|
|
| Sony Files Exhibits Trying to Link Hotz to California - Updated - A Supplemental Brief |
 |
|
Tuesday, January 18 2011 @ 11:45 AM EST
|
I know you are wondering what happens next in Sony v. Hotz if the judge in California decides Sony doesn't have jurisdiction, which
she expressed doubts about. And some of you may wonder what jurisdiction means. Sony has filed some exhibits with a Declaration by the lead lawyer, James Gilliland, and so we find out now why Sony thought George Hotz had a PS3 Network account and had links to California, so I'll use that to show you why I agree with the judge that they may not. And if not, the simple answer to what happens next is that Sony can file in New Jersey, which is where George Hotz resides. So, he will have to face this litigation in one place or another. And that has me wondering about something that some of you will have the expertise to explain to me. Supposing you were Sony, and you were in a panic because you figured some gamers out there would use Hotz's research to cheat on games. You want to shut that door. I know they could make new hardware with a better system to keep this from happening. Hotz offered to show them how. But there are many Playstation 3s out there already. Is there a way to do what Sony wants to do, shut the door that was opened? I mean, for networked gamers, not if you are in your own home tinkering. They likely don't much care about that. But what about the gamers who go online and want to play fair and square? Isn't there a way for Sony to screen who gets to play networked gaming? Why wouldn't that solve its problem? If it is a problem. Maybe it's a missed business opportunity. Maybe you can explain that to me, and I'll explain to you some things about jurisdiction.
First, here are the filings:
01/14/2011 - 29 - Transcript of Proceedings held on January 14, 2011, before Judge Susan Illston. Court Reporter/Transcriber Katherine Powell Sullivan, RPR, CRR, CSR, Telephone number 415-794-6659/Katherine_Sullivan@cand.uscourts.gov. Per General Order No. 59 and Judicial Conference policy, this transcript may be viewed only at the Clerks Office public terminal or may be purchased through the Court Reporter/Transcriber until the deadline for the Release of Transcript Restriction.After that date it may be obtained through PACER. Any Notice of Intent to Request Redaction, if required, is due no later than 5 business days from date of this filing. Release of Transcript Restriction set for 4/14/2011. (Sullivan, Katherine) (Filed on 1/14/2011) (Entered: 01/14/2011)
01/14/2011 - 30 - ORDER granting 20 Administrative Motion to File Under Seal (tf, COURT STAFF) (Filed on 1/14/2011) (Entered: 01/14/2011)
01/14/2011 - 31 - Declaration of James G. Gilliland, Jr. in Support of 2 MOTION for Temporary Restraining Order filed bySony Computer Entertainment America LLC. (Attachments: # 1 Exhibit A, # 2 Exhibit B, # 3 Exhibit C, # 4 Exhibit D)(Related document(s) 2 ) (Gaudreau, Holly) (Filed on 1/14/2011) (Entered: 01/14/2011)
Before I tell you the rest, let me start by stating how much I admire James Gilliland's work. We saw him in action in the Apple v. Psystar case, and it was a beautiful sight. He showed himself to be not only skilled, but a decent guy, and without a doubt Sony will do better with him than with any other lawyer. But here's why I think they'll very likely have to file in New Jersey.
The Declaration by Gilliland has an Exhibit A, as you see, which is a screenshot of a sign-up sheet for a PS3 Network acount for a "George Hotz", signing up with the nym Geo1Hotz, which Sony's records show is "active and related to" seven other accounts, maybe more. I'm not a gamer, so I don't know what it means to be "related to" other accounts. Maybe some of you can educate me. Perhaps it means friends of or plays games with? Or, please note that one of the related accounts is a nym uKinfurator using the email pookie87@yahoo.com. Now, look at Exhibit A. Note the email address by "Geo1hotz" is pookie82@yahoo.com. Hmm. That would make me wonder if they are one and the same person signing up for two different accounts.
Looking around at my friend Google's house on the web for a pookie82 at Yahoo, I find a pookie82. But she seems to be a girl. A girl in Ireland. Gilliland notes in his Declaration: The account may show some specious information because when a PSN user assents to the license agreement the user can enter any address, phone number, or birthday he wishes. Well, zowie. If so, can you sue someone on probably specious information? And obtain jurisdiction? I mean, George Hotz is famous. Anyone can use that name. Others might sign up as Nobody Nowhere as the name. Haven't you ever seen "Bill Gates" commenting on Slashdot? I've had at least two kidders try to sign up for a Groklaw membership as "Darl McBride". People leave comments as "me" on other boards all the time, very offensive ones too. In fact, years ago, I had to post here on Groklaw that I wouldn't leave a comment anywhere but on Groklaw, unless I mentioned it here, so people would know when it was really me and when it was some donkey pretending to be me and trying to make me look bad.
The address "George Hotz" used is Providence, RI. NYB Street. Is there really such a street? Did Sony check that address to see if it really exists? And the account indicates that Geo1Hotz is 15 years old. The real Hotz isn't 15. He was 17 in 2007, according to this BBC article, where, by the way, he mentioned he owns a PS3 but "never really played" it, which is harmonious with what he told the court, not so much with Sony's claims: He said his motivation was "curiosity" and "opening up the platform".
"To tell you the truth, I've never really played a PS3," he said. "I have one game, but I've never really played it." His interest is not on Sony's radar, it seems to me. He's interested in math and solving puzzles and the freedom to tinker. If you sold him a car, he'd want to open the hood and mod it too, probably. But this is higher math, you might say. He is, I gather, a genius. His Playstation was a gift, by the way. He didn't even buy it. So, he's not some guy wanting to cheat on PS3 networked games, I gather, and he's been quoted in the news as saying that he took steps to block that kind of cheating, but the BBC article indicates that might not have happened immediately.
