorun (say, by holding down the shift key when putting the CD in): the manufacturer of that laughable scheme, SunComm, threatened to sue the student who pointed this out, although they did later back down.

The DMCA is a crazy piece of legislation and regularly produces absurd results. Sklyarov, for example, was arrested and held in a foreign country for four months for giving a presentation pointing out that various ebook vendors' encryption was on a par with rot13 (in at least one case the vendors' encryption was rot13; it doesn't matter to the DMCA how weak the encryption is). (Sklyarov worked for a company that made an ebook reader for the blind, though I'm sure someone will argue that they were actually a front for despicable ebook pirates.)
posted by hattifattener at 8:31 PM on January 12, 2011


inpHilltr8r: "They're very limited runs of highly custom hardware. They tend to get a lot cheaper as you get further into the cycle. Maybe 4-5 times consumer hardware at this point, not sure. Pre-launch, they're priceless."

Well, I did use "priceless" in quotes. If the only place you can get them is from Sony, and leasing them is your only choice, and they're guarded like gold bullion (which they kind of are)... then "priceless" is a fairly good description, regardless of how much they actually cost in dollars.

ymngve: "A dev console would be a genuine treasure trove for anyone wanting to break the system."

Yes absolutely. However, if Sony lost one or a few Test Units to theft or other skullduggery, since they have control of all the others they could in theory make changes to the ones they still control (and to the retail disc production process) that would make the stolen units useless.

Now my knowledge is far from complete, but I've never heard of a PS3 Test Unit going "wild." Not saying it hasn't happened, but I've never heard of it.

Breaking the entire encryption chain of the entire installed base of hardware including the Test Units at the root level is a complete disaster from this point of view.

For example, the disc format for in-house developer-burned game debug discs is different from the retail discs' format. If you take a game dev burn and put it in a retail PS3, it won't work. With a cracked PS3, I'm sure the firmware can be rewritten to run dev-box-format discs. This means any PS3 developer's game code can just walk out the door at any time, among other things.

Now I don't think there would be a problem with any of Sony's close-partner devs like Naughty Dog, Insomniac, etc., because it's not in their best interest to cause a problem (they also get first dibs on dev boxes). I don't think there will be a major impact on the North America part of the game biz - at least not at first. The ability to easily pirate any PS3 game and play it undetectably on "honest" systems will have its effect later, I'm sure.

However, now any developer anywhere who wants to may be able to create and produce working retail PS3 games without any involvement from Sony. There are a lot of markets out there that Sony would find it next to impossible to litigate against if someone released a working PS3 title and sold enough to profit. We could see this happen in Europe and Asia within months.

Hell, with all this broken, someone could probably start building hardware PS3 clones and start selling them wherever they can. The boxes would run everything that's already out there, and all the new non-Sony-kosher stuff too. I imagine it would be hard to get enough Cell processors to make this a reality, but it may be possible.

I suppose someone could also set up a "PSN" that isn't PSN, running over the Internet, and anyone with a cracked unit could get on it, download games, play multiplayer, etc. etc. Crazy thought, but hey, ya know?

And Sony can no longer effectively stop it by releasing firmware updates, which probably has worked in the past to keep PS3s from playing pirated discs

Suing Hotz and fail0verflow isn't going to fix this problem. It's way too late now. The code is everywhere already.

What a mess.
posted by zoogleplex at 9:47 PM on January 12, 2011 [1 favorite]


Wow, did you see this? Modern Warfare 2 online multiplayer has been seriously hacked.

Non-hacker player PSN accounts are being messed with. Yee. Ikes.
posted by zoogleplex at 10:13 PM on January 12, 2011


The article zoogleplex just linked mentioned the ticker for the game (presumably being set by the dev company) was altered. Is there any way hacked PS3s could get into credit card accounts for users that use the store feature of PSN?
posted by codacorolla at 10:18 PM on January 12, 2011


"Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs."

Whenever I hear of people wanting to run whatever program they wish on their computer I think it doesn't really matter what shape the box is.
posted by jaduncan at 1:02 AM on January 13, 2011


Is there any way hacked PS3s could get into credit card accounts for users that use the store feature of PSN?

I don't think anyone knows yet, but when the server code was written, the developers may have assumed that all clients are trusted platforms, and not been terribly paranoid about checking their inputs.

