Go Ahead, Remake My Product

Why companies should embrace—not prosecute—the hackers who hack them.

It was the day after Christmas, and Geohot needed a new project. He’d already made a name for himself as a hacker, having unlocked the iPhone so that people could use it with multiple mobile carriers, against AT&T and Apple’s wishes. For his efforts, PC World in 2008 named Geohot—aka George Hotz—one of the ‘top 10 overachievers’ under 21 years old. Little did anyone know that Hotz was about to outdo himself. On December 26, 2009, in a blog post titled “A Real Challenge,” Hotz announced his interest in hacking the Sony PlayStation 3, which at the time was the only video game console considered to be fully locked and secure. It would be a real challenge, for sure. Four weeks later, Hotz succeeded.

On January 22, 2010, Hotz posted on his blog that he had hacked the PlayStation 3 by manipulating the system’s processor. The hack—firmware that Hotz made freely available online—accomplished three things: It allowed users to run their own “homebrew” games; it turned the PS3 into a console that could run games designed for older PS systems; and it angered Sony, which would have trouble surmounting the hack. “Sony may have difficulty patching the exploit,” Hotz blogged in late March. He was right. So, instead of developing a patch or a fix, Sony went after the now 21-year-old New Jersey native, filing a lawsuit in a U.S. federal court in January 2011. In it, the company accused Hotz (and cohorts) of violating the Digital Millennium Copyright Act and other laws—and asked a judge to order the hack removed from websites. Sony and Hotz settled in April, with Hotz agreeing to an injunction and gag order.

Although Sony got what it wanted, the lawsuit was ill-conceived and damaging. To take a hacker—particularly a young, beloved one—before a judge or jury is to invite an ugly backlash from a large (and growing), powerful community. Branding the hacker as a threat turned a disagreement over the proper use of technology into a David and Goliath situation. The Internet crowd always lines up behind David, often with malicious intentions. Recent demonstrations of this include the retaliatory cyberattacks on Visa and MasterCard websites after they blocked payments to WikiLeaks, and the hacking of Mark Zuckerberg’s Facebook fan page after widespread disagreement over the social network’s default privacy and security settings. Geohot had done no real harm to Sony. But his followers, armed with the key to the PlayStation’s security architecture and a whole bag of digital tricks, still could.

There’s really only one effective way for large corporations to deal with hackers: Ignore them completely. In Sony’s case, George Hotz isn’t the enemy. He did not spend a month hacking the PS3 so that he could attack users or steal their data; he did it so that PS3 fans could use the system in new and exciting ways—and expand its library of games. Hotz’s hack made the console more valuable and Sony more enticing to some of the gaming community’s most vocal supporters. It increased product awareness and brand goodwill. And it may encourage system holdouts who’ve been hesitant to upgrade to do so now.

There’s an army of George Hotzes out there with the ability to destroy systems and steal private information locked behind complicated screens. But instead they’re spending their time and expertise hacking hardware to make products more appealing to consumers. Recognizing the value in this harmless tinkering, many of Sony’s competitors are allowing the hacks to take place. Here are three examples from the video game industry—specifically, motion-sensing controllers—and the accompanying corporate takeaways.

SEGA GENESIS: ACTIVATOR

Decades ahead of its time, the Activator was a motion-sensing controller for the Sega Genesis released in 1993. Based on the Light Harp, a musical instrument conceived by musician Assaf Gurner, the Activator shot infrared beams into the sky from an octagonal base laid out around the user. Marketed as a martial arts simulator—the user could punch out over the base or kick to the side, breaking the infrared light and alerting the game to react—the Activator ultimately proved too complicated and costly. It can be argued that one of the reasons the Activator failed, aside from its $80 price tag, is that it was never hacked. Third-party developers couldn’t figure out what to make of the complex system or what to do with it. Without the Internet, interested hackers didn’t have an easy place to gather and exchange notes and ideas. The hardware was only used for a half dozen or so games developed to support the peripheral.

The Takeaway

Keep the system simple and affordable, so it’s accessible to users (and hackers).

NINTENDO WII REMOTE

The primary controller for the Nintendo Wii gaming system is a device popularly but unofficially known as the Wiimote. Using the handheld stick, which features an accelerometer and optical sensor, players can enjoy dozens of different motion-based games. The system gained widespread attention not just because of its groundbreaking technology, but also because of the large hacker community that has developed around the remote. Nintendo has done nothing to stop their hacks. The Wall Street Journal ran a lengthy article in April 2007 titled “Magic Wand,” which detailed how hackers were modifying the Wii Remote for their own purposes. Those purposes include breaking Nintendo’s code-signing measures and manipulating the Wiimote to control computers via Bluetooth and play games on mobile phones.

The Takeaway

Once hackers find a way in, do not discourage them from going there.

MICROSOFT XBOX 360: KINECT

Microsoft’s Kinect, which debuted in November 2010, differs from other motion-sensing video game consoles in that it doesn’t require a remote or similarly clunky device. The sleek black bar that sits on top of your television screen watches your every move, reacting to your physical and verbal cues. Adafruit Industries, a do-it-yourself hardware company based in New York, sponsored a hacking contest. (Its founder was recently featured on the cover of Wired magazine.) Microsoft initially took the Sony route and tried to put an end to things, but a consumer backlash prompted it to backpedal: “The first thing to talk about is, Kinect was not actually hacked,” Microsoft’s Alex Kipman told an NPR reporter. “What happened is someone wrote an open-source driver for PCs that essentially opens the USB connection, which we didn’t protect, by design, and reads the inputs from the sensor.”

Since then, Microsoft—which historically does not play well with others—has tried to portray itself as one that supports harmless hacks. So far, Kinect has been hacked to control computers with waves of a hand, to create 3-D maps of rooms, and to allow users to play a virtual piano by tapping their fingers on a desk.

The Takeaway

If you don’t invite hackers in, they’ll invite themselves, so why not do the right thing to begin with?

The most successful video game consoles are those that have been embraced by the hacking community. The free publicity, the excitement that surrounds finding new uses for a product, and the perceived added value (“This console is definitely worth my $300 if I can use it to play video games and control my computer!”) move more units. Not all hackers steal credit-card numbers by the thousands or confidential information from online databases. Some are creating bonus tracks for your customers’ albums that surprise and delight.

Nicholas Jackson is an associate editor at The Atlantic, editor-in-chief of Atlas Obscura, and an officer of the International Association for Literary Journalism Studies.

Reinvent Business

About

Reinvent Business challenged creative minds from across design, technology, business and academia to build a more human and truly social enterprise. For two days, 150 change-makers gathered in frog’s San Francisco studio to rapidly ideate, design and build software concepts and prototypes with the potential to transform business from within. By translating abstract values into concrete workplace experiences, the 20 concepts below enable companies and the people within them to unlock their human potential, make better decisions and create a positive impact on our world.

Articles in this series