If so much information on that sign up sheet is spurious, then, is the name "George Hotz" *more* likely to be truthful or less? I can't rule out that Sony has more information than this up its sleeve, like IP addresses, but you'd think this would be the time they'd roll it out for the court, with so much riding on getting jurisdiction. Then again, who knows? Lawyers are strategists. So, we will have to allow for anything and draw only draft conclusions, but so far it looks like Sony relied on spurious information. Why, you are asking? I'm only guessing here, but probably they hoped for California because there is more than one defendant, and Sony seemed to think that they are all working together in some kind of conspiracy, which Hotz has fervently denied. But if you are Sony, you'd rather have one case to litigate, so your lawyers don't have to fly all over the place and do discovery in two or more states. All that is expensive. If you notice, Gilliland's Declaration mentions another defendant apparently is in California, someone using the nym "Bushing," so if that sticks, then presumably Sony argued at the hearing that putting both cases together made sense. But if that doesn't work, they can file in New Jersey against Hotz and in California against the other guy. We'll get to read the transcript of the hearing eventually, in April, and when it comes out, I'll add it here.
Anyway, Hotz, the real one, says in his Affidavit that he's lived in New Jersey since 1995. That's not Rhode Island, last I looked. Or California.
But Gilliland noticed that Hotz did "live in" California from April of 2008 to October of that same year, while he did some work for Google. Ever hear of Google's Summer of Code? No doubt Google has other such arrangements for brilliant coders, but something like that is temporary. By then, Hotz was, what, 18? Presumably he had more education in mind for his future. Anyway, you kind of have to be a PhD to get hired permanently at Google. If I applied, I'd have no chance. Trust me. My point is, April to mid-October isn't a California residency to me. You don't give up your home in New Jersey, I guess you could say. It's a temporary assignment. And where does Rhode Island come into this picture? It doesn't. In short, while I hate to explain this, since it might burst some bubbles, there are one or two people on the Internet who don't tell the truth when they sign up for things, so they can pretend they are not a dog or just because everyone is utterly sick of being tracked everywhere they go.
If you went into a store and looked around, if a salesman followed you around taking notes on what drew your eyeballs and what you eventually bought and how old you are and what stores you went to next and where you live, etc., it would totally creep you out. Yet people go to Facebook or wherever and let that happen to them. Incidentally, some prosecutors use Facebook during jury selection now, using issued iPads. They want to know what you really think.
But geeks are a bit more knowledgeable, and a lot of them will sign up with bogus info to protect their privacy, if the site allows it. And so, if you let companies sue based on sign up sheets, you are going to miss the target more than you'll hit a bull's eye. From what I'm seeing, that is what has happened here.
I have no idea yet what is true and what isn't, of course, since I don't have access to the actual info, only what the parties are saying to the court, and as retiring Judge Walker said in a speech the other day, every case has two sides and sometimes lawyers believe in their clients more than they should, but I do have to agree with the judge that I have some deep worries as to whether Sony has jurisdiction over Hotz in California.
I get that they are worried. I totally understand needing to protect the fairness of a networked game, by the way. And as you know, I believe in keeping the law, whether I admire a law or not, but how much control can a vendor have over *hardware* that someone has legally bought or gotten as a gift? It used to be clearer, but ever since the US Copyright Office said you can jailbreak an iPhone, where is the line now? I confess, I don't know now. That is what this case is really about. The judge will decide, and we'll find out where she thinks the line is. But I promised to explain jurisdiction. I'll direct you to this article that goes into it in detail. The short version is this: there is subject matter jurisdiction and personal jurisdiction. The first is whether the court hears the kind of case being presented. You have to go to bankruptcy court for a bankruptcy, in other words. If you file elsewhere, the court will not have subject matter jurisdiction. We saw a dispute over subject matter jurisdiction when SUSE argued -- albeit unsuccessfully -- that the Delaware bankruptcy court had no authority over the arbitration in Europe between SCO and Novell/SUSE.
Personal jurisdiction is whether the plaintiff can sue you in the court it has chosen. We saw that come up in the Pelican litigation when the plaintiff tried unsuccessfully to bring a case against Darl McBride and his partners in New York instead of Utah. In this case, Hotz says he has no connection to California, and in the US, you can't sue someone in a state where they don't live, have a presence, like a store, or some tie to the state. The reason is because it is inconvenient to have to travel across a country as large as the US to defend yourself any old place someone might choose to sue you in. The plaintiff has to choose a place where you might expect to be sued.
Personal jurisdiction, then, is whether they can sue *you* as a person and make you show up in the court you want to sue in; subject matter is whether the court can rule on the issue presented, the type of case.
If you look at any complaint, you'll find a section usually titled "JURISDICTION AND VENUE" or something in that ballpark, where the plaintiff asserts why it believes the court has subject matter jurisdiction and why it thinks it has personal jurisdiction over the defendant(s). If you look at SCO's first complaint for slander of title against Novell in Utah state court, for example, you can see that section: II. PARTIES JURISDICTION AND VENUE
9. Plaintiff SCO is a Delaware corporation with its principal place of business in Utah
County, State of Utah.
10. Defendant Novell is a Delaware corporation with its executive offices and headquarters in
Waltham, Massachusetts that does business in the State of Utah, has a registered agent in
Salt Lake County, Utah, and lists a sales office located at [address], Utah.
11. This Court has subject matter jurisdiction over this matter pursuant to section 78-3-4 of the
Utah Code.
12. This Court has personal jurisdiction over Novell because Novell transacts substantial
business in the State of Utah.
13. Venue is proper in this Court pursuant to section 78-13-7 of the Utah Code. That complaint was filed in the Third Judicial District Court of Salt Lake County, Utah. Novell, however, denied that the case belonged in state court, transferred the case to federal court, and successfully argued that it should be heard by federal court, because it involved copyright claims, and that's federal court's subject matter.
It's more complex than that, actually, since there are cases that overlap, and then it's a balancing analysis. If you want to follow all the arguments as to why Novell prevailed on its jurisdictional argument, you can.
