Slashdot Mirror
Preliminary Injunction Issued in DVD CCA Case
jlj writes "Judge Elfving has just issued the preliminary injunction. We're having the opinion faxed over now and we'll have it up on www.opendvd.org ASAP. This has truly been a sad week... but we will keep fighting!" In the word of EFF Attorney Robin Gross, "We're going to need some bigger guns." The judge's official opinion can be found here. This story will be updated as we get information.
That's right...
;)
Feel free to link to http://mmadb.no/jlj
It's in Norway and it won't go down
Dear Mr. God, please grant these idiots in "authority" the vision to understand the stupidity of the MPAA's position, the sense of the EFF's case, and the rights of the populace to foster inter-platform compatibility.
Oh yeah. Please kick those idiots in DVD Consortium and the MPAA in the nads with spiky shit-kicker boots.
Amen.
Chas - The one, the only.
THANK GOD!!!
Chas - The one, the only.
THANK GOD!!!
As one of the named defendants, I've taken down my files. Thankfully, Judge Elfving has stated that there will be no damages awarded. Ironically, this point probably helped DVD CCA the most.
-- adraken
... is that the judge cited (obviously, they don't make these things up, which means that probably the plaintiffs as precedent cited) Religious Technology Center vs. Netcom. RTCvsN was the Scientologists cracking down on ISPs. Bad case, bad precedent, bad law. Ugh.
If I was the MPAA would be to simply replace the current encryption technology with rot13. It's just as secure and it would massively increase the lawsuit possibility. So many unixen come with rot13 and they could sue them all. Hell, they could probably get MS to bankroll the whole thing.
--Shoeboy
If it gets printed, then it's public knowledge. And Trade Secret claims go to pot once 'an innocent' comes across it.
PLUS you can't use that source code to copy a DVD. You'd have to type it in, compile it, run it...three steps removed from source is legal defence enough about wishing to encourage piracy...and they can't use a US court to pursue a foreign national in another country. Especially if that country is Norway, or somewhere with similar protected speech laws.
Whaddaya say?
It doesn't even appear that it affects anything outside of California.
And the brethren went away edified.
On page3.gif: .. is considered proper means .."
.."
"Discovery by "reverse engineering"
page4.gif:
"The court is not well positioned to interpret Norwegian Law
Proving they obtained the code improperly would be pretty difficult considering this, no? What could they do really?
The battle may be lost, but the war is far, far from over. Keep up the good fight. Don't lose faith. Tonight I'm gonna get drunk and listen to some good jazz. Maybe tomorrow will be a better day!
This is just an injunction. It's just a way of putting things on hold while the case is reviewed. It doesn't mean at all that the judge has decided in the plaintiff's favor. In fact, it says:
As Plaintiff conceded at the hearing on the TRO, once this information gets into the hands of an innocent party, the Plaintiff loses their ability to enjoin the use of their trade secret.
This is why the injuction was put in place. However, it's too late. Thousands of innocent people have downloaded this code already.
Once, and if they win this case they will have no trouble shutting down the sites. Most ISPs will comply, so getting it in the US won't be hard. I've got my copy from Sig11's mirror, And I'm keeping it. This does really not look good
The problem is, while to us the C code is as clear as english, most other people think of program code the way they think of macines, and they have had no trouble getting those banned, witness the DSS "test-card" issue, that's really only reprograming the small computer in a DSS satilite card, but it's illigal.
If judges feel that it's a device and not an idea then were fucked, and it becomes completly illigal. No, they won't beable to whipe it from the net, that's for sure, but they can kill effectively kill projects like LiViD. Red Hat isn't going to put illigal code in there main distro. SuSe isn't going to put somthing in that would get it banned in the US.
If the DVDCCA wins this, and they might, the effects will not be good...
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
If I'm understanding this right, it's saying that the injunction was granted not necessarily because DeCSS is illegal, but because it MIGHT be and the cost to the defendents caused by the injunction is almost non-existant, while the cost to the plantifs by not having an injunction is potentially huge.
By the way, does anyone know what "IT IS FURTHER ORDERED that Plantiff DVD-CCA shall post a bond in the amount of $10,000 pursuant to CCP 529" is all about?
Maybe not the defendants named in the case, but it sure as hell harms RedHat Software, SuSE, VA Linux Systems and the like. How can they compete against Windows on the desktop if Linux is missing critical applications such as software DVD?
retrorocket.o not found, launch anyway?
Sounds fair enough so far. Let's see why he says they did that.
What this basically says, is that, despite the fact that DVD CCA made no compellimg argument that the reverge engineering was wrongfully done, "circumstancial evidence" says that it was, therefore, this point will be granted to the plaintiff.
This is the part that really, really annoys me. What this says is that DVD CCA's right to have their ass covered by the law when they made a booboo and picked a weak encryption scheme, and god forbid it lets make fair use of a recording medium we purchases, is more imporant than our (I am a defendant) right to disseminate information freely. This is so wrong I cannot begin to rant enough about it, so let me just repeat this point again: This is a Judge saying "gagging your First Ammendment rights will be less harmful than a company losing money due to repeated mistakes on its behalf." Elving's statements that we will still be allowed to "discuss" the information, as long as we do not reveal it, still amount to a gag order, and a restriction on our speech.
To his credit, Elfving is right here. Nothing he has done is terrible, in regards to the current legislative framework, and standard legal procedure. And there is still a whole case ahead of us to make the points that such limitations ARE irrelevant. However, this sets a very grim tone for the proceedings to come.
Again, some sanity prevails here. Restricting linking would be fruitless, silly, and just plain wrong. What this means, is that we are all still free to link to code mirrors. If any remain around (and I am sure they will) after today, I will be linking to them from my website where I previously had the DeCSS code.
We have been granted link rights, and the right to still discuss this case and the issues at hand. Let's use them to the best of our abilities, to make sure the side of right, and of freedom, wins out.
Look -- the judge is practically begging the defense to prove that the reverse engineering in Norway was legal. He essentially points out that the plaintiffs don't have a leg to stand on if it's really true. So, is it really true?
Make me aerodynamic in the evening air
Page 4, lines 19-21 read, "Defendants have not provided evidence of any economic harm which an injunction could currently cause, although if such an injunction were not granted it is quite possible that this could change which could possibly shift the burden of harm in Defendants' favor"
Is it my imagination, or is the judge saying that if the mirrors would just all charge for the software, it would be much harder to get an injunction, since they would have an economic interest in its being available?
Excellent point. How many of you, like myself, thought DeCSS was interesting when you first heard about, but had no need of it and continued about your life?
Later though, when MPAA started beating their chests, and filing lawsuits, I saw fit to download DeCSS for myself, just for safekeeping. I don't have a DVD-Rom in my machine currently, but I'm certain that I will at some point in the future.
I'm not going to be prevented from watching movies I purchased (70+ and counting) on the opertaing system of my choice.
That's probably the funniest part of this whole ordeal... Had they only provided us with the means for playing our movies under Linux, DeCSS might not even exist today. That's what they get for ignoring us.
For those that would die defending it, Freedom
has a sweet taste that the protected will never know.
The bond posted by the plaintiff is to cover any damages caused by the injunction to the defendants. Most likely, nothing will come of the money, but it is one of those little legal things they throw in there. Real had to do the same when StreamBox had their X-file get software which would allow people to save .rm streams. Essentially, if the defendants would stand to lose monitarily, the plaintiff is required to post a bond to cover that. The bond is paid out if the case is found in favor of the defendants.
from the horses mouth
NIVRAM
I am somewhat relieved in that the ruling was not entirely irrational. The judge rightly recognized, even while confusing the World Wide Web with the Internet, that it's unreasonable for webmasters to be held responisble for content on sites they link to. Had he granted the part of the motion that sought to ban links, the ruling would have been truly draconian.
And the brethren went away edified.
As much as I love the EFF, having attended the trial I can see why we lost:
They said their stuff was stolen. We argued that we should be able to get away with it.
"Their secret wasn't protected enough" "They waited too long" "They knew it'd be broken" "They don't know for sure we got it from Xing" "Maybe they don't really have the right to sue us!"
Note, we didn't argue some greater good that is served by the taking, nor the harm implied by enforcing a unilateral license agreement upon a captive audience. We didn't claim they had no right to deprive us of rights, hell, we didn't claim a single right at all. This is coming out a hell of alot more bitter than it should, but I think this loss will make us stronger in the long run.
They proved they lost something. We tried to prove...something. I'm not sure.
Here's my summarization of the plaintiff's case. I'm not going to continue this document, but rather work on something completely different--something that directly addresses just exactly what the DVD CCA is trying to take away from us.
I'll be honest: I'm not happy with the way this turned out, and if I wasn't so crammed for time(I literally just secured long term housing for myself around 20 hours ago), I wouldn't even post this. But C'est La Vie.
