Electronics Manufacturers Use US Legal System to Thwart Hardware ‘Hacks’

Electronics manufacturers are taking legal action against users in the United States who communicate how to unlock or “hack” hardware devices. However, manufacturers’ use of their hired legal guns to crack down on hacking, which they say infringes on their intellectual property ownership rights, is a point of debate.

Users, mostly hobbyists, who reconfigure or reverse engineer electronic devices and communicate to others how to do that maintain that their hacks are an art and pose no harm in and of itself. Electronics vendors, or original equipment manufacturers (OEMs), claim that such knowledge can be used to illegally distribute software, steal internet service from internet service providers, or to commit other illicit acts. OEMs also seek to better control the designs and uses of their devices, especially those that are “locked-down,” such as video consoles, video players, set-top boxes, and smart phones, unlike the more open PC model, which facilitates media file distribution between users (IPW, Copyright Policy, 28 May 2009).

Consumer rights and other groups also maintain that users are free to communicate so-called hardware “hacks” under free speech and other laws in the United States. However, policy groups and analysts say clamping down on the unintentional use of hardware protects OEMs’ intellectual property rights and helps consumers in the long run.

In one of several recent high-profile cases, Texas Instruments (TI) is sending cease-and-desist letters to calculator owners who crack and communicate device codes. In a US District Court in Massachusetts, federal authorities representing the interests of internet service providers around the United States have indicted Ryan Harris, a cable modem hacker and author of “Hacking the Cable Modem,” for six counts of federal conspiracy, wire fraud, and computer fraud charges. Harris, aka DerEngel, said he was only communicating how users can “unlock” cable modems. Apple has sought to lock its iPhone device down since its release to prevent unapproved software from being installed and run.

While not involving use of the US court system, Microsoft began shutting down services of more than a reported one million Xbox Live subscribers worldwide last year upon discovering through Internet connections that owners had hacked their consoles.

The legal actions taken by OEMs involve claims that the US legal system affords protection for their intellectual property in response to perceived threats to their business models. However, the perceived threats vary. “It depends on the consumer device and how the company sees themselves making money,” said Jennifer Granick, civil liberties director for the Electronic Frontier Foundation (EFF).

For Jon Erickson, a security specialist and author of “Hacking: the Art of Exploitation,” it is likely that the legal departments of corporations are spearheading these cases and may run counter to the philosophies of the original developers. “I think sometimes this is just a case of the lawyers wanting to do their jobs for a different side of the company than the developers,” Erickson said.

Still, OEMs are merely enforcing what they see as their IP rights by preventing users from hacking and communicating how to hack devices because hardware manufacturers generally licence under terms that forbid reverse engineering, said Richard Bennett, a research fellow for the Washington, DC-based Information Technology and Innovation Foundation. “They (like most designers) want to protect their investments in [non-recurring engineering] from cheap, knock-off manufacturers. So they’re setup to police violations of IPR [sic] as they find them,” Bennett said.

“A second reason,” he said, “is that network devices such as DOCSIS cable modems are part of a shared communication infrastructure, which depends on the downloading of configuration data from the network’s control point in order to ensure that bandwidth can be shared equitably among users. Providing info on how to circumvent the operators’ config system makes the devices less attractive, de-stabilises networks, and jeopardises sales.”

The Common Thread

TI did not respond to Intellectual Property Watch’s request to interview a company executive about its cease-and-desist letters sent to those communicating how to hack its calculators, though a spokesman did confirm that the letters were sent out. So while protecting its intellectual property ownership of software and machine code represents the basis for its legal claim, TI did not communicate to Intellectual Property Watch why it specifically sought to prevent hobbyists from communicating how to tinker with its calculators.

However, according to the EFF’s Granick, TI may seek to discourage the use of its calculators for non-traditional ways to protect its reputation in one of its markets. “For TI, I believe they want testing companies to trust that the device hasn’t been programmed to help students cheat on standardised tests,” Granick said.

OEMs also mainly target their anti-hacking lawsuits in the United States where court systems are in place to protect their claims. “People who are stealing services or releasing cracking apps do it from countries where the law can’t do anything,” Erickson said.

In the case of Apple, it seeks to prevent users from communicating how to install unauthorised applications on iPhones so users can do such things as circumvent service providers that block them from using Skype or replacing mobile phone SIM cards to save money when travelling overseas. Ultimately, however, Apple is protecting consumers from the risks associated with hacking their devices, said Leander Kahney, editor of Cultofmac.com and author of “Inside Steve’s Brain.”

“Apple is selling directly to consumers, who aren’t the best guardians of their own self-interest. The open PC model works for knowledgeable users who know what they are doing and how to protect themselves, but not so for 15-year-old fashionistas and techno-phobic geriatrics,” Kahney said. “A measure of lockdown is exactly why Apple is successful – it hides complexity while ensuring a certain level of reliability and stability. The vast majority of Apple’s customers are utterly unconcerned – they could give two hoots that they can’t hack their devices.”

Some of the risks of using unapproved hacks on the iPhone are devices that become unusable, applications that drain the batteries in 40 minutes, or stolen identities. “A lot of hackers see this as lockdown, but I think it’s the price we pay for ease-of-use, reliability and security,” Kahney said.

In the case of Harris, his alleged acts of communicating to consumers how to unlock their modems to get basic internet service or to upgrade to more expensive high-speed connections as well as selling software and cable modems to do that could lead to lost revenues if users actually do commit illegal acts by getting commercial services for free. However, it is crucial to note that the defendant Harris does not actually steal service, said Bill Pollock, founder of book publishing company No Starch Press, which published Harris’ “Hacking the Cable Modem.”

“In the same way, you could compare it to someone giving you a knife, and one person uses it to cut bread and the other person uses it to stab his wife. Who is at fault? The knife manufacturer or the person who actually killed the person?” Pollock said. “So you would look at it and say ‘why would this guy make these tools?’ and he can claim whatever he wants.”

First Amendment Protections

In the United States, the First Amendment in the US Constitution protects free speech, even if the information communicated can be used to, among other things, cause harm or to commit illegal acts. These laws, for example, allowed author William Powell to write and publish “The Anarchist Cookbook,” which gave instructions about how to make bombs and to commit other acts of mayhem in the early 1970s. Communicating how to hack OEMs devices and even how to steal services is thus protected under First Amendment laws, said Fred von Lohmann, staff attorney for the EFF.

“Under the DMCA [US Digital Millennium Copyright Act] and copyright law, users are entitled to reverse engineer and make interoperable products,” von Lohmann said. “And certainly the First Amendment applies if you’re talking about these subjects (even if you’re expressing yourself by writing and publishing software code), which is the point we made when squaring off against Apple on behalf of hobbyists who wanted to sync their iPods using software other than iTunes.”

However, service agreements can preclude communicating how to hack devices, especially if they involve rented products, such as cable modems, said Bennett.
“Most cable modem hardware is owned by network operators and leased to users. In the cases where users own their cable modems, they’re sold with a licence agreement that prohibits reverse engineering,” he said. “Reverse engineering is a predicate to distributing step-by-step hacking guides.”