Here's where SCO argued in a motion to remand that the case was more a contract case and so should go back to Utah state court. And here's Novell's presentation of its arguments that it belonged in federal court because everything depended on whether or not SCO owned the copyrights at issue. There was a hearing on the matter, and here's the court's decision in favor of Novell. The judge found that copyright was the central piece, but it's a long order, because, as the ruling states, "Determining whether a claim requires construction or interpretation of the Copyright Act rather than just contract interpretation may be a discrete issue but it is not a simple task." You'd have to read his ruling in full to get all the nuances of how courts decide such jurisdictional matters.
If you do, you'll understand why the judge in Sony v. Hotz didn't immediately rule on the matter of personal jurisdiction at the hearing. She has to carefully consider all the nuances. All of those articles I've linked to for you explain aspects of jurisdiction in some detail, if you are interested in digging deeper. My purpose is just to help you understand what is going on now in the Sony case, that it's an argument about jurisdiction, personal jurisdiction, but that it won't in any way hinder Sony from suing Hotz somewhere. The only question now is where.
On the question of whether Sony has a problem with "hackers" or is missing a business opportunity, here's the article I linked to earlier about Microsoft, of all companies, facing a similar situation. From the article: "Companies should make it easy for people to hack," says Karim Lakhani, an assistant professor at Harvard Business School who studies open-source projects. "Why wouldn't you want people going crazy with your products?" Speaking of which,
here is a handy mod to your iPhone some creative Virginia Tech grads came up with. It's a mini-fridge that throws you a beer, controlled by an app. I mean, there's no telling what wonderful things can happen if you let creativity fly free. It's the essence of the success of app stores, if you think about it.
Microsoft has announced it will be making an official developers' kit available to encourage "hacking". Why couldn't Sony do that too? If the issue is networking, couldn't it set up a separate gaming environment for modded PS3s, or is that impractical? If you were Sony, a perfect and clueful Sony, what would you do?
Update: Sony has now filed a Supplemental Brief, listing yet more arguments why the court should decide it has jurisdiction over Hotz:
01/17/2011 - 32 - Supplemental Brief in suupport of 2 MOTION for Temporary Restraining Order filed by Sony Computer Entertainment America LLC. (Gilliland, James) (Filed on 1/17/2011) Modified on 1/18/2011 (ys, COURT STAFF). (Entered: 01/17/2011)
What does it mean? It means that unless it spoke up fast, Sony was worried about the outcome. And what are its further arguments? As I suspected, one is that other defendant and the likely witnesses are in California. But Sony also argues that the harm was to a California entity, and Hotz did what he did on purpose knowing it would harm Sony. I am not sure that's true, but it's one of those things that probably depends on one's point of view. Plus, just between us chickens, lawyers argue whatever they think will work, if it's arguable at all. It's part of the adversary system.
Even in that context, I was disappointed to see this:
Hotz is and was well aware of the harmful impact of his unlawful conduct on SCEA. Bricker Decl., Exhs. U, Z. Moreover, just like the defendant in Panavision, Hotz attempted extortion. When posting the "Metldr Keys" on his website, in an attempt to obtain employment from SCEA, Hotz wrote: "if you want your next console to be secure, get in touch with me." Id.
*Extortion*? What a negative overlay on to words that just say that Sony doesn't seem to know how to make secure products, and Hotz was offering to help them. I see nothing there about money. Just an offer to help.
|
|
|
|
| Authored by: perpetualLurker on Tuesday, January 18 2011 @ 11:56 AM EST |
Please indicate the CORRECTION in the title...
Thank you! ...pL.....
---
"Love is a snowmobile racing across the tundra and then suddenly it flips over,
pinning you underneath. At night, the ice weasels come." -- Matt Groening[ Reply to This | # ]
|
| |
| Authored by: perpetualLurker on Tuesday, January 18 2011 @ 11:57 AM EST |
Anything on-topic will be ignored....
...Thank you!....pL....
---
"Love is a snowmobile racing across the tundra and then suddenly it flips over,
pinning you underneath. At night, the ice weasels come." -- Matt Groening[ Reply to This | # ]
|
| |
| Authored by: perpetualLurker on Tuesday, January 18 2011 @ 11:58 AM EST |
Please include a LINK since the news picks can stroll off
the side quickly...
Thank you! ...pL.....
---
"Love is a snowmobile racing across the tundra and then suddenly it flips over,
pinning you underneath. At night, the ice weasels come." -- Matt Groening[ Reply to This | # ]
|
| |
| Authored by: perpetualLurker on Tuesday, January 18 2011 @ 12:00 PM EST |
Anyone helping to translate the Comes documents please
leave the details and documents here...
Thank you! ....pL....
---
"Love is a snowmobile racing across the tundra and then suddenly it flips over,
pinning you underneath. At night, the ice weasels come." -- Matt Groening[ Reply to This | # ]
|
| |
| Authored by: FrankH on Tuesday, January 18 2011 @ 12:06 PM EST |
When I am filling in an online form and it asks for demands
information that I feel is not relevant and won't let me continue without that
information I usually put NOYB or in other words None Of Your Business. Maybe
NYB means Not Your Business.---
All right now, baby it's all right now. [ Reply to This | # ]
|
- Re: NYB Street - Authored by: rsteinmetz70112 on Tuesday, January 18 2011 @ 12:27 PM EST
- Re: NYB Street - Authored by: Anonymous on Tuesday, January 18 2011 @ 01:04 PM EST
- Re: NYB Street - Authored by: Anonymous on Tuesday, January 18 2011 @ 02:06 PM EST
- Myob - Authored by: jesse on Tuesday, January 18 2011 @ 02:55 PM EST
- Myob - Authored by: cbc on Tuesday, January 18 2011 @ 04:10 PM EST
- Myob - Authored by: red floyd on Tuesday, January 18 2011 @ 04:11 PM EST
- Myob - Authored by: Anonymous on Tuesday, January 18 2011 @ 04:47 PM EST
- Myob - Authored by: Anonymous on Tuesday, January 18 2011 @ 08:45 PM EST
- Myob - Authored by: red floyd on Wednesday, January 19 2011 @ 04:10 PM EST
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 12:12 PM EST |
From Google Maps, there is a New York Avenue in Providence:
http://maps.google.com/maps?q=nyb+street&um=1&ie=UTF-
8&sa=N&hl=en&tab=wl[ Reply to This | # ]
|
| |
| Authored by: jbb on Tuesday, January 18 2011 @ 12:30 PM EST |
| Here is a one hour talk by Nate Lawson called
Crypto Strikes Back! It
is mostly a warning to people who might be tempted to roll their own crypto but
I think it provides a lot of good background information on the problem Sony is
up against here.
