Sony has agreed to drop a lawsuit against a hacker who published the secret key used to jailbreak the PlayStation 3, in exchange for promises he will drop all future attempts to unlock the game console.
The agreement ending Sony's controversial legal attack on George Hotz, aka GeoHot, was laid out in a permanent injunction filed in federal court on Monday. In it, Sony agreed to dismiss the lawsuit, and the New Jersey-based hacker promised to permanently cease any “unauthorized access to any Sony product”. That means Hotz may never reverse engineer, or disassemble any portion of the product, use any tools to bypass its encryption or security, or design or distribute unauthorized software or hardware for use with a Sony product.
US District Judge Susan Illston, who is presiding over the case, must still approve the settlement for it to be final.
"I am not able to speak on this matter without breaching my settlement agreement,” the 21-year-old Hotz wrote in an email to The Register. “Therefore, I have no comment other than this one. With that said, I do not like censorship, and I do not like censoring myself. Rest assured I am still fighting the good fight, in the best way I know how."
Riley Russell, General Counsel for Sony Computer Entertainment America said in a blog post that the company was satisfied with the agreement.
“Our motivation for bringing this litigation was to protect our intellectual property and our customers, Russell said. “We believe this settlement and the permanent injunction achieve this goal.”
Sony filed the lawsuit in US District Court in San Francisco in January that targeted Hotz and 100 other hackers who independently published technical details used to run PlayStation games and applications not authorized by the Japan-based console maker. Sony accused Hotz of violating provisions of the Digital Millennium Copyright Act that prohibit the trafficking of “circumvention devices” that bypass technology designed to prevent access to copyrighted material.
Sony filed the complaint after Hotz deduced and published the secret “metldr” key that allows the rooting of the PS3. Ironically, it was the secret related key that was tweeted a month later on an official Sony Twitter account reserved for public relations.
The lawsuit represented a major PR problem for Sony because it enraged some of the PS3's most loyal fans, who said they wanted to restore Linux functionality to the console after Sony abruptly removed it.
The critics argued they should be free to modify hardware they legally purchased without running afoul of the DMCA, which carries stiff criminal and civil penalties for violations. Indeed, the US Copyright Office has exempted the jailbreaking of iPhones from the statute, but that move had no bearing at all on the unlocking of game consoles.
During the lawsuit, Sony gained access to Hotz's PayPal, YouTube and Twitter accounts, and also won the right to view the IP addresses of anyone who visited his website for more than two years. Sony also won an order requiring Hotz to turn over his computer and hard drives and remove all online postings about his PS3 hack.
While the settlement is likely to end the most controversial battle in Sony's campaign to control how customers use the console, other skirmishes continue. One pending lawsuit brought by PS3 customers challenges Sony's removal of the “otherOS” feature that allows it to run Linux applications. While a judge recently gutted most of that suit, plaintiffs' attorneys have since amended their complaint, giving them another shot. In February, a German PS3 hacker published a jailbreaking “bible” after Police raided his home.
What's more, Sony has yet to announce any settlement with members of a hacking collective known as fail0verflow, which spoke about hacking the PS3 in December at the Chaos Communication Congress in late December. The fail0verflow members were named as DOES in the same suit that targeted GeoHot.
So while Sony's campaign against PS3 hackers is likely to become much lower profile, don't expect it to end anytime soon. ®
Sponsored: Webcast: Simplify data protection on AWS