Slashdot Mirror
Interview: Jon Johansen of deCSS Fame (UPDATED)
This week's interview guest, Jon Lech Johansen, has been all over the news (and all over Slashdot) lately. He's the guy behind the whole deCSS thing. Jon has been getting interviewed all over the place, but I'm sure you have questions for him that the "straight" media people would never ask. So go for it! One question per post, please. 10 - 15 chosen questions will be forwarded to Jon Tuesday, and his answers are scheduled to appear Friday.
Update: 01/31 14:52 by michael : Several people have pointed out that LinuxWorld ran an interview with Johansen today. So, rather than repeat the same questions that LinuxWorld asked, people should check out that interview and see what questions they still have about the situation...
What did the cops take from you, and do you have any protection under privacy laws? (For private emails and whatever else they searched on your computer)
I remember a quote Linus had in an interview a while ago. They were talking about Linus becoming famous, and he said something like "yes well I still don't have 15 year old girls throwing their underwear at me. I think the 15 year old geek inside my is still kind of disappointed about that."
:). Though I'd imagine having 15 year old girls throwing underwear at you could put a strain on a marriage.
:)
Poor Linus
BTW if someone can find a link to the exact quote, I'd appreciate it
Not to play up the age card, but I for one was very surprised to learn that a 16 year old achieved such a mature bit of hacking. So my questions are:
:)
...and finally, what else do you do besides code? As important as what you've done is, I'd frankly like to hear about the other aspects of who you really are besides the computer stuff. I think it'd be interesting to shed some light on what other geeks do with their time when they aren't geeking out.
- What got you started down the road to geekdom and when?
- At 16 you've ignited a powder keg of controversy on issues ranging from property ownership, censorship, software platform independence and the need for greater separation of business and state. How does it feel to have such fame and how are you handling the pressures? Any tricks up your sleeve before you hit adulthood (18 y. o. here in the US)?
- How is your family handling this? Are they supportive? Not so? Be sure to sit them down and let them know, in very clear terms, that you have a huge community of the brightest minds supporting you and that regardless of consequneces, you have done a Good Thing (tm).
-
Bart G
Setup and Question for Jon Johansen: In the past we'd give a kid a computer, to keep them from going out into the street and getting into trouble. Now, it seems keeping a kid at home with a computer looks like nothing but asking for trouble. Do you think industries like the MPAA are purposefully trying to make using a computer potentially more harmful for a high school student to use than going out into the streets and getting involved with things such as hard drugs? They can't be helping make the computer safer for kids if they are going to go around the world arresting them.
I like this questions, because as far as i followed all the development, DeCSS was never
meant to be helping the Linux development, but
more to help making "backups" of DVDs on VideoCDs.
This may sound unfair, but it is the harsh truth. In fact this guy here even denied giving out the sourcecode of DeCSS for helping the Linux Community (yes, its true) - he gave it only to *one* person under a special license.
All the 'we just wanted to play DVDs unter linux' is nothing more than a well-working PR campaign to help protecting some people who just wanted to break copyright.
Although i don't think that Jon should be threatened as hard as he is now by the MPAA, he shouldn't on the other don't made a saint without questions like the one above.
Its true, DeCSS was windows and binary only. This couldn't help linux. Face the truth: There is only one reason for reading out DVDs under Windows: Recompressing it as MPEG1/VCD and burn it on a CD, and this is what 99.9% of all DeCSS-Users are doing.
With that in mind, I'm curious about what lessons we all can learn from this. Specifically, assuming that someone were about to do something similar, what would be the best way to avoid being prosecuted?
The easy and obvious answer is to do so anonymously (which begs the question of the best anonymous means to do so). But I'm wondering about the situation where one didn't want to do so anonymously. Are there any viable defensive strategies here?
Finally, thanks for your efforts. We are all in debt to you.
It seems like the MPAA has just about unlimited amounts of cash, and I'm guessing you don't. Do you have somebody taking care of funding your defense (i.e., the EFF), or can I send some money to a legal defense fund for you?