---
[ ] Obey DRM Restrictions
[X] Ignore DRM Restrictions [ Reply to This | # ]
|
| |
| Authored by: tknarr on Tuesday, January 18 2011 @ 12:42 PM EST |
The problem with screening networked gamers is that Sony, through lack of
foresight, didn't provide a way to check the hardware key securely over the
network. They obviously can't ban all PS3s from the Playstation Network, they'd
need to ban only those with the old hardware key. The only way to do that would
be for Sony to send a packet of data down to the console, the game then has the
console itself sign the data using the hardware key (this has to be done within
the console's firmware so that the game never knows the key) and sends the
signature back up, and the servers check whether the signature validates against
the new hardware key or not. But Sony never had an API in the console firmware
to do this and never built that signature verification into the protocols (it
wasn't needed since unsigned games were never supposed to run in the first
place).
Sony could add the API to new hardware, and new games could be
required to take advantage of it. But all existing games would be stuck unable
to verify, even if they were running on new hardware. Sony doesn't want to anger
their customer base by shutting them out until they've bought both new hardware
and new copies of their games (assuming the games are even being produced
anymore, many aren't). But if they don't, there's simply no way to close the
door. The same applies to updating the hardware key over the network: even if
Sony had built in the ability to do that, the moment they did all existing games
would become unrunnable (they're signed with the old key and won't validate
against the new one) and you'd instantly anger all the existing loyal customers
plus expose the company to lawsuits from customers they couldn't paint as
pirates.
And I'll bet that Sony's engineers told them all this back when
the PS3 was being designed, but someone in Sales overrode the engineers because
it'd be cheaper to make the console tamperproof and design everything to trust
the game once it was verified and loaded and they simply didn't believe the
engineers that there wasn't any such thing as a tamperproof console (after all,
the sales guys touting the digital-signature technology told them it was
foolproof). This is why "experienced software engineer" is almost equivalent to
"jaded, cynical software engineer who hates Sales and Marketing". [ Reply to This | # ]
|
| |
| Authored by: rsmith on Tuesday, January 18 2011 @ 12:49 PM EST |
What he found was the root key for signing PS3 software. So everybody can now
sign software to run on the PS3 and make it look like it was approved by Sony.
Apparently Sony did something really stupid and used a constant seed in their signing software. Oops!
If course the
key has been widely reported and mirrored, so getting the cat back into the bag
is a hopeless undertaking.
I think the primary motivation was to enable
people to run homebrew software on the PS3. This in itself is not enough to
cheat at games, I think. To cheat at a game, you'd need to modify the game
software to give you an advantage, and then sign it so it will run.
It's
deja-vu all over again. Remember CSS? If you sell thousands of devices that all
have to contain the key, it will leak, sooner or
later. ---
Intellectual Property is an oxymoron. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 12:49 PM EST |
Only three possible reasons.
1: Ego. GeoHot has picked their keys! I
'Sony', master of toys and Blu-ray, had my pockets picked! That alone is reason
enough. Also a good reason to go after him in court. You have excess money,
GeoHot doesn't. Now he'll have less. And your lawyers? You had them on retainer
anyway.
2: Money. You mentioned network gaming. It's possible that
GeoHot's solution will allow some other person/group to create a non-Sony bound
network gaming solution. Like in the old days, "mom and pop" stores. Gaming
networks more tuned to what gamers wants (more time, less money). That could
quickly eat into Sony's profits. Nipping any chance of that 'in the bud' would
be a corporate policy.
3: Both. We have to remember, ego and policy
often get intertwined. Bush's faith and the need to make a grand gesture in the
middle east got us a never ending involvement Iraq. Edison had a serious bug up
his bottom, over AC power format beating his DC format. He spent an incredible
amount of money to convince the world getting shocked by DC was better then
being shocked by AC. Tesla was smarter. He didn't talk about the problems, just
the benefits and to the right people (less power loss in the lines).
My
guess is '3'. Sony execs, like most in the United States have swollen heads.
Their paid way too much for shoddy work, then think their gods. Sony will always
have that rootkit in CD music to shame them (or at least it should, but the Bush
Justice department let them off 'easy'). This is the same thing. Trying to own
what you happily sold; just like a prostitute. The real foolishness is not
recognizing talent and picking it up. Brilliance is a rare commodity Sony. Don't
muck it up, pick it up, before Google sees how great it would be to get into the
after market Sony PS3 network gaming business. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 12:56 PM EST |
The way digital rights work is that they start at the lowest level hardware and
firmware, and depend on only executing authorized code. This typically consists
of some hardware validation of the boot code. This ensures that the boot code is
one issued by the manufacturer. Next, the boot code validates the operational
image, typically by looking for a signature. The processor may have different
level of priviledge, and the boot loader may not allow an unsigned image the
highest privilege level, or may not allow it to run at all.
The original mechanism allowing running another OS did not allow that OS to
access the graphic display part of the PS3, and likely prevented access to other
parts of the system. These other parts likely include the codes necessary to
enable the BluRay player to decode an encrypted disk.
