Injunction Against 2600 for DeCSS

Vito writes "Figures. Mitnick's free, but now a federal court has issued a preliminary injunction against the 2600 website, and its webmasters have been threatened with immediate imprisonment, over the distribution of the DeCSS source code. Time to start that data haven." This is just the latest in the DeCSS fiasco, and it certainly won't be the last. The difference between this and the DVD CCA battle is that these are federal court cases, which is why terms like 'immediate imprisonment' are being tossed around.

Our best option

Join EFF [eff.org]. Join now.

People are going to need all the lawyers our donations to EFF can buy.

Thats just avoiding the problem

If you dont fight this sensibly how long is it before international providers are required to delink countries because they dont follow these stupid american laws?

At what point do random bits become illegal

I've always wondered at what point a set of random bits become a piece of illegal or forbidden information? Suppose for example I had an large data file that is entirely legal, say a mpeg of my kid's birthday party. Then I wrote a program that is capable of taking the mpeg file plus a file containing a sequence of commands and creating an output file. Suppose the commands looked like this:

1. print byte 59821
   
2. print (byte 33 + 1)
   
3. print bit 12
   

So what this is doing is just taking the input stream and rearranging it to construct an output stream. Now suppose the output stream just happened to look an awful lot like a gziped tar file of the DeCSS source code.

Which part of this system is illegal? Is it my home movie? Is it the filter program that simply processes some instructs and transforms a file. Is it the instructions? Or is it the combination of all of the above? What if these pieces are kept on different machines, who is the one providing the illegal content then?

Protection not "compromised"

Presto: the protection is compromised, and the DVD coalition is vulnerable to their (erstwhile) partner's legal fury. The content owners could sue the DVD makers right into their pockets for failure to come through on the protection of their content if the DVD coalition doesn't nip this in the bud..

Please be careful on statements like this. The protection WAS NOT compromised by DeCSS. There was simply no protection in the first place. As the OpenDVD fact sheet [opendvd.org] indicates, CSS' has no copy protection functionality -- it only controlled who could produce player software/hardware for legitimately owned DVDs. Anyone with a DVD-ROM drive, no player software, a hideously expensive DVD-R burner ($5-6k), and equally uneconomical blank DVD-R media (~$50 ea) can copy a DVD. (Oh, yeah, and Linux too. ;-)

That said, the essence of your comments takes on a different light. The DVD coalition made copy protection assurances to the content producers that were not broken by Evil-{Cr,H}acker-People, but rather, were never true in the first place. "Liability Is."

Can those T-shirt $$ buy Judge Kaplan a clue?

From the Wired article [wired.com]:

"Now really, Ms. Gross, I think it's a mistake for you to assume you're talking to a moron," said the judge, who pronounced Linux with a hard "i" and required a short briefing on the concept of linking.

The same article also describes the judge complaining about the defendant's lack of preparation, even though he denied their request for a postponement. The 2600 news section bears this out as well, describing how they had just 8 hours to talk to attorneys and prepare their case. This has all the signs of a travesty of justice in the making.

Only a battle, not the war.

Two comments (I am not a lawyer and always appreciate being corrected if I get something wrong):

1. It's important to understand the difference between the California case and the 2600 case. The California case is a theft-of-trade-secrets suit, which is unlikely IMHO to succeed. The 2600 case is a suit under the Digital Millenium Copyright Act, which specifically prohibits decryption devices, even when they are constructed through proper reverse engineering. It is much less clear IMHO that DeCSS is not in violation under the DMCA--argument for the defense hinges on the question of whether DeCSS is or is not *necessary*, and has as its *sole purpose*, to acheive interoperability with other DVD players.

2. In some ways lower-court rulings in favor of the DMCA are likely to be of benefit in the long run, because they will accelerate the process of getting higher-court review of the constitutionality of the DMCA. Many legal experts believe that the DMCA is not constitutional. It takes court cases lost in the local jurisdictions in order for this to come out in the legal system. Thus, the most important thing now is to support 2600 and the EFF to continue the fight so that eventually the whole DMCA can be thrown out. Somebody has to be the test case, and it's better if it happens sooner rather than later IMHO. If we won every local case brought under the DMCA due to technicalities, the DMCA and its horrible ramifications would remain in force. Better to lose some small and meaningless fights in order to defeat the DMCA.

