Monday, April 11, 2011

Corporate Goliath sues Hacker David: Sony v. George Hotz

by NomadicJoe

On January 11, 2011, Sony Computer Entertainment America LLC (SCEA) initiated a legal action against 21-year-old George Hotz, (alias geohot, million75 or simply mil), and others from an online hacker group called fail0verflow. It is already shaping up to be an interesting battle and a quite possibly a made-for-Hollywood script played out in real-life.

The Players

While Sony Corporation itself needs little introduction, Sony Computer Entertainment America Inc., a subsidiary, develops and markets video games consoles in the United States and Canada. The company was founded in 1994 and is based in Foster City, California.

Certainly, as corporate Goliaths go, SCEA can flex some intimidating legal muscles. In court- and everywhere else- it generally gets what it wants.

Playing the David in this story is George Hotz. For his part, Hotz has had his own share of achievements and fame. In December 2007, Hotz travelled to Sweden to attend the Stockholm International Youth Science Seminar and talk about his 3D imaging invention (called Project Holodeck) that netted him a $20,000 Intel scholarship earlier that year. In March 2008, PC World magazine listed George as one of the top 10 Overachievers under 21. He entered the Rochester Institute of Technology in 2007, quickly after gaining notoriety for hacking the iPhone, but withdrew from the school after 1 quarter.In 2008 he worked at Google as an intern, on the Google Street View project. He has been interviewed on Today Show, Fox, CNN, NBC, CBS, G4, ABC CNBC and articles in several magazines, newspapers, and websites, including Forbes, and BBC.

Now, however, George Hotz, the quintessential hacker/ computer geek, has found himself in the spotlight for a completely different reason.

The Battle

According to lawyers for Sony, Hotz violated his PlayStation3 owner's contract agreement by rewiring/ re-programming his equipment. Furthermore, they charge, by offering his instructions, methods, authorization keys and devices to other hackers Hotz violated the Digital Millenium Copyright Act. The goal of this de-engineering project was to "jailbreak" the Sony game device.

Jail-breaking is a hacker term for the more technical sounding "privilege escalation." By exploiting a design flaw in a software application, a hacker can gain capabilities and resources that would normally have been off-limits to a developer's clients. The result is that the application has more privileges than originally intended and the user would be capable of unauthorized actions. Basically with the information allegedly provided by Hotz, Playstation owners could gain complete control of their consoles from the firmware on up. Sony lawyers stressed that jail-breaking a console is also necessary to running pirated copies of the game.

The matter is complicated - a definite understatement- by the very fact that in July of last year, the U.S. Copyright Office legalized the jailbreaking of iPhones to allow those devices to run any apps the owner wants. (And who was behind this, I hear you asking? None other than our own George Hotz. Pissing off ATand T and Apple, Check.)

But then, the legal battle between Sony and Hotz is filled with other challenges as well. One challenge was a matter of deciding where to hold court. On March 6, 2011, California courts granted Sony's attorneys access to Hotz's Paypal accounts in order to prove that Hotz received financial gain from the hacking, a violation of the copyright laws. The PayPal records will also be used to determine court jurisdiction. If Sony can prove that donations were received from California, thus making San Francisco a proper venue for the case. (This would allow Sony to continue to sue him in San Francisco instead his home state of New Jersey.) George Hotz has denied that he accepted any donations for the hack.

Another challenge facing the prosecution was tracking down Hotz's alleged accomplices. Courts permitted Sony access to visitor IP addresses to Hotz’s website earlier in the month, as well as data his YouTube, Twitter, and Google accounts. According to a Wired report, federal magistrate Joseph Spero has granted Sony permission to subpoena George Hotz’s web provider to find out how many people in California downloaded his “jailbreak” files.

The approved subpoena requires the company to turn over “documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms” tied to Hotz’s hosting. The Bluehost subpoena also demands “any other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service and associated” [emphasis mine] with the www.geohot.com website, including but not limited to the “geohot.com/jailbreak.zip file.”

Thus, if you had only visited Hotz's website between certain dates in 2009, it is quite possible you could be contacted by Sony's lawyers. By shaking the Internet tree, Sony's attorneys hope to find the evidence that will proof their case and the identities of other copyright violators. It certainly raises some questions about rights to privacy on the Internet and the legality of guilt by association.

Applying the copyright laws in such a way also sets an interesting precedent. The Digital Millennium Copyright Act (DMCA) is a United States copyright law that criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM) that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.

Thus, a law initially designed to protect the copyright of a product is now being used to limit how the product itself is used by its owner. It is also being used to control the information about the product and activities involving the product, regardless whether illegal copies are made at all.

As one blogger comments, much of Sony's case is built on the premise that..

You’re guilty of felony computer hacking crimes if you access your own computer in a way that violates a contractual restriction found in the fine print of the licensing restriction of the product imposed by the manufacturer.

