After months of expensive litigation, Sony has finally settled its case against George Hotz and dismissed the remaining defendants from the case. Was it worth the thousands Sony paid in lawyers fees? That depends on Sony’s motivation.
What Sony gets in the settlement (based on the final judgment filed yesterday): George Hotz agrees to leave Sony alone. Really alone. Since Hotz has announced he’s joining the boycott of Sony products, that may not seem like much to give up. But Hotz has agreed to do more than simply avoid hacking any Sony products; he has agreed not to even link to anyone else’s research on Sony products, or to share any Sony confidential information he might receive, even if he obtains it legally. In other words, Hotz is now under a gag order.
But the rest of us are not. Hotz’s research remains public information. The security flaws discovered by the researchers allow users to run Linux on their machines again — something Sony used to support but recently started trying to prevent. So all Sony has really accomplished is to silence one lonely researcher, and anger loyal customers. Hardly seems worth it, right?
Unless you assume that Sony had a different motivation: to chill security research on Sony products.
There’s good reason to suppose that assumption is correct. For example, as we noted when the suit was filed, Sony not only asked the court to immediately impound all "circumvention devices" — which it defines to include not only the defendants' computers, but also all "instructions," i.e., their research and findings. If that had been accomplished, the defendants could have lost access to their own research, and, of course, would have been prevented from sharing it with the world. Even worse, Sony claimed that it was a crime for users to access their own computers in a way that Sony doesn't like. Against this background, this speech-chilling settlement should surprise no one.
The judicial process should never be used to shut down lawful communication and investigation. Here's hoping future security researchers will refuse to be intimidated and that other companies will decline to follow Sony's heavy-handed example.