This particular fight is about as meaningless as one could be, since there is no practical effect on the Linux or DVD world at large from the ruling. Only the defendants and their contacts are enjoined, so DeCSS distribution is not limited in any important way. Plus I'm sure 2600 is happy for the press coverage.

You can read the DMCA here. [cornell.edu]

Injunction applies to electronics stores?

Here's a quote from the injunction:
(c) "DeCSS" means any computer program, file or device that may be used to decrypt or unscramble the contents of DVDs that are protected, or otherwise to circumvent the protection afforded, by CSS and that permits the copying of the contents or any portion thereof.

This could be argued to cover anyDVD drive and software, and indeed anyDVD player that has a video-out jack (you can plug it into your VCR to make a copy -- Macrovision may screw it up some, but some portion would be copied).

Now, the injunction applies not just to 2600, but to anyone with contact with them -- so here's what they do: go visit as many retailers as possible selling DVD players (especially those that also sell VCRs, i.e. all of them) or DVD viewing software and talk to the sales folks. That's the contact. The stores thus fall under the injunction. 2600 obligingly reports all this.

Now, I doubt that the judge is gonna throw all those folks in jail, or tell them that they can't sell DVD players anymore. It might (mind, there's no telling about the intelligence of judges, especially in New York) get him to better realize the implications, though.

They're no friends of legitimate DeCSS users.

Indeed, sites like that are no friends of the legitimate users of DeCSS. If they've been actively promoting DeCSS as a tool to aid piracy then they've lost their case.

(And DeCSS can be used in such a way. There is a special part on a DVD which is not normally readable/writable that contains the CSS information. With DeCSS you can presumably write a DVD without getting/altering DVD equipment to allow you to read/write to those areas)

I for one won't be sorry to see them 'sent down'. However what we (via online discussion and articles in tech-friendly and even mainstream media etc) need to do is make clear that the vast majority of DeCSS users (and would be users like myself) simply want to use it to play DVDs on our systems, which amounts to noting more or less than interoperability reasons.

We must make clear that the targets of the recent cases to do not characterise the general DeCSS using (and would be using) community.

We must make it clear that a win in these cases means nothing to the larger DeCSS community. It's just a win against a few individuals whose crime was to abuse, or promote the abuse of DecSS for illegitmiate means.

We must show that there is a distinction between legitimate and illegitimate use of DeCSS, and that the legitimate users far outnumber the illegitimate users, thus the primary purpose for DeCSS is indeed for interoperability.

copyleft.net

It's at copyleft.net

Where?

Okay, I know this was rather rapid but did anyone publish the where and when for this case?

I work about 4 blocks from the court houses in Manhatten and would definately have dressed up and wandered over if it was likely to help.

When is the actual hearing going to be?

Colleen:Its a black-hole.
Hunter:Is that a good thing?
C:It is if you want to be compressed into oblivion.
H:Oh.. coooool.

a million roaches scramble under the fridge

well in some respects this isn't much of a surprise. if its one thing lawyers (and their clients) like to do is make (serious) threats.

of course part of the campaign is that 2600 is not your average web site, and if anything, the name alone should be enough to encourage people to setup mirrors all over the nets as soon as possible.

part of me wonders why the industry and their lawyers bother, but another part of me realizes that (digital) democracy doesn't come easy.

so how many of us run servers, and how quickly can we work to ensure that information remains free?

Re:threats, threats threats

I've got $5 that in the 80s you were an elite "kiddy" as well.

I know I was. Welcome to aging in cyberspace. Antigravity, yes. Anti-cranky, no.

But it does bring up a valid point. There's no way on God's increasingly less-green earth they're going to stop this code from proliferating. Why waste the court's time? Isn't there enough ludicrous crap floating through right now?

Like this legislation that (i swear to GOD) just passed, as a result of our great friends, the entertainment industry, that TV listings (tv guide, prevue, that kind of stuff) cannot list whether or not a show is a REPEAT.

It's a good thing our court system has been freed up to worry about things like TV repeats, or making it illegal to list on your dairy products that BGH was not used on the cattle, or that some hacker wrote a program that allows the decoding of extremely insecure video formats.

