decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
Judge Denies Sony's (SCEA) Motion to Shorten Time - Updated 3Xs: Sony Goofs Bigtime
Wednesday, February 09 2011 @ 01:18 AM EST

Sony Computer Entertainment America's motion [PDF] asking the judge in the SCEA v. Hotz case to set an earlier date to hear oral argument on its motion to do expedited discovery has been denied.

But as I'll explain, I think it may indicate that George Hotz's motion to dismiss for lack of jurisdiction/improper venue will likely be denied as well and that they'll continue this case in California.

"Expedited discovery" in this context means the avalanche of subpoenas SCEA is asking permission to serve on various entities to try to find the Fail0verflow guys, who SCEA hopes to tie to Hotz. The purpose of all that is to demonstrate that the case should stay in California. The hearing had been set for March 11, and they'd asked if it could be speeded up to February 9, and the judge just said no. So, March 11 it is.

Here are the filings:

02/07/2011 - Set/Reset Deadlines as to March 11, 2011 (tfS, COURT STAFF) (Filed on 2/7/2011) (Entered: 02/07/2011)

02/07/2011 - Set/Reset Deadlines as to 62 MOTION to Expedite MOTION FOR EXPEDITED DISCOVERY. Motion Hearing set for 3/11/2011 09:00 AM before Hon. Susan Illston. (ys, COURT STAFF) (Filed on 2/7/2011) (Entered: 02/08/2011)

02/08/2011 - 65 - ORDER denying 61 Motion to Shorten Time (tf, COURT STAFF) (Filed on 2/8/2011) (Entered: 02/08/2011)

March 11's the date SCEA wanted changed to today, February 9, to give SCEA time to prepare for Hotz's motion to dismiss for lack of jurisdiction, which will also be heard on March 11. The parties stipulated [PDF] to that date. You have to admit that SCEA's motion kind of makes sense, to the extent that it wants to amplify its factual basis for tying Hotz to California:
Under the usual time table for noticed motions, SCEA’s motion cannot be set for hearing until March 11, 2011. However, this date is not early enough for SCEA’s motion to be heard since Hotz’s motion to dismiss is currently scheduled to be heard that same day. Therefore, absent an order shortening time, SCEA will be unable to complete discovery in time to fully oppose Hotz’s motion to dismiss by February 18, 2011, when its opposition is currently due. Accordingly, SCEA requests an Order Shortening Time so that its motion can be heard on February 9, 2011.
All they wanted was an opportunity to prepare, in other words. So why would the judge say no?

No reason is given, so all we can do is guess. So this is just me thinking out loud as to possibilities. There are several, ranging from the unlikely to the most logical. Maybe the judge saw there just wasn't time before February 9th would be here. Maybe she was booked already that day with other cases and didn't have an opening. Or maybe she wasn't convinced that there is such a screaming emergency as SCEA portrayed it. Maybe she's had a sufficiency of SCEA's aggression. Maybe she's wondering if there would be enough time for everyone potentially being subpoenaed to prepare to either comply with the subpoena or fight it. But I suspect it's something else entirely.

"SCEA will be severely prejudiced," it argued, " – and at risk of substantial harm – if its motion for expedited discovery is not heard on a shortened basis." This request is what the judge has denied. Now, why would she do that? Severe prejudice to a party is exactly what a judge isn't supposed to let happen.

The most obvious possibility then, I think, is that she feels SCEA doesn't need the expedited discovery, because she's inclined to rule for them without it. If you recall, SCEA stated it thought it had enough substance to win the jurisdictional issue already, and she may agree. After all, if she thought she was now inclining toward denying Hotz's motion anyhow and make him stay in California, why bother with expedited discovery? If she thought it possible she'd decide the other way, though, that the case *doesn't* belong in her court after all, if that was really up in the air, I think she'd be more inclined to grant SCEA's motion.

One final possibility is that Hotz's filings have so convinced her that she made an error that she figures there is never going to be a need for any kind of discovery in California, since she's going to dismiss for reasons none of the subpoenas can alter. I think that is the least likely.

Again, though, this is all just guesswork on my part, and you can always be wrong when you are guessing. This makes logical sense to me. People aren't always logical, though, as you may have observed, and so we'll have to wait and see what happens at the hearing.

As you may have noticed, we have set up a Timeline page for this case now. I can't believe how long it is already.

Update: File this under OMG. Sony has retweeted the code itself and it's spreading like wildfire, as PCMag and others are reporting:

On Tuesday night, New York City-based Travis La Marr, or @exiva on Twitter, tweeted the 40-digit root key to @TheKevinButler with the cryptic message, "Come at me." Kevin Butler is a character from Sony's Playstation 3 commercials that became so popular, the company turned him into a spoof spokesman for its Playstation products.