At any point, if the assumption of trust is lost, then the next layer of
software can no longer depend on their requests to work as originally designed,
as they depend on lower level software to work properly. If someone has
substituted a different lower layer, it may do things differently. This is the
insidious nature of a root kit - it places itself in a low layer of the
computer, normally acting like the original design, but capturing certain
requests and doing something different. This could range in things like
misdirecting name lookup for antivirus companies on PC's, to inserting cheat
codes in network activities. Even an application (like a game) can't depend on
validating it's environment if the environment can make up its own answers. The
application can make it harder to validate the environment for a root kit, but
can't make it impossible.[ Reply to This | # ]
|
| |
| Authored by: IANALitj on Tuesday, January 18 2011 @ 01:42 PM EST |
PJ writes, "If you look at any complaint, you'll find a section usually
titled 'JURISDICTION AND VENUE' or something in that ballpark, where the
plaintiff asserts why it believes the court has subject matter jurisdiction and
why it thinks it has personal jurisdiction over the defendant(s)."
As she explains, there is a difference between subject matter jurisdiction
(which relates to the court's capabilities) and personal jurisdiction over the
defendant.
Venue is something else, slightly different from both. When there are multiple
courts with the same subject matter jurisdiction (such as the federal district
courts in the United States), they may relate to different geographic areas.
Venue is a matter of picking the geographically correct court.
There is a big difference among the defenses of subject matter jurisdiction,
personal jurisdiction, and venue, as to which can be waived. In the US federal
courts, venue is a statutory matter, while subject matter jurisdiction has
constitutional implications.
A defendant cannot waive the defense of subject matter jurisdiction and thereby
confer on a federal court the power to rule on the case. In contrast, the
defenses of personal jurisdiction and venue can rather easily be waived by
inaction. See Federal Rule of Civil Procedure 12(h), which refers back to Rule
12(b), and note to which defenses the waivers apply.[ Reply to This | # ]
|
| |
| Authored by: SilverWave on Tuesday, January 18 2011 @ 01:45 PM EST |
.
---
RMS: The 4 Freedoms
0 run the program for any purpose
1 study the source code and change it
2 make copies and distribute them
3 publish modified versions
[ Reply to This | # ]
|
| |
| Authored by: MrCharon on Tuesday, January 18 2011 @ 01:47 PM EST |
Geohot has added a Supplemental TRO to his website dated the
14th. I don't know if it was filed before the case was heard
or after the judge told them to come up with a better reason.
http://www.scribd.com/doc/47099778/gov-uscourts-cand-235965-
32-0
---
MrCharon
~~~~
[ Reply to This | # ]
|
- Linky - Authored by: red floyd on Tuesday, January 18 2011 @ 04:19 PM EST
| |
| Authored by: Bystander on Tuesday, January 18 2011 @ 01:49 PM EST |
Sony has a problem with the publication of its root key for PS3 that
affects
virtually all aspects of its business model. They face an increased
threat from
piracy of games because knowledge of the root key allows pirates
to sign
pirated games as though they were authentic and allow them to be
played on
unmodded PS3s. Previously, running pirated games required having
the user apply
some modification to his/her device; leaving open the
possibility of such a
modification being discovered and disabled at any time in
the future. Now,
games can be pirated and run with little fear of being
discovered. This could
hurt Sony badly financially, since much of their PS3
revenue comes from
licensing rights to developers for creating PS3
games.
Beyond just the
piracy angle, having the root key made public also
compromises all other
security features built into the PS3 gaming ecosystem.
Because virtually ANY
software can now be rather easily installed on PS3
hardware, an important
defense against many kinds of exploits has been
completely defeated.
Sony relies in part on the security of its game clients that hook into the
PSN
to bolster the security of the network itself. As long as only authorized
clients
were permitted on the network, the amount of mischief that could be
done
was somewhat limited. Loss of control over how people can log into the
network and interact with other gamers can have serious consequences for
the
success of the entire network.
One possible problem is loss of trust in
the integrity of the gaming
environment by regular patrons if it's felt that
too many people have gained
an unfair advantage by utilizing exploits made
possible by unauthorized client
"enhancements". This can even have financial
implications, as people often
invest substantial amounts of real money to
pursue their virtual adventures. It
will be more difficult for Sony to stop
this kind of cheating because they can
no longer rely on the integrity of the
software clients themselves, or trust that
anything being reported by a client
is actually legitimate.
From a technical standpoint, Sony has few good
options available to it
now. The root key exploit cannot be fixed by means not
involving the
replacement of real hardware. Changing the system for newer
releases of the
product is possible, but won't correct the problem for the
millions of PS3s
already sold. Getting those older systems out of circulation
won't be easy,
since they'll actually have a higher intrinsic value for many
people because
they could offer more functionality than a revised version put
out by Sony.
This is just another in a long string of examples illustrating the
weaknesses
in developing a security model that relies on keeping a few fixed
keys secret
over the entire life of a product.
--bystander1313
[ Reply to This | # ]
|
| |
| Authored by: rsteinmetz70112 on Tuesday, January 18 2011 @ 01:56 PM EST |
After looking at Sony I find Sony America is headquartered in New York, close to
New Jersey. They have a R&D Engineering Center in Park Ridge, New Jersey. A
Major manufacturing Site in Pittman New Jersey and a service facility in Teaneck
New Jersey.
It would clearly be no hardship on a multi-national company with substantial
connections in and around New Jersey to take their case there.
So why sure in California? I can think of two reasons.
1. Intimidation - make a young man defend himself on the other side of the
country.
2. Forum shopping. The 9th Circuit is widely thought to be one of the most
liberal courts in the country but it also somewhat incongruously is also has one
of the most expansive views of copyright and intellectual property. That is
probably because it is the home court of so much of the Software and
Entertainment Industry being home of the Los Angeles Entertainment Industry,
Silicone Valley and Microsoft.
---
Rsteinmetz - IANAL therefore my opinions are illegal.
"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk
[ Reply to This | # ]
|
| |
| Authored by: jbb on Tuesday, January 18 2011 @ 02:01 PM EST |
| The problem Sony is up against is that their "chain of trust" has been broken.
This means the cat's out of the bag and is unlikely to ever go back in. Let me
try to explain how I see this works, starting with a basic outline of the
problem.