Fuck the video industry. Fuck the record industry. Fuck these billionaires without enough talent to act, sing, play an instrument or write a screenplay, but who know how to slap their fellow white men on the back and say, "Dammit Bob, let's go have martinis at the witless public's expense. Hell, in 4 years DVD will be obsolete and they'll all buy the same crap on some other medium instead."

Can you say "leeches?"

Re:You people just don't get it.

Like it or not the DeCSS software publishes a trade secret, the CSS encryption algorithm. This is illegal. Plain and simple. IANAL, but your summary here is just plain wrong. Trade secrets stand in contrast to patents. It is illegal to use patented information without a license, but the patented method must be published for all to see. Trade secrets don't have to be published, but if someone figures them out then they are free to use the information. There are exceptions (NDA violations, illegal methods of discovery, etc), but in general if you figure out a trade secret then it's (by definition) not a trade secret anymore and there is not legal protection on that information. Sumner

2600 can't handle the Slashdot effect

Here is a quick pasting of the article:

01/21/00

Today would have been a very happy day for us here at 2600. After nearly five years in prison, this is the day that Kevin Mitnick is finally being released.

Ironically, that development is overshadowed by a very immediate threat to 2600, the hacker community, and people who value freedom everywhere.
At 5:40 pm on Thursday, the Motion Picture Association of America was granted a preliminary injunction against us - and everyone we've ever had any contact with - prohibiting the distribution of the DeCSS source code. As a result we have had to remove our mirrors of DeCSS, css-auth and related information from the November article. Last week's complaint was filed at the last possible minute on a Friday before a three day weekend. This calculated and bullying move minimized media coverage and ensured that any publicity was only from their perspective. Not to mention of course the fact that the corporations that make up the MPAA collectively own just about every major media outlet in the country. Meanwhile the EFF legal defense team was busy preparing for the Tuesday DVD CCA hearing in California and we were busy preparing for the Mitnick release. We were given a grand total of about eight hours to consult with our attorneys, look for evidence, and write a declaration. Despite our having never been properly served, the judge only granted a continuance of a few hours making it impossible to assemble any evidence in time for the hearing. The judge essentially ignored our arguments and granted the preliminary injunction.

Suing the whole internet

Hehe. I doubt they'll do that, but I'm a bit concerned about anyone "affiliated" with 2600. I run the Maryland 2600 page and we had been mirroring the DVD files, as per Emmanual's request. I'm still waiting to hear clarification, but the initial response from 2600 makes it sound like the injunction is aimed at 2600 and it's affiliates. I am a bit concerned that this could mean inclusion in the suit.

I know Emmanual is gung-ho about fighting this and I support him completely, but I'm just a lowly recent college grad-type guy without the backing of a legion of fans and the EFF, etc. I don't have the time or the $$$ to fight it in court, and I doubt most of us do. Is it really wise for us to be suggesting that people mirror files haphazardly? I'd say mirroring them on "anonymous" sites, like geocities is safer (though not without hazard).

I know a bunch of folks who had their own, personal (thus easily tracable) sites on the 2600 mirror site a few weeks back. I'd hate to see a bunch of people wind up in jail because they got too wrapped up in what they THINK their rights are. In reality, an injunction means your ass belongs to the Man if you don't quit what you're doing. And for 99% of people that would mean a nice fine and some jailtime, rather than a glorious media-filled battle for "Constitutional Rights."

Enough rambling. I'm just worried that we'll wind up with a nice-sized pile of martyrs here if we aren't careful.

Re:Looking good (NOT)

According to the Wired article here http://www.wired.com/news/politics/0,1283,33816,00 .html The judge said "I don't think there's the slightest question that plaintiffs have a very good chance of success," Judge Kaplan said in issuing his decision.

Re:Cripes, they're serious.

Here's my worry: DVDs will be judged as *software*, and not as *movies*. Why not? DVDs have a UI, APIs, input devices (remote control!), and a sorta-OS. Legally it could be good enough. This could be positive: If DVD movies are shown to be software, then reverse-engineering the software is no problem for interoperability. The downside: End User License Agreements for DVDs. I really, really think it's critical that the Judge in the case be well-educated on this: the DVD movie is the at-issue copyrightable content, but the CSS encryption system is *software*, and the deCSS utility is being used to provide for interoperability of said software, not a a means to harm the copyright rights owned by their respective holders. Otherwise, in the future... *everything* could be considered software. DVDs... eBooks... how about that electronic newspaper? And everything will have shrinkwrap rules governing the use of what's been judged as software, and THEN free speech is in real trouble. There are some very serious, broad issues at hand here. --Neil

This will never get read, but...

