Hacker News new | past | comments | ask | show | jobs | submit login
Sony suing fail0verflow & geohot over PS3 jailbreak [pdf] (geohot.com)
64 points by angusgr on Jan 12, 2011 | hide | past | favorite | 51 comments

Finally, SCEA will likely prevail on its claim under §1030(a)(7)(B), which prohibits “intent to extort from any person any money or other thing of value” by threatening “to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access.” Hotz violated this provision when, in the same post in which the published SCEA’s Keys, he attempted to obtain from SCEA “a thing of value” in the form of employment: “if you want your next console to be secure, get in touch with me.”

geohot offers to work for them and help them build something that's actually secure, they sue him for "extortion". beautiful.

So, let's see if we can summarize the story in broad outline. Sony releases the PS3 with the included functionality of installing an alternate operating system. Users purchase PS3s with this ability. Sony changes its mind about the benefits of this feature and removes it via a software update. Users take steps to regain the full functionality of the devices they purchased. Sony sues the users for this action.

I'm waiting for the inevitable case of gun manufacturers suing their customers for firing their guns. I believe it's inevitable.

A better comparison would be suing customers for modifying the guns. I remember I saw a documentary once where a company was sued because it sold (I believe) handguns that were easily modifiable to be fully automatic

That's not really a fair comparison, especially considering the level of discussion the DMCA goes into when covering what is considered fair use and what sorts of reverse engineering is prohibited. It'd be more like a gun manufacturer suing because someone turned their gun into an automatic rifle (jailbreak). And then spread instructions on how to do it (homebrew). And then a bunch of people held up grocery stores (piracy).

Not much better. Modifying a gun to turn it into a weapon means you are taking a legal weapon and turning it into something illegal.

The import and creation of automatic weapons in the US is restricted to law enforcement and military. Mere POSSESSION of an unregistered automatic weapon is a felony offense. The two cases are completely unrelated.

Jailbreaking a PS3 is equivalent to jailbreaking a phone, with the possible exception that doing so may be a violation of DMCA, since it theoretically enables the copying of DVD/BDVD/games.

If you buy hardware, you should own that hardware and be able to do with it as you please.

"Whoa there buddy, you made your own gravy for that chicken? I don't think so, you have to buy our gravy for your delicious dinner."

But what if that gravy you made is so healthy and flavorful that it gives you the energy to go on a murder rampage? Clearly being able to make your own gravy is facilitating crime, and must be prohibited.

Replace 'hardware' with 'anything' and I'd probably still agree with you.

Yes. But if you want to continue "support" or receive official updates then you're subject to the whims of the manufacturer/provider. And don't expect them to make it easy for you to do what you will.

That's not true for lots of consumer products available for sale.

It's also not true for most hardware, but that doesn't mean it shouldn't be true. I can be hopelessly optimistic with my blanket statements.

Perhaps the legal principle of "two wrongs don't make a right" applies here.

i wonder if anyone has tried returning their ps3 for a full refund, claiming it stopped working

Yes, people have and received partial refunding from Amazon *, and people have also tried suing Sony as well in Europe.


Incredibly relevant: Daeken's Hardware Hacker Manifesto: http://daeken.com/the-hardware-hacker-manifesto

Sony probably has the upper hand legally here. The DMCA seems to be pretty explicit about these kind of this, at least from my non-lawyerly reading of it. Even so, this is quite unprecedented. Apple and Nintendo have both had devices hacked, often by these same people (there's at least two iPhone Dev-Team members there, four members of Team Twiizers, and, of course, geohot), but they never took any kind of legal action.

(Somewhat unrelated, but funny: even Nintendo found out "bushing"'s real name and phone number. I wonder why Sony didn't go through that trouble and referred to him pseudonymously.)

> Sony probably has the upper hand legally here. The DMCA seems to be pretty explicit about these kind of this, at least from my non-lawyerly reading of it.

IANAL, but there are a few things that Sony has going against them: 1) The DMCA interoperability exemptions may apply to this work, although obviously not the piracy side of things (although these guys have not produced anything that is for the sole purpose of copying content), and 2) They are conflating these attacks purely with piracy, which will make their case look far worse when a judge looks at it. Whether or not these things actually matter in the end is up in the air, but this is by no means a cut and dry case. I'm personally excited to see this come to pass, for the precedent this could set, and I hope for the best for bushing et al.

Edit: This is the type of tweet that can lose a case... "The FAIL0VERFLOW Defendants intentionally circumvented SCEA’s TPMs, accessed the PS3 System and trafficked in Circumvention Devices and SCEA’s proprietary information, with full knowledge that their unlawful conduct would irreparably harm SCEA. Indeed, five days prior to appearing at the Chaos Conference, Bushing echoed a fellow hacker’s comment anticipating this irreparable harm: “Last chance to sell any Sony stock you may have.”"