I realize the complaint characterizes the defendants as hackers, ...But think for a moment about the nature of this claim. But think for a moment about the nature of this claim. You bought the computer. You own it. You can sell it. You can light it on fire. You can bring it to the ocean, put it on a life raft, and push it out to sea. But if you dare do anything that violates the fine print of the license that the manufacturer is trying to impose, then you’re guilty of trespassing onto your own property. And it’s not just a civil wrong, it’s a crime. And according to the motion for a TRO (a court-mandated restraining order) , it’s not just a crime, it’s a serious felony crime.

The result of this application of the copyright law would, in effect, allow Sony Corporation to decide exactly what you are allowed or not allowed to do with your own property. No tinkering is allowed. That's the law, according to Sony.

Regardless of the particular merits of the case, Sony's strong-arm tactics to retain control over its intellectual copyrights and patents may have harmed its image with younger consumers. Many think that Sony has finally overstepped itself.

A Lesson from History

As we have been told so often, history does have a tendency to repeat itself and the problem with unregulated precise copying has occurred in the past. The invention of the printing press created a similar situation more than 500 years ago. Prior to that time, writing was a skill limited to a select group. In Europe, the Church and the various governments possessed more or less complete censorial control over what material could be copied and by whom.

This control had serious consequences for progress and education in the society. Scientific exploration was essentially held in check, to serve the very narrow interests of the Church or military interests of the governments. It wasn't until the development of the printing press that this monopoly was dissolved. When the revolution created by the press could not be snuffed out, many were understandably upset. They were willing to use all of the various methods at their disposal to squash the free flow of information. Pope Alexander VI issued a bull in 1501 against the unlicensed printing of books and in 1559 the Index Expurgatorius, or List of Prohibited Books, was issued for the first time.

As the technology behind the printing press became more common, governments and church, unable to outlaw the technology altogether, developed a kind of "love-hate" relationship. Printing was encouraged when it allowed for the production of Bibles and formal edicts by rulers, but printing was strongly discouraged when it involved works of dissent or criticism. Out of that relationship was born the idea of journalism as responsible critic of governments and the powers that be.

It was for this reason that governments took steps to control printers across Europe, and required them to have official licenses to trade and produce books. The permits gave printers the exclusive rights to make copies of material and made the copying of other works illegal altogether.

Therefore, despite how corporation would like to portray copyright issues as protections against piracy and the mass production of marketable material, the history of copyright laws were, in fact, based on strategic control of the flow of information. The idea of intellectual property and creative rewards is a relatively recent justification for copyright laws.

Finally, it is important to remember the results from the sudden unregulated access to information. Elizabeth Eisenstein’s book, The Printing Press as an Agent of Change, the author argues that the printing press changed the conditions under which information was collected, stored, retrieved, criticized, discovered, and promoted. Eisenstein notes that, while there may have been many causes of change, the effect of the printing press was the Reformation, the Renaissance and the Scientific Revolution.

A new kind of humanism developed based not on the past moribund models of Church theology but on the works of the great Greek and Roman thinkers of ancient past. The accumulated dogma espoused by the religious leaders suddenly appeared to be little more than superstition and propaganda. In the same way, the impact of the digital age has been no less revolutionary as the shift from script to print.

Today, the works of Jefferson, Franklin and Paine are now easily accessible, thanks to the online archives. And when a politician attempts to hijack history, saying, for example, that our founding fathers believed this or that, the fraud can be exposed in a matter of minutes. For example..

"I hope we shall take warning from the example and crush in its birth the aristocracy of our monied corporations which dare already to challenge our government to a trial of strength and bid defiance to the laws our country." ~ Thomas Jefferson Nov. 12th, 1816

Politicians now find it much harder to deceive their citizens when the historical record is as easy as turning on your laptop. It simply requires diligence and curious and the ability to question authority.

Additionally, the Age of Reason owed a lot to the printing press. It permitted a flow and interchange of scientific information which could be critically examined and judged and retained for the future generations. It is hardly an exaggeration to say that much of the incredible development of the past few centuries originated with the printing press and the dissolution of the information monopoly it afforded.

As Professor Lee A. Hollaar, School of Computing. University of Utah pointed out:

The important effects of the printing press era were not seen clearly for more than 100 years. While things happen more quickly these days, it could be decades before the winners and losers of the information age are apparent. Societies that regulated the printing press suffered and continue to suffer today in comparison with those who didn’t.

It is painfully easy to find historical parallels and to see what becomes of those nations that, for whatever reasons, attempt to hold back progress. Take the Ottoman empire as one example.

Books and printed matter in Turkish and Arabic were unknown before the end of the 18th century, and even then they were of limited impact because of widespread illiteracy. Jewish refugees from the Spanish Inquisition established a Hebrew printing press about 1494. Armenians had a press in 1567, and Greeks had press in 1627. These presses were not allowed to print in Turkish or in Arabic characters, owing to objections of the religious authorities.

One result of this delay was to give Greeks, Armenians and Jews an advantage in literacy, and therefore an advantage in commerce, and in having a means to preserve and propagate their culture, that was denied to Turks and Arabs. The major result was to retard the development of modern literate society, commerce and industry. The first Turkish printing press in the Ottoman Empire was not established until 1729. It was closed in 1742 and reopened in 1784. The press operated under heavy censorship throughout most of the Ottoman era.

