Techdirt. Stories filed under "broken"

SimCity Always-Online DRM Lets Hackers Play Godzilla With Anyone's Cities

Timothy Geigner — Mon, 18 Mar 2013 12:12:00 PDT

It seems that everyone is giving EA and Maxis quite a bit of grief over the SimCity debacle. The game's launch was, um, not great. The backlash against the game's producers was worse, all the more so once the lying began. But late last week, new evidence was uncovered that suggests perhaps we've all been a little bit unfair to EA and Maxis. What if I told you that the always-online game architecture enabled you to be what all of us have secretly wanted to be since we were very, very little children?

Well, hello, childhood fantasy o' mine. I didn't see you standing there.
Image source: CC BY 2.0

Yes, as Kionae alerts us, one (unplanned?) consequence of requiring online saves for your SimCity games is that anyone with a bit of hacking skill can visit your city, put some Blue Oyster Cult on in the background, and wreak the kind of havoc normally reserved for Japanese nuclear monsters. See, you can, were you so inclined, enter the save game city of another person, and then completely edit or destroy their loving creation like some kind of digital psuedo-god.

Pictured: Omnipotence

Just so we're clear, this is only possible because of the EA always-online requirement.

It's still awesome because this hack is only as destructive as it is because of EA's decision to make the game always-on. If the game hadn't had always-on DRM then this hack wouldn't be half as devastating as it is. Having EA delete these kind of topics from their forums is great damage control but don't be surprised if there's another furor when people start raging on the forums when some hacker decides to go through and Godzilla everyone's town. Enjoy.

Enjoy indeed, as long as that enjoyment happens outside of EA's forums. As noted above, the company is enforcing their TOS rules on their forums and deleting all topics relating to these kinds of hacks. Why? Well, because when a dingo is chewing on your arm, the best defense is to place your noggin lovingly into some sand to make it all just disappear. Or, if that doesn't work, you could always just apologize for what is becoming the greatest video game debacle this side of a Duke Nukem game, but I'm not holding my breath.

Permalink | Comments | Email This Story

Judges Realize Aereo's Setup Is Insane Technologically... But May Get The Wrong Message Out Of It

Mike Masnick — Mon, 3 Dec 2012 14:01:00 PST

A few months ago, we wrote about law professor James Grimmelmann's awesome article about how copyright law for media streaming was completely insane from a technological standpoint:

Suppose I could offer you a choice of two technologies for watching TV online. Behind Door Number One sits a free-to-watch service that uses off-the-shelf technology and that buffers just enough of each show to put the live stream on the Internet. Behind Door Number Two lies a subscription service that requires custom-designed hardware and makes dozens of copies of each show. Which sounds easier to build—and to use? More importantly, which is more likely to be legal?

If you went with Door Number One, then you are a sane person, untainted by the depravity of modern copyright law. But you are also wrong. The company behind Door Number One, iCraveTV, was enjoined out of existence a decade ago. The company behind Door Number Two, Aereo, just survived its first round in court and is still going strong.

The issue, of course, is a series of lawsuits that have really only displayed how copyright law written for legacy technologies has no idea how to deal with streaming media. After each one, companies try to figure out how to make a legal service, which seems like a noble goal. However, because of all the ridiculous specifics in rulings where judges contort themselves to come up with a way to fit a ruling into their preconceived notions of what's legal and what's not, the end result is that if you want to design a legal service, you have to set up a truly twisted and confusing setup... like Aereo's.

That issue has come up in the appeal on the district court Aereo decision. The TV networks are trying to convince the appeals court that the lower court was wrong. There was a lot of focus on trying to distinguish Aereo from the same court's ruling in the Cablevision case four years ago, which said that a remote DVR offered by Cablevision was legal. However, apparently there was an interesting exchange in which the judges seemed to realize that Aereo's setup was technologically insane:

The judges also questioned Hosp on why Aereo needed to have all those antennas. "Why not one? Is there a technological reason? Any legitimate business reason?"

Aereo's lawyer, David Hosp, admitted that the reasons were legal. This is the point at which people should realize that this demonstrates one of the many ways that copyright law is broken, because it forces companies to go through all sorts of convoluted technological decisions to deliver the same experience that could be delivered much more easily and efficiently otherwise. Instead, the judges seemed concerned in the other direction, that if the decisions were done for a legal reason it was somehow a sign of ill-intent:

One judge also observed, "You say your model is built around Cablevision. Isn't that like organizing your business affairs to avoid taxes?"