=====DVD Redux: The Plaintiff's Complaints
=====================================
A Courtroom Analysis by Dan Kaminsky
effugas@best.com
http://www.doxpara.com
After receiving a rude awakening from the Linux community--and, make no mistake, it's us they're fighting--the DVD Copy Control Association today stepped up their efforts to restrict the further release of the codes necessary to play a CSS-encoded DVD disc. Last time, they walked into court with the presumption of victory on their lips. This time, they fought with far more intensity. But with far more time to prepare, so did we.
As of the writing of this summary, it remains to be seen who will prevail.
For sheer lack of time(and because I have no idea if anyone wants me to finish), I will restrict my analysis to the opening case of the plaintiffs.
The plaintiff's case seemed dedicated to addressing the wounds it received at the TRO(Temporary Restraining Order) hearing. Extensive evidence was offered justifying the claim that the DeCSS code was derived from Xing--a fact not extensively challenged online, but a core doubt raised by the defense at the TRO hearing. Posts on Slashdot were quoted *heavily* by the plaintiffs as an attempt to prove that the Linux community was on notice that it would be illegal to decrypt the video stream.
Yes, this means that Ye Olde Anonymous Coward has been entered into the court record. Numerous comments from many parties to that discussion, including AC's, that contradicted the plaintiff's case and notified developers of their rights to reverse engineer were however conveniently ignored by the plaintiff. Such examples of distorted reality propped up all throughout the hearing; quite annoying, to say the least.
At this point, the Plaintiff's case turned truly bizarre. While the DVD CCA fell over itself to say it wasn't actually invoking the Digital Millenium Copyright Act, which may only be invoked in federal court, it made arguments under the act as a means to express and provide a perspective upon the Public Policy of the United States of America and, indeed, the 171 signing nations of the WIPO treaty. The relevance, argued the plaintiffs, was that since California's Uniform Trade Secret Act spoke of improprietity and not unlawfulness, the established public policy of the country should be used as the standard of what is proper and what isn't.
I must admit, I wasn't aware that playing a DVD qualified as a particularly unamerican activity. It might explain the civil disobedience campaigns(tshirts/contests) that the plaintiffs were so utterly disturbed by, however. Anyway, one wonders about the public policy the courts are supposed to apply when there's absolute consensus outside of Hollywood that individuals should be able to A) Play their own videos, B) Sell their own CDs, and C) Record their own TV Shows while still remaining good, patriotic Americans.
The case then moved into the International realm. Much noise has been made of the fact that reverse engineering of this type is generally quite legal in Norway, and indeed Europe as a whole. Both sides presented experts on the topic; needless to say, the opinions were not identical. pretty much claiming their expert made a more convincing argument than our expert. The plaintiff's expert, a Norwegian lawyer, claimed that the general law prohibiting unauthorized access to another individual's property, and particularly another person's data, should be applied in this case. On its face, this seems rather strange, since this case is about preventing a person from accessing data contained within their own physical property--the lawfully purchased DVD disc. But that's just my opinion.
The defendant's expert, claimed the plaintiff, was far more circumspect and wishy-washy, saying in effect that it could go either way and that the issue was undecided in norwegian courts. Since the plaintiff's answer was definitive and the defendant's answer was less so, the former ought to be considered more valid than the latter.
Returning to the core facts of the case, the plaintiffs reasonably argued that of all the defendants, none had provided an alternative source of the data aside from the Xing rip. Furthermore, the applicable law stated that prevention of *further* disclosure of a fact discovered after the usage to be a trade secret was an acceptable remedy, and since they weren't suing for anything more than such restraint(no damages, real or punitive), an injunction would specify the exact relief the law provided for. Since the defendants were on notice anyway, by both the passage of the DMCA and through "pervasive Slashdot discussions", this wouldn't be a surprising or inappropriate occurance.
Next, the plaintiff's primary counsel addressed the Linux interoperability argument. Given that a Linux developer would be willing to accept the arguably onerous terms of the CSS license(among which is that no imported DVDs may be playable, and that the source code be heavily closed and encrypted), the DVD CSS would be more than happy, he argued, to provide legal access for Linux users to play DVDs. Since IBM and Intel are both heavily invested in Linux, they argued, the means exists for a Linux DVD license to be signed.
The plaintiffs then trotted out the obligatory Coca Cola example: McDonalds sells Coke products, but Burger King only sells Pepsi. Just because you want Coke at Burger King, doesn't mean you get to steal the syrup off the truck, or break into Coca Cola headquarters and steal the formula. (I was unaware any DVDs had been stolen at gunpoint from UPS, or that Eric S. Raymond had led a crack commando team into the heart of Santa Clara for Operation LiViD-By-Any-Means-Necessary.) Because of this willingness, stealing the trade secret could not constitute appropriate self-help under the exceptions granted for interoperability. Sony's successes against the emulation community were raised, and the point that there was no fair use of trade secrets was made.
At that point, a new attorney for the plaintiff came up and began arguing against the EFF's extensive 1st amendment case. The EFF pointed out that the DVD CCA is seeking prior restraint against news sources(Slashdot itself is a named party), and that people merely want their traditional free speech rights to be enforced. Three responses were made: First, that the theft of trade secrets does not constitute a traditional usage of free speech rights. Second, that the defendants were not news sites(Slashdot?), and even if they were, they still couldn't post trade secrets. Finally, that the posting went beyond discussion--actual code was either directly there or being linked to.
The plaintiffs provided an example of what they'd like the judge to rule. It'd be acceptable to them for the San Jose Mercury News to provide commentary and analysis on the topic of the DVD decryption system, but to actually publish or link to the broken system would be a violation of trade secret law in their eyes. (As the defense later noted, such a linking has already taken place.)
In an interesting move, the plaintiffs used the Bernstein precedent that code is a form of speech to defend their position: The government was trying to suppress Bernstein's publication of his own encryption code. This is about a judge suppressing 200 John Doe's republication of someone else's encryption code. Of course, that implies that the code being republished was, in fact, someone elses--an access key does not a software product make, particularly when, as Sega v. Accolade decided, stripping the access key from a piece of software is the necessary to make other software interoperable.
The plaintiffs are continuing to attack even mere linkers--the whole concept of "instant access" to infringing sites scares the DVD CCA. One would think that the downsides of implicating the New York Times(as the defense pointed out) would override the advantages of a bit more protection against spurious links, but perhaps the DVD CCA sees things differently.
One thing the DVD CCA took particular offense to was the claim that the defendants were, in fact, helping them out by exposing the weakness of their system. They rather reasonably noted that, if the defendants were looking to help the CCA out, they could have sent an email, perhaps a real letter. Selling T-Shirts and running contests wasn't helpful.
On a sad note, the plaintiff's case concluded with some of the more vitriolic fear mongering and inappropriate references I have seen in quite some time. Beginning by claiming that the defense was trying to dismantle the entire IP system, massive(and rather irrelevant) hacks against military bases funneled through stolen Pac Bell internet account information, as well as the recent CDUniverse credit card scandal, were brought up as what could only be termed as character assassination against the "hackers" of the defense. Then, with the size of the DVD industry paraded in front of the judge as the sole reference to the irreperable economic damage that DeCSS and Linux players must surely create, the plaintiff made the entirely valid point that while the hacker community has embraced DeCSS, LiViD, and other CSS cracking systems, the mainstream has not yet adopted such tools. But what of the harms, should a mainstream that fought bitterly against record "spoiler systems" and has spent the last twenty years making audio mix tapes using their cassette recorders?
The direct harms that the DVD association brought to bear were summed up in a quote, in which it was stated that without legally backed copy protection, no media format(such as DVD Audio) could ever be good enough for Hollywood. And perhaps this is true. Manufacturing costs, the splurge of spending that accompanies repurchasing of previously owned content, now New And Improved, maybe even the profits from the conflicted interest consumer electronics divisions(Sony) just wouldn't be enough. Without the ability to technologically mandate what the courts would never accept--government enforced regional sale restrictions, arbitrary demands on DVD player manufacturers, a ban on personal backups and "mix DVDs"--perhaps we'd never see the big studios agree to new formats.
Oh well, I'm off to go play an 8-Track and catch some sleep, secure that they'll never give me a better quality music format for me to play with...
More next time, if you like.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
If you recall, there was a post about the gentleman who paid for MS's net bill auctioning it on ebay. If someone here were to win it, they could donate the money towards the EFF. This could get some positive plublicity for the DeCSS hearings.
Just a thought...