Hi Jon; When reading the popular press one gets the impression that you were charged numerous vioaltions of the law. What exactly have you been charged with?
Jon:
d ev/2000-January/002777.html )
Gregory Maxwell made a very interesting comment on the LiViD mailing list last week:
> Just because wired said it happend one way, that doesn't indicate that it
> didn't occure some other way entirely.
>
> A few days (perhaps a week or so) after the Xing CSS and key codes were
> cracked, someone released a no-player-key-needed method of finding CSS
> title keys and thus deriving all the player keys without ever knowing one.
>
> If you believe such an ingenious feat of cryptoanalysis occured in such a
> short time, I believe I have a bridge to sell you.
>
> The 'xing' crack was irrelevent. Because of inherit weeknesses in CSS
> (beyond it's 40bit key, which are too technical to discuss here now) we
> needed zero player keys.
>
> The CSS code has been out there for well over a year. I think people were
> waiting for the right time to make it public (i.e. cryptoanalysis that
> defeated the need to have a master key at all; and the death of DIVX),
> some moron decided to jump the gun about two weeks too earlier, and
> released the Xing player key to make it work.
>
> Had they waited another week the cryptoanalysis would have been done and
> NO vendors player key would have been required.
>
> As it stands, the Xing key may have been artificially derrived (say from
> the IBM key) and it was coincidental (or worse) that the key turned out to
> be Xings.
>
> So to be clear: Xing's players weaknesses (was it actually weak, or are we
> taking MoREs word for it) is irrelevent. CSS code was out before that
> player existed. The CSS algo is fundmentally broken (no playerkey
> required key recovery in 2^16 operations in 2^26 bytes memory) well beyond
> it's short key legnth.
>
> It would have been possible for someone to use such an attack (or another,
> say IBM's player key) and generate that Xing key without ever analyzing
> Xing itself.
( see entire comment at: http://livid.on.openprojects.net/pipermail/livid-
Do you have any response to this? The crux of the lawsuit in California is that they claim it is illegal to reverse engineer a program if a dialog box tells you not to. They claim that Xing was reverse engineered because their player key was supposedly the first one found.
In the light of Gregory's e-mail, is this true? Was Xing involved at all? Or is that an unsubstantiated lie from the DVDCCA?
Were you a "moron" for releasing your program before the means to decode CSS without ANY player keys was discovered?
In other words, are they more worried about forbidding the illegal copies, or are they more worried about forbidding the technology itself from citizens?
Anyone else think it's scary that people are quoting Slashdot comments, probably out of context, in a court of law, attempting to present some kind of "accurate representation" of the community and its opinions?
:P
Man, if I was the other lawyer in that case, I'd read a few "Naked and Petrified" comments and destroy that "Anonymous Coward" guys testimony.
No, I know, they could just look at my user number, and make me an "expert witness"!
I guess my question for Jon would be "Do you think tactics like using posts from one user, out of context, from an online forum should be allowed as testimony to represent the views of the community at large?"
Geez, I like DNA testing much better compared to this crap. With DNA testing, I'm 99.9999% certain as to someone's identity. With Slashdot, I've got the other 0.0001% certain about their identity, that they mean what they say, that they have any idea what they're talking about... etc., etc.
---
pb Reply or e-mail; don't vaguely moderate.
pb Reply or e-mail; don't vaguely moderate.
It seems like, with one of the primary arguments behind deCSS being the MPAA wanting to monopolize the DVD player market, that Linux hackers actually don't want a DVD player. If a binary Linux DVD player surfaced which supported decryption and the MPAA didn't ban it, that would show that the MPAA wasn't interested in monopolizing the market and be the end of deCSS source code. So we see a natural reaction: no Linux DVD players capable of decryption being mentioned anywhere or linked by anyone yet lots of argument that deCSS should be legal because if it was incorporated in some fictitious player that we don't want to mention, that the MPAA would surely ban it.
I was never here and you never read this.
If the MPAA allows a binary player to have decrytion, the conspiracy theory goes out the window and kiss the deCSS source code goodbye. Proving that the MPAA wouldn't ban a Linux DVD player if one existed is exactly what the community wants to avoid.
The answer is: open Linux DVD theaters in European resterants and bars!
Is this legal? In the US, this would be classified as illegal exhibition of copyrighted works. Bars/restaurants in the US can't just go rent movies from the local Blockbuster and play them for their customers.
Do countries in Europe just not have similar laws?
In the US, it's "private, home exhibition" that's allowed, which means I can throw a party and have music and movies going without a problem, since it's a personal venue, not commercial.
I'm sure that's how it's interpreted in the UK too, even if the law is technically phrased to prohibit what you suggest.
allowng anyone who wants to bring in a DVD play it.
Not trying to start an argument or anything, but this would still be illegal. Bars are commercial establishments, and even if they just provided the TV and player and "let" customers bring in their own movies, it's still illegal, except now the person bringing the movie can be prosecuted along with the bar.
Now I'm not saying a bar couldn't get away with doing something like this, but once the MPAA (or whoever) caught on, you can bet they'd take action.
Do you feel that your case is being handled in a particularly unusual way and, if so, how so?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why are they making this out to be a piracy issue when it's clear that it's not?
It's this type of weighted question that really irks me about Slashdot readers. It's analogous to Jim Gray's line of questioning towards Pete Rose at the annoucement of the Century Team (where he basically tried to pressure Rose into admitting he was guilty or apologizing for something Rose doesn't think he's guilty of).
The MPAA is making this out to be a piracy issue because to them it is a piracy issue. It doesn't matter to them that you or any other Slashdot reader doesn't think it's a piracy issue. To them it is a piracy issue, because whether or not the program was intended to do so, the fact remains that it does make piracy easier. There's no getting around that. Now it's up to the courts to decide whether it really is a piracy issue and whether or not the MPAA has a valid complaint. You can argue that all you want.
I'm sorry, I don't want to answer questions that are going to someone else, but honestly, this is completely weighted. You're asking a question that automatically prejudges an answer and also requires that the person take a side they may or may not agree with. Jon may have a different answer than me, but I'm still of the opinion that blatant "leading" such as this should be pointed out immediately, especially since they get pushed up so high by moderators who share many of the same biases.
And that's before we get to the fact that your asking Jon to shed light on motives that he has had no part in shaping.
There have been articles on Slashdot about the increasing use of Slashdot for mainstream articles, looks at the open source movement, etc. Apparently that has yet to sink in. Believe it or not, someone actually reads your posts, and when you say "fuck the law", that can (and has) been used against you.
I think the DVD case (among others) will be very important for the future of the Internet. It will decide reverse-engineering, home use, encryption, the reach of major companies (with major lobbying power), and the rights of consumers. And I would like to see strong encryption, the freedom to reverse-engineer, etc. But, this will only come if we play it smart. Support your cause without turning into 9 year old potty mouths. Don't give the opposition ammo.
Given that Johansen is accused of a crime against US laws (not Norwegian laws), it is possible that he will be tried in a US court. Will the Norwegian government pay for a lawyer? And will a state-funded lawyer stand any chance against the sort of star team that the MPAA could assemble with petty cash?
let me add one to this...
What is your opinion of the MPAA and the United States DVD Copy Control Association?
You live in Norway, where lifetime blacklisting is both a legal and acceptable business practice. Certainly you had to know that there would be repercussions from releasing DeCSS, yet you did it anyways. There is a very real possiblity that you might find yourself on such a list - despite my and other's opinions to the contrary, quite a few pointy-haired bosses out there think of you as a punk hacker kid who will cost a lot of "honest" businessmen a lot of money.