After La Marr's tweet, Kevin Butler responded by re-tweeting the entire jailbreak code and a playful message, "Lemme guess...you sank my Battleship?"

It didn't take long for Sony Computer Entertainment America (SCEA) to realize that its fake spokesman, managed by ad agency Deutsche in Los Angeles, had spread the jailbreak code around Twitter.

The careless retweet shocked even La Marr. ... In a followup tweet he posted, "My life is complete. Sue yourself, Sony" accompanied by a TwitPic of the code, which has already been deleted from Kevin Butler's page.

Of course, they are more likely to sue him, I suppose, but what will they do about getting *this* toothpaste back in the tube, which they squeezed out themselves? "Kevin Butler" had 70,000 followers, for starters, and the retweet is everywhere. Search for the key in Google, and you get about 179,000 results. How plausible will SCEA's lawyers sound at the hearing on March 11 now, asking for subpoenas so they can clean up the Internet?

[ Update 3: This particular key came from graf_chokolo and not geohot in a separate but related exploit to geohot's original hypervisor exploit. I have a link to demonstrate it, but I don't want Sony to sue me for linking, and so you'll have to take my word for it that I checked.]

In short, this litigation is providing Sony with an education in the Streisand Effect, and this latest incident hands them their PhD. The Internet isn't controllable the way SCEA thinks it is. Sometimes we all wish it were, but it's just not. I used to add to that thought, "barring martial law", as a kind of truth joke. But recently, we've seen that even martial law can't make it stop. I guess the only way to kill it would be *universal* martial law. Maybe that would work, or maybe the Internet is like cockroaches. No matter what you do, they survive somehow. That reminds me. Wasn't the Internet deliberately built to survive everything, nuclear blasts, anything? I'd say they did a fine job. It does.

There is a graphic on Wikipedia's page on the Internet by the Opte Project that will help Sony to understand why the Internet has a life of its own.

Update 2: Groklaw's jbb reminds us that Sony also revealed 90% of the other key at issue, and he explains what that means here. A relevant excerpt:

Perhaps in their rush to seize all of geohot's computers before he got wind of what was going on, Sony included 90% of the master signing key in documents they filed with this court.

Now a lawyer or a judge might naively think that having only 90% of the key is worthless since someone needs 100% of the key in order for it to work. But they would be, as we say in the biz, "wrong". Even divulging 10% of the key would be significant. Giving out 90% of the key is tantamount to giving the entire key away.

Essentially, most attacks on a public/private key crypto-system are measured by how many bits of the key are made redundant (or known). One way to look at it is via what is called a brute force attack where every possible key is tried. If a key has 100 bits then an attacker would need to try 2^100 (about 10^30, a one followed by 30 zeros) different keys in a brute force attack before being assured of finding the one that works. If 10% of the bits of such a key were divulged then an attacker would only need to try 2^90 keys. This is still a huge number but it would mean a brute force attack would be 1,000 times faster (10% of 100 bits is 10 bits and 2^10 is about 1,000).

But Sony didn't divulge 10% of their key in the court documents, they divulged 90%. In the example above, that would be like publishing 90 of the 100 bits in the key thus making a brute force attack 10^27 times faster so instead of trying 10^30 keys, an attacker would only have to try about 1,000 keys, which would be quite doable.

The bottom line significance, as he explains it, is that seizing Hotz's computers won't achieve a thing.

  


Judge Denies Sony's (SCEA) Motion to Shorten Time - Updated 3Xs: Sony Goofs Bigtime | 94 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections, if needed.
Authored by: songmaster on Wednesday, February 09 2011 @ 02:37 AM EST
Please summarize in the comment title.

[ Reply to This | # ]

Off topic comments only here.
Authored by: songmaster on Wednesday, February 09 2011 @ 02:40 AM EST
It's 1.2°F outside my house right now...

[ Reply to This | # ]

News picks discussions
Authored by: songmaster on Wednesday, February 09 2011 @ 02:42 AM EST
Please post in HTML and include a clickable link to the story you're commenting
on.

[ Reply to This | # ]

Appeal
Authored by: maroberts on Wednesday, February 09 2011 @ 03:28 AM EST
If the judge denies the venue and jurisdiction issues, how soon and through
what avenue can Hotz appeal?

[ Reply to This | # ]

Logic is just a way of going wrong with confidence
Authored by: The Mad Hatter r on Wednesday, February 09 2011 @ 06:12 AM EST

Only problem is that we'll all have to wait for the ruling.