Imagine a PS3 game that is played as solitaire that uses the PSN to
keep track of who has the highest score. For this to work, Sony relies on the
client software (running on the PS3) to be unmodified. If I could freely modify
my copy of their client software then I could tell it to double my scores before
reporting them to PSN. Modifying the client software is one attack vector.
Another one is a man-in-the-middle attack, intercepting messages between the
client and the server and forging some of the messages in order to change the
high score. For the purposes of this discussion, let's assume the
man-in-the-middle attack is impossible as long as the client software is
unmodified. In this case the entire problem boils down to detecting if the
client software was modified.
The integrity of the client software is
verified using signing keys and a chain of trust. This is very much related to
ideas from DRM and trusted/treacherous computing because Sony does not trust the
person who owns the PS3. Sony is trying to keep that person from modifying the
high score that gets reported to PSN. It is a technically challenging problem
because the person Sony is trying to keep out of the loop is the owner and
possessor of the hardware and also possesses all the client software.
AFAIK, we can't have it both ways. Either Sony is in ultimate control of
the PS3 or the owner is in ultimate control. Sony's OtherOS feature was a
brilliant compromise because it allowed people to run Linux and be in total
control of the PS3 without compromising the security of games correctly
reporting high scores to the PSN because the games were run in a different mode
where Sony had control, not the owner. Sony had ultimate control and the
voluntarily ceded control (temporarily) via OtherOS.
Then geohot figured out how
to crack Sony's game security from within Linux. Sony realized that giving
owner's the power of running Linux on the PS3 made it much much more difficult
for Sony to ensure game security so they responded by disabling OtherOS. Owners
responded by figuring out how to break Sony's entire PS3 security system in
order to re-instate the OtherOS feature. These techniques (should) also allow
owners to run modified games directly without having to run Linux. This is
because Sony locked up OtherOS with the same set of keys they used to keep the
games locked.
So how do you prevent someone from tampering with software
running on a computer that person owns and controls? The heart of the answer is
in signing keys that in turn rely upon public key cryptography. The keys come
in pairs. One is public that everyone is free to see and the other one is
private that the signer keeps secret. The signer uses the secret signing key to
create a digital signature for a message (for example, an email message, or a
gaming app). Anyone with access to the public key, the digital signature, and
the message can verify that the signer did indeed sign that particular message
and not a single bit of the message has been altered.
If I use GPG in an
email program and you have a copy of my public key then I can sign all my email
messages to you and you can verify that they really are from me and haven't been
forged en-route. Likewise, Sony signs all of its gaming apps with a private
key. All the PS3s have the public key and use that (combined with a digital
signature that comes with each app) to verify that not a single bit of the app
has been altered. Unfortunately, Sony failed epically several times in
secession and this led to the eventual publication of Sony's private signing
key. Oops.
The publication of this key transferred control of every PS3 out
of the hands of Sony and into the hands of the owner/possessor of the PS3.
Unless Sony had a backup set of keys and security measures in place (ha ha ha ha
ha) this is game-over for Sony's control of gaming apps on the PS3. The talk by
Nate Lawson I linked to above explains how dreadfully hard it is implement
unbreakable crypto even when the underlying algorithms are unbreakable.
Implementing DRM is even harder. Once the private keys have been made public,
there is no way you can fix the problem because the chain of trust is broken.
People can now forge firmware updates.
Sony was previously able to disable
OtherOS via a firmware update precisely because the chain of trust had not yet
been broken. Sony still had control of the lowest levels of operation of the
PS3.
Sony's epic fail demonstrates that even if you have total
control of the design of the hardware and the software, it is incredibly
difficult to implement unbreakable crypto or DRM. Now that they have lost that
edge, there is just no way for them to be able to re-implement it successfully
without releasing new hardware. New firmware and/or new games won't help because
Sony no longer has control over what programs are being run on the PS3 and Sony
has no way of ensuring that the updates haven't been altered. Even if new games
have fancy new (security by obscurity) algorithms and keys buried deep inside,
someone just needs to alter some part of the game somewhere to either make it
slightly easier to play to to alter the high score and then the new game will
use its fancy keys and algorithms to dutifully report the bogus high scores to
PSN.
Yet another way to see it is that if Sony were able to solve this
impossible problem then other people could use that same solution on standard PC
hardware and there would be no need for the trusted/treacherous computing
initiatives. If you assume PS3 owners can't be trusted then there are no
solutions. All solutions involve either a web of trust or reliance on some sort
of honor system. IMO this may not be a bad thing.
Another form of solution
is to have all the action happen on Sony's servers with the PS3 clients just
sending raw mouse clicks (or the equivalent). This works great for things like
playing Go or Chess online. Anyone can write a client that talks to the Kiseido
Go Server (KSG) and it's not cheating. The KSG ratings are legitimate. That's
because the hard part is in figuring out which move to make (and computers can't
do that better than humans yet). But my understanding is the allure of gaming
consoles is the real-time nature of the interaction. Sending raw mouse clicks
up to the Sony servers and then back down would destroy the interactivity.
---
[ ] Obey DRM Restrictions
[X] Ignore DRM Restrictions [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 02:35 PM EST |
Why is so much effort being wasted over a game? This is not a medical device.
It is not even a traffic light. It is a GAME!!!!!
What is the worst thing that happens if someone cheats playing the game? Who
dies?
Do we now make it a federal crime if someone cheats on tic-tac-toe? Maybe a
legion of federal inspectors to make sure that tic-tac-toe remains a fair game?
Guys, this is a GAME! Sony, get a life![ Reply to This | # ]
|
- It is a GAME! - Authored by: Minsk on Tuesday, January 18 2011 @ 02:48 PM EST
- It is a GAME! - Authored by: Anonymous on Tuesday, January 18 2011 @ 04:45 PM EST
- It is a GAME! - Authored by: Bas Burger on Tuesday, January 18 2011 @ 08:56 PM EST
- It is a GAME! - Authored by: Anonymous on Wednesday, January 19 2011 @ 08:22 AM EST
- Tic, tac, toe? - Authored by: Anonymous on Thursday, January 20 2011 @ 02:33 AM EST
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 03:27 PM EST |
http://en.wikipedia.org/wiki/Ethernet_frame
If Sony uses Ethernet, communication between Sonys servers and the PS3s uses
Ethernet Frames. And in Ethernet frames there are informations included about
the MAC source and destination. The Media Access Control address which has to be
individual and unique for every device.