I chanced upon a guy in #linux who claims to run a software shop in Norway where you applied for a job and he flatly rejected you. Basically, he said that anyone who was dumb enough to risk a lifetime blacklist was too dumb to work for him. I have no idea about the verity of this story, but the rationale behind what he said makes sense - people who display a callous disregard for "the rules" don't often fit into the corporate culture. My questions are whether or not you have felt any of the backlash like that described above, and also if you now regret undertaking this project. Sure, you will live in infamy as the guy who cracked CSS, but at the same time you may have jeopardized your employment possiblities in your home country - and you're only 16.
--
I think there is a world market for maybe five personal web logs.
it's been suggested that someone in germany did the hack, not yourself. who did what?
in another interview you were asked why decss was written for windows when the idea was to make a player for windows. you stated it was made for windows while linux's ability to deal with the dvd fs was being sorted. why didn't you just copy the vob file? (not enough disk space?) did the computers the police took have linux versions of the decss code?
lastly i think it would be good to get a bitof tech clarification since i know next to nothing about dvd's. say a person was able to decrypt the vob. what exactly could they do with the resulting file? just watch the movie? or are the value added features on dvd's contained in the vob? perhaps a quick run through of dvd tech,or a link to it would be enlightening to those of us not up on dvd.
US Citizen living abroad? Register to vote!
First of all, the license fee is not $5000. In fact, we don't know what the license fee is, because DVD CCA refuses to disclose that information to parties they don't regard as "credible."
Second: Taking apart your lawfully obtained, personal property and figuring out how it works is perfectly lawful and ethical. Period. Shrinkwrap "licenses" are monsterously unethical and have no legal force. No amount of posturing or whining by wealthy media executives will change this.
Finally, I would urge you to read the Hoy Reply document, which contains as Exhibit B the full text of DVD CCA's contract. I think you'll agree that such terms as they demand are an anathema to the Open Source ethic.
Schwab
Editor, A1-AAA AmeriCaptions
Assuming Norways legal system works as in Sweden, this is simply not possible. "Deals" are explicitly disallowed in Swedish law. You can't get any "favours" by cooperating, because it is assumed that the same crime should always give the same punishment ("everybody is equal to the law", something like that).
Although I hear lately that the courts have been found to do this kind of stuff in semi-secret, even though it's illegal. There is an investigation going on, don't know what they will find, though.
It's not a question of erasing all copies of the source - that is impossible. Rather what do you think the reprecussions of this mirroring will be? As of yet, nobody has knocked on my door asking me to stop mirroring...
Do you have any plans to talk to media outlets that will listen to your side of the story? Do you KNOW of any such outlets? I believe the word needs to spread to everyone who has ever touched a DVD movie, the net, or even a computer. The only problem with that is it is SO SEXY to portray people like you in a mischevious light, and to make you out to be the bad guy. WE know that's not the case, but every medium and their company (save Slashdot) paints this as a "they-want-to-copy-movies" situation. How do you think we should educate the masses, and through which mediums?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Your response is no less weighted: "The MPAA is making this out to be a piracy issue because to them it is a piracy issue." We know this is their public position, but it seems hard to put together even a compelling prima facie argument for this position. Digitally-distributed content (as CDs) have been around for a while, and the music companies are richer than ever. Ditto software, despite minimal copy protection. Why are movies different? The MPAA has yet to answer this question, even in a cursory way.
OTOH, the encryption system that is virtually useless for combatting all but the most unlikely piracy is very effective at controlling the market for players. And there are boatloads of compelling financial motives for the movie publishers to want control of a market besides content distribution. They have read the writing on the music industry's wall -- the business of packaging content physically for distribution and selling those units is going to be a lot less profitable in the coming years.
Assuming that the MPAA believes it's own position is assuming that the MPAA is stupid, which I'm not yet willing to do. It even further beggars belief to suggest that their system for "protecting against piracy," while pitifully ineffective at curbing piracy, is "accidentally" a cunningly effective system for controlling the DVD player market. It had to be by design.