On another forum, someone else asked that question a few days ago, and at the time, I figured hackers wouldn't bother going after Sony. They're huge, and can deploy many resources to chase bad guys. Why go after the huge shark with pointy teeth when the Internet is swimming with goldfish? But hearing about the involuntary modification of profiles has increased my worry level somewhat.
posted by Malor at 3:49 AM on January 13, 2011


Oh, good catch, jaduncan. I'll respond to this too:

Threeway Handshake: Whenever I hear people talking about compromising bootloaders on a game system so they can run stuff other than pirated games, I think about head shops that have signs that say "for tobacco use only" next to their case of bongs.

Well, on one of the few platforms with actual measurements of piracy and jailbreaking, the iPhone shows about a 34.5% piracy rate. That is, very slightly more than a third of jailbroken iPhones are running pirated software.

That means, of course, that just short of two-thirds of iPhone crackers, almost a supermajority, aren't interested in piracy, just in running whatever code they want on their phone. A third are copying software; two thirds are just asserting ownership of hardware they paid for.

Dunno how that'll translate to game consoles, since iPhones are expensive devices that tend to be sold to adults, and iPhone software is pretty cheap, but it's one of the few actual data points in a very murky area.
posted by Malor at 3:56 AM on January 13, 2011 [1 favorite]


Well, on one of the few platforms with actual measurements of piracy and jailbreaking, the iPhone shows about a 34.5% piracy rate.

Out of pure curiosity, how does one go about measuring such a thing?

Apart from the obvious difficulties, I was under the impression "piracy" is a legal, not technical concept in the strict sense - one man's old windows license moved to different hardware may be another man's pirated O/S.
posted by Dr Dracator at 4:56 AM on January 13, 2011


zoogleplex, that's the exact kind of thing that makes me nervous about this. I don't do a lot of online gaming, but when I do, it tends to be FPS Modern Warfare type games. The video at that link is already down, but one of the reasons I preferred my PS3 to an Xbox was the fact that that sort of shit just didn't happen. One of the things that makes CoD so addictive is the slow levelling up, the process of unlocking just one more thing. The idea that just by randomly getting into a game with an ass, all of that fun in unlocking the rewards yourself can get stripped away is, well, pretty shitty.

I will never, never understand the thought process behind trolls and griefers. How is being an intentional dick to another person fun?
posted by Ghidorah at 5:56 AM on January 13, 2011 [1 favorite]


Out of pure curiosity, how does one go about measuring such a thing?

It looks like Pinch Media provides analytics for developers to add to their apps, so it is the stats for the apps they monitor. Here are the slides on piracy.
posted by smackfu at 6:10 AM on January 13, 2011


The idea that just by randomly getting into a game with an ass, all of that fun in unlocking the rewards yourself can get stripped away is, well, pretty shitty.

Ugh. I already had this happen to me twice. Both times I was in a game that seemed normal enough, but it unlocked everything, moved me to the highest level, and "completed" every challenge in the game. After the first time I reset back to level 1, which was annoying enough. After the second I just stopped to come online and try to find some hope of this problem somehow being fixed. Doesnt seem likely. /vent
posted by milestogo at 6:38 AM on January 13, 2011


Zoogleplex, I was puzzled by the details of your post, and I asked a developer friend of mine about his experience. He said (regarding dev boxes):

"They're a little challenging to acquire when the console is first launched but not so much later on.

No, they do not cost money per month nor are they closely monitored."

I can see Sony being tightly controlling with them before the console specs are publicized; was your experience in that timeframe?
posted by neuromodulator at 7:29 AM on January 13, 2011


Yes it was, actually - just before or not long after launch. So I guess my mileage does vary!

They were a lot looser about the PS2 boxes, but it was the end of the life cycle, so, yeah.

Always good to have newer info, thanks. What does your friend think about this hack?
posted by zoogleplex at 7:33 AM on January 13, 2011


Malor wrote: "But hearing about the involuntary modification of profiles has increased my worry level somewhat."

I don't believe that for a second. I suppose Sony could be stupid enough to program PSN such that my PS3 can change your profile without being logged in, but that seems highly unlikely.
This appears similar to challenge lobbies online (private matches where players can access a menu to unlock everything in the game), except it’s being used in public matches and accounts are being tampered with by other players.
99.9% chance some folks have just unlocked some features of challenge matches for use public games. A real PITA if you want to play the game, but not a real risk beyond having to play with effing cheaters. And the aforementioned leveling up other people's profiles, but that's a game thing, not a PSN thing, so it only affects specific games that were programmed by morons.