If Sony has doubts about the fair use of their games, it could filter out the
TCP/IP packages with that unique MAC. Furthermore, Sony can check if it is a PS3
because they give every PS3 a unique MAC and they have to know it. It has a
unique vendor part.
There is a way to change the MAC through a good firewall. As there will always
be a way tho cheat. Like by another PS3 and pay a freak to do it.
About krypto: I know nothing about it. I read Bruce Schneier, Secrets and Lies.
All I know is, you are not allowed to use a key twice. Sony uses the same key in
every PS3 on the market. If can't afford a good krypto environment, you have to
think about revoking a key (pair of keys). If Sony has not implemented a way to
revoke keys, I would say that that system is defective by design.
Perhaps they lack the education or the will to understand, that a compromised
pair of keys is worth nothing and that you can't fix it by trying to make people
forget the keys.
By the way. The reason why krypto doesn't work in "copy protection":
In krypto you trust the one who receives the message and who decodes it. And you
like that the receiver can use the message.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 06:01 PM EST |
The videos are available, but obviously mean more or less depending on your
technical ability.
Note also that existing systems (USB key based) have already compromised PS3
networked games without the need to resort to the comprehensive owning that is
the geohot hack.
As a previous poster mentioned, the only solution now for networked games is to
turn the whole problem on it's head and deal with it at the server level and
assume everything is an untrusted client, which is a whole different can of
worms, and frankly, even then....
There is a different video that shows a physically unmodified PS3 booting
directly in to Linux.
i.e. boot directly into untrusted software from memory, no disks, no wires, no
dongles, no keys, no chips
...just software.
(Note that intent here is to observe Linux is untrusted from the PS3 point of
view, not that Linux is untrustworthy in and of itself)
What this effectively means is really the same as the original Sony OtherOS
function. That worked by virtualising the Linux session and preventing access to
certain parts of the memory/hardware with the hyper-visor
With the level of access obtained by the much publicised efforts of those
individuals, one possibility could be to run Sony GameOS (native PS3 OS) under a
Linux hyper-visor. Sony PSN would only see it as an ordinary system and would
not be able to detect that it was running as a virtual system.
What's worse, because of the basic failures in the security design model, piracy
could be utterly rampant, not just in the sense of torrents/downloads, but more
importantly in industrial scale disc manufacture. Without updated hardware,
there is now no way for the console to tell the difference between an official
Sony BluRay Game disk and an unofficial self signed one manufactured in the
trillions in some back street warehouse in downtown anywhere and sold in your
local social gathering establishment for five bucks.
And it's the latter form of piracy that's really got Sony running scared on this
one.
While it is fundamentally the same problem the DVD business has had for a while,
generally the delta on pirate movie discs to genuine DVD movies is only $5-$10
between the nasty, badly wrapped, and often SVCD encoded, often poor quality
DVD/CD and the real thing, of course some people take a chance, but many more
happily pay the retail price at a genuine outlet for the guarantee of quality.
When the price differential is between $5.00 and $50.00...
well I'm sure you folk can fill in the blanks.
They never should have taken away OtherOS.[ Reply to This | # ]
|
- PS3 is compromised at it's heart, no way back - Authored by: dio gratia on Tuesday, January 18 2011 @ 07:36 PM EST
- yahbut....... - Authored by: Anonymous on Tuesday, January 18 2011 @ 07:56 PM EST
- yahbut....... - Authored by: tknarr on Tuesday, January 18 2011 @ 08:12 PM EST
- yahbut....... - Authored by: Anonymous on Tuesday, January 18 2011 @ 08:44 PM EST
- TBF.. - Authored by: Anonymous on Tuesday, January 18 2011 @ 09:31 PM EST
- TBF.. - Authored by: dio gratia on Wednesday, January 19 2011 @ 12:32 AM EST
- TBF.. - Authored by: Anonymous on Wednesday, January 19 2011 @ 04:10 AM EST
- TBF.. - Authored by: dio gratia on Wednesday, January 19 2011 @ 12:20 PM EST
- PS3 is compromised at it's heart, no way back - Authored by: jbb on Tuesday, January 18 2011 @ 08:22 PM EST
- There's more than piracy to worry about - Authored by: Anonymous on Wednesday, January 19 2011 @ 08:19 AM EST
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 06:15 PM EST |
if it's arguable at all."
To this cynical mind, that comes down to a catch-22:
--argue every point, even if it makes you look foolish; or
--skip the foolish arguments, and then get sued for not pursuing the case as
aggressively as the client wanted.
Well, at least there are other career paths for lawyers besides litigation.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 18 2011 @ 06:53 PM EST |
The simplest way to stop cheaters is to monitor them. They're generally greedy
and dumb, so look at all the people with outrageous stats. Watch them play and
you can figure it out and then ban their PSN account.
No DRM/rootkits/unhackable PS3 required.[ Reply to This | # ]
|
| |
| Authored by: jonathon on Tuesday, January 18 2011 @ 08:36 PM EST |
I read the phrase "if you want your next console to be secure, get in touch
with me" as a marketing slogan. The guy is offering his services as an
independent contractor to ensure that your device is secure. If you hire him,
your device will not be jail-breakable.
I guess that qualifies as extortion, on the grounds that by not hiring him, you
won't know how much of an epic fail your device has, until after it has been
jail broken.[ Reply to This | # ]
|
| |
| Authored by: cricketjeff on Wednesday, January 19 2011 @ 06:10 AM EST |
Sony's model, all such models, are bound to fail in the end. If you allow
someone clever enough access to the system and time they will crack it.
Passwords and keys need to change regularly so that no-one has the second
element, time.