So, it is "clear" that this is not "a piracy issue". The issue is where the rights of the consumers lie in using products they have purchased, and where the rights of the intellectual property owners end. You may argue that the poster's question is self-evident, or a waste of Mr. Johanssen's interview time, but it is not weighted. It is self-evident to anyone who reviews the facts.
phil
Does he agree with your stance on DVD encryption, and the need for software players for Linux?
I've seen an interview with both Jon and his dad, so I can espond to this..
Yes. His father agrees with him. He understands the situation; that DeCSS was neccessary to make it possible to view DVDs on Jon's computer.
He didn't mention Linux in particular, but he said that it should be possible to view the DVDs on ones own computer.
I have noted for quite a few time before DeCSS that DVD piracy is already a serious industry. Methods range from "kitchen tricks" running from software hacks and ending in "fake" hardware (some even go to produce special chips).
:) on you contacts with those "defending" MPAA. So what do you think? Why you? And why DeCSS which clearly is a small rock in the Ocean? Do you think that this has only to do with the fact that they what to "show and hang" someone or anything else? Or that, by some reason, that don't want to expand DVD market from a small "feud" of OSes or software systems (that ocasionally play only in a few OSes)?
You have had already some "experience"
--
--
"Insert witty quote here."
I was about to say "the same moderator(s) who moderate up absurd accusations that cracking the css algorithm had nothing to do with playing DVDs under Linux" (which any perusal of the various linux DVD mailing lists will debunk in about two seconds flat).
l
However, you will notice that the information, which I will repeat here at a default score of "2", was posted anonymously. Anonymous Coward posts default to a score of 0: the post was not moderated down by anyone.
The links he referred to (NOT hyperlinked, merely reported as plain text as is, for now, still my constitutional right in this country (the US):
people.a2000.nl/mwielaar/dvd-css/csspaper/css.htm
www.lemuria.org/DeCSS/crypto.gq.nu/
www.derfrosch.de/decss/
The Future of Human Evolution: Autonomy
Before you apologize for your actions within the borders of your own country, it might help you to know that recently (the last decade or so), the definition of "justice" in the U.S. has become increasingly obsure. I was reading another post that had a link to a site called www.overlawyered.com. Here, there were several articles that chronicled BLATANT abuse of the legal system using civil forfeiture laws. These laws allow federal and state government agencies to seize your property ONLY if there's "probable cause" to believe that it was used in the commission of a crime. Adding insult to injury is the fact that in most cases, the agency conducting the seizure can keep and use the property as they see fit. No one has to be found guilty, or even accused.
And why did they choose you as a target?
------------------
------------------
You may like my a cappella music
First, I applaud you and the way you have stood up against the indignities you have suffered.
This is something that has been running around my mind since the beginning of this. Would it not have been easier to simply claim that you discovered the encryption scheme by accident? It it possible that you might have simply stumbled upon it while playing with a DVD. Since it seems the entire case revolves around the possible "illegal" reverse engineering to Xing's product, you could claim you never used it, you just happend upon the encryption one day.
Sounds stupid, but they would have to prove otherwise to have a case, right?
Finkployd
When is the ABC interview going to be on? Is it going to be on the nightly news, or on 20/20 or Nightline or something?
We heard ABC was coming to see Johansen last Thursday, but I didn't see anything about it on the nightly news.
Now the Linuxworld article made it sound like ABC was coming yesterday (Monday). So what's the deal? When can we expect to see this on TV?
Preventive War is like committing suicide for fear of death. - Otto Von Bismarck
Do you agree that their real fear might be raw video from DVDs being modified and republished?
Nothing to do with it.
Their immediate goal is make sure the artificial barriers in the DVD market stay in place. i.e. Currently, you can't watch a U.S. DVD on a player that was built for the Japanese market. Jack Valenti and his band of merry movie execs divided the world into six regions. By releasing the same movie at different times to different regions, they can maximize profit and minimize pirating (so... Hong Kong gets movies last)
Their longer term goal is to tell you when and where you can watch your media by controlling every play back technology. They want to take away your right to format-shift your media. They want to undo fair use.