LetterRip
I expected this would happen but in the scheme of things it is trivial. An injunction occurs when there is a great disparity in the cost to one party than the other. The cost of removing a link from a website to a website operator is $0. The cost to the DVD industry each day software to defeat their encryption is freely available on the Internet is considerable. Even the most tech-savvy judge would have had to grant an injunction to the MPAA. On the other hand the judge said it's Ok to link to sites that link to the DeCSS so just all we have to do is point at sites outside the courts jurisdiction that link to DeCSS.
I'm pretty dissappointed that from the look's of the judge's opinion the main case of the Defendants was that 40-bit encryption is weak. Who's dumb idea was that? Arguments like that imply guilt...the same way that saying "They didn't have bars on their windows" is not a good argument for any case that involves breaking and entering even if you are in the right. I hope this just means that this was what primarily caught the judge's eye instead of being a principal point in the Defendant's defence because if it is we are screwed.
I am interested in the click-through licence issue. Since the licence prohibited reverse engineering, we either have to argue that the laws of Norway supersede the contract or that that the licence clicker was not the reverse engineer. Either way it's going to be fun to see what happens.
PS: I like the judge's ruling that CSS shouldn't lose it's status as a trade secret by being posted on the Internet because this implies that if you can get the secret on the net you're home free... sounds like the "Wet Feet, Dry Feet" Cuban refugee problem all over again if he hadn't said that. That would have been an extremely dangerous precedent to set.
PPS: Gotta go code, on a Friday night *sigh*
The judge's injunction in this case is mostly based on relative harm. The idea being that if the MPAA is right then allowing distribution would cost them lots of money. OTOH, if the websites win the trial, then all they've lost is a few files for a few months; no monetary harm is done.
As much as I dislike this (for one thing, this rule means the big corps ALWAYS get the injunction; the etoy injunction seemed to be based on this as well), it's important to realize that this isn't necessarily a preview of the final decision. Parts of the judge's opinion point out some big problems with the MPAA case.
BTW, I'm sickened by the fact that the scientology case seems to be the major precedent available.
Gee, the injunction is easier due to little damage to the defendants? The plaintiffs are losing several hundred dollars from me because I won't buy DVD until I can use them on all my equipment.
The Defendants made the same argument that I was going to - that CSS is weak. The judge made the argument which anyone following up to me would have: Just because you've got a bad lock on your car, doesn't mean you're at fault if it's stolen. What the judge didn't seem to consider was the second part - the plantiff making reasonable efforts to keep CSS secret. Wasn't the first key obtained from an Xing player that didn't encrypt it? If that's the case, it doesn't sound like they made reasonable efforts at all - or even if it's entirely Xing's fault, the DVD folks didn't do anything to the company to attempt to salvage what had happened.
I wasn't aware that we could convict on circumstantial evidence. In an ideal world, we couldn't, but this is far from that. The disrespect for the law that the judge cites is mainly because of this. To me, it seems that the judge just didn't like the defendant's position, since he took offense to the fact they thought they were innocent.
I think it's strange that, while the judge acknowledges that it's nearly impossible to contain such information, he still tries to enforce the rule that it be contained. As though he's catching it in the nick of time... I think it's far past the time that it could have been stopped - quite possibly, there are more copies of deCSS out there than there would have been had the DVD consortium just left the authors alone! There are far too many people to pull into the courts at this point. What if some slashdot user decided to post the entire deCSS source code in a comment? It would be on-topic, after all. What if someone posted it to a newsgroup, again on topic? Deja.com would archive it. There are too many ways to get too many people involved for it to be a secret any longer.
I am not, however, a lawyer. I could be completely wrong
-Denor
Under the language "all persons acting in concert with them" (line 28 p1 of brief), VA might be considered a defendant as they are both selling Linux-based systems, and host Chris DiBona's website, and are located in the State of California, hence coming under the jurisdiction of this case.
I believe this establishes a basis for arguing economic harm.
Mind you, I think that stomping on Constitutional free speech rights constitutes major harm as well.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
This is only a preliminary thing lads, don't get too excited. The judge has quite correctly decided that we don't suffer much financially by this preliminary injunction, and that it's possible that the DVD people would suffer by it's absence. It's not hard to see his point of view here, and he hasn't barred linking to pages with CSS code. All things considered this is a fair and reasonable judgement IMHO.
Anyway, roll on the (unadorned but functional) Whack A Mole Entry
Paul.
I gather from reading the injunction (IANAL) that there is a big opening: find a country where click-contracts are explicitely invalid. Apparently the judge thinks that the law in Norway is unclear.
So the obvious thing to do is for somebody with appropriate skills in such a country to reverse-engineer CSS again. Then post a new (indepentant) version of deCSS to a media.
You would have to have some witnesses who would swear that this effort was independant. You wouldn't be able to use the current CSS as a starting point, but (I think) you could take advantage of the same hole in the Xing player along with information on HOW the original hacker did their magic.
Maybe the original hacker could create a "reverse-engineer-CSS" HOWTO with tips on technique, but no actual trade-secrets. Then people all over the place could post independant code and each version would require a separate legal challenge.
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
I was going to do this myself but one of my co-webmasters got there first. The files in question are now avalable at www.exaflop.org, here is the text of my friends news posting.
It would seem to me that this preliminary injunction has left itself wide open to being overturned. And it has done so explicitly!
First, the judge repeatedly states that this injunction does not prevent anyone from discussing the DeCSS algorithm. OK, that's good to know.
Here comes the kicker ... if I recall, in a case directly addressing posting encryption to the Web, the court has ruled that this is covered under the 1st Amendment, our protection of Free Speech.
It would seem to me that if you're allowed to talk about it (free speech) and that if posting something to the web has been ruled an extension of 'free speech', then this injunction can't hold much water.
Disclaimer: IANAL.
Just a thought, as always.
-Brice
OK, it's not 100% positive, the injunction did go through afterall.
Fortunately it does seem the judge isn't a clueless gumby. He makes point on the sixth page that a website's owner isn't responsible for information on sites that you've just linked to. This shows an understanding of the Internet's workings and delineation of responsibility.
He also explicitly permits continued analysis and discussion of the CSS algorithm, even under the injunction, as long as the algorithm and keys aren't distributed. This is mildly positive, as it may mean the other CSS defeater (the 18 second brute force technique) would be legal.
He refutes the claim that the encryption was unusually weak, citing the three year period when it wasn't cracked as being proof. Fortunately it should be easy to bolster the "weakness" claim by getting some expert witnesses in cryptography. I have heard there are only 2^16 unique tests!
He agrees that reverse engineering is "proper means", but only if the DeCSS author didn't agree to the click license. He says that the DVDCCA's argument here is "problematic" as they (1) cannot prove Johansen wrote the code or (2) that he'd agreed to a shrinkwrap license.
Finally he strongly emphasises that the real reason that he's granting the injunction is because the harm to DVDCCA by not granting the injunction is far greater than the harm to everyday users by granting the injunction. This strikes me as being fair enough.
My overall impression is that the judge does understand the issues here and that the judge is intelligent and thoughtful. Also the decision to grant the injunction is the fairest decision that could be made: it minimises harm to all parties given that the judge doesn't know what the truth of the matter is.
I would think the 6 page statement also says quite clearly to the EFF how they should proceed. The EFF needs to prove that 40-bit encyption is weak, that the reverse engineering was undertaken for "proper means", and that Johansen could not have been held under the "click license". If the EFF can prove these points then they answer all of the open-ended questions in the judges report.
(3) With sufficient thrust, pigs fly just fine. However, this is
not necessarily a good idea. It is hard to be sure where they
are going to land, and it could be dangerous sitting under them
as they fly overhead.
Sorry. I couldn't resist.
--
"L'IT c'est moi!"
The links on the site mentioned don't work, so here are a few for freedom-loving /. readers:
ftp://ftp.quuxbar.org/pub/DeCS S/DeCSS.zip
ftp://ftp.quuxbar.org/pub/D eCSS/css-auth.tar.gz
Good luck!!!
Yes, you too can find this via Google, but here is a picking of more relevant material:
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
This is hardly a blow to the OpenDVD orginazation. The court ruled that no web site in the jurisdiction of the California court can post the DeCSS source code. NOT A BIG DEAL. These same sites can publish links to the code, host discussions about the code, and basically are hardly permitted from doing anything.
In addition, the fact that the DeCSS code is misappropriating trade secrets is on shaking ground. The whole case would have been thrown out completely if the judge determined that "click licenses" were not enforceable in Norway. I'm sure there is some country in this world that has determined that "click licenses" are not enforceable. It will just take someone in that country who hasn't seen deCSS to reverse engineer some DVD player, and the source code will be free as a bird.
Unfortuantly, if another version of deCSS is created that legally reversed engineered a DVD player, I suspect that the movie industry will sue under the DMCA since reverse engineering is not given the same protection.