That, of course, is a ridiculous analogy -- and thankfully Hosp responded correctly: following what the court said was legal in earlier cases isn't about "avoiding" anything, it's about following the court's instructions on how to stay legal!

"The plaintiffs say it is a bad thing to follow the law," he said. "I believe the 2nd Circuit got it right in attempting to strike the right balance between public and private performances that lawmakers wanted."

Anyway, it wouldn't be surprising to see the court overturn the district court ruling, no matter how ridiculous a result that would be. It really feels like a lot of these cases are judged based on a judge deciding what he "feels" should be legal, and then trying to work in a justification later.

Permalink | Comments | Email This Story

Final Stats On Heartland Payment Systems Class Action: $1,925 To 11 People, $600k To Lawyers

Mike Masnick — Mon, 9 Apr 2012 11:10:00 PDT

We've been discussing for years just how broken the "class action" lawsuit system is in the US. The idea behind it sounds like it makes sense: if a company wrongs a bunch of people, the ability to bundle them all into a class, and get recompense via a single lawsuit seems like a good idea. But, in practice, class action lawsuits have basically just become a feeding trough for lawyers to become rich, with very little done to help those wronged. In some cases, the end results of class action lawsuits are completely laughable. Years ago, for example, we highlighted how Netflix "settled" a class action lawsuit by giving everyone a free one-month "upgrade," but if you failed to downgrade by the end of the month, you were kept on the higher plan and charged for it. As I said at the time, that wasn't a "settlement" so much as a marketing program. And, oh yeah, the lawyers who brought the lawsuit against Netflix got $2.5 million.

Law professor Eric Goldman, who's spoken out about the broken class action system in the past, has another ridiculous example, this time involving Heartland Payment Systems. You may recall Heartland as being the company that had the largest security breach ever (at the time), losing data on over 100 million credit cards. A class action lawsuit (of course) followed, and Heartland agreed to pay up to anyone who could show that they were a victim of fraud from the loss. The company didn't have cardholder addresses, so it spent $1.5 million to advertise the settlement, and estimated that over 80% of the potential class saw an ad at least 2.5 times. Either way, not too many claims came in. A total of 290 claims were made, but only 11 were found to be valid.

Heartland had to pay a maximum of $175 to those individuals. Assuming it did pay the maximum, that means the "victims" of the breach got a grand total of $1925 (perhaps less). According to the settlement agreement, Heartland was supposed to pay out at least $1 million to victims (and up to $2.4 million). If less than $1 million worth of victims were found, the rest would go to non-profit organizations focused on protecting consumer privacy rights. That leaves $998,075 for those non-profits.

So, let's summarize:

Actual victims got: $1925
Heartland spent $1.5 million to find the people to give out that $1925.
Somewhere around $998,075 goes to non-profits
The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each. Nice work if you can get it.

That $600k is actually a "discount." The court recognizes the absurdity of using the full $1 million in calculating the "settlement," so it knocks down the "value" (but not the payment) of the money going to the nonprofits, and then uses a bunch of random magic to award the attorneys that $600+k. And, of course, Heartland also ended up paying its own lawyers a ton. In the end, this system involved Heartland paying many millions of dollars... to benefit a "class" of 11 people and giving them less than $2,000.

As Goldman notes, the whole thing seems bizarre:

Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).

Something is broken with the system.

Permalink | Comments | Email This Story

That's A Lot Of Non-Working Technology

Mike Masnick — Tue, 18 Nov 2008 01:38:00 PST

The latest study from the Pew Internet and American Life Project says that while plenty of people are buying new gadgets and technology, an awful lot of them are having trouble getting or keeping it working. According to the survey, 48% said they need others' help in setting up new devices. Additionally, plenty of folks noted that when their stuff broke, it was a pain to fix it. In fact, 15% of people said they just gave up and left devices not working when they had troubles. While some may see this as an opportunity for various "home geek services" operations, it seems more like an alarm for the consumer electronics and technology industries that they have to start making stuff that isn't so confusing to set up and use.

