Thursday, May 03, 2007

HD DVD DRM crack spreading

Ed Felten: AACS Plays Whack-a-Mole with Extracted Key

"The people who control AACS, the copy protection technology used on HD-DVD and Blu-ray discs, are apparently trying to shut down websites that publish a certain 128-bit integer. The number is apparently a “processing key” used in AACS. Together with a suitable computer program, the key allows the decryption of video content on most existing HD-DVD and Blu-ray discs.

I won’t publish the key here but you can spot it all over the Web. It’s a long string starting with “09 F9″.

The key has been published on a few websites for months, but in recent days the AACS “Licensing Authority” (AACS LA) has taken to sending out demand letters to websites that publish the key, claiming that the key is a circumvention technology under the DMCA. News of these demand letters, and the subsequent disappearance of content and whole sites from the Net, has triggered an entirely predictable backlash, with thousands of people reposting the key to their own sites.

The key will inevitably remain available, and AACSLA are just making themselves look silly by trying to suppress it. We’ve seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.

It’s hard to see the logic in AACS LA’s strategy here. Their end goal is (or should be) to stop unauthorized online distribution of high-def video files ripped from HD-DVD or Blu-ray discs. The files in question are enormous and cumbersome to store and distribute, containing more than a gigabyte of content. If you can’t stop distribution of these huge files, surely there’s no hope of stopping distribution of a little sixteen-byte key, or even of decryption software containing the key. Whatever tactics can stop distribution of the key should be even more effective against distribution of movies."

Robin Gross at IPJustice and the blogosphere and YouTube generally has been awash with comments on this story. decided to take down stories including the offending number - and it is just a hexadecimal number which can relatively easily be converted to a decimal equivalent (very roughly 1.3E37 to 2 significant figures, any lawyers reading should please note that the number in this form is totally useless to potential cirmcumventers/code breakers) - after getting a series of cease and desist letters and taking legal advice which indicated they might be held liable under the DMCA. The Digg community promptly revolted and posted hundreds of items with the offending code and then backed down and agreed to leave them on the site and hang the consequences. That is notable in itself as a potential illustration of the power of user communities in a Web 2.0 environment but...

Good luck to them with the legal fees since I can't see anything to distinguish this case from the Universal v Reimerdes case when the music industry sued Hacker 2600 for posting links to DeCSS. Everyone but the lawyers end up as losers. The crack gets widely spread, the website gets an injunction and the lawyers get paid.

The usual suspects will rightly pontificate about censorship etc. but the thing that gets me about this kind of case is that a self appointed trade body is essentially attempting to claim ownership of a number. Sure it's a big number but it's just a number and nobody should be allowed to own it or get to say who has the right to write it down and share it.

No comments: