Sony has been granted the right to subpoena George 'Geohot' Hotz’s website, allowing the company to unmask the IP addresses of every visitor to his site from January 2009 to the present, according to media reports.
Technology news site Wired is reporting that federal magistrate Joseph Spero has allowed Sony to subpoena Hotz's web provider Bluehost, requiring the provider to hand over "documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms" for Hotz's site.
The subpoena also states that Bluehost must pass along "any other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service and associated."
Sony has also won the right to subpoena YouTube, Google and Twitter, allowing the company to retrieve data regarding Hotz's accounts on each service.
Sony told the magistrate that it required the information to prove that Hotz had indeed distributed the hack, and also to prove that the hack was downloaded in Northern California, hence allowing Sony to sue Hotz in San Francisco.
In a letter to the magistrate, Corynne McSherry, a staff attorney with the Electronic Frontier Foundation, said that "these subpoenas, the information they seek, is inappropriate," also calling the ruling "overly broad".
Apart from the subpoena on Hotz's website, Sony has also been granted the right to see the IP addresses of all those users who either watched or commented on his YouTube videos, and details of all those who contacted him via Twitter.
A hearing regarding whether Hotz will be tried in San Francisco or New Jersey is set for next month.
A U.S. District Court granted Sony a temporary restraining order against Hotz back in January, after it was found that the company was "likely to suffer irreparable harm" due to the hacker's actions.
"Sony told the magistrate that it required the information to prove that Hotz had indeed distributed the hack, and also to prove that the hack was downloaded in Northern California, hence allowing Sony to sue Hotz in San Francisco."
In my opinion, nothing lasts for ever, not even Sony and I think they are pretty aware about this. Sony is doing damage control by cutting some of their own putrid limbs, thinking that on the long run, the stink of the bad reputation gained in the process, will get vented away. I the end, they will be only a crippled company, unable to face the stronger and healthier newcomers.
The only thing I am scared about is NOT being watched and heard. It would mean that nobody is listening.
I never visited His site, I never owned a PS3 pr PSP, I own an Iphone but it's not Jailbroken, so i never had a reason to go to the guy's website. Saying that, I could have easily been curious enough to go to the website via a link from a different website, or went there on a whim. Sony doing this seems absolutely ridiculous. It also makes me hesitate to buy a Sony product in the near future, and I was very interested in the NGP until now.
1. Whether the laws making PS3 jailbreaking illegal are fair
2. Whether a subpoena on internet traffic is inherently a violation of privacy to the visitors of that website.
I think 2 is the more interesting issue.
What makes a subpoena for internet traffic different than a subpoena for say security camera footage at the scene of a more traditional (offline) crime? Do we, or should we have a greater right to privacy on the internet than we do in our normal (offline) lives? Obviously the cops would have the right to subpoena security camera footage, given enough evidence that a crime was committed. So if the authorities similarly have evidence that a crime was committed on a website, what's different about subpoenaing the logs for that website? In both cases, whether we were caught on camera or we visited the website, we should have nothing to worry about if we did nothing illegal.
Or is there something different about the internet that we should have a greater right to privacy for our online activities than our offline activities? If so, I'd like to hear your argument.
I too worry about the slippery slope of tracking internet traffic. But I'm not sure how strong the argument is against the website subpoena, unless you attack the validity of the jailbreaking law.
And the large distinction to be made in your scenario is that Sony != law enforcement.
[edit] And it could be argued that there is indeed a greater expectation of privacy in regards to internet browsing than the privacy expected when we are in public places.
Consider that social forces at work in public often curb what people are willing to express an interest in or investigate. These forces are absent the privacy of our home internet browsing.
For instance, a jock on the football team may have an interest in opera that he would not express in public around his peers for fear of altering his social image. This may prevent him from going to a public library to check out books/audio/video in regards to opera. However, this inhibition would not be present in his home while he searches the web because he assumes that no one will find out.
An admittedly imperfect example but you see what I'm getting at. There is a greater expectation of privacy online than there is in our physical presence in public places.
