Should Geohot Go to Jail?

George “Geohot” Hotz is a hacker most well known for jailbreaking the iPhone. Recently he, along with a group known as fail0verflow, successfully hacked the Sony Playstation 3.

According to both Hotz and many of the other hackers involved, the hack was primarily in response to the Playstation 3 having Linux (OtherOS) removed. And, although the PS3 had not been hacked for several years prior to that (making it the only console to not be hacked at the time), relative to the time they dropped linux, they were hacked in about the same time frame as the Xbox 360.

The history goes that George Hotz was given a PS3 slim by a friend in order to try to see if OtherOS was still capable of being run on the system since the older models (fat models) had this feature, but the newer ones did not.

George Hotz was successful with getting OtherOS to work properly on the slim model, but Sony got wind of his activity and soon after removed OtherOS support from the older units as well. When the firmware was applied not only did it result in some bricked PS3’s (which I believe Sony is still being sued for), but it made a good portion of the hard drive (which was reserved for OtherOS) unusable. On top of this many people had purchased the PS3 over an Xbox 360 because of this feature to use the PS3 as a PC (albeit in a limited capacity).

Currently Sony is being sued for fraud, this being their defense:


The real question is why Sony decided to remove OtherOS functionality at all. It’s true that the remove of OtherOS from the fat models was probably in response to Geohot’s hack, but why remove it from the Slim models? This is the official response from Sony:


This makes the most sense, but many will blame Geohot for the removal, when it is obvious from this statement that Sony simply didn’t want the additional upkeep. They most likely used Geohot’s hack as an excuse to remove OtherOS support from the fat models to lessen consumer backlash.

This is when hackers got truly interested in hacking the PS3 and it was soon after this that Geohot began releasing some information about a hardware hack, but, because people continued to blame him for the removal of OtherOS, he nearly gave up on hacking the PS3.

A few months later a hacking group from Australia used Geohot’s hardware method to find a vulnerability in the PS3, allowing it to run unsigned code (code not authorized by PS3) from a special USB dongle.

The device, dubbed the PSJailbreak, was sold to allow players to back up games to an external or internal hard drive and execute unsigned code.

While this device could be used for piracy, it did have legitimate uses for those interested in creating homebrew software.

The PSJailbreak team was issued a cease and desist from Sony, and Sony released a firmware update which pretty much prevented the device from working with newer games. This update also caused a number of third party controllers to stop functioning.

Although many saw this as a triumph for Sony, it was clear to those in the scene that it was only a matter of time now.

And that is what happened.

Fail0verflow made an announcement they had hacked the PS3 and at 27C3 demonstrated their hack. What was most surprising was they had actually cracked the cryptography key Sony used to sign games (the random number generation method called actually always returned 4 instead of generating a random number). This meant that the damage could not be staved off by a simple firmware revision and also meant that Sony had the weakest security of any of the consoles. Any change to the way Sony signs software would make all previous software incapable of running on that newer hardware (or updated firmware).
It was noted at the conference that Sony had received a pass from hackers for a long time because it had included OtherOS.

You can watch the conference here:

Keep in mind, although the code released by fail0verflow could be modified and used for piracy (and it was eventually), the original code was not capable of running back ups of games and was primarily used for installing a custom version of Linux and other custom software (homebrew).

Bushing, who is part of fail0verflow and someone I have had dialog with in the past, actually works on another hacking project for the Wii (HackMii/BootMii). In that project steps have actually been taken to prevent people from using their software for nefarious purposes (although they have proven mostly ineffective).

So having this information, should Geohot go to jail? Has he or fail0verflow broken DMCA laws? Keep in mind that recently a court decision found jailbreaking the iPhone legal. Does this situation differ all that much? Should I be restricted from using hardware that I paid for any way I want as long I am not pirating software? If someone does pirate software, should we be blaming the hackers who did not have any intentions of pirating?

While they may have facilitated piracy to some extent, how does this differ from a computer science teacher explaining software security to students and providing them with the knowledge to not only protect their own software but crack software of others?

What about the knowledge to modify a gun into an illegal firearm. Certainly the information to do this isn’t illegal, but the actual act of modifying the firearm is.

I can’t really can’t render much of an answer based on the legality because I don’t really understand the law. It seems silly in the extreme that someone can be faced with criminal charges for modifying an item they bought and paid for.

First, this topic will probably do better in The Game Room. I’ve been following this whole thing since Feb. 2010 when Geohot first announced his hack. Even though I’m still buying PS3 games, I’m kinda rooting for Geohot. I started a thread back when they pulled OtherOS and a lot of people were like they are justified because they grant a license and you must sign TOS agreements. But it seems to me TOS agreements should be limited to reasonable expectations and I reasonable expected my PS3 to be able to do everything it could do on the day I bought it for the life of the console.

As for Geohot, I don’t think he should go to jail if he loses. He’d probably be wiped out financially if Sony wins. I’d take a promise not to hack Sony products in lieu of cash. But he’s already itching to get the Experia which will be legal to jailbreak.

All that text, and I don’t understand who is accusing the hacker of committing a crime, or what that crime is.

I understand that there may some civil action on the matter, but I don’t get what criminal law has to do with the situation.

The DMCA makes it illegal to circumvent manufacturer limitations on an electronic device.

The DMCA is an unenforcable mess that, if you look at it right, could be construed to criminalize just about anything. The relevant companies could certainly sue Geohot for breach of contract based on the terms of the EULA he presumably violated, but that’s about as far as I can see it going.

I am going to interpret the word “should” in the thread title to mean this is a moral/ethical question rather than a legal question, and answer it thus:

No, he shouldn’t.

As a writer (and in my former life as a software engineer), my livelihood depends upon intellectual property laws. It bothers me when people pirate music, games, or software because I believe that people deserve to get paid for their work, and if we stop paying them, they just may stop producing that work that we like so much.

That said, I believe that I should be able to do whatever I damned well please with something once I’ve purchased it, as long as I’m not passing copies of it off to other people. It’s my game console (or phone, or whatever), and I should be able to take it apart and modify it as I please. When I’ve purchased a song (or movie, or whatever), I should be able to copy and edit it as I choose for my own use. I absolutely understand that such actions will (and should) void warranties, but I don’t understand how any rational lawmaker could support a law that makes it illegal to buy something and take it apart to see how it works.

To reiterate, I understand that my personal moral/ethical feelings in the above paragraph are not in line with our convoluted system of DMCA-type laws, but I will let the lawyers speak to those.

Wait, for serious?

If so, that’s fucking hilarious..

You’re right, it’s not a criminal charge, but I forgot to finish my post.

The commentary on the issue has been quite disturbing from the gamer community in that many of them have said they would like to see him in jail. The most disturbing thing about it is that many of them care more about the cheating that comes with these hacks (not that there wasn’t cheating before them) and not the piracy that it has caused.

While I don’t think that public opinion will come into the matter, it does make me question why people believe he should go to jail at all.

So if this is what the gaming community has devolved into, I am not sure I want to be identified as part of it.

Cheating, while something I don’t agree with, is not something I would want someone to go to jail for, and IS something I see as inevitable for any game (being primarily a PC gamer, I’ve had to deal with this forever).

That Twitter post looks like it’s referring to a metaphorical “return 4”, not a literal one. As in, it was easy (though not quite that easy) to predict the output of the PRNG, and thus attack the security.