This is exactly why all of the ACTA stakeholders were so intent on getting an
extra-judicial pathway to handle alleged copyright infringement. Sony has no way
to know until it sees the judge's ruling what the situation is. ACTA removes
some of the judge's discretion, and gives Sony more confidence.

Of course ACTA is probably not compliant with the United States Constitution,
but that's another matter.


---
Wayne

http://madhatter.ca/

[ Reply to This | # ]

Question, does Sony = SCEA? Are they two entities, where it should be SONY in court, not SCEA?
Authored by: Anonymous on Wednesday, February 09 2011 @ 06:29 AM EST
Does Sony = SCEA ? Are the both two different entities,
where it should be SONY in court, not SCEA?

In the Sony and SCEA relationship, is SONY the Principal and
is SCEA only an Agent by contract? Should the Principal be
the one that brings an action, and not the Agent? Meaning,
if SONY, the principal, has no actual California connection,
then who is the defendant in court with? And why
California? If SONY itself should bring the action, then
maybe the case should be happening somewhere else with SCEA
as not a party at all?

http://en.wikipedia.org/wiki/Law_of_agency

What authority does SCEA have, if any?

So, with this question in mind, then maybe there is also a
question in the judge's mind as to who SCEA is in the SONY
relationship? Is SCEA only a "marketing and sales"
entity/agent, or are they only a contractual entity in the
sale of SONY products? If SCEA is the wrong party to be in
court because they don't make or own the product, then is
there a case at all, and is it SONY that should bring an
action instead?

Does an "auto dealer" have a right to bring an ownership
type action on behalf of a automobile manufacturer,
regarding the design of an automobile? If a party that
only sells a product can bring actions in court over IP, etc
then that could be a problem for the courts do deal with?

Can you imagine as well if a sales entity corporation, as an
agent, for a software maker, could be the one in court, and
not the software company itself (meaning that during
discovery, that important two direction types of questions ,
that only the Principal could answer, can not be answered,
because the agent is not the principal? Where instead of
the agent bringing the action, it is the software company
alone that should be answering, but if they are not there,
who can answer "legally" the questions that the defendant
needs to have answered?

Can SONY answer questions that only SONY can answer, if they
are not the party in the courtroom?

[ Reply to This | # ]

Discovery
Authored by: Anonymous on Wednesday, February 09 2011 @ 09:55 AM EST
Looks like the REAL reason for the charges is the discovery. It looks to me
like SCEA doesn't care about much of anything else. They really want those
other hackers. :(

[ Reply to This | # ]

Judge Denies Sony's (SCEA) Motion to Shorten Time
Authored by: pem on Wednesday, February 09 2011 @ 10:21 AM EST
All they wanted was an opportunity to prepare, in other words. So why would the judge say no?

Sony apparently previously managed to hit a couple of the judge's hot-buttons -- "hackers", "piracy".

Maybe they've now managed to hit another couple of buttons -- "privacy", "intrusive third party discovery."

Maybe the judge feels that plaintiffs should have a reasonable argument about personal jurisdiction before they bring a case.

It's pretty easy to find on the internet that there is apparently no real love lost between GeoHot and the failOverflow folks. If one of the judge's clerks noticed that, and then she got a request to do discovery for an obvious attempt to tie these together, it might start to look like Sony was clutching at straws.

Or maybe the judge already has experience with lawyers serving subpoenas on google for private information, and realizes that that information won't be forthcoming anytime in the next 6 months no matter how she rules, and that, before she lets Sony go to that much time and expense, it makes sense just to take a more critical look at what evidence they've already got that ties Hotz to California. After all, she did, as you point out, already rule once in Sony's favor, so she can do the same again. Or she can decide not to decide in March, and it's not like it's that far off, away.

[ Reply to This | # ]

Sony Official distributes the master key
Authored by: Anonymous on Wednesday, February 09 2011 @ 10:28 AM EST
Opps and this cat does not want to go back in the bag. And I would like to see
that Sony request that all Sony computers be seized to research this incident.

It is on /. with the story name Sony-Marketing-Man-Tweets-PS3-Master-Key.

I am not providing a link to avoid any trouble with Sony. The details are from
another site I am not mentioning.

"Sony Marketing Man, Kevin Butler's official Twitter feed retweets a post
by @exiva that posts the PS3 Master key. Kevin Butler who has over 69,000
followers tweet read (The tweet now deleted): '@TheKevinButler Lemme guess...
you sank my Battleship? RT @exiva:******REDACTEDKEY****** Come at me,
@TheKevinButler'"

[ Reply to This | # ]

Judge Denies Sony's (SCEA) Motion to Shorten Time
Authored by: rsteinmetz70112 on Wednesday, February 09 2011 @ 11:10 AM EST
I think it is also possible that the judge may grant SCEA their discovery at the
hearing and not rule immediately on the jurisdiction issue while staying
everything else. It does not seem, after waiting this long to file suit, SCEA
will suffer any additional damage. February 9 seems a short time to issue
subpoenas and get adequate responses, especially if the response is suspect or
the subject resists answering it.