Meanwhile the rest of Europe successfully emerged from the Dark Ages, and the Ottoman empire gradually slipped into a long slow period of decay.

Like the printing press, digital technology and the Internet has brought about a crisis in information containment. As Professor Hollaar pointed out:

Digital technology allows anybody with access to a computer to make perfect reproductions of copyrighted works at little or no cost, and the worldwide connectivity of the Internet allows the easy distribution of those reproductions with little effort.

It's quite understandable that powerful minorities would feel nervous by a democratized printing press for the whole world. This time, however, the challenge is not so much to the religions, but to the hegemony of corporations and authoritarian governments. Instead of embracing the potential and the opportunities that digital technology promises, many of the major corporations have sought to use copyright laws, the compliance of the courts and the antiquated, poorly conceived laws to block, intimidate and bully all who challenge their authority.

No Coincidence

Yet, even today, that battle of the free press continues. Now, more than ever. It is no coincidence that, at a time, when corporations have managed to compromise the major sources of news reporting, Internet has created a new venue for investigative journalism. Pay-firewalls, and the application of complex, often illogical copyright laws and the threat of legal action are all weapons used to maintain control.

This use of the copyright statutes by lawyers can often be used to harass and discourage, rather than to win. After all who has the financial resources to compete with the legal teams of major corporations in a court of law? The threat alone, critics charge, can be sufficient to have a chilling effect on scientific research and free speech. Furthermore they say, this tactic is bound to fail.

However, as Hotz himself sarcastically states in his blog,

Everyone knows that after Napster was sued out of existence, CD sales have been through the roof. It's impossible to find an illegal copy of a song anywhere. And after DeCSS and 09 F9 were successfully sued off the Internet, it's super hard to decrypt movies and they all are100% legal. Due to the huge success of big media's legal departments, every time I want to watch a movie, I drive down to my local neighborhood Blockbuster and fork over $5.95

Nah, the truth is, those cases did shit all but put money into some lawyers pockets, and gave you technophobic CEOs talking points at worthless board meetings. What actually happened is things like the iTunes store, Netflix, FiOS TV, and Hulu showed up. Some companies innovated instead of litigated. Some companies thought outside the box. Some companies actually did something for their customers. And succeeded big time. Meanwhile, the battle has moved out of the courts. Carnegie Mellon Research Professor of Computer Science David Touretzky has posted online details of Hotz's work as a First Amend- ment protest challenging Sony to take action.

The lawsuit against Hotz and other hackers has also attracted the attention of Anonymous, the loose collective of "hactivists. Recently, in a now infamous show of force, Anonymous struck hard at what they considered corporate bullies, such as the CEO of HBGary Federal, hacking into his emails and exposing some of his possibly illegal business transactions. (The humiliated CEO Arron Barr was forced to step down from his position.)

A statement, reported from Anonymous reads:

“You have now received the undivided attention of Anonymous,” a statement from the group reads. “Your recent legal action against our fellow hackers GeoHot and Graf_Chokolo has not only alarmed us, it has been deemed wholly unforgivable.”

Regarding Sony's attempt to track down Hotz's fellow hackers by tracking IP addresses of visitors to his website, the statement states, "You have victimized your customers for merely possessing information, and continue to target every person who seeks this information. In so doing you have violated the privacy of thousands.”

And with that warning, last Monday, April 4th, Sony.com and Sony’s Playstation.com both suffered intermittent downtime as a result of denial of service attacks launched by the hacker group.

And that's not the end. Anonymous is now promising to publish personal details about Sony executives online and to unleash a triple wave of autonomous and automatic bits of software called botnets against company sites.

Speaking to the executives at Sony Corporation, the message reads: “Now you will experience the wrath of Anonymous.” It went on to warn, “Expect us.”

YouTube Anonymous warning.


Update: Apparently Sony has announced a change of heart about this lawsuit. According to CNET:

Sony Computer Entertainment America today (April 11) announced that it has settled its contentious suit against infamous hacktivist George Hotz, aka GeoHot.

"Sony is glad to put this litigation behind us," said Riley Russell, general counsel for SCEA, in a statement. "Our motivation for bringing this litigation was to protect our intellectual property and our consumers. We believe this settlement and the permanent injunction achieve this goal."

For those who haven't been keeping up, Hotz hacked Sony's PlayStation 3, jailbreaking it to run non-Sony-approved software and, potentially, pirated games.

The settlement itself was apparently reached on the March 31, but Sony only just made it public. Details of the settlement, however, weren't made available.

Hotz maintains that he hasn't done anything wrong, saying, according to the statement provided by Sony: "It was never my intention to cause any users trouble or to make piracy easier."

On his personal blog, Hotz hasn't commented on the settlement itself, but he has announced that he's joining the current boycott of Sony products that seems to be gaining momentum and enjoins his fans to follow suit.

The litigation itself has been full of twists and turns, with Hotz's lawyers, for example, arguing details like where the trial should take place.

Had it played out, the case could have set precedent in the consumer tech space. Questions about hardware ownership, the restrictions of hardware ownership, and even what constitutes a hacker will have to wait for another case, it seems.


A wise decision on Sony's part.