Jon... whatever you do, don't admit to any wrong-doing. If you allow them to bully you into signing something that isn't true, it could be serious blow to us here in the U.S.
-- Kinesis, Defendant #2 in the DVD CCA case.
There are some win proggies that claim to rip the dvds. I didnt try them myself, but can be found on places like dvd.da.ru. Why is no one after these? Have these oficialy licensed dvd playback technology and just added the rip capability?
So Jon, do you feel that the industry is after you just because you made your findings and source freely available on the net?
How long did it take you to reverse engineer CSS?
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I would imagine that the guys over at xmovie would have/will incorporate deCSS with their current DVD player. From their web page, they say that it can already play non-encrypted DVDs, it would seem that it would be a rather minor step to include deCSS
The basic sleazeware produced in a drunken fury by a bunch of UCBerkeley grad students was still the core of BIND. --PV
It's obvious to me (and most people here on /.) that the intention for DeCSS was to have a decoder to allow fair use of one's own DVD's. As you (and others) have stated there exists machinery to copy DVD's regardless of whether DeCSS is used or not. Of course here in the USA the Digital Millenium Copyright act says that anyone who writes a program to defeat "copy protection" is violating the copyright outright. How does this USA law affect your legal battle?
Your father was also arrested when you were.
Did he know that you put DeCSS on his server, and what that software did?
Does he agree with your stance on DVD encryption, and the need for software players for Linux?
Gerv
Jon, I am 100% behind you, and cringe at the distortions of your efforts in the media. It is entirely clear that DeCSS has been developed in order to watch DVD videos on linux boxen, not as a means to "piracy". However, this point could be driven home a lot more effectively if there were actually a DeCSS-based linux DVD player. In understand that even with DeCSS, there are some technical problems getting DVDs to play on linux.
This is not a "when are you going to complete your player program" question. If I were a coder, I would help. My question is simply when do you see the first player actually being released? What are the remaining technical difficulties to getting DVD playback to work on linux, now that the CSS hurdle has been cleared?
They have contact info; you have to call to get it, so far as I can tell, but I got it. Use it wisely.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
..If you had the chance to go back in time, would you do it again?
It's misconceptions like this which cause problems.
DeCSS is not a Windows program, or a Linux program, it's source code. The reason that you have a Windows version is because somebody compiled it under that platform, not because someone wrote for Windows.
And he didn't write a DVD *player* at all, he wrote a tool to decrypt the DVD movie so it could be watched using a seperate player, something that could not be done before.
And you must be some kind of bad-ass k00l m0-f0 if you can copy DVDs using deCSS. The current DVD media won't allow for it, and only one movie would fit on today's hard drives.
So, to sum up. No, it's not a Windows program. No, it doesn't copy DVDs. Yes, it's needed to watch DVDs under Linux. And the court case is still going to be a pain in the ass because of people like you, spewing half-truths and total lies.
aÍÍ©ÍÌÍ£Ì'̽ͩÌÍzÍYÌÍÌY
Not a necessary question for the interview.
.. 78 ... watched TV and asked me about him. (I'm the local "computerfreak" who knows "everything" about internet, where I live :)) Even that old bloke supports Jon ;)
The support for him in the norwegian media has been POSITIVE. Almost exclusivly positive.
People like Gisle Hannemyr, Tron Oegrim and others (computer-dinosaurs in norway) is supporting his case. EFN (Electronic Frotnier Norway) is supporting his case. People like me has handed out flyers at the university.
My neighbour, which is
In other words, most normal people support him.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
"Rune Kristian Viken" - http://www.nwo.no - arca
Non-necessari question, as the media has reported - EFF takes care of the defence-fund. They're getting him a top-notch lawyer.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
"Rune Kristian Viken" - http://www.nwo.no - arca
I disagree. It cannot be proved that Jon - or more correctly - the person that reverse-engineered the program - ever clicked 'yes' to any agreement.