Or as PJ suggests the judge may rule for SECA but allow an immediate appeal, but
without some discovery that would seem to be unlikely to finally resolve the
issue.

With regard to potential defendant “Bushing” apparently Ninetendo knows who he
is and where he works or worked since according to reports they called him
there.


---
Rsteinmetz - IANAL therefore my opinions are illegal.

"I could be wrong now, but I don't think so."
Randy Newman - The Title Theme from Monk

[ Reply to This | # ]

Sony Tweets The PS3 Master Key
Authored by: Anonymous on Wednesday, February 09 2011 @ 12:55 PM EST
A twitpic link I thought this might be of use to someone. It's TheKevinButler, tweeting the PS3 Master Key. Kevin Butler is a character portrayed by Jerry Lambert in SCEA's advertising. An engadget link to the story A Wikipedia link describing the character Kevin Butler Have a great day.

[ Reply to This | # ]

Judge realizes Scony is lying its hat off
Authored by: jbb on Wednesday, February 09 2011 @ 01:57 PM EST
Yes, the caffeine hasn't hit my bloodstream yet so I'm probably still in a dream state.

Judges don't like being lied to. Correction, they don't like being obviously lied to. Sony has already breathlessly told this judge that they will suffer immense and irreparable damage if they can't take away all of geohot's computer equipment. Geohot's lawyer responded, in part, by saying that herd of cats has already left the bag and was not going back anytime soon. So far, the judge might be inclined to favor Sony since, in a pre-information age, even if a few products have gone out the door, you can still limit damage by closing down the factory.

But now it seems that Sony is playing this judge for a fool by using the fact that the herd of cats has left the bag in order to try to tie geohot to California. Perhaps I'm still dreaming but it seems at least possible that Sony shot themselves in the foot with this rather desperate and scatter-shot attempt to keep the case in California.

Who knows? Maybe the judge reads Groklaw and was amused and entertained by the aerial and acrobatic tap dancing of SCO's legal team. Or perhaps, even without the benefit of Groklaw, she felt geohot's lawyer made some good points and she was on a knife edge between granting and denying the TRO. ISTM that Sony is now telling the judge:

yes, we were totally lying through our hats to you before about seizing all of geohot's computers, but now you have really got to take our word for it that we are not lying to you this time!
On a more pragmatic level, Sony has made it clear that they plan to be a gigantic pain in the hat if they don't get their way. They are now asking to vastly expand the scope of this case. Why on earth would Sony suffer substantial harm if this case is heard in New Jersey instead of California? Isn't this pretty much an admission that they were simply venue shopping in the first place?

ISTM that Sony could have mitigated or completely prevented any "substantial harm" if they had either:

a) Filed the suit in New Jersey to begin with, or

b) Provided proper evidence and justifications for filing in California.

I sure hope this judge remembers that Sony totally tried to sandbag geohot by filing an ex parte motion on the other side of the country to seize all of his computer equipment before he even had a chance to legally respond. Now Sony is publicly telling the judge that their excuse for pulling that underhanded, dirty trick was a ruse and the herd of cats has indeed already left the bag.

Yes, I'm probably just dreaming.

Ah, but a man's reach should exceed his grasp,
or what's a heaven for?

---
[ ] Obey DRM Restrictions
[X] Ignore DRM Restrictions

[ Reply to This | # ]

Sony already published 90% of the key in court documents
Authored by: jbb on Wednesday, February 09 2011 @ 05:02 PM EST
Perhaps in their rush to seize all of geohot's computers before he got wind of what was going on, Sony included 90% of the master signing key in documents they filed with this court.

Now a lawyer or a judge might naively think that having only 90% of the key is worthless since someone needs 100% of the key in order for it to work. But they would be, as we say in the biz, "wrong". Even divulging 10% of the key would be significant. Giving out 90% of the key is tantamount to giving the entire key away.

Essentially, most attacks on a public/private key crypto-system are measured by how many bits of the key are made redundant (or known). One way to look at it is via what is called a brute force attack where every possible key is tried. If a key has 100 bits then an attacker would need to try 2^100 (about 10^30, a one followed by 30 zeros) different keys in a brute force attack before being assured of finding the one that works. If 10% of the bits of such a key were divulged then an attacker would only need to try 2^90 keys. This is still a huge number but it would mean a brute force attack would be 1,000 times faster (10% of 100 bits is 10 bits and 2^10 is about 1,000).