In this case decided in 2005, Sony received over $6 million in a copyright infringement judgment against a small online retailer who violated the Digital Millennium Copyright Act (DMCA), 17 U.S.C. §§ 1201 et seq., by selling computer chips that allowed unauthorized copies of PlayStation games to be played on the PlayStation console.


There was never much of a PlayStation One homebrew or Linux scene though, was there? So it'd be hard to argue that the PS1 device had any useful purpose other than piracy.

Unlike with PS2&3, where for a while there Sony pretty much endorsed alternative uses of the console.

That may improve the moral standing, but I don't see how it affects the legal situation. There's no right to homebrew in the DMCA (sadly).

There was a homebrew community, using things like the Action Replay cart @ caetla/catflap rom, cf: http://jum.pdroms.de/PSX/psxdevstart.html

Also, there was the official Net Yaroze system - which had similar restrictions to ps3 Linux - no cd data, and no good access to the GPU: http://jum.pdroms.de/PSX/psxdevstart.html

Unprecedented to sue those hacking a console with the sole intent of using it for Linux and homebrew, yes.

(Yes, suing over piracy is not new, and that's what Sony is doing here. But that doesn't change the fact that none of them support piracy.)

I personally don't think this is a good move from Sony. Apple seem to have the right stance with their hardware being compromised - pretty much just ignore it.

Bringing a legal action like this just raises the public awareness to the hack (not good for Sony). It pisses more hackers off (not good for Sony) and it doesn't fix what seems to be an unfixable problem for Sony.

I'm sure the courts will be made aware that Sony removed a "key" feature/selling point of a console and left consumers with little choice about how to re-enable that feature.

Anyway, Geohot shouldn't have been such an egomaniac, the keys/tools could have been leaked online anonymously and he wouldn't be in legal trouble. Still, I can see an out of court settlement of some kind on the horizon...

Apple makes their money from hardware -- software sales are just icing on the cake. Sony, however, has to take piracy threats (since even well-intentioned cracking will lead to piracy) very seriously because they make all of their money from software sales.

Sony's ineffectual attempts to lock down the PSP (starting with the last-minute homebrew policy reversal) probably contributed to the firmware hacking community's fervor. However, after the rampant piracy on the PSP platform, I think Sony is going to take any firmware hacks very seriously. Gamers have proven to be perfectly willing to pirate games if given the opportunity.

Sonys problem is that they make the most expensive games console hardware, but make a loss selling it.

If I were them I'd fix that first. And get rid of the ridiculous and outdated blu-ray crap. Spinny disc things? In this day and age?

I remember when Nintendo said that. You'll note that the spinny disc camp slaughtered them. Spinny discs are little sheets of polycarbonate. They're ridiculously cheap to make.

Apple sues Wired over netbook hackintosh video: http://tinyurl.com/4d2f4rv

Apple sues clone maker Psystar: http://tinyurl.com/6r7jad

I.e. they are only quite as long as people keep buying their hardware, and got nothing to do with "pissing hackers off".

I wouldn't say Apple ignores jailbreakers; while they haven't tried to sue anyone making the software (as far as I know), they did try to block the DMCA exemption for jailbreaking: http://www.eff.org/deeplinks/2009/02/apple-says-jailbreaking...

(Honestly I don't see how geohot did anything, here, really: he used one exploit to apply the work of fail0verflow, who presented at CCC, to a new part of the PS3. All the important parts, like the private key calculation, were already presented before he posted anything.)

While I agree that he is being somewhat of an egomaniac, it does give Sony a big target to shoot at, therefore allowing the court case that may set a good precedent.

Various sources [1] are stating that the Sony PS3 TOS allows Sony to disable units remotely leaving them unusable for both online and offline use.

While I would be fine with being banned from their network, I believe the hardware should be mine to do with as I please - with the obvious exclusion of piracy. If I want to get Linux on there, then that should be my right as the owner of the hardware - same if I want to run custom firmware to allow me to do hobby development. Both their supposed right to unleash a ban wave, as well as their lawsuit against Geohot et al just doesn't make sense - why can a lawsuit like this even be allowed to happen? (This question is linked to the fact that Geohot purposely did not add peek/poke functionality on what he released to ensure that piracy would not be possible using his tools - even if others have since added that in)

[1] http://www.eurogamer.net/articles/digitalfoundry-in-theory-p...

How the heck is "if you want your next console to be secure, get in touch with me" extortion?