The client should never have been trusted, as it has always been possible to MITM the network connection and cheat that way.
posted by wierdo at 11:17 AM on January 13, 2011


inpHilltr8r: "youtube"

What does it mean that "fail0verflow has been terminated due to multiple or severe violations of our Community Guidelines.?"
posted by psyche7 at 4:37 PM on January 13, 2011


So what's to stop Sony from releasing a firmware update to patch this out again? Or changing the keys on newly released software?
posted by codacorolla at 4:42 PM on January 13, 2011


codacorolla: "So what's to stop Sony from releasing a firmware update to patch this out again? Or changing the keys on newly released software?"

It's boot code, so it's compromised at the root.
posted by psyche7 at 4:50 PM on January 13, 2011


So it seems that Sony is just going to start banning / killing hacked consoles (from what I've been reading). Since it's security at a hardware level, would they have to make a new model of PS3 with fixed security to insure that those don't get compromised? What happens to the old systems then? Do you make games interoperable between the old and new security systems?

Basically: what are some ways that Sony might try to fix this?
posted by codacorolla at 4:59 PM on January 13, 2011


Well... outside of suing a bunch of hackers.
posted by codacorolla at 5:00 PM on January 13, 2011


There's actually a huge fringe benefit from the PS3 program: it was Sony's way of bootstrapping the Blu-ray format for high density video discs.

BD is now the format winner for high density video, and Sony should make out like a bandit on license fees for BD until the patents run out. Even if the PS3 product itself eventually is a money loser, Sony is bucks ahead.
posted by Chocolate Pickle at 11:13 PM on January 13, 2011


What does it mean that "fail0verflow has been terminated due to multiple or severe violations of our Community Guidelines.?"

If you really annoy Youtube they send a cyborg back in time to kill your mum.
posted by EndsOfInvention at 4:03 AM on January 14, 2011


So it seems that Sony is just going to start banning / killing hacked consoles (from what I've been reading).

I doubt that'll do any good. If they ban a given console ID, the hackers just have modify their firmware to report that they're someone else. They can ban accounts, but because they give those out for free, hackers can easily make new profiles to play their pirated games with.

Since it's security at a hardware level, would they have to make a new model of PS3 with fixed security to insure that those don't get compromised?

Pretty much, yep. The boot key is burned forever into the ROM of all the existing PS3s; the only way to recover from the key compromise is a new key, and that can only be put in new consoles as they're manufactured. Unless they actually show up at people's houses and confiscate the old machines, they'll remain in circulation, completely hackable at will.

What happens to the old systems then? Do you make games interoperable between the old and new security systems?

If they didn't, it would be commercial suicide. Tens of millions of people have bought PS3s, and Sony suddenly telling them they can't play games with them anymore, and that they have to buy new hardware, would result in Sony's utter destruction in the entertainment market. Not going to happen.

I honestly don't know what the heck they're going to do. They might implement phone-home BluRay decryption, but that will seriously impair the usefulness of the PS3 as a BluRay player, pissing off a substantial fraction of their userbase.

For games, I think they're going to have to write them like PC games.... not trusting the client. That will probably worsen the overall experience. Developers will no longer be able to rely on local consoles to do some of the computations and take some of the load of a multiplayer game, so you'll probably see more lag and fewer features.

Beyond that.... who can tell? It's such an overwhelming compromise that there aren't many parallels to examine.
posted by Malor at 8:02 AM on January 14, 2011 [1 favorite]


It looks like Pinch Media provides analytics for developers to add to their apps, so it is the stats for the apps they monitor. Here are the slides on piracy.

It's worth noting that users of jailbroken phones can install PrivaCY, an app that prevents a few media companies (including Pinch Media) from collecting usage statistics. This might make their numbers inaccurate. Not sure if PrivaCY was around when they collected their piracy figure, though.

Jailbroken users can also install firewalls like Firewall iP that block outgoing connections unless the user sets up a rule to allow them. It works much like Little Snitch does in OSX. Wouldn't stop developers using their own domain to collect statistics, but it would stop third party sites.
posted by Thoughtcrime at 1:15 PM on January 14, 2011




« Older Malingsia   |   Magyar Madness? Newer »


This thread has been archived and is closed to new comments



Post