Sig goes here
It is a good thing that there were no damages awarded, as it is an unenforceable judgement for most of the people with whom it matters. The issues of practicality of the judgement are unheard. This fellow seems largely ignorant of the real issues at hand, and someone has to bring these things to his attention. We MUST win this thing on the grounds of rightiousness, not technicalities, for in technicalities we prematurely admit defeat.
Please, mirror this thing! My copy of the sources can be found here, and a mirror list can be found here.
Note that the proper program to mirror is the css-auth program (with source) and not the DeCSS program (which is floating around in binary-only form). The reason is that css-auth is actually useful for playing DVDs on linux, whereas DeCSS is a windows program used mostly for proof-of-concept.
We need to keep the whack-a-mole going!
"As Plaintiff conceded at the hearing on the TRO, once this information gets into the hands of an innocent party, the Plaintiff loses their ability to enjoin the use of their trade secret."
Well, I've got a copy of DeCSS, and I consider myself pretty innocent -- does this mean the trade secret's dead anyway?
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Does anybody know where the click-through license stuff comes from? I'm no lawyer, but I am quite sure that no contract may deprive an American of his or her rights in this country. I understand that such clauses are legally null. Eg. waivers are often disregarded if there is a lawsuit over an issue such as gross negligence.
I'm curious whether this might apply to a click-through license. The digital Millennium act seems to specifically grant the right of reverse engineering for compatibility purposes. Does that supercede the license, or does the license nullify copyright law? What about a shrink-wrapped book with a "no fair use" statement on the front? Would this be legal? I not, how is it different?
I'm not a lawyer, but it seems that the click-through license might be out of line here.
This was cited as one of the judge's tests for whether or not to issue an injunction. I guess this judge feels that freedom of speech is trivial, since that is what the defense is claiming it will be losing.
I still do not understand what the big deal is. It is not like DVD can't be copied without CSS, and what do they think people will do with DeCSSed movies? Burn them and sell them? ON WHAT? TO WHOM? It seems DeCSS would make it a lot easier to transfer a DVD over the internet, but 4 or 5 gigs is waaay out of most people's leagues for downloading. Even on my school's network, it takes me a few hours to download an ISO of RedHat.
I think the real issue for the CCA is saving face. They made a weak, crappy encryption system and they look stupid. So rather than bite the bullet and get to work on 128-bit CSS they are going to just try and hold back the flood. Isn't DeCSS under 100k or something like that? If the music industry can't stop illegal MP3s (no matter how hard they try), how are they going to stop DeCSS, which can be quietly attached to any email message and float unnoticed through the ether? Napster is not needed here, no huge database. Just ask a friend and he'll mail it to you.
This whole thing seems a bit wacky.
______________________________________
um, sigs should be heard and not seen?
rooooar
Blow by blow from the TRO:
The circumstantial evidence, available mostly due to the various defendants' inclination to boast
about their disrespect for the law, is quite compelling on both the issue of Mr. Johansen's improper means and that Defendants' knowledge of impropriety.
1) Stop taunting the lawyers. It pisses off the judges, and gets you nowhere. Calling the plaintiff's lawyers "cocksuckers" will not get you a sympathetic ear in court. Take a Zen attitude about the whole thing - respect your opponent.
Defendants make the additional argument that even if Johansen clicked on the license
agreement, such an agreement contravenes Norwegian law. This Court is not well positioned to
interpret Norwegian Law, and Defendant's own expert, even if this Court could consider expert
testimony on a question of legal interpretation, states that the issue has not been conclusively
decided in Norway. Defendants have not sufficiently supported their argument that the licence agreement, like the one at issue here, would be disallowed by Norwegian Law, although they may at some point be able to do so.
Defendant stated in passing at the hearing on Preliminary Injunction that issues of
foreign law are questions of fact, however neither side has provided this Court with argument or
authority on this point.
2) Read up on Norwegian law - this may actually provide some credibility to the original act of reverse engineering. A large part of this case boils down to the legality of the reverse engineering, and it's time to get those facts straight.
However, the Court refuses to issue an injunction against linking to other websites which
contain the protected materials as such an order is overbroad and extremely burdensome. Links to
other websites are the mainstay of the Internet and indispensable to its convenient access to the vast world of information. A website owner simply cannot be held responsible for all of the content
of the sites to which it provides links.
3) Move your links to point to offshore repositories, for now. We can comply with the restraining order, and still have access to the code. Defiance will not help (see number 1, above).
Also - offer up the true pirates, those who wish to traffic in stolen, copyrighted material. Those are the people that they'd like to lump us all in with, and it's simply not accurate. It's time to make a clear distinction between the pirates and the programmers.
----
Sure they can (and they have suggested it.) Firmware and microcode updates to drives and players. Software can obviously be rewritten.
I'm all for replacing CSS. If they want it to be protected from duplication then develop technology to prevent duplication not block all access to the damned disk entirely. Scrambling the data just makes it harder to play back; it does nothing to stop duplication. You can triple-DES encode stuff ten times; it's just as copyable in the end as it is at any point in the process.
www.opendvd.org has a nice Linux/BSD DVD howto, which I think covers compilation.
.sig: Now legally binding!
If I recall, someone did try to secure the rights to create a "sanctioned" Linux DVD player. They failed - I'm not sure if it was due to financial reasons, or because the DVD suits didn't feel that he was "worthy." If it was anything other than inability to meet financial obligations, I would think that the retelling of his story might help the defendants with their "interoperability" defense.
----
There are around 5000 titles out on DVD, and I want to watch them all. The value of each title to the studios is around 15 dollars apiece, on average, and that must be at least the value that I place on my viewing of each title, since that is typically the amount that I pay willingly. My player of choice is Linux, and I cannot view these DVDs on Linux now because of the action of the plaintiff.
However, the actual value I place on DVDs must be higher than their direct cost, to justify the expense and the desire to buy them. In actuality, I consider that the consequent harm caused to me by not being permitted to view these DVDs on my player of choice far exceeds the mere cost value, to the tune of 100 dollars apiece on average (based on the damage to my intended career as Linux movie critic), and therefore the plaintiff's action results in a consequent loss to myself of 500,000 dollars minus the saved direct cost of 75,000 dollars. [This valuation is a result of a personal assessment based on private data and is not open to modification by any other party. The assessment algorithm (but not the private data, which is a trade secret) is available for inspection, at a cost of 5 million dollars per request.]
OK, that's me taken care of. Has anyone else suffered a loss as a result of the injunction? If so, and if there are more than just a few of us, then the primary justification for the judge's ruling is rendered void.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
/*
, 0x36,0x2b,0x6e,0x2e,0x66,0x7b, , 0xd6,0x0b,0x4e,0x0e,0x46,0x9b, , 0x52,0x8f,0xca,0x8a,0xc2,0x1f, , 0xd0,0x01,0x48,0x08,0x40,0x91, , 0x34,0x25,0x6c,0x2c,0x64,0x75, , 0xd4,0x05,0x4c,0x0c,0x44,0x95, , 0x50,0x81,0xc8,0x88,0xc0,0x11, , 0xd2,0x0f,0x4a,0x0a,0x42,0x9f, , 0x56,0x8b,0xce,0x8e,0xc6,0x1b, , 0xb6,0xab,0xee,0xae,0xe6,0xfb, , 0x32,0x2f,0x6a,0x2a,0x62,0x7f, , 0xb0,0xa1,0xe8,0xa8,0xe0,0xf1, , 0x54,0x85,0xcc,0x8c,0xc4,0x15, , 0xb4,0xa5,0xec,0xac,0xe4,0xf5, , 0x30,0x21,0x68,0x28,0x60,0x71, , 0xb2,0xaf,0xea,0xaa,0xe2,0xff
, 0x0b,0x0a,0x0d,0x0c,0x0f,0x0e, , 0x19,0x18,0x1f,0x1e,0x1d,0x1c, , 0x2f,0x2e,0x29,0x28,0x2b,0x2a, , 0x3d,0x3c,0x3b,0x3a,0x39,0x38, , 0x42,0x43,0x44,0x45,0x46,0x47, , 0x50,0x51,0x56,0x57,0x54,0x55, , 0x66,0x67,0x60,0x61,0x62,0x63, , 0x74,0x75,0x72,0x73,0x70,0x71, , 0x99,0x98,0x9f,0x9e,0x9d,0x9c, , 0x8b,0x8a,0x8d,0x8c,0x8f,0x8e, , 0xbd,0xbc,0xbb,0xba,0xb9,0xb8, , 0xaf,0xae,0xa9,0xa8,0xab,0xaa, , 0xd0,0xd1,0xd6,0xd7,0xd4,0xd5, , 0xc2,0xc3,0xc4,0xc5,0xc6,0xc7, , 0xf4,0xf5,0xf2,0xf3,0xf0,0xf1, , 0xe6,0xe7,0xe0,0xe1,0xe2,0xe3
, 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff, , 0x49,0x6d,0x92,0xb6,0xdb,0xff
, 0x50,0xd0,0x30,0xb0,0x70,0xf0, , 0x58,0xd8,0x38,0xb8,0x78,0xf8, , 0x54,0xd4,0x34,0xb4,0x74,0xf4, , 0x5c,0xdc,0x3c,0xbc,0x7c,0xfc, , 0x52,0xd2,0x32,0xb2,0x72,0xf2, , 0x5a,0xda,0x3a,0xba,0x7a,0xfa, , 0x56,0xd6,0x36,0xb6,0x76,0xf6, , 0x5e,0xde,0x3e,0xbe,0x7e,0xfe, , 0x51,0xd1,0x31,0xb1,0x71,0xf1, , 0x59,0xd9,0x39,0xb9,0x79,0xf9, , 0x55,0xd5,0x35,0xb5,0x75,0xf5, , 0x5d,0xdd,0x3d,0xbd,0x7d,0xfd, , 0x53,0xd3,0x33,0xb3,0x73,0xf3, , 0x5b,0xdb,0x3b,0xbb,0x7b,0xfb, , 0x57,0xd7,0x37,0xb7,0x77,0xf7, , 0x5f,0xdf,0x3f,0xbf,0x7f,0xff
1 9);*/ ;
1 9);*/ ;
:)
* css_descramble.c
*
* Released under the version 2 of the GPL.
