DirecTV dragnet snares innocent techies
Dolphins in the Tuna Net
In recent months the satellite TV giant has filed nearly 9,000 federal lawsuits against people who've purchased signal piracy devices. But some of those devices have legitimate uses, and innocent computer geeks are getting caught in the crackdown, writes Kevin Poulsen of SecurityFocus.
In 2000, Texas-based physician Rod Sosa says he had the entrepreneurial notion that medical offices might pay a premium for a secure workstation -- one better suited for housing sensitive patient information than an off-the-shelf PC. A long time computer geek and tinkerer -- as well as a medical doctor and internist -- Sosa began working on a prototype. "I wanted to do this as a means of making extra money outside of my own practice," he says.
Sosa quickly became enamored of the idea of using smart cards to provide access control at the keyboard; the PC would have an attached reader, and physicians, medical assistants and office staff would all carry their own cards that would unlock the system. So the doctor ordered an inexpensive smart card programmer from the Web, and began experimenting. "It turned out to be much more difficult than I anticipated," Sosa recalls. He lost interest in the plan, and the $79 programmer was relegated to Sosa's electronics junk box with the old RS-232 cables and 5 1/4 inch floppy drives.
It sat there forgotten for nearly two years, until October, 2002, when Sosa received a letter from satellite TV giant DirecTV. The company accused him of purchasing piracy equipment, and, by extension, stealing DirecTV's signal. When he called the company to clear things up, he found they weren't interested in his explanations: they wanted $3,500 and the smart card programmer, or they would literally make a federal case out of it and sue him under anti-piracy laws. "I didn't know what to do, I was completely flabbergasted. So I sent the money in," says Sosa. "I have a livelihood, and I have a family, and there are a lot of things that I`d rather be than right."
Last month DirecTV even won a court order gagging the webmaster of the Pirates Den, one of the largest and oldest electronic watering holes for satellite pirates. Using a Canadian legal instrument called an Anton Piller order, DirecTV had the site shuttered, and British Columbia-based proprietor Daryl "Risestar" Gray barred from discussing the action in public, according to sources close to the defense. The case is still being litigated, and Gray has launched another message board called Freedom Fight, where among fevered user discussions on the shutdown's implications for free speech and Canadian sovereignty, his court-ordered silence resonates.
But the most controversial pincer in DirecTV's piracy war is its fierce and growing campaign against end users -- the pirates themselves, who use devices like "bootloaders," "unloopers," and emulators to hack DirecTV receivers, or reprogram DirecTV smart cards, to receive standard and premium programming and pay-per-view content for free. Targeting pirates for their piracy is difficult, if not impossible, since receiving DirecTV is a passive operation. So instead the company is going after people like Sosa, who have purchased hardware from one of the equipment vendors shut down in the DMCA raids. Critics say that approach is misguided, and is snaring innocent hobbyists and security researchers, some of whom have never even owned a satellite dish. "Innocent people are being caught in DirecTV's dragnet," says Jason Schultz, a staff attorney at the Electronic Frontier Foundation, which began receiving calls for help from DirectTV defendants last year.
The company begins by sending the equipment-purchaser a letter, sometimes through a local law firm, citing a hefty sack of federal statues that outlaw piracy or possession of signal theft equipment. The letter gives the recipient a deadline of a couple of weeks to contact DirecTV, or face litigation and possible damages of $100,000 or more.
If the recipient calls the phone number on the letter, they're given a settlement offer -- usually the same $3,500 that Sosa paid. If they don't pay up, or if they ignore the letter entirely, another letter arrives in the mail as a reminder that settling with the company is the only way to resolve the matter "without either of us incurring significant legal costs." If the recipient still doesn't play ball, the company makes good on its threat and files a lawsuit. At that point, the settlement price tag jumps to $10,000 -- still less than the typical cost of paying a lawyer to go to trial against a corporate powerhouse in federal court.
DirectTV has sent out tens of thousands of these demand letters, and filed lawsuits against over 8,700 people around the country, most of them in the last six months. "The veil of anonymity has been lifted," says company spokesman Robert Mercer. "We believe that this really does send a very strong message to consumers that they can't steal DirecTV's signal with impunity."
It's not known how much signal piracy costs DirecTV. On Wednesday parent company Hughes Electronics reported strong second quarter results, with $2.4 million in revenue, driven by DirecTV's subscriber growth. It ended the quarter with 11.6 million subscribers paying an average of $61 a month for service.
"Dolphins in the Tuna Net"
But lawyers who represent some of the accused pirates say that DirecTV's anti-piracy push is going too far. "If people are pirating their signal, DirecTV is entitled to go after them and get whatever damages they can get," says Florida lawyer Albert Zakarian, who's represented over 700 people nationwide at the letter stage, and another 50 in court. "The problem that I have is that there are as many people out there getting sued who are not pirating their signal as there are pirates. They're catching a lot of dolphins in that tuna net."
Zakarian and other lawyers say that DirecTV is abusing the system by failing to conduct any kind of investigation before filing a lawsuit: purchasing a device from an equipment vendor that caters to pirates is all it takes to put you in the company's crosshairs. Some users buy hardware intending to pirate DirecTV, but aren't able to get it working. Years later, they get sued anyway.
No one weeps for failed pirates, but some of the equipment that people are being sued over has perfectly legal uses. The clearest example of this is a device marketed as an "unlooper" in piracy circles. Pirates buy it for a "glitching" function designed to repair a satellite TV access card that's been placed in an infinite loop by one of DirecTV's electronic countermeasures.
But the unlooper is also a reprogrammable smart card programmer, capable of doing everything a standard ISO-7816 programmer can do, and more. Some of the added functionality makes it an attractive buy for experimenters without larceny in their hearts, defense attorneys say. "For a few bucks more you get a programmer that can be programmed," says Rob Apgood, a Seattle lawyer. "If somebody is sophisticated enough to be pursuing programming smart cards, they're going to look at the specs of the device. They don't care how it's marketed, they're going to get the best deal."