Too far down the message chain to be read, I suppose, but some of the defendants in this case were NOT smart about the whole thing, and hurt the cause, I believe. Take, for example "www.dvd-copy.com" which tells you "What you need to trade Moviez online" and "Bastard Greedy Companies - eBOMB their servers!" and "Yes, you can trade DVD movie files over the Internet . . . You can break the encryption on any DVD and allow users to copy the contents of a DVD onto the a [sic] hard drive or alternative media! Notice: The DVD Copy Control Association are cocksuckers!"

This doesn't help. Sounds like the judge never gave the defendants a chance (with comments to the plaintiffs along the lines of "I can give you a runaway train on this one, if you'd like" - see http://jya.com/crypto.htm ) but the quotes above are not the way to go. The whole argument is that CSS is not copy protection, that DeCSS is not intended for privacy, etc, loses credibility due to sites like dvd-copy.com. I actually *support* this type of action against people who are proponents of illegally trading copyrighted material on the DVDs, because it hurts legitimate organizations like LiViD.
----

another idea.

i was posting something last month suggesting we start some kind of blue ribbon campaign-style thing, where everyone put up a little logo image and a mirror of decss.

someone [no idea who] replied by pointing out a simpler alternative: simply use the standard GIF comment blocks to distribute the DeCSS code. Distribute a GIF banner image type thing with the DeCSS code in it and have people put it on pages.
everyone who visits the page breaks the law.. -_-
i'd link to the discussion, but it's long gone now.

Now take a moment to remember Martin Luther King Jr., and what he said about peaceful civil disobedience to facilitate change of an immoral system of law..

-mcc
INTELLECTUAL PROPERTY IS THEFT

ok, i did it.. here it is.

http://drowned.cx/decss/

well.. i don't know if i like how these came out, but here they are [drowned.cx]. I went ahead and made them for some reason. I don't really like what they say. "This GIF is illegal" maybe isn't the best way to put it. I'm not quite sure. And it may or may not be true depending on your definition of "illegal". (And they maybe oughta have the LZW compression removed via ungif, just so we can all have rhetorical purity. :P)

The idea behind these images (spread public awareness, a la the blue ribbon campaign) only works if it's somehow centralised-- i mean, if images like these wind up in widespread usage, any usage of them should link to some central page that explains what the MPAA is doing and why it's wrong. In which case the "this gif is illegal" should be added to with "click here to find out why". From there it could probably explain what source code is, why it should be considered speech, the purpose of DeCSS, the purpose of CSS, the reason DeCSS does not help piracy (seeing as you can pirate DVDs just as easily without DeCSS just by copying the dvd without decoding or writing a fake video driver before playing it in windows), the reason the MPAA/DVD forum brought this on themselves (by refusal to give any support the unices, the one group most likely to understand how to reverse-engineer), the constitutionality of the Digital Millineum Copyright act with regards to the first amendment and the copyright clause of the constitution, and how the DVD forum in general is basically trying to prevent the spread of information. Y'know, how they are absusing the legal system to try to prevent people from distributing information about how to defeat a copyright protection measure (which sounds to me like it should be covered by freedom of speech and freedom of the press, even if said speech is in the language of C++ and said press is printing on TCP/IP packets instead of paper), or even distributing the location [URLs, links] of that information (which i know is speech, and which there is no basis whatsoever to prevent talking about.) Oh, and maybe some stuff thrown in about monopolies, the sherman antitrust act, and the fact that crushing DeCSS is clearly not to prevent piracy and protect the MPAAs profits and help the artists involved, but simply to preserve the MPAA's power as a political entity/robber baron. And everything else i forgot; what the MPAA/DVD forum is doing is wrong on so many levels you could go on for pages about it. We know all this already, you could do it solely based on compiling slashdot posts, i could write it myself if i weren't so damned tired and i didn't have to go to bed so i can take the SATs tomorrow.

As for the GIFs themselves, the kind of murky colored stuff in the background is actually the DeCSS code itself, with the ASCII interpreted as raw color values. Kinda nifty how the hex values at the end come out as just patterns of lines. On the big one i enlarged it and blurred it over a bit to fit more text, but i wouldn't use that one if i were you cuz the file size is unneccicarily large (like 40k.. i think it's better as small as possible). As promised, both contain the entire source code to DeCSS in their comment fields. If you feel like it (hell, do whatever you want-- they contain GPLed code, so they're GPLed images, so i have no control over what you do with them :) ) you can go ahead and put either on any web page you may have with a little note about how the person viewing the page has just broken the law by storing illegal information about defeating copy protection in their browser caches. But, i still think this needs to be more organized.

Please excuse the poor writing in this post. As i said, i am tired.

making keys analogy not valid

From the MPAA's Jan 14 press release [mpaa.org]:

"This is a case of theft. The posting of the de-encryption formula is no different from making and then distributing unauthorized keys to a department store. The keys have no real purpose except to circumvent the locks that stand between the thief and the goods he or she targets."

It's not a valid analogy. It would be more appropriate to compare DeCSS to a set of lockpicks. Lockpicks are legal to buy and to use in your own home. The only thing that's illegal is when you use them to break into someone else's house.

Similarly, DeCSS should be legal for distribution and personal use. The only thing that should be illegal about DeCSS is using it to crack DVDs you don't own for personal gain.

Simon

Call the MPAA and give them your thoughts

Main Office Address:

Motion Picture Association of America
(MPAA)
Motion Picture Association (MPA)

15503 Ventura Blvd.
Encino, California 91436
(818) 995-6600

*out*

A copy of my email to 2600

Here's a copy of what I sent to the 2600 guys. What do you guys think? Is my logic correct?
---begin quote---
- From the injunction:

3. Certain terms use in this order are defined as follows:

(a) "DVD" means digital versatile disc.

(b) "CSS" means the Contents Scramble System used to encrypt,

scramble or otherwise protect the contents of certain DVDs from being

copied.

(c) "DeCSS" means any computer program, file or device that may be

used to decrypt or unscramble the contents of DVDs that are protected, or

otherwise to circumvent the protection afforded, by CSS and that permits the

copying of the contents or any portion thereof.


Under the above restraining order, *any* product that can decrypt CSS
and play back its contents is so termed "DeCSS" which means that all
hardware DVD players are "DeCSS" and thus must not be distributed.
Likewise, under this injunction, it seems that Xing, Creative, et.
al. cannot distribute their software DVD players.

For example, my Philips set top DVD player:

1. is a device
2. decrypts CSS encoded DVDs
3. plays them back over a unencrypted output ( the video/audio
connections ), thus allowing me to copy them to any device that
accepts video input e.g. my RCA VCR, my computer via my Pinnacle DC30
capture card, et. al.

and thus , being that it fits the description in 3.(c), is "DeCSS"

Hmmm. Interesting, eh? Contact Circuit City and tell them to cease
and desist selling all DVD players that putput an unencrypted video
feed, otherwise they are violating the restraining order. You might
want to forward this insight on to whoever at the EFF is doing their
defense. This is way too wide and could be overturned quite easily on
the basis that this document includes the licensees of the CSS
decryption method present in DVD players and software.

*Disclaimer*: I am not a lawyer. I never will be. I just thought
through this logically, and saw a large hole.

See Ya
----end quote----

Re:Whacking the mole

Is this what all the fuss is about??? Sure looks like speech to me ;)


/*
* Copyright (C) 1999 Derek Fawcus
*
* This code may be used under the terms of Version 2 of the GPL,
* read the file COPYING for details.
*
*/

/*
* These routines do some reordering of the supplied data before
* calling engine() to do the main work.
*
* The reordering seems similar to that done by the initial stages of
* the DES algorithm, in that it looks like it's just been done to
* try and make software decoding slower. I'm not sure that it
* actually adds anything to the security.
*
* The nature of the shuffling is that the bits of the supplied
* parameter 'varient' are reorganised (and some inverted), and
* the bytes of the parameter 'challenge' are reorganised.
*
* The reorganisation in each routine is different, and the first
* (CryptKey1) does not bother of play with the 'varient' parameter.
*
* Since this code is only run once per disk change, I've made the
* code table driven in order to improve readability.
*
* Since these routines are so similar to each other, one could even
* abstract them all to one routine supplied a parameter determining
* the nature of the reordering it has to do.
*/

#include "css-auth.h"

typedef unsigned long u32;

static void engine(int varient, byte const *input, struct block *output);

void CryptKey1(int varient, byte const *challenge, struct block *key)
{
static byte perm_challenge[] = {1,3,0,7,5, 2,9,6,4,8};

byte scratch[10];
int i;

for (i = 9; i >= 0; --i)
scratch[i] = challenge[perm_challenge[i]];

engine(varient, scratch, key);
}

/* This shuffles the bits in varient to make perm_varient such that
* 4 -> !3
* 3 -> 4
* varient bits: 2 -> 0 perm_varient bits
* 1 -> 2
* 0 -> !1
*/
void CryptKey2(int varient, byte const *challenge, struct block *key)
{
static byte perm_challenge[] = {6,1,9,3,8, 5,7,4,0,2};

static byte perm_varient[] = {
0x0a, 0x08, 0x0e, 0x0c, 0x0b, 0x09, 0x0f, 0x0d,
0x1a, 0x18, 0x1e, 0x1c, 0x1b, 0x19, 0x1f, 0x1d,
0x02, 0x00, 0x06, 0x04, 0x03, 0x01, 0x07, 0x05,
0x12, 0x10, 0x16, 0x14, 0x13, 0x11, 0x17, 0x15};

byte scratch[10];
int i;

for (i = 9; i >= 0; --i)
scratch[i] = challenge[perm_challenge[i]];

engine(perm_varient[varient], scratch, key);
}

/* This shuffles the bits in varient to make perm_varient such that
* 4 -> 0
* 3 -> !1
* varient bits: 2 -> !4 perm_varient bits
* 1 -> 2
* 0 -> 3
*/
void CryptBusKey(int varient, byte const *challenge, struct block *key)
{
static byte perm_challenge[] = {4,0,3,5,7, 2,8,6,1,9};
static byte perm_varient[] = {
0x12, 0x1a, 0x16, 0x1e, 0x02, 0x0a, 0x06, 0x0e,
0x10, 0x18, 0x14, 0x1c, 0x00, 0x08, 0x04, 0x0c,
0x13, 0x1b, 0x17, 0x1f, 0x03, 0x0b, 0x07, 0x0f,
0x11, 0x19, 0x15, 0x1d, 0x01, 0x09, 0x05, 0x0d};

byte scratch[10];
int i;

for (i = 9; i >= 0; --i)
scratch[i] = challenge[perm_challenge[i]];

engine(perm_varient[varient], scratch, key);
}

/*
* We use two LFSR's (seeded from some of the input data bytes) to
* generate two streams of pseudo-random bits. These two bit streams
* are then combined by simply adding with carry to generate a final
* sequence of pseudo-random bits which is stored in the buffer that
* 'output' points to the end of - len is the size of this buffer.
*
* The first LFSR is of degree 25, and has a polynomial of:
* x^13 + x^5 + x^4 + x^1 + 1
*
* The second LSFR is of degree 17, and has a (primitive) polynomial of:
* x^15 + x^1 + 1
*
* I don't know if these polynomials are primitive modulo 2, and thus
* represent maximal-period LFSR's.
*
*
* Note that we take the output of each LFSR from the new shifted in
* bit, not the old shifted out bit. Thus for ease of use the LFSR's
* are implemented in bit reversed order.
*
*/
static void generate_bits(byte *output, int len, struct block const *s)
{
u32 lfsr0, lfsr1;
byte carry;

/* In order to ensure that the LFSR works we need to ensure that the
* initial values are non-zero. Thus when we initialise them from
* the seed, we ensure that a bit is set.
*/
lfsr0 = (s->b[0] b[1] b[2] & ~7) b[2] & 7);
lfsr1 = (s->b[3] b[4];

++output;

carry = 0;
do {
int bit;
byte val;

for (bit = 0, val = 0; bit > 24) ^ (lfsr0 >> 21) ^ (lfsr0 >> 20) ^ (lfsr0 >