Also, when you are seen on a security camera, you was there phisically, and it does not reveal sensitive information about you unless you are on the police database already...
Now that subpoena, allow for example the house of some people to be found, I am very sure that those people are not pleased, that Sony now will know where they live, specially if they antagonize Sony in some way (does not matter if that antagonizing is legal or not).
Ardney: "And the large distinction to be made in your scenario is that Sony != law enforcement."
Mauricio: "Sony now will know where they live"
Well, here's what I'm not clear on. Yes, the weblogs are being subpoenaed. But this does NOT mean the weblogs are being released to Sony directly, does it? Rather, a legal prosecutor investigating a crime against Sony are subpoenaing the weblogs. In which case it seems likely that Sony itself will never see these weblogs, due to the exact privacy issues you discussed. And if this is true, then this really is no different than the security camera analogy I gave in my OP.
"Sony has also won the right to subpoena YouTube, Google and Twitter, allowing the company to retrieve data regarding Hotz's accounts on each service."
Notice: "allowing THE COMPANY to retrieve..."
Even if Sony get only IPs, some IPs are tied to a particular location for example, allowing Sony to know where the IP (and thus the person) came from.
It's a civil lawsuit. The feds are not suing Hotz, Sony is. So Sony would be receiving the records, just as they already received his computer from an earlier subpeona.
People commenting in Sony's favor here really boggles my mind. Look at what's being subpoenad again: "documents reproducing all server logs, IP address logs, account information, account access records and application or registration forms..." and "ANY other identifying information corresponding to persons or computers who have accessed or downloaded files hosted using your service and associated."
The argument that they need this level of detail to establish a question of jurisdiction is absolute BS. All that's needed is testimony from the provider. It would go something like this:
"SONY: Did you review the logs pertaining to access to defendant's website?
Bluehost: Yes
SONY: And did you find evidence that access was made by persons residing in California?
Bluehost: Yes/No/Maybe"
BAM! Jurisdiction decided. Notice how much personal identifying information needed to be disclosed to Sony, the courts, or the public? That's right, ZERO. If you think for one minute that this isn't an overly broad information grab than you are hopelessly naive or willingly turning a blind eye to the facts. And further claiming that a a company with a documented history of attacking it's own PAYING customers will not continue to attack others with this new information is patently ridiculous.
You have to have some sympathy with Sony wanting to protect their system - even if the hackers like Geohot just want Other OS and homebrew, the pirates are always right behind.
Or I did. This crosses the line into actively evil big corporation arrogance for me. Going after people who just wanted to see that trainwreck of a rap video? The jurisdiction excuse doesn't wash; you don't need this level of disclosure just for that. Even the flailing wounded boss excuse doesn't work here. So no more Sony products, even if it's another division. I'm buying a new compact camera this week, looks like it's Canon, Olympus, or Nikon.
In a GDC clone here in 2009 I met a Sony guy that says that Canon is better than Cybershot. (it was kinda funny, a Sony guy, inside Sony booth, defending Canon...). I think you should go with Canon :P
Actually I have to say kudos to all of you. Another reason why i love this site. Especially you Mauricio and Ardney. I finally get what the heck this case is about and it is absurd. I wish I could redact my earlier comment because i didn't really read between the lines. I read more online and I see light.
My question to you both though is, should people using Sony's PS3's free online service be at least concerned? I have a PS3 and I won't subscribe to their premium services because I think it is a rip off. There is really nothing that I can't get with the free service. But now I am thinking should I even continue using my PS3 knowing that they are going after people like this.
Wasn't failoverflow the group that blew the PS3 wide open, with Geohot only getting the alphanumeric master key. It seems that Sony is setting out to make an example. Picking on geohotz (and anybody remotely related) because they can, because the courts (for whatever reason) will allow them to do as they please. It looks more and more like a witch hunt.
It's like Sony just went Umbrella on our asses, rounding up the entire city and putting us quarantine until they unleash monsters on us to dispose of us. Only instead of monsters, we have attorneys unleashed on us.
There's no justification for this, whichever way you cut it. This can only hurt end users in the end, because you know they're going to hit people who simply visited the site.
Ephraim and Mauricio's statements are what I agree with. This is going too far.
It's also a real concern when people, as Ephraim mentioned, state "if you didn't download anything, you have nothing worry about".
I know this is a terribly unwarranted comment, but this situation reminds me of one of the character creation Q&A's in Elder Scrolls 3: Morrowind...
"There is a lot of heated discussion at the local tavern (internet forums) over a group of people called Telepaths (Bluehost, Youtube, Google, Twitter). They have been hired by certain City-State kings (Sony). Rumor (court decision) has it these Telepaths read a person's mind (online account and records) and tell their lord whether a follower is telling the truth (involved with hacks) or not. What do you think about this?"
a) This is a terrible practice! A person's thoughts are their own and no one, not even a king, has the right to make such an invasion into another human's mind! (Most people seem to go with this option.)
b) Loyal followers to the King have nothing to fear from a Telepath. It is important to have a method of finding assassins and spies before it is too late. (A few people seem to go with this one.)
c) In these times, it is a necessary evil. Although I do not necessarily like the idea, a Telepath could have certain advantages during a time of war, or in finding someone innocent of a crime. (Rare is the fence-sitter who goes with this one.)
When I played that game, I chose opinion c. Now that this is happening in reality... it's not such an easy decision.
The Sony executives view this case as a game. They have become enthralled with the circumstances of their own creations, their eyes glued to the screen in the comfort of their lofty mansions. They delight at the characters scurrying about in their game, manipulating them from a far-off world... It really is amazing how much like a video game scenario this case has turned into. Now THAT is scary.
and I didn't speak out because I wasn't a hacker.
Then they came for the warez community,
and I didn't speak out because I wasn't a member of the warez community.
Then they came for the downloders,
and I didn't speak out because I wasn't a downloader.
Then they came for me
and there was no one left to speak out for me.
*gulp* Big Brother is watching us.
P.S.: I would like my OtherOS feature to haz Linux, please. Kk thx bai.
Don't break out those tinfoil hats yet folks.
The only thing I am scared about is NOT being watched and heard. It would mean that nobody is listening.
1. Whether the laws making PS3 jailbreaking illegal are fair
2. Whether a subpoena on internet traffic is inherently a violation of privacy to the visitors of that website.
I think 2 is the more interesting issue.
What makes a subpoena for internet traffic different than a subpoena for say security camera footage at the scene of a more traditional (offline) crime? Do we, or should we have a greater right to privacy on the internet than we do in our normal (offline) lives? Obviously the cops would have the right to subpoena security camera footage, given enough evidence that a crime was committed. So if the authorities similarly have evidence that a crime was committed on a website, what's different about subpoenaing the logs for that website? In both cases, whether we were caught on camera or we visited the website, we should have nothing to worry about if we did nothing illegal.
Or is there something different about the internet that we should have a greater right to privacy for our online activities than our offline activities? If so, I'd like to hear your argument.
I too worry about the slippery slope of tracking internet traffic. But I'm not sure how strong the argument is against the website subpoena, unless you attack the validity of the jailbreaking law.
[edit] And it could be argued that there is indeed a greater expectation of privacy in regards to internet browsing than the privacy expected when we are in public places.
Consider that social forces at work in public often curb what people are willing to express an interest in or investigate. These forces are absent the privacy of our home internet browsing.
For instance, a jock on the football team may have an interest in opera that he would not express in public around his peers for fear of altering his social image. This may prevent him from going to a public library to check out books/audio/video in regards to opera. However, this inhibition would not be present in his home while he searches the web because he assumes that no one will find out.
An admittedly imperfect example but you see what I'm getting at. There is a greater expectation of privacy online than there is in our physical presence in public places.
Now that subpoena, allow for example the house of some people to be found, I am very sure that those people are not pleased, that Sony now will know where they live, specially if they antagonize Sony in some way (does not matter if that antagonizing is legal or not).
Mauricio: "Sony now will know where they live"
Well, here's what I'm not clear on. Yes, the weblogs are being subpoenaed. But this does NOT mean the weblogs are being released to Sony directly, does it? Rather, a legal prosecutor investigating a crime against Sony are subpoenaing the weblogs. In which case it seems likely that Sony itself will never see these weblogs, due to the exact privacy issues you discussed. And if this is true, then this really is no different than the security camera analogy I gave in my OP.
"Sony has also won the right to subpoena YouTube, Google and Twitter, allowing the company to retrieve data regarding Hotz's accounts on each service."
Notice: "allowing THE COMPANY to retrieve..."
Even if Sony get only IPs, some IPs are tied to a particular location for example, allowing Sony to know where the IP (and thus the person) came from.
I'm not convinced Sony itself will be allowed to see any of the subpoenaed web logs, although I could be wrong.
http://www.wired.com/threatlevel/2011/02/playstation3-hacker-files/
So you're right, and I agree, there is a serious privacy issue here when it comes to the web logs.
The argument that they need this level of detail to establish a question of jurisdiction is absolute BS. All that's needed is testimony from the provider. It would go something like this:
"SONY: Did you review the logs pertaining to access to defendant's website?
Bluehost: Yes
SONY: And did you find evidence that access was made by persons residing in California?
Bluehost: Yes/No/Maybe"
BAM! Jurisdiction decided. Notice how much personal identifying information needed to be disclosed to Sony, the courts, or the public? That's right, ZERO. If you think for one minute that this isn't an overly broad information grab than you are hopelessly naive or willingly turning a blind eye to the facts. And further claiming that a a company with a documented history of attacking it's own PAYING customers will not continue to attack others with this new information is patently ridiculous.
Or I did. This crosses the line into actively evil big corporation arrogance for me. Going after people who just wanted to see that trainwreck of a rap video? The jurisdiction excuse doesn't wash; you don't need this level of disclosure just for that. Even the flailing wounded boss excuse doesn't work here. So no more Sony products, even if it's another division. I'm buying a new compact camera this week, looks like it's Canon, Olympus, or Nikon.
Joking aside, I agree with you.
My question to you both though is, should people using Sony's PS3's free online service be at least concerned? I have a PS3 and I won't subscribe to their premium services because I think it is a rip off. There is really nothing that I can't get with the free service. But now I am thinking should I even continue using my PS3 knowing that they are going after people like this.
Or you think the clothing in Plants Vs. Zombies was a accident?
:P
Ephraim and Mauricio's statements are what I agree with. This is going too far.
It's also a real concern when people, as Ephraim mentioned, state "if you didn't download anything, you have nothing worry about".
Right, you keep believing that.
"There is a lot of heated discussion at the local tavern (internet forums) over a group of people called Telepaths (Bluehost, Youtube, Google, Twitter). They have been hired by certain City-State kings (Sony). Rumor (court decision) has it these Telepaths read a person's mind (online account and records) and tell their lord whether a follower is telling the truth (involved with hacks) or not. What do you think about this?"
a) This is a terrible practice! A person's thoughts are their own and no one, not even a king, has the right to make such an invasion into another human's mind! (Most people seem to go with this option.)
b) Loyal followers to the King have nothing to fear from a Telepath. It is important to have a method of finding assassins and spies before it is too late. (A few people seem to go with this one.)
c) In these times, it is a necessary evil. Although I do not necessarily like the idea, a Telepath could have certain advantages during a time of war, or in finding someone innocent of a crime. (Rare is the fence-sitter who goes with this one.)
When I played that game, I chose opinion c. Now that this is happening in reality... it's not such an easy decision.
The Sony executives view this case as a game. They have become enthralled with the circumstances of their own creations, their eyes glued to the screen in the comfort of their lofty mansions. They delight at the characters scurrying about in their game, manipulating them from a far-off world... It really is amazing how much like a video game scenario this case has turned into. Now THAT is scary.