*
* Copyright 1999 Derek Fawcus
*
* This file contains functions to descramble CSS encrypted DVD content
*
*/
/*
* Still in progress: Remove the use of the bit_reverse[] table by recoding
* the generation of LFSR1. Finish combining this with
* the css authentication code.
*
*/
#include
#include
#include "css-descramble.h"
typedef unsigned char byte;
/*
*
* some tables used for descrambling sectors and/or decrypting title keys
*
*/
static byte csstab1[256]=
{
0x33,0x73,0x3b,0x26,0x63,0x23,0x6b,0x76,0x3e,0x7e
0xd3,0x93,0xdb,0x06,0x43,0x03,0x4b,0x96,0xde,0x9e
0x57,0x17,0x5f,0x82,0xc7,0x87,0xcf,0x12,0x5a,0x1a
0xd9,0x99,0xd1,0x00,0x49,0x09,0x41,0x90,0xd8,0x98
0x3d,0x7d,0x35,0x24,0x6d,0x2d,0x65,0x74,0x3c,0x7c
0xdd,0x9d,0xd5,0x04,0x4d,0x0d,0x45,0x94,0xdc,0x9c
0x59,0x19,0x51,0x80,0xc9,0x89,0xc1,0x10,0x58,0x18
0xd7,0x97,0xdf,0x02,0x47,0x07,0x4f,0x92,0xda,0x9a
0x53,0x13,0x5b,0x86,0xc3,0x83,0xcb,0x16,0x5e,0x1e
0xb3,0xf3,0xbb,0xa6,0xe3,0xa3,0xeb,0xf6,0xbe,0xfe
0x37,0x77,0x3f,0x22,0x67,0x27,0x6f,0x72,0x3a,0x7a
0xb9,0xf9,0xb1,0xa0,0xe9,0xa9,0xe1,0xf0,0xb8,0xf8
0x5d,0x1d,0x55,0x84,0xcd,0x8d,0xc5,0x14,0x5c,0x1c
0xbd,0xfd,0xb5,0xa4,0xed,0xad,0xe5,0xf4,0xbc,0xfc
0x39,0x79,0x31,0x20,0x69,0x29,0x61,0x70,0x38,0x78
0xb7,0xf7,0xbf,0xa2,0xe7,0xa7,0xef,0xf2,0xba,0xfa
};
static byte lfsr1_bits0[256]=
{
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x09,0x08
0x12,0x13,0x10,0x11,0x16,0x17,0x14,0x15,0x1b,0x1a
0x24,0x25,0x26,0x27,0x20,0x21,0x22,0x23,0x2d,0x2c
0x36,0x37,0x34,0x35,0x32,0x33,0x30,0x31,0x3f,0x3e
0x49,0x48,0x4b,0x4a,0x4d,0x4c,0x4f,0x4e,0x40,0x41
0x5b,0x5a,0x59,0x58,0x5f,0x5e,0x5d,0x5c,0x52,0x53
0x6d,0x6c,0x6f,0x6e,0x69,0x68,0x6b,0x6a,0x64,0x65
0x7f,0x7e,0x7d,0x7c,0x7b,0x7a,0x79,0x78,0x76,0x77
0x92,0x93,0x90,0x91,0x96,0x97,0x94,0x95,0x9b,0x9a
0x80,0x81,0x82,0x83,0x84,0x85,0x86,0x87,0x89,0x88
0xb6,0xb7,0xb4,0xb5,0xb2,0xb3,0xb0,0xb1,0xbf,0xbe
0xa4,0xa5,0xa6,0xa7,0xa0,0xa1,0xa2,0xa3,0xad,0xac
0xdb,0xda,0xd9,0xd8,0xdf,0xde,0xdd,0xdc,0xd2,0xd3
0xc9,0xc8,0xcb,0xca,0xcd,0xcc,0xcf,0xce,0xc0,0xc1
0xff,0xfe,0xfd,0xfc,0xfb,0xfa,0xf9,0xf8,0xf6,0xf7
0xed,0xec,0xef,0xee,0xe9,0xe8,0xeb,0xea,0xe4,0xe5
};
static byte lfsr1_bits1[512]=
{
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
0x00,0x24,0x49,0x6d,0x92,0xb6,0xdb,0xff,0x00,0x24
};
/* Reverse the order of the bits within a byte.
*/
static byte bit_reverse[256]=
{
0x00,0x80,0x40,0xc0,0x20,0xa0,0x60,0xe0,0x10,0x90
0x08,0x88,0x48,0xc8,0x28,0xa8,0x68,0xe8,0x18,0x98
0x04,0x84,0x44,0xc4,0x24,0xa4,0x64,0xe4,0x14,0x94
0x0c,0x8c,0x4c,0xcc,0x2c,0xac,0x6c,0xec,0x1c,0x9c
0x02,0x82,0x42,0xc2,0x22,0xa2,0x62,0xe2,0x12,0x92
0x0a,0x8a,0x4a,0xca,0x2a,0xaa,0x6a,0xea,0x1a,0x9a
0x06,0x86,0x46,0xc6,0x26,0xa6,0x66,0xe6,0x16,0x96
0x0e,0x8e,0x4e,0xce,0x2e,0xae,0x6e,0xee,0x1e,0x9e
0x01,0x81,0x41,0xc1,0x21,0xa1,0x61,0xe1,0x11,0x91
0x09,0x89,0x49,0xc9,0x29,0xa9,0x69,0xe9,0x19,0x99
0x05,0x85,0x45,0xc5,0x25,0xa5,0x65,0xe5,0x15,0x95
0x0d,0x8d,0x4d,0xcd,0x2d,0xad,0x6d,0xed,0x1d,0x9d
0x03,0x83,0x43,0xc3,0x23,0xa3,0x63,0xe3,0x13,0x93
0x0b,0x8b,0x4b,0xcb,0x2b,0xab,0x6b,0xeb,0x1b,0x9b
0x07,0x87,0x47,0xc7,0x27,0xa7,0x67,0xe7,0x17,0x97
0x0f,0x8f,0x4f,0xcf,0x2f,0xaf,0x6f,0xef,0x1f,0x9f
};
/*
*
* this function is only used internally when decrypting title key
*
*/
static void css_titlekey(byte *key, byte *im, byte invert)
{
unsigned int lfsr1_lo,lfsr1_hi,lfsr0,combined;
byte o_lfsr0, o_lfsr1;
byte k[5];
int i;
lfsr1_lo = im[0] | 0x100;
lfsr1_hi = im[1];
lfsr0 = ((im[4] >8)&0xff] >16)&0xff]>24)&0xff];
combined = 0;
for (i = 0; i >1;
lfsr1_lo = ((lfsr1_lo&1)>7)^(lfsr0>>10)^(lfsr0>>11)^(lfsr0>>
o_lfsr0 = (((((((lfsr0>>8)^lfsr0)>>1)^lfsr0)>>3)^lfsr0)>>7)
lfsr0 = (lfsr0>>8)|(o_lfsr0>= 8;
}
key[4]=k[4]^csstab1[key[4]]^key[3];
key[3]=k[3]^csstab1[key[3]]^key[2];
key[2]=k[2]^csstab1[key[2]]^key[1];
key[1]=k[1]^csstab1[key[1]]^key[0];
key[0]=k[0]^csstab1[key[0]]^key[4];
key[4]=k[4]^csstab1[key[4]]^key[3];
key[3]=k[3]^csstab1[key[3]]^key[2];
key[2]=k[2]^csstab1[key[2]]^key[1];
key[1]=k[1]^csstab1[key[1]]^key[0];
key[0]=k[0]^csstab1[key[0]];
}
/*
*
* this function decrypts a title key with the specified disk key
*
* tkey: the unobfuscated title key (XORed with BusKey)
* dkey: the unobfuscated disk key (XORed with BusKey)
* 2048 bytes in length (though only 5 bytes are needed, see below)
* pkey: array of pointers to player keys and disk key offsets
*
*
* use the result returned in tkey with css_descramble
*
*/
int css_decrypttitlekey(byte *tkey, byte *dkey, struct playkey **pkey)
{
byte test[5], pretkey[5];
int i = 0;
for (; *pkey; ++pkey, ++i) {
memcpy(pretkey, dkey + (*pkey)->offset, 5);
css_titlekey(pretkey, (*pkey)->key, 0);
memcpy(test, dkey, 5);
css_titlekey(test, pretkey, 0);
if (memcmp(test, pretkey, 5) == 0) {
fprintf(stderr, "Using Key %d\n", i+1);
break;
}
}
if (!*pkey) {
fprintf(stderr, "Shit - Need Key %d\n", i+1);
return 0;
}
css_titlekey(tkey, pretkey, 0xff);
return 1;
}
/*
*
* this function does the actual descrambling
*
* sec: encrypted sector (2048 bytes)
* key: decrypted title key obtained from css_decrypttitlekey
*
*/
void css_descramble(byte *sec,byte *key)
{
unsigned int lfsr1_lo,lfsr1_hi,lfsr0,combined;
unsigned char o_lfsr0, o_lfsr1;
unsigned char *end = sec + 0x800;
#define SALTED(i) (key[i] ^ sec[0x54 + (i)])
lfsr1_lo = SALTED(0) | 0x100;
lfsr1_hi = SALTED(1);
lfsr0 = ((SALTED(4) >8)&0xff] >16)&0xff]>24)&0xff];
sec+=0x80;
combined = 0;
while (sec != end) {
o_lfsr1 = lfsr1_bits0[lfsr1_hi] ^ lfsr1_bits1[lfsr1_lo];
lfsr1_hi = lfsr1_lo>>1;
lfsr1_lo = ((lfsr1_lo&1)>7)^(lfsr0>>10)^(lfsr0>>11)^(lfsr0>>
o_lfsr0 = (((((((lfsr0>>8)^lfsr0)>>1)^lfsr0)>>3)^lfsr0)>>7)
lfsr0 = (lfsr0>>8)|(o_lfsr0>= 8;
}
}
/*
* css-descramble.h
*/
#ifndef __css_descramble_h_
#define __css_descramble_h_
struct playkey {
int offset;
unsigned char key[5];
};
extern int css_decrypttitlekey(unsigned char *tkey, unsigned char *dkey, struct playkey **pkey);
extern void css_descramble(unsigned char *sec,unsigned char *key);
#endif
See how much the first admendment is
Did you think these industries _haven't_ doubled and quadrupled their profit margins in recent years, or that they _aren't_ attempting to continue this doubling of profit margins past all boundaries of common sense and free market economics? Welcome to the Machine. Don't feel so bad- look on the bright side, the musicians and artists pay even _more_ for the privilege of being on the other end of the megaphone! :P you almost certainly make more than they do, even if you work at Wal-Mart!