Seriously? We can argue the ethics all day, but from Sony's point of view, this series of events is isomorphic to an expert lockpicker breaking into their office building and then sending a letter saying "if you want your next building to be secure, get in touch with me."

Which is also not extortion.

Which would be legally established in the absence of a) proof of intent at the time of the threat and b) proof of the threat itself (way to go, Internet). Just saying..

I'll have to take your word for it. That literally reads as the dictionary definition of a protection racket to me.

Does it? Exactly which dictionary did you literally find that in? Do you even know what the word "literally" means?

I'm a fair man; let's do some checking. Here's one:


"an illegal system in which criminals threaten to harm you or your property if you do not give them money"

How strange; it's not remote close to what you literally read as a dictionary definition.

I've checked other dictionaries too; same story. Here's an idea; why not open up this magical dictionary you have and see what it says under the word "literally".

I literally found a definition a lot like yours in my literal dictionary. I am sort of baffled at your comment because that sentence seems to be an accurate description of the situation I described in my analogy. Let me

A) I and my colleagues illegally broke into your thing ("harm you and your property"),

B) and you had better hire me to fix your thing ("give them money"), or

C) we'll probably do it again next time ("threaten").

I'm not sure what the source of our disagreement is.

I disagree that your fire department remark from above is a correct way of thinking about the situation, because the fire department does not start fires, nor do they charge for leaflets. What makes it seem like extortion is not primarily that geohot is offering to secure their console. It's that he's offering to be paid to do so in the next breath after helping to exploit their console.

If this were extortion, in exchange for being paid, he'd not do something. What exactly is it that you suggest he will not do, in exchange for money, given that he's already released the crack to the world?

"if you want your next console to be secure, get in touch with me."

I suggest that in exchange for being paid, he will not help crack the PS4.

(I don't actually think that was the spirit of his remark, of course, but it probably is literally true that if Sony hired him, he would likely not help crack the PS4, while as it stands, he may well do so.)

So there's someone who knows how the locks on your building can be picked, and then offers to tell you how to fix it so they can't? That doesn't sound like extortion. It sounds like someone being helpful.

In case you struggle to draw the analogy here, in this case we have Geohot, who knows a lot about how to do something Sony really want to do, offering to help them do it. That's not extortion.

If you call that extortion, then presumably when the fire department sends out leaflets on how to prevent fires, you call that extortion too.

No, it's like someone buying a lock, picking it in the privacy of his own home, and calling the lock company saying, "hey, this lock is easy to pick, want me to show you how?"

This is called "customer involvement", not extortion.

If the end user does not own the Playstation 3 (it seems to be owned by Sony, from Sony's point of view), I wonder what he paid $499 for.

I wonder if it means anything legally that (at least for the initial period of the console's life) Sony was selling the device for less than cost with the expectation that they would make up the difference with game sales.

I think there is some moral greyness to buying an essentially subsidized console with no intention to buy games -- though now that they probably make a profit on the hardware, that point is moot.

There is no moral greyness; It's a business model that has it's potential profits and potential risks. If their business model as a flaw, that's not a failing of someone else's morality. We also have no moral obligation to ensure the profits of corporations.

If you agree with Sony lawyers that companies like Sony, along with the current copyright law, are doing a good job of encouraging productivity, then you absolutely ought to feel a moral obligation to help ensure their profits and perpetuate their business model. And I guarantee that many of the people working hard to jailbreak the PS3, believing the opposite, feel a moral obligation to help eliminate that business model. There's nothing about capitalism that suddenly abrogates these decisions.

I was specifically commenting on the practice of buying the console with no intention to buy games. You could make the same argument about purchasing razors with no intention of buying the blades. Copyright law has nothing to do with razors and blades why should it have anything to do with consoles and games assuming no piracy is involved? Does the moral equation change if we're not talking about game consoles? Is morality a factor when purchasing heavily discounted razors at the asking price?

The practice of buying the console with no intention to buy games seems to have been somewhat common among academics, who used clusters of the machines for things completely unrelated to gaming. My research advisor at some terrible state university in Texas had about forty of them for algorithms research purposes.


The marketing value of a supercomputer built from your company's product is surely worth the loss of subsidy. Each time one of them is built, it invariably results in a bunch of news stories. This helps reinforce the PS3's reputation as the most powerful modern console hardware.

They're probably enabling it in some cases -- the US military has built clusters with thousands of PS3s. I doubt they procured those through Best Buy.

Even if it's not, Sony could have sold unlocked* units at a non-lossmaking value, which would have instantly discouraged a large proportion of the hacking movement. This is what OtherOS provided: a valve for homebrew enthusiasts, why there were no serious efforts for the duration.

*By unlocked I mean "homebrew unlocked" and without the ability to play games.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact