Secure Xbox broken in less than a week. SlashDot links to a posting by the Xbox Linux Team that they have broken the security on the supposedly secure Xbox so that it will run Linux instead of the Microsoft OS. Note that they describe this as "normalizing" the device -- in other words, no security is the normal state for a computational device. In one sense, this is true, because any security in a static device, like the Xbox, where the ROM and the OS are easy targets. They're just sitting there waiting to be broken. Same with a "universal" solution to protecting intellectual property. It is much harder with a moving target, such as encrypted email, to break every message.
In another sense, the natural state of a system is to function. The Xbox will eventually come with an online service built in -- break that by replacing the OS and the Microsoft security and the online service will stop working. Tying a device to an ongoing service, besides creating a recurring revenue stream, creates disincentives for destroying the security in the system for most folks. Some will always crack systems, but the system that delivers value is the system that will be preserved.
Windows delivers value, because it runs lots of applications. Same with the Mac. Same with Linux. For most people, that's all the value they want. For the teams that break systems, it's the challenge of doing so that delivers value. We tend, when looking at these stories, to see pirates and pillagers of legitimate systems. If people want to buy your hardware, break the security on it and use it as they please, fine. If they make tools that let them run your games, fine. If they can't get to the follow-on services you offer because they broke the system, but they paid for the system, it's fair.
Your application or hardware is a machine, not a work of art totally unique and irreproducible. As a machine, it should be tinkered with, because that's how machines get better. If the Xbox is broken, hire the Xbox Linux Team to build support for Xbox games and online services that users will pay for. Price the games fairly. Hire them to build support for online services, price those services as an attractive enhancement to the device.
What's clear is the market is telling us people don't want security regimes, they want freedom to use the devices they buy as they please. They will pay and break the security. Likewise, if you price software and games or music fairly, if you let them use those titles as they like, copying small bits, like you quote from a book in a school report, and selling the whole title when they are done with it, like an old CD or book, people will pay a fair price.
If you focus on the broken security and not the message it sends, like certain massive entertainment conglomerates have so clumsily done, you're going to lose. Keep your eye on the message, that fairly priced useful devices and "software" will sell because people appreciate their value, and you'll win.
Posted by Mitch Ratcliffe at October 12, 2002 01:59 PM | TrackBack