Marc Witteman, an electrical engineer and smart card security expert with Riscure in the Netherlands, says the glitching function has only evil applications, but agrees with the defense lawyers that the unlooper's programmability makes it valuable for legitimate uses as well. "The programmability is nice to have, and a useful feature for many smart card developers," Witteman says. "It makes sense for techies to buy this stuff as they get the exciting feature apparently for free."
That's the reason that New Jersey-based security professional Park Foreman gives for having purchased an unlooper from White Viper Technologies sometime before the Southern California company was raided by DirecTV's Office of Signal Integrity in June of 2001. Forman, a senior security manager for a transportation company, says he wanted to see if he could develop an end-to-end session-based encryption system that would link a card to a remote server securely. "I was interested in how you might do a key exchange, and I was curious if they had the horsepower and capability to do it, and how much was involved," says Foreman. "I went into Google and did a search for smart card readers."
The purchase earned Foreman a DirecTV demand letter last year. He phoned the company, but declined to pay the $3,500. Instead, he says he canceled his DirecTV service: he'd been a paying subscriber. Thus far Foreman has not been sued, and he views DirecTV's campaign as a direct mail scam, designed to frighten people into paying money. "It's a Nigerian love letter," he says. "As far as I'm concerned the next move is theirs. I will not be intimidated and I will not give in."
EFF says Foreman's story is far from unique. "We have another guy who is an artist, and he creates audiovisual exhibits for museums. He wanted to install a smart card system where the curator of the museum would have a card, and he could use it to turn on or off the exhibit," says Schultz. "By buying the smart card reprogrammer so he could design his own system, he became a pirate in the eyes of DirecTV."
Though they won't give their defendant's names, defense attorneys offer other examples of people who, they say, are completely innocent, but were threatened or sued anyway: A network administrator who secured the admin console in his server room with a custom smart card system; an engineer exploring the feasibility of using smart cards to store high-performance code tweaks for automotive electronic control modules; a coder working on an application to import addresses book entries from smart card compatible GSM phones.
There's no way of knowing for certain, of course, that the defendants are telling the truth, and professed pirates posting anonymously on Freedom Fight have openly discussed their plans to falsely claim legitimate use of their equipment if they're ever sued. But defending a case costs money, and critics of DirecTV's campaign say that people have been paying the $3,500 settlement, guilty or innocent, simply because they can't afford a lawyer. "This is definitely part of their strategy against the pirates. and they're showing little or no sensitivity to the innocent people getting caught up in the same attack," says Schultz.
DirecTV's Mercer says he's heard it all before, and he doesn't buy it. "I have to say, how innocent is someone who goes to website that is clearly identified as a pirate website that is devoted to selling equipment to steal satellite TV programming, and orders the equipment, knowing full well what they're getting?" says Mercer. "That's quite a stretch."
Stretch or not, Mercer admits that DirecTV has dismissed some cases after the defendant proved his or her innocence to the company's satisfaction. "These are so, so, so rare," he says. "Again, these people are going to pirate websites." The company won't say how many cases it's dropped, but Zakarian and Apgood both say they've negotiated dismissals. In every case, though, the innocent defendant is left holding the bag for their attorney fees.
To California lawyer Jeffrey Wilens, DirecTV's whole end-user campaign smells of extortion. Wilens filed a class action suit in Los Angeles last year accusing the company of exactly that. "Realizing that they don't have a legal position, they're just trying to use heavy-handed tactics to intimidate people, just like the record industry is going to be doing in the very near future," says Wilens. "At least the record industry will target people who `did it', instead of `could have done it.'"
But Los Angeles Superior Court Judge Charles McCoy disagreed, and in April dismissed the suit, ruling that DirecTV's demand letters were sent in connection with litigation, and were therefore legally privileged. The judge also awarded attorney's fees to DirecTV, putting Wilens' seven plaintiffs on the hook for a total of nearly $100,000 in law firm billables. The company promptly posted the ruling to HackHU.com, one of the pirate sites they'd taken over, presumably as a warning to others considering turning the tables on them.
That decision was bad news for Dr. Sosa. After building up a head of steam over DirecTV's tactics and his own capitulation, he volunteered to be one of the seven plaintiffs in the extortion suit last year. Now he's potentially on the hook for a portion of the $100,000 penalty, in addition to the $3,500 he already paid DirecTV.
Sosa spoke with SecurityFocus reluctantly, seemingly torn between indignation over the affair, and fear that speaking to a reporter would make him a target for reprisal. "When you try and defend yourself, you can't win," he said. "It's just a staggering thing, to see what's happened with all this.You might as well say that everybody who buys a car is guilty of vehicular homicide."
The class action suit is under appeal, and Wilens professes optimism -- both for his extortion case, and the federal cases around the country. "DirecTV is starting to lose cases now that people are knowledgeable and are getting attorneys," he says. "The easy settlement days are over."
It's too early to say if Wilens is right. Of the thousands of end user cases in the federal courts, many have already resulted in a default judgment against the defendant, because he or she ignored the summons. None have yet gone to trial. But a smattering of pre-trial decisions have gone against DirecTV. Last month a federal judge in Michigan granted summary judgment against the satellite company in their case against Eugene Karpinsky, ruling that Karpinsky's purchase of two unloopers was not enough evidence "for a reasonable fact-finder" to infer "that Karpinksy in fact unlawfully intercepted or aided in unlawfully intercepting DirecTV satellite signals." Evidence in the case convinced the judge that Karpinksy was an unlikely suspect for a DirecTV piracy case. He didn't own a satellite dish.