Disseminating the source code is fine for hackers, but DeCSS isn't going to make it out of the hacker community while it remains in its present form. It needs to be downloadable as a binary, ready-to-run plugin in order for Joe Bloggs to download it to enable his Linux player. As a no-brainer plugin it would be unstoppable because *everyone* would be spreading it around, not just the comparatively small community of source hackers.
Is anyone up the task?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
DeCSS (and therefore a description of the workings of the CSS scheme) is probably well-distributed enough by now that CSS can no longer be considered a trade secret. I'm assuming that, given this fact, it's a little odd that the injuction was granted.
As the case (not the injunction) is about actual violations of trade secret law, it's only important to the case whether or not CSS was a trade secret at the time the offence was committed, right?
Does anyone have any links to click-agreement validity case law in any jurisdiction? That could be helpful (or maybe not...)
It looks like the DMCA and the other applicable copyright law doesn't allow holders to restrict reverse engineering for interoperability, so a copyright notice saying "no reverse engineering" is irrelevant. However, if the user makes an agreement that they won't reverse engineer the software and then does, they're breaking the law, yes?
Someone said above that the judge considers freedom of speech trivial. IMHO, it's not freedom of speech in general he considers trivial, just the subset involving fair use of your DVDs over the length of the trial...
"The circumstantial evidence, available mostly due to the various defendants' inclination to boast about their disrespect for the law, is quite compelling on both the issue of Mr. Johansen's improper means and that Defendants' knowledge of impropriety." What the heck is this about? Not having a transcript, I have to guess that the judge is confusing quoted slashdot posters with the defendants or something.
#flame-retardant armor on
IMHO, except for the bit above, this decision seems to make a fair amount of sense. The lack of a prohibition on linking is good. It's pretty clear that, if the DeCSS posters were in the wrong (not that they are, but supposing they were), the plaintiffs would stand to lose a fair bit, while the defendants can probably afford to wait a while longer to play DVDs on their linux boxen.
#flame-retardant arm... on second though, maybe I'll keep it on. =)
My $0.02
-rak
---
Shameless plug omitted for the good of the masses.
On the other hand, the current and prospective harm to the Plaintiff, if the Court does not enjoin the display of their trade secret, will be irreparable. It is undisputed that the Plaintiff's predecessor-in-interest expended considerable time, effort and money in creating the intellectual property at issue in order to protect the copyrighted information contained on DVDs. As Plaintiff conceded at the hearing on the TRO, once this information gets into the hands of an innocent party, the Plaintiff loses their ability to enjoin the use of their trade secret. If the Court does not immediately enjoin the posting of this proprietary information, the Plaintiff's right to protect this information as secret will surely be lost, given the current power of the Internet to disseminate information and the Defendants' stated determination to do so. Religious Technology Center v. Netcom on-Line.com (N.D. Cal 1995) 923 F.Supp, 1231 In that event, the protection afforded by the encryption system licenced by the Plaintiff, whether to limit DVD hardware and software suppliers or to control unauthorized copying and distribution of DVD content will become completely meaningless.
Well, he got it partly right. "Given the power of the internet <...." Isn't he paying attention to what he's saying?!? Given the power of the internet and given distribution approximately since release (end of Oct.) and certainly since the first legal action (end of Nov.), there's no way in hell all the restraining orders in the world will stop the dissemination of the information.
And what's this about 'innocent parties'?!? Aren't we all innocent until proven guilty? Regardless of you all, what about me? I don't even own a DVD player for god's sake! (neither a stereo component OR a PC drive) How much more innocent could I be? And yes, I have a copy of DeCSS, and LiViD, and a few other things, just so if they win this rediculous thing, I can still give people copies.
Note to the DVD-CCA:
The cat's out of the bag folks! Now go home and stop embarrassing yourselves, please. Yup. Your precious trade secret is a secret now within a community of millions--not much of a secret, eh? You're all powerless in this case. Sucks, doesn't it? We hate it too, which is why we're writing software to play DVDs on Linux. Yup, to play them.
High-speed Road Trip (18.000KPH)
__
The other side is making the argument that this issue is about copyright protection. After thinking about it, I've thought of an example that would seem to prove them wrong, and that the issue is about WHO gets to view the videos, and not protecting intellectual property.
Prior to the 1980's, if a sufficiently talented electrical engineer wanted to build his own audio equipment (and many audiophiles DID do this) he was free to do so. In this case I am specifically talking about a turntable/record player. There was nothing prohibiting a talented electrical engineer from building his own record player which would allow him to play and LISTEN TO his record collection.
This example could be extended to reel-to-reel tape machines as well as cassette decks, and yes even music CD players, today. For that matter, someone out there is even capable of building a Sony 3348, 48-Track 24-bit, 96Khz pro studio multi-track recorder. And if these people have done their job right SOUND will actually come out of the speakers that the device is hooked to. I'll say it again:
Anyone sufficiently talented is capable of building a device which will render an intelligible playback for whatever media they have chosen to build a player, audio or video
UNTIL NOW.
Now, if I were inclined to do so, I could buy various components and build a DVD player, but without prior knowledge of the encryption algorithm used to encrypt the data on the discs, and a valid decryption key, I would be unable to actually watch and listen to the DVD that I put into my machine.
What has suddenly changed, that no longer allows me to play a DVD that I purchased in a store and legally own? It would seem (to me) that this is the crux of the issue.
