Wednesday, January 12, 2011

Sony DMCA PS3 Legal Review New Media Opinion

tl;dr: Most of Sony's points are bogus because they are applying hacking laws which refer to "protected computers." The PS3 is not a protected computer because its owner has no limit of authorized access.

I'll review some more of their "points" in their recent restraining order against George Hotz:

To prove a violation under 18 U.S.C. § 1030(a)(2)(C), SCEA must show that
Defendants: (1) intentionally accessed a protected computer used for interstate commerce or
communication; (2) without authorization or by exceeding authorized access to the protected
computer; and (3) thereby obtained information from the protected computer. SCEA has
established these elements.

all three of the above points are invalid due to "protected computer" as discussed above.

Sony's meek claim is " First, the PS3 System consists of a “protected computer” because it is used in interstate commerce (e.g., the Internet.)"

in REALITY, the PS3 need not be connected to the internet at all. never. And the hackers are not connecting to one another's PS3s. They're only using the in their own home, having paid for them. with money.

2. 18 U.S.C. § 1030(a)(4) – Intent To Defraud And Obtain Value
To prevail on a claim under § 1030(a)(4), SCEA must show that Defendants: (1)
knowingly and with intent to defraud accessed a protected computer without authorization, or
exceeded authorized access; and (2) by means of such conduct furthered the intended fraud
and obtained anything of value. SCEA has satisfied these elements.

1. protected computer/authorization.
2. fraud is irrelevant here, as is obtaining anything of value.

These laws about there to protect us against hackers breaking into banks, and databases, then signing merchandise and money into their own names. They're not relevant to hobbyist use of home computers.

Here's where everything falls down:

"As discussed above, Defendants accessed the PS3 Systems without authorization. "

There is no part of one's home one may not access. The PS3 systems in question were owned by their users who cannot withhold authorization.

3. 18 U.S.C. § 1030(a)(5)(A) – Knowing Transmission of Code
Under 18 U.S.C. § 1030(a)(5)(A), SCEA will also likely prevail on its claim that
Defendants “knowingly caused the transmission of a program, information, code or
command, and as a result of such conduct, intentionally caused damage without
authorization, to a protected computer.” "

This law is again, there to protect us from hackers writing viruses and other harmful programs to damage bank, government, home, private, and business computers. It has nothing to do with one's own appliances. Furthermore, the jailbreaking software is not harmful.

4. 18 U.S.C. § 1030(a)(5)(B) and (C) – Intentional and Reckless Damage
And Loss
To prove a violation under 18 U.S.C. § 1030(a)(5)(B) and (C), SCEA must show that
Defendants “intentionally accessed a protected computer without authorization, and, as a
result of such conduct, recklessly causes damage” or “recklessly causes damage or loss.”

This is another bogus charge. The law is written to protect us from hackers who damage systems through stupidity. Without this law, an attorney would have to show intent, but in cases of hacker damage, there is not always intent. Sometimes it really just is fools. If the hackers had logged into Sony servers and deleted random files this would apply.

5. 18 U.S.C. § 1030(a)(6)(A) – Trafficking in Password
Under 18 U.S.C. § 1030(a)(6)(A), SCEA will likely prevail on its claim that Defendants
“knowingly and with intent to defraud traffics in any password or similar information through
which a computer may be accessed without authorization if such trafficking affects interstate
or foreign commerce.”

This is going to be one of the trickier ones because the cryptographic features of the PS3 are extensive. Also, some people have published keys for signing PS3 software images. This law is basically to protect us from people selling our passwords to our accounts. Sony seems to think that the information on the PS3 unit belongs to them, but clearly it belongs to the owner of the PS3, doncha think? Maybe Sony should switch to a rental model?

6. 18 U.S.C. § 1030(a)(7)(B) – Intent to Extort
Finally, SCEA will likely prevail on its claim under §1030(a)(7)(B), which prohibits
“intent to extort from any person any money or other thing of value” by threatening “to obtain
information from a protected computer without authorization or in excess of authorization or
to impair the confidentiality of information obtained from a protected computer without
authorization or by exceeding authorized access.” Hotz violated this provision when, in the
same post in which the published SCEA’s Keys, he attempted to obtain from SCEA “a thing
of value” in the form of employment: “if you want your next console to be secure, get in touch
with me.” Bricker Decl. at ¶22, Exh. U.

This charge is so blatantly exaggerated, its law so incorrectly applied that it almost seems to be an admission of defeat on the part of attornies. Clearly, this law is meant to protect us from extortion or blackmail... nothing to do with computers really, except that the extortion is of the type "if you don't do what I tell you, I'll break into a computer." A rare crime, but it happens. Obviously Hotz's statement is not an extortion demand, but a boast.

Unfortunately for Sony, riding your bike with no handlebars is not a crime.

Furthermore, Sony makes claims to "irreparable damage," but nearly every other comparable game-playing system on the market (DS3, Win32, Sony's own PSP, etc.) has its security systems compromised to one degree or another, and yet commerce still continues. The market still rewards innovation, etc.

For those who haven't been on this circus before - the computing console security cat and mouse train - let me explain:

1. a lot of people buy games
2. a few people pirate some games
3. very few people pirate a whole lot of games
4. some people make homebrew software
5. most big companies don't care one way or the other about homebrew
6. most big companies fear homebrew leads to piracy

Personally, I wouldn't worry if I were Sony, the games are just too big to pira

No comments:

Post a Comment