Saturday, April 3, 2010

Sony, Security, and Consumer's Rights

Many of you saw my recent tweets complaining about the Sony PlayStation 3 firmware update version 3.21 that cripples the second operating system "OtherOS" feature of the PS3. Since then, I've received several questions as to why I thought Sony would remove such a feature, and why I cared so much.

The answers to both questions require more than 140 characters. Here, I will try to explain.

The PlayStation 3 as a Computing Platform

Briefly, the PS3 is an amazing computing platform. It boasts a 7-core 3.2GHz IBM PowerPC cell processor architecture unlike pretty much anything available at even twice the price. It works with USB and Bluetooth Wireless input devices (mouse, keyboard, gamepads, &etc), has HDMI, Composite, and Component video outputs, digital audio output, an internal SATA hard drive, 802.11b/g wireless, and a Blu-ray DVD-ROM drive.

Sony has, from the start, marketed the fact that this amazing "game console" also supports the ability to run Linux for those power-users who wanted to also use it as a computing platform. This included feature is known as "OtherOS" support.
[Reference: ]

FWIW, this feature was a deciding factor in my choice of the Sony PlayStation 3 as a game / media / computing platform when I purchased it.

The DRM Arms Race

Without writing yet another long blog about DRM, let me just state a couple of canons about Intellectual Property that I believe to be true:

I: Companies that own intellectual property rights have the right to protect themselves from illegitimate copying, use, or distribution of said intellectual property.

I want to state this up front, because I believe it's important. Far from the "Information Wants To Be Free!" rally cry of the pirates, I understand and acknowledge that media and entertainment production is a business. And those businesses have the right to not have their products stolen from them.

II. All technological measures to prevent unauthorized reproduction or distribution of media will ultimately fail.

We all need to acknowledge this as well. Every software copy protection scheme, every cable transmission encryption scheme, every satellite distribution set-top-box authorization scheme, every music anti-ripping scheme has eventually been broken by those who want to copy the media.

It has happened, it will continue to happen. You cannot present media to a person and yet prevent that person from ultimately being able to reproduce it without your authorization. That is a certainty - almost a law of information, if you will.

So, with these two points acknowledged, all DRM and anti-copying measures come down to this:

What can be done to make illegitimate copying or distribution of media more difficult, without infringing on the legitimate use by the consumer?

That question, my friends, is what the entire DRM side of the media industry does for a living.

The second half of that question is the line that Sony just crossed with the PS3.

Geohot and the PlayStation 3 Hack

A very talented, well known hacker named George Hotz, or "geohot", discovered some bugs in the hardware / firmware implementation of the PS3. These bugs allowed him to write an exploit that provided access to parts of the PS3 hardware that Sony had previously restricted from the OtherOS support. In short, this put the security measures that Sony had implemented to protect their platform and its copy protection schemes at risk.

Geohot's hack is not a way to copy games or movies. It is, however, a way to start tinkering with the protected parts of the system that prevent you from doing so. His hack has a number of beneficial features too, like providing a higher level of customization to power users. Or the ability to include more of the hardware features in custom developed applications for the PS3 OtherOS platform.

A parallel between geohot's PS3 hack and his iPhone hack that made "jailbreaking" possible has been drawn, and for a good reason. They are very similar hacks. They both "open up" a restricted platform so that the consumer has more abilities than the corporation that created it intended.

If you're interested, you can read more on geohot's PS3 blog:

Sony's Reaction to Geohot's Hack

Sony's reaction to Geohot's hack was swift and fascist in nature.

1. Sony has removed ALL "OtherOS" support from ALL Playstation 3 devices as of the mandatory firmware update 3.21 on April 1st, 2010.

2. If a PlayStation 3 owner chooses not to install update 3.21:

a. Access to the PlayStation 3 Network is disabled
b. Access to online features of purchased games are disabled.
c. Blu-ray movie playback is disabled.
d. Many newer (purchsed) games are disabled.

[Reference: ]

So Sony is giving its users a choice. Give up OtherOS support, or give up pretty much all the other uses of the PlayStation 3.  Whether or not you think what George Hotz did by finding and exploiting the PS3 vulnerabilities was right or wrong, I assert one thing:

Sony's reaction to geohot's hack is wrong.

They have removed a major feature that was a selling point of the product as a knee-jerk reaction to something that was not only predictable, but inevitable. This "We're going to take our ball and go home" attitude towards their customers is deplorable.

I ask you, Sony, if you want to retain a modicum of respect from the technical community, please reconsider.  Reinstate OtherOS support on the PlayStation 3.

It's just the Right Thing To Do(tm).

- Kenneth "K.C." Budd, CISSP