As I was composing this message, something else occurred to me that distills my point into a far more palatable and less wordy argument:
Over the length of my entire life, I have yet to purchase a book whose text was encrypted.
Ignore Alien Orders
The cost to a website owner is measured in $/hour. I charge out at $175/hour or part thereof.
The cost of the DVD industry is in total $0 if they do nothing at all about it, except let ppl play legitamitely purchased DVD's on their sytem using css-auth. In fact, they make a profit.
Your reasoning is absurd.
"Look, it's like this - a DVD Movie is basically just a message [the movie] written in secret code on a piece of paper. To read the message [watch the movie,] you need a secret decoder ring. To be a pirate, you need a photocopier, but you don't need a decoder ring because you don't really care what the secret message is, as long as your photocopier makes nice, crisp copies that your client (who has a decoder ring) can read. All these guys did was make a decoder ring that works under linux, because all the commercial decoder rings only run on Windows [or standalone DVD players."
The issue of whether DeCSS (and its ilk) help pirates has been bandied about a bit. Regardless of DVD players not reading certain sectors or not, and the fact that blank DVDs are more expensive than ones w/movies on them, this should clarify the issue some and gives a good analogy to share with (non-geek) friends.
High-speed Road Trip (18.000KPH)
- At this point in the proceeding, the harm to the Defendants is truly minimal. They will simply have to remove the trade secret information from their websites... On the other hand, the current and prospective harm to the Plaintiff... will be irreperable
This is the part that really, really annoys me. What this says is that DVD CCA's right to have their ass covered by the law when they made a booboo and picked a weak encryption scheme, and god forbid it lets make fair use of a recording medium we purchases, is more imporant than our (I am a defendant) right to disseminate information freely.Okay here goes....I really can't stand reading slashdot whenever the discussion is about a legal argument because the posts that rave and rant about what geeks think is legal or right get moderated up while constructive argument about our legal position is not. Take the above post for instance...this is a 4 insightful???
First of all the purpose of an injunction is to prevent harm to a party in a legal dispute by the actions of the other party. This is a similar concept to bail...(i.e. a suspect in a child slaying less likely to get bail than a suspected burglar)... That said there was only one way this injunction could go. All the raving, ranting and spewing of rhetoric in the world cannot change the fact that it costs nothing to link/unlink to DeCSS but the potentially costs MPAA a considerable amount in piracy costs. Before anyone gets their 1st Ammendment flamethrowers out try this analogy on for size
...Imagine a situation where a guy just breaks up with his girlfriend and decides to put her phone # on a webpage with descriptions of a sexual nature of the things that they did. She has a right to sue and seek an injunction on him to remove to offending webpage while the case is yet to be tried. Following the arguments of most slashdotters with regards to the injunction (including the above post), the ex-boyfriend's freedom of speech overruns her right to privacy (after all the stories posted on the site are true and the girlfriend's phone number is freely available from the phone book). Thankfully most judges are not the typical slashdot reader and will move to protect a victim of harm until the case is tried.
Now on to my main gripe about the way this case is being handled by the Defendant's lawyers and also the mindset of slashdot readers saying that the encryption was weak is not an argument that will hold up in any court of law. The judge rightfully pointed that any safeguards can be broken by a clever enough theif. Saying that the encryption should have been stronger sounds too much like a burglar saying it was Ok to break in because there was no steel door protecting the house. The argument should have been and should be focused on what exactly is fair use with regards to DVDs and the nature of the licence. Are they selling permission to watch the DVD and if so does this mean if it get's scratched all we need is a proof of purchase to get another one or are they selling the entire contents of the DVD? Either way this case will not stop the proliferation of DeCSS code on the web and the MPAA is fighting a losing battle.
Secondly, everyone needs to keep in mind that this is, at this point, not a criminal case. There have been no arrests and no arraignments, which are required for criminal law to come into play. It's under criminal law that strict rules of evidence and constitutionality are rigidly adhered to. Litigation is much more free-form than that...technically speaking, the courts don't get involved in a litigious hearing at all, except to interpret the law as it pertains to the case at hand. The court is supposed to be nothing more than a forum for civil complaint...in practice, of course, this is not actually the case, but I saw at least one post complaining about 'convicting on circumstantial evidence.' For starters, all evidence is circumstantial, if you look at the legal definition of the term. Secondly, conviction is not an issue at all--this is a suit about monetary damages and compensation, not criminal activity (at least at this point, though American copyright law has become somewhat Draconian over the last 2 decades in allowing patent/intellectual poperty infringement to be criminal offenses in some cases).
Also keep in mind that there is no question of 'ought' in the Judge's authority, only a question of the issue as interpreted in light of current American law.
It's the law that needs to be changed.
Reality has a conservative bias: it conserves mass, energy, momentum...
Please tell everyone you know to mirror a copy of these files. Everyone should have a copy of this significant decision. You can mirror these files using: rsync -rtzp russnelson.com::decss-injunction . or wget -m -np http://russnelson.com/decss-injunction/
-russ
Don't piss off The Angry Economist
ESR wrote a response to the lawsuit; I'm not aware of any comments made by Perens.
Your figure for the artist's dollar is gross. Subtract a fixed ten percent for record breakage (yes, I know they are CDs and don't break, but the charge is still taken out of the artist's cut). Then take the remaining amount and write it off against the advance, from which the artist PAYS FOR ALL THE STUDIO RECORDING, all the MANAGEMENT, all the TECHS and in fact any TOUR involved as well, meaning that the advance gets spent doing all the things you think the label pays for.
Guess what? The artist did not recoup the advance. The artist did not earn money- the artist _owes_ money for his trouble. This happens most of the time- do some homework, find out what the reality of the situation is.
This sort of comment reminds me of a common logical fallacy- imagine Johnny and Jimmy arguing about the shape of the world. Johnny says, "The earth is round!" Jimmy says "The earth is flat!" Their mom comes around and tries to calm the argument: "You should compromise. The truth is usually somewhere between the extreme points of an argument. So, the earth is a cube."
Sorry, Etam: though you may think it is unreasonable and hard to believe, the earth is round, and artists DO NOT get a dollar per CD. As I explained, pro music is about the most expensive hobby you could have- and after all the contractual requirements of signed bands are fulfilled (thou shalt make a video, thou shalt do a tour, thou shalt record at a good studio, paying for ALL OF THIS out of the advance which your royalties go toward repaying) the artist, far from getting 'a share of the pie', works very hard for absolutely nothing to subsidise the corporation that signed them.
Still don't believe me? Read this. Steve Albini is the producer/engineer who did The Pixie's 'Surfer Rosa', PJ Harvey's 'Rid Of Me' and many other great albums. Scroll to the bottom and read the figures on what happens to three million dollars worth of CD sales, and exactly why the artists come away with four thousand and thirty-one dollars each after a quarter of their contract is through, and are fourteen thousand dollars in debt to the record company, after selling A QUARTER MILLION COPIES.
DO the math.
IIRC, one of the original reports after deCSS quoted MoRE as being frankly surprised that the keys were so weak (thank you, soon-to-be-dead extreme export restrictions!), and hadn't figured that bruteforcing the keyspace would be worthwhile.
Returned Peace Corps IT Volunteer
When I get the flu, there are two general methods-- go on with life and hope it goes away soon enough, or settle in with lots of nyquil, soup, vitamin C and zinc oxide and go into full anti-flu mode, sleep and let my body fight.
Winning these small battles at the front is fine, great for morale, but until the we admit that this is part of a huge war for fair-use, freedom to watch bought media however we choose (be it on a Linux box, a *BSD, or any other OS), and a general show to the world that there needs to be a serious re-thinking of media in the Internet Age.
The whole war, through to the end, must be fought. By avoiding it, by winning the small prelims, we can push the rest back and delay it, but I fully expect this to end up before the supreme court.
Lawyers, this will be the Scopes trial for the 21st century, so if you want a name, be the pro-bono defendant for the 500 John Does et al. I hope to see one of the techno-lawyers from Steptoe & Johnson or the like step forth to take this on.
The ACLU made itself, almost accidentally, with the Scopes 'monkey' trial; the EFF can become what we all need and want it to be with this legal war.
I am confident that in the end, we will prevail--the law cannot hold too long nowadays in the complete absence of a reality behind it, and the reality is, once someone owns a piece of media, there's no way to prevent them from their fair use of that media. I just bought a Voodoo 3 3500 with the TV-out feature. I don't even need deCSS to copy my DVDs, just a correctly set-up VCR. Not why I bought it, I want to watch DVDs on my TV from my computer's player, but what are they gonna do? Add me to the Doe list because I own a VCR?
Returned Peace Corps IT Volunteer
Because of the way the legal system generally works, can the decision on linking be used as precedence in other cases in California in the future? Any lawyers here?