If they want a secure system they need to ship a new public key weekly and
require all PS3s to log on more frequently than that or lose network status.
However a better answer is just to understand that markets work. Make your
products worth the price and people will buy them, make them too expensive and
someone will undercut you.
On cheating at online games:- if you publish a list of high scores some people
will play the game to get to the top, some people will try to cheat to get to
the top. So invite the top 5 to a tournament once a month and if they can't walk
the walk delete their scores!
(actually most people cheat a bit, ask for help from other players etc., the
only difference between most people is how big "a bit" is)
---
There is nothing in life that doesn't look better after a good cup of tea.[ Reply to This | # ]
|
| |
| Authored by: achurch on Wednesday, January 19 2011 @ 08:40 AM EST |
If you were Sony, a perfect and clueful Sony, what would you
do?
The major problem with Sony's "Other OS" feature was that
they limited access to the hardware, specifically the graphics chip (the "RSX")
which is critical for getting even decent performance in games or other
graphical applications. Linux users were forced to rely on the much slower CPU
for graphics processing, which made the system pretty useless except for number
crunching. (If you'll pardon me for straying into the realm of rumor, I've
heard that Hotz wasn't actually trying to break the security of the PS3 itself
when he released his first hack last February, but was simply trying to gain
access to the RSX. A non-computer analogy would be getting invited to someone's
house, sneaking into the kitchen to grab a drink from the fridge, and
discovering the keys to the house instead.)
I myself would have taken it
a step further and opened up Sony's own OS, what they call GameOS, for
development. They could have simply released the necessary tools and libraries
without offering support, and blocked off only commercial data—so
any "homebrew" software (as it's typically called) could talk to any other
homebrew software, but couldn't read the encrypted program and data files used
by games. In other words, the only thing forbidden to homebrew developers is
direct access to protected data. (In fact, I could even see a case where a
commercial PS3 developer deliberately opens up some of their data files to allow
users to create their own modifications to the game, as is common on PCs.) As a
bonus, those who do copy games illegally, or who enable such copying, can no
longer use homebrew as an excuse.
I think Sony may be failing to
recognize that most homebrew developers are in fact staunchly against
game piracy—not least because it may one day impact them as well! If Sony
provides the tools for such developers to make free use of the system, they'll
have a far better chance of keeping the system secure for an extended period of
time. [ Reply to This | # ]
|
| |
| Authored by: rsteinmetz70112 on Wednesday, January 19 2011 @ 02:23 PM EST |
A similar story with less drama has been going on in the Wii homebrew community.
The authors of the Homebrew Channel have had limited contact with Nintendo and
offered to assist in securing the Wii console.
One of the features that that Homebrew channel unlocks is the ability to play
DVD's, which is apparently disabled on purpose for some reason. Seems like a
pretty valuable option that actually could help sales.
There is a long blog post describing the contacts somewhere but I couldn't find
it just now.
One of the contributors to The Homebrew Channel is bushing.
---
Rsteinmetz - IANAL therefore my opinions are illegal.
"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Wednesday, January 19 2011 @ 04:27 PM EST |
The details of jurisdiction and similar matters do not concern me overmuch. Wat
really, really interests me is how far ownership of hardware goes. If I have a
bicycle, there is no way the manufacturer can forbid me to change anything on
it, but then, I did not get an EULA when I bought it. And when I bought my car,
I have not been informed that I was banned from changing any of the software in
that car, again with the provision that it would void my guaranty.
Now if I buy a playstation , I guess I as the owner am allowed to open it and
e.g. replace the power connector, perhaps loosing my guaranty in the process. Or
add memory. But I guess that replacing the video chip (bear with me, I don't own
a playstation and I don't even know if it has a video chip) with another,
different model would not be possible without also changing the embedded and
protected software that steers that chip. And this is what Sony would forbid
me? Or would they prohibit the /publishing/ of that hack?
In any case, I feel very strongly that too many of my rights as owner have been
taken away, EULA or not, and it is time that the pendulum swings the other way
again.
Paai
[ Reply to This | # ]
|
| |
| Authored by: celtic_hackr on Thursday, January 20 2011 @ 08:03 AM EST |
Does anyone have access to the three cases Sony is using to attempt to
establish personal jurisdiction in this case? Perhaps they should be included
here at Goklaw. They seem relevant to FOSS.
In the case of Panavision,
it appears the defendant was actually making sales in the state. Isn't this
pretty much trying to pull a fast one? I mean doing business in a state usually
establishes personal jurisdiction. Perhaps, SONY should have taken GeoHotz up on
his offer to assist. That would have at least established a sale. Other than
that, I can't see how Panavision helps, unless the Judge doesn't do any
research. Do judges do their own research or rely on their crew?
In the
Autodesk case, which btw goes into great detail as to how to establish
jurisdiction and venue, it is about installing more copies of the software than
he had license to. It also included admission of such copying by defendant. Not
sure how this is applicable, but the following sentence is very
disturbing:
cases both within and outside this circuit
have applied
the doctrine to actions for
willful copyright infringement or other
torts
involving intellectual property.
Other torts involving
intellectual property!!!
That statement coming right after this
statement:
In following Calder, the Ninth
Circuit has
been cautious in extending
this doctrine to situations in which the
defendant's
contacts with the forum state
are more remote than those in Calder
and has
rejected, for example, the notion
that the effects doctrine applies in
contract
disputes.
So, the test developed in Calder has been
reluctantly applied elsewhere, but not so much in the field of "intellectual
property". How does this fact compote with the equal protection clause of the
Constitution?
I think this is the tire iron Sony is trying to use in
this case. The fact that the courts are playing loosely with jurisdiction in
cases involving copyrighted works. Although two of the cases would seem to have
a proper venue in federal court. Can you use Federal Cases to establish venue in
local cases?
I don't know, based on reading that Autodesk case, I don't
hold out much hope for a dismissal here. Seems rather unfair. [ Reply to This | # ]
|
|
|
|
|