Permalink | Comments | Email This Story

Copyright Has Stretched So Far That It Has Broken

Mike Masnick — Tue, 10 Jun 2008 09:35:00 PDT

The Cato Institute is running a series of articles on "The Future of Copyright," a subject that the think tank has been discussing for a while now. The first piece in the series, by Rasmus Fleischer, is an absolutely fantastic read, detailing all of the reasons why those pushing for stronger copyright laws are doing so, and why copyright itself is being stretched way beyond its initial purpose. He goes over the history of copyright, and how it was really initially only intended to protect printed works, but as that coverage has expanded over the centuries, you run into some really awkward scenarios where this square peg no longer comes close to fitting into the round hole:

This change has taken place because previously distinct media are now simulated within the singular medium of the Internet, and copyright law simply seems unable to cope with it. Consider radio broadcasting and record shops, which once were inherently different. Their online counterparts are known respectively as "streaming" and "downloading," but the distinction is ultimately artificial, since the same data transfer takes place in each. The only essential difference lies in how the software is configured at the receiving end. If the software saves the music as a file for later use, it's called a "download." If the software immediately sends the music to the loudspeakers, it's called "streaming."

However, the receiver can always choose to transform a stream to a digital file. It's simple, legal, and not very different from home taping. What now fills the record industry with fear is the possibility that users could "automatically identify and separate individual tracks from digital transmissions and store them for future playback in any order." In other words, they fear that the distinction between streaming and downloading will be exposed as a big fake.

For example, Swedish company Chilirec provides a rapidly growing free online service assisting users in ripping digital audio streams. After choosing among hundreds of radio stations, you will soon have access to thousands of MP3 files in an online depository, neatly sorted and correctly tagged, available for download. The interface and functionality could be easily confused with a peer-to-peer application like Limewire. You connect, you get MP3s for free, and no one pays a penny to any rights holder. But it is fully legal, as all Chilirec does is automate a process that anyone could do manually.

So, what happens? Well, the entertainment industry that's focused on protecting its old and increasingly obsolete business model, keeps pushing for new legislation that tries to force that square peg into that round hole -- and each time, the new legislation just makes things worse. So they push for more legislation, that just makes things even worse again.

This domino effect captures the essence of copyright maximalism: Every broken regulation brings a cry for at least one new regulation even more sweepingly worded than the last. Copyright law in the 21st century tends to be less concerned about concrete cases of infringement, and more about criminalizing entire technologies because of their potential uses. This development undermines the freedom of choice that Creative Commons licenses are meant to realize. It will also have seriously chilling effects on innovation, as the legal status of new technologies will always be uncertain under ever more invasive rules.

But the situation is only going to get worse for entertainment companies that don't learn to embrace the changing market. Every attempt to legislate things back to the past will only fail -- and that failure will become even more and more profound as you follow the rather obvious trendlines of technology:

One early darknet has been termed the "sneakernet": walking by foot to your friend carrying video cassettes or floppy discs. Nor is the sneakernet purely a technology of the past. The capacity of portable storage devices is increasing exponentially, much faster than Internet bandwidth, according to a principle known as "Kryder's Law." The information in our pockets yesterday was measured in megabytes, today in gigabytes, tomorrow in terabytes and in a few years probably in petabytes (an incredible amount of data). Within 10-15 years a cheap pocket-size media player will probably be able to store all recorded music that has ever been released -- ready for direct copying to another person's device.

In other words: The sneakernet will come back if needed. "I believe this is a 'wild card' that most people in the music industry are not seeing at all," writes Swedish filesharing researcher Daniel Johansson. "When music fans can say, 'I have all the music from 1950-2010, do you want a copy?' -- what kind of business models will be viable in such a reality?"

So as the industry tries to fight this, it just keeps focusing on more and more draconian laws, that do an awful (and I do mean awful) lot more than just strengthen copyright. They chill innovation, outlaw important and useful technologies and remove important civil liberties:

Yet in the name of ISP responsibility, virtually any Internet user might be called to account by the recording industry. Here's why: In discussions about so-called ISP responsibility, it is crucial to remember that big telecom companies are far from the only existing "operators of electronic communications networks and services." This is the actual definition of an ISP, used within the European Union bureaucracy, but by this definition, you may be one, too. The U.S. Digital Millennium Copyright Act is equally vague: It defines a "service provider" as a "provider of online services or network access, or the operator of facilities therefor," leading many to wonder whether libraries, employers, or private individuals operating routers might also qualify as ISPs.

Given such a broad definition, any company or person sharing connectivity, as well as anyone hosting a blog or a web forum, could, in the name of "ISP responsibility," be obligated to register the identities of users and to deliver them to copyright enforcers on request. The range of possible abuses is enormous. Attempts to save an already broken policy will mean an ever more absurd sequence of follow-up regulations.

There's plenty more beyond those snippets here that make the entire piece worth reading. I'm looking forward to additional pieces in the series as well.

Permalink | Comments | Email This Story