Someone else in the US who can arguably deny that they haven't seen the DeCSS source (or any other source) writes an implementation from that description. There's a lot of legal and practical history behind these sort of techniques
Doing it open source - with a CVS tree of the development process as a record would be an added bonus (though best not to tell the DVD lawyers what you are doing 'till you're done).
Better yet - competing teams producing different implementations (who's going to offer the bounty for the best performing implementation :-)
As far as keys are concerned - if they're really trivially crackable without secret knowledge .... ship the cracker with with the source - run it as part of the installation process on the end-user's box
...about the US legal system. Hadn't the DVD CPA already filed for a preliminary injunction, and lost? Are they allowed to ``play again'' as often as they want? I mean, isn't there something somewhere about ``non bis in idem''? I know this is but a preliminary injunction, but it is considerably unfair if they're allowed to go to as many judges as they want and demand an injunction from each of them. Sooner or later, of course, some judge will agree.
Or, to say things differently: one judge said it was all right to have DeCSS code on line (until further trial), and one judge said it wasn't. Why does the second judge's ruling prevail? Why is it an AND boolean operation and not an OR?
<rant>All right, hackers frequently don't understand the law. This statement, true as it is, does not criticize hackers: it just shows that the law is stupid. (Unfortunately, it is just as stupid in every country; it is merely differently stupid.)/rant>
Please, post all mirrors!
http://www.chello.nl/~f.vanwaveren
Actually, for all their actions, the DVD Consortium is not at all concerned about de-CSS. They plan to lose. What they want is to be able to point at this case so they can convince the U.S. Congress to pass new, more restrictive laws to allow for nearly un-breakable encryption schemes in the future AND an addendum to the current DMCA clearly making it felonious (Federally) to hack at it. All this noise is for future schemes. They are aware that they've lost for the present.
Plus, of course, they have to justify their existence.
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
It gives the impression that lawyers know and understand their rights and know what the law is. The fact that even the lawyers do not know how a case is going to turn out, proves otherwise. Lawyers do have the time to research the outcomes of previous cases and their strongest ability is to try to get consistancy in the law by citing previous decisions.
Governments do not make the laws.
It is not until a judge decides that a law is constitutional and decides on it's meaning that it has any power. The Digital Milleninum insanity alone is proof of this. Written by a number of lawyers, no one can identify it's purpose or meaning anymore. Perhaps laws should be written by children.
The legal system is not consistant.
This is the one thing I had no real understanding of until now. I knew that the laws of different countries, states, etc. were different but I never realized what an outdated concept we work with. A 15 year old from Norway is being charged in California. The judge from that trial appears to be working of an entire different legal system than the judge in new York. I suspect both of these trials will then be brought up to a higher court regardless of the ruling and each will be used as precedent in the other.
People do not understand judges
It amazes me to see people mirroring DeCSS now that a judge has asked us not to. What is the point of doing it now? Is there someone, somewhere who doesn't have it yet? Are you doing it just to spite the judge? If so, then perhaps it is time to consider the concequences of your actions, not to yourself but to the defendants and the court's final decision. To pull your copies, as I am doing, is to show respect for the court system. If you do not respect the court system it is likely to not respect you or your arguments right back. I would suggest that it would be best to replace your copies of DeCSS with copies of the court decision and a well written opinion of how you feel about them. In lack thereof, grab the Score:5 reply of your choice and post it. Currently, the request is to remove them until the court makes it's final decision. That seems reasonable enough and does not prevent us from putting it back up after the court has made it's decision. If you want to mirror it once the case is over, that's your decision and does not reflect on any way on the defendant's case. However, by mirroring it now, you put someone other than yourself at risk.
-----
Want to reply? Don't know HTML? No problem.
No Zen is good zen
I've not really dug into this stuff, but from a cursory glance, isn't it true that the reverse engineering of the encryption algorithm is being treated separately from the "intellectual property" that is the master encryption key that is necessary to encode the disks?
If this is true, AND the main issue is that this key was gleaned from the object code of a licensed software DVD player, why can't one get around this issue by brute-forcing the key? I thought it was only 40 bits. Then it would be a "pure" reverse engineer, and not not be reliant on this supposedly stolen piece of intellectual property?
Or have I missed some details in my skimming of the issues?
The problem with that assertion is the question of what constitutes "improper means," and more to the point, what constitutes knowledge of improper means.
If, for instance, I knew that the DVD industry's trade secret information had been gained by someone breaking down the door of their headquarters, crowbarring his way into the file room, and then stealing documentation on CSS, then clearly I should be enjoined from redistributing that information - it was gained by improper means, and I knew it.
I, and no doubt many of those who distributed the code, did not believe the reverse engineering that yielded forth the decryption algorithm and keys was somehow legally "improper." The DVD-CCA would like the legal system to equate reverse engineering of a software product with breaking and entering. But we think differently, and therefore, we did not know about any improper means.
It's true that ignorance of the law is no defense (and seeming to flout the law is a very poor one. Some of the statements on defendants' websites are voraciously stupid - one site in the NY cases even uses, and continues to use, the word "Moviez" and describes meetings on IRC for the purpose of copyright infringement.) But if you look at the precedents thrown about both by EFF and by the CCA, you see that revere engineering isn't a grey area of law - it's a horridly black-and-white splotched area, with precedents going every which way. There appears to be no general formula, under current legal precedent, to determine whether a particular instance of reverse engineering was proper or not - and the DMCA just muddles the waters a lot more. (What's "interoperability?" What's "a security system?")
The CCA, apparently, wants the judge to rule that the reverse engineering was improper (and the funny thing is, he can't, because he is not a Norweigan judge), and then retroactively apply that ruling to the defendants, saying in essence: "The reverse engineering was improper. Because I am saying this to you now, that is the law, and it was the law when you distributed the trade secret information, therefore, you should have been aware of that law, despite the fact that nobody had written it down yet."
When a layman thinks that an act is legal, but is aware of the possiblity of the act being construed as illegal, it's called a "chilling effect." When it has to do with information, it's a chill on free speech.
If this case finally tilts towards the CCA, it sets a very, very dangerous precedent - companies will be able to establish a de facto standard, and then sue and repress anyone who learns what the standard is and attempts to create their own device to adhere to the standard. It would be a judicial grant of monopoly power, right up there with the legislative grants of monopoly power (copyright and patent.) While copyright and patent are good things in the public interest, it's Congress that decides that.
A decision in favor of the CCA would have the effects of chilling free speech and abrogating a clearly legislative decision to the courts, and the fulcrum of the case is something that the judge cannot decide.
I think it's time for everyone to go home, but the CCA's cries of "hacking" are striking fear into the legal system. And that's what their real case is - exploitation of the fear of things not understood. You and I know that lawful reverse-engineering is one thing, and spreading viruses and cracking systems is another, very bad thing, but few people without technical knowlege do.
Unfortunately, those people are making the laws that everyone has to live by.
If your favorite artist is some sort of internet artist with no industry contract (note: most 'indie labels' you may have heard of are also owned outright by the industry labels, they are fake), then you can support your favorite artist directly.
If they signed, you probably can't help them at all, certainly not by buying their record- you probably don't have the power to help them break even, so they are going to be going up for contract renegotiation from a position of weakness and debt anyhow. Being in such a position of weakness is even worse than being in a position of naivete- many bands simply break up under the stress, typically to be not allowed to perform or record music independently (gee, like kevin mitnick not being allowed to hack), due to the contracts they signed off on, for a period of time that can be quite arbitrary, say five years perhaps.
Regarding your 'maybe I'm too naive but': who are you going to believe, your optimistic sense that is not backed up by observation and reality, or Steve Albini, who's been working in the industry as a producer and engineer for years, decades, and has been responsible for hit albums?
Better you should turn to the real indie scene (still vaguely happening) and the mp3 scene, and be optimistic about that, and optimistic about those people having a chance to work hard for their money and earn a little of it. Being optimistic about the industry is kind of like being optimistic about AOL or Microsoft- you get to feel nicely fairminded for a few minutes, and then you get proven wrong yet again. At what point will you set aside the 'can't be all bad' concept (which is VERY VAGUE- you think I'm claiming they eat babies or something?) and figure out, "This is exactly how bad they are. The individual people may have these various merits and be fine people, but as a collective entity (a corporation), they are THIS bad and you gain nothing by going along with it."
Since the judge is holding that the charge of misappropriation on the basis of circumstantial evidence has some basis, then the solution is to re-do the crack without reverse engineering an existing player.
I wonder if knowing the key length (which we all do) would be too prejudicial? The DVDCCA don't seem to regard the number 40 as a trade secret at this point. Was the algorithm known before the crack? If so, then it is just a matter of searching 2^40/40 keys.