Judge Lets Sony Unmask Visitors to PS3-Jailbreaking Site
By David Kravets
A federal magistrate is granting Sony the right to acquire the internet IP addresses of anybody who has visited PlayStation 3 hacker George Hotz’s website from January of 2009 to the present.
Thursday’s decision by Magistrate Joseph Spero to allow Sony to subpoena Hotz’s web provider (.pdf) raises a host of web-privacy concerns.
Respected for his iPhone hacks and now the PlayStation 3 jailbreak, Hotz is accused of breaching the Digital Millennium Copyright Act and other laws after he published an encryption key and software tools on his website that allow Playstation owners to gain complete control of their consoles from the firmware on up.
Sony also won subpoenas (.pdf) for data from YouTube and Google, as part of its lawsuit against the 21-year-old New Jersey hacker, as well as Twitter account data linked to Hotz, who goes by the handle GeoHot.
Bluehost maintains Hotz’s geohot.com site. The approved subpoena requires the company to turn over “documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms” tied to Hotz’s hosting. The Bluehost subpoena also demands “any other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service and associated” with the www.geohot.com website, including but not limited to the “geohot.com/jailbreak.zip file.”
Sony told Spero, a San Francisco magistrate, that it needed the information for at least two reasons.
One is to prove the “defendant’s distribution” of the hack. The other involves a jurisdictional argument over whether Sony must sue Hotz in his home state of New Jersey rather than in San Francisco, which Sony would prefer. Sony said the server logs would demonstrate that many of those who downloaded Hotz’s hack reside in Northern California — thus making San Francisco a proper venue for the case.
The DMCA prohibits the trafficking of so-called “circumvention devices” designed to crack copy-protection schemes. The law does not require Sony to prove that Hotz received payment for the hack, which was designed to allow PlayStation 3 owners the ability to run home-brewed software or alternative operating systems like Linux. It builds on a series of earlier jailbreaks that unlocked less protected levels of the PlayStation’s authentication process.
Jailbreaking a console is also a prerequisite to running pirated copies of games, which Sony emphasizes in its lawsuit.
“I think the these subpoenas, the information they seek, is inappropriate,” said Corynne McSherry, a staff attorney with the Electronic Frontier Foundation. In a letter to Magistrate Spero, she termed the subpoenas “overly broad.” (.pdf)
The judge also signed off on a Google subpoena seeking the logs for Hotz’s Blogger.com blog, geohotps.3.blogspot.com.
A YouTube subpoena, also approved, seeks information connected to the “geohot” account that displayed a video of the hack being used: “Jailbroken PS3 3.55 with Homebrew.” The subpoena demands data to identify who watched the video and “documents reproducing all records or usernames and IP addresses that have posted or published comments in response to the video.”
A fourth subpoena is directed at Twitter, demanding the disclosure of all of Hotz’s tweets, and “documents sufficient to identify all names, addresses, and telephone numbers associated with the Twitter account.”
Sony has threatened to sue anybody who posts the hacking tools or the encryption key. It is seeking unspecified damages from Hotz.
A hearing on whether Hotz will be tried in San Francisco or New Jersey is set for next month in San Francisco federal court.