But Sony didn't divulge 10% of their key in the court documents, they divulged 90%. In the example above, that would be like publishing 90 of the 100 bits in the key thus making a brute force attack 10^27 times faster so instead of trying 10^30 keys, an attacker would only have to try about 1,000 keys, which would be quite doable.

This fact, that Sony had already spilled almost all the beans, was mentioned in posts under Groklaw's first story about Sony's attack on geohot. I don't think anyone made a big deal about it at the time because the technically savvy knew that 100% of the key was already in the wild and was already impossible to contain. Who cares about where to find 90% of the key when 100% of the key was already available at thousands of sites and was only a Google away?

But since the court fell for Sony's sham argument that geohot's computers were the only place anyone could find the key (and by seizing those computers the key could be kept secret), it is worthwhile to note that Sony had already blasted away 90% of their feet in their rush to punish geohot before he got a chance to defend himself.

Sure, the tweet containing 100% of the key is a little worse than the court documents that contain 90% of the key but the tweet could possibly be excused as a forgery while the court documents almost completely defeated the very purpose for which they were filed.

Only two things are infinite,
the universe and Sony's stupidity,
and I'm not sure about the former.

---
[ ] Obey DRM Restrictions
[X] Ignore DRM Restrictions

[ Reply to This | # ]

Judge Denies Sony's (SCEA) Motion to Shorten Time - Update: Sony Goofs Bigtime
Authored by: wvhillbilly on Wednesday, February 09 2011 @ 06:28 PM EST
PJ you crack me up.

>>maybe the Internet is like cockroaches. No matter what you do, they
survive somehow. <<

This reminds me of when I had a room in a cheap hotel in NYC many years ago.
I'd go in and the door jamb would just be packed with the critters. I'd blast
them with bug spray til they were soaked and they'd scatter every which way.
Two hours later I'd come back and open the door and they'd all be right back
there, packed in tight as ever. Never could get rid of them.

---
"It is written." always trumps, "Um, ah, well, I thought..."

[ Reply to This | # ]

Good BBC article on the PS3 exploits
Authored by: jbb on Thursday, February 10 2011 @ 03:35 AM EST
link

It is from January 5th, which was before the law suits were launched but it does a very good job at explaining what fail0verflow and geohot actually did.

"I hate that it enables piracy," said Mr Hotz. "The publication of the key is more academic than anything else."

... Mr Hotz never released the [original OtherOS] exploit and publicly said that he had stopped work on the console.

...[geohot] has not released the method he used to extract the key.

... Mr Hotz also defends his actions, although admits he is "scared of being hit with a lawsuit".

"I am confident I would win since what I released was just a number obtained by running software on the PS3 I purchased".

---
[ ] Obey DRM Restrictions
[X] Ignore DRM Restrictions

[ Reply to This | # ]

Judge Denies Sony's (SCEA) Motion to Shorten Time - Update: Sony Goofs Bigtime
Authored by: Anonymous on Thursday, February 10 2011 @ 07:51 AM EST
> with the cryptic message, "Come at me."
[...] Kevin Butler responded by re-tweeting the entire
jailbreak code and a playful message, "Lemme guess...you sank
my Battleship?"

I suppose this was an automatic action by a bot behind the
"Kevin Butler" account that responds to given commands or key
phrases in predetermined ways. Whoever tweeted the message to
that account probably knew what he was doing. ;)

[ Reply to This | # ]

  • Tweets - Authored by: Anonymous on Thursday, February 10 2011 @ 10:33 AM EST
Internet survivability.. not so fast!
Authored by: emk on Thursday, February 10 2011 @ 11:47 AM EST
So good to see Sony goof!! I don't have a playstation nor do
I intend to get one. I'm also not inclined to buy anything
Sony now.

But I want to make a side point. The internet may have been
built to survive natural disasters but its very susceptible
to political disasters.

Any government can shutdown the internet pretty darn quick.
The resilience of the internet from "lawful" attack is
really a function of our own resilience to such attack.

If the citizens don't stand up for the internet, there is
nothing in its tech or design that can prevent a government
shutting it down.

emk

[ Reply to This | # ]

Maybe Sony gave up on monopoly subsidies
Authored by: Anonymous on Thursday, February 10 2011 @ 09:39 PM EST
..and decided they could do as well or better by letting people share
information as they saw fit.
http://www.techdirt.com/blog/casestudies/articles/20110209/09043313026/case-stud
y-leah-day-brings-free-to-quilting-world.shtml

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )