Saturday, June 4, 2011

The Sony Hacks: A Morality Tale for the New Century

American Public Media aired an interesting story yesterday, comparing the recent storm of hack attacks Sony has endured to the storm of hack attacks Microsoft has, interestingly, not endured.

It all started back in January 2010, when a whiz kid named George Hotz announced that he had found a way to hack into Sony's Playstation 3 console. This was considered quite an achievement for several reasons, first and foremost because the PS3 was the last piece of contemporary game hardware that hadn't been hacked yet.

(For the computerly disinclined, think of "hacking" as finding a secret passage into an electronic fortress, sneaking past all the guard dogs and booby traps and gaining access to the fortress' interior, allowing the hacker to snoop around and to do whatever he wants while inside.

Contrary to popular perceptions, "hacking" is not a malicious or destructive activity in itself. However, some hackers - such as the Chinese hackers who got into Google and hijacked hundreds of personal Gmail accounts - commit malicious acts once they gain entry by hacking. But branding all hackers as vandals, thieves or criminals, makes no more sense than branding all young Muslim men as terrorists. Or all lawyers as crooks. Or all used-car salesmen as ... well, let's not push it.)

The PS3 console was considered hackproof, secure, even hard -- hard as in "armored and bulletproof," not as in "difficult." That's part of what made it a challenge. Hotz announced in 2009 that he was going to hack it, and then he kept an online blog of his progress. He certainly didn't do it in secret.

There was no doubt in Hotz' mind that he could successfully do the hack. After all, he was the first person to hack the iPhone, and he only stopped hacking iOS devices because "it's not as fun as it used to be" (quoting his Wikipedia entry).

Sony responded to Hotz' hack by changing the programming in the PS3. Hotz then hacked the reprogrammed PS3. Hotz and Sony played cat and mouse with the hardware for 12 months, until January 2011, when Sony took Hotz to court in a civil lawsuit.

Hotz' final hack of the PS3 resulted in what's called a "jailbreak." (If you followed my "hacking" analogy above, you can think of a "jailbreak" as freeing the princess trapped inside the electronic fortress. For example, when the iPhone first came out, it could only be used on an AT&T network. Jailbreaking the iPhone allowed it to be used on any cellular network.)

With a jailbroken PS3, users could write their own games and play them on the PS3, which would be a good thing, and they could freely copy commercial PS3 games for other users, which would be a bad thing. Sony's strategy for the PS3 did not include surrendering power over their hardware to the users, and they decided that they needed to enforce that strategy. However, in doing so, they made a huge tactical mistake. To protect their strategy, they could have hired Hotz. They should have hired Hotz. Instead, they sued him. Wikipedia contains the interesting notation that "Sony had to take George Hotz to court" (italics mine).

The worldwide hacker community is huge. It numbers in the millions, I would guess. It's very loosely organized. What it lacks in organization, it makes up in cohesiveness. You could say that its organizational model is that of an anarchic meritocracy. This community is very protective of its members, especially the ones at the top of the heap. When Sony fired its big guns at one of the hackers' own, the hackers fired back.

The result was the endless steam of hack attacks Sony has endured since January, starting with an attack by a group calling itself "Anonymous," and continuing into last week, when Sony's online resources were looking pretty battered.

Contrast this with what happened when hackers got into Microsoft's Kinect. Like the Sony PS3, Microsoft never intended for users to do anything with the Kinect other than play the authorized games. But to any geek, even this geek, the Kinect hardware is fascinating. A geek could drive himself giddy thinking of all the cool things the Kinect could be used for, besides controller-free, multiplayer DDR games - heck, way beyond any kind of games. For example, the Kinect could be used for remotely manipulating C3P0-style robots in radioactive environments.

Yeah. Well, in November 2010, a company called Adafruit offered a prize to the first person to hack the Kinect - more specifically, the first person to produce an open-source driver for the Kinect. It took less than a month for a winner to emerge. Initially, Microsoft said "No, not a good idea; we won't like that." But cooler heads (curious heads? interested heads?) inside Microsoft lobbied for an alternative position. Microsoft's own Alex Kipman, speaking officially for Microsoft, appeared on NPR's Science Friday and basically said, "Well, the hardware wasn't actually 'hacked.' They just monkeyed with the USB interface. And we left that open on purpose, so people could do this."

Oookay, maybe they did that on purpose, and maybe they didn't. But MS's approval of Kinect hacking activities has led to all sorts of interesting applications for the Kinect - applications that do in fact go way beyond dance games. Go search the Web for "Kinect hack" for some examples. There exists an active community of indie Kinect developers, supported in varying degrees (both officially and unofficially) by Microsoft people. The Kinect is still alive, it hasn't turned into a monster, and its proprietor, rather than defending itself from revenge attacks by the hacker community, has to some degree welcomed them to its table.

It's a pity that Sony didn't have the foresight that Microsoft did in this case. Faced with nearly identical challenges, both companies reacted differently, and ... well, the Law of the Harvest is still true: "Whatsoever a man soweth, that shall he also reap."

Afternote 1: It appears that I have become a reluctant Microsoft fan. I used to be very anti-MS, back when MS looked like Pinky and the Brain, trying to take over the world and doing a very clumsy job at it. Today, Microsoft The Corporate Entity seem to have given up on their quest for world domination, and are relying more on their products' merits, than on ruthless business strategies, to make a buck. And, as I said before, their product lines are fragmented enough that it's possible to admire one part of the company while detesting another. Insert smiley here.

Afternote 2: Sources. I have given links for the American Public Media and National Public Radio stories in the text. I also used the Wall Street Journal print edition, June 3, 2011, and Wikipedia entries on "George Hotz" and "Kinect" for details. I couldn't resist adding the New Scientist link about the race to hack the Kinect, after this blog entry had already been published. I would mention the Google search engine, since I used it extensively, but that's like mentioning oxygen: everybody uses it and nobody even thinks about it; it has become second nature. And let's not forget Galatians 6:7.

1 comment:

Zyzmog said...

Sony's still doing it wrong. Rather than make peace with the hackers and regain control over their own system's security, "Sony is preparing to ban gamers from the PlayStation Network (PSN) unless they waive the right to collectively sue it over future security breaches.

The firm has amended PSN's terms and conditions and users have to agree to them next time they log in."

This from BBC News, 16 Sep 2011.

Let's see if we have this straight:
Somebody hacks Sony's game console.
Sony comes down on them like a legal ton of bricks.
Hackers exact revenge by breaching the security of Sony's online gaming network, compromising the privacy of 100 million subscribers.
Sony wants all of their subscribers to admit that it's the subscribers' fault, and if they refuse, then Sony will kick them out of the club.

I think that Sony is running out of feet to shoot itself in.