Therefore, it should really be a non-issue.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
"Rune Kristian Viken" - http://www.nwo.no - arca
I think the .. uhm .. "criminal-lower-age" (uh, how the heck do I translated "kriminelle lavalder" to english?:) in Norway is 15 years. In other words, from the age of 15 - you CAN be hit by the full force of the law. In reality , you are not. But you CAN be.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
"Rune Kristian Viken" - http://www.nwo.no - arca
It has been noted in several articles that your case was mentioned in the Norwiegen Parliament.
Have they done anything about the treatement you, and your father received from the Police? Or have they decided to sit on the and let the MPAA run the show of things?
I can answer that question for you. The Norwegian Parliament doesn't bug into police affairs. The case was brought before the parliament - with requests to review the laws. Not to comment on the specific case.
If I understood the press right, The question was if the laws should allow more reverse engineering and more freedom than they already do.
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
"Rune Kristian Viken" - http://www.nwo.no - arca
Read http://www.cnn.com/2000/TECH/computing/01/31/johan sen.interview.idg/index.html for an interview with Linux World. This will answer some of your questions before he is asked a repeat question.
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
First of all, my condolences on your arrest and treatment at the behest of my former homeland's authorities. Many people outside of the U.S. don't realize just how important money is there and what lengths the authorities will go to to protect profits. For what it's worth, your pain will serve as a wake up call to many.
On another topic, I have only seen an object code release of DeCSS. In 20-20 hindsight, had you ever thought about releasing the source? A source release of DeCSS would have likely splintered into a couple of hundred ports and versions rendering moot any prosecution of a single individual.
Life is a tale told by an idiot, full of sound and fury, signifying nothing.
William Shakespeare
How do you feel about the fact that the Norwegian police essentially played the part of hired goon to a large corporate conglomerate? It's bad enough when this happens in the United States, but the fact that the Norwegians did this has to surprise you quite a bit.
-- atomly
It's bad enough when this happens in the United States, but the fact that the Norwegians did this has to surprise you quite a bit.
Why is this? Is Norway supposed to be a bastion of free speech or something? I would assume the MPAA has as much power in other countries as it does in America, so I don't really see why this would be so surprising.
___________________
rooooar
Do you think region codes are affecting the price of DVDs in Norway? I know it's hard to give a universal reference for prices, but maybe you can answer it this way: if you bought the same movie on both DVD and VHS, what would the price ratio be between them? We can compare that to the ratio in our own regions, to see whether there is any predictable variation.
And by the way - what region is Norway in, and what other countries are in the same region.
--
It's October 6th. Where's W2K? Over the horizon again, eh?
Sheesh, evil *and* a jerk. -- Jade
Where did your original programming experience come from? I'm speaking in terms of your ability to reverse engineer the encryption and apply the key in a useful mannor.
Justen Stepka
Do you regret distributing your work? While I'm sure you must feel proud for standing by your beliefs, is the impact on your life harsh enough that you wish you have never cracked the encryption?
I'm sure everybody here is very glad you did, but we don't have to live under such scruitiny. Thanks for keeping up the fight for what's good.
What's your favorite DVD to watch and did it have anything to do with your reason(s) for wanting to watch DVDs in linux:}
My apologies - it was knocked up fairly quickly in Excel :(
:)
Let's see. 7 KB/sec means you can get 420 KB/min or 24.6 MB/hour, or 590.625 MB/day so yes, 6 days, 18 hours, 32 mins 22.9 secs. Which is, of course, assuming conditions that never happen.
My apologies for the duff initial maths. Can't see where the problem is - I went over it a few times coming from the other direction, but this is clearly right.
Oh well...
Incidentally, let's look at what that would cost over here. Assuming you find it on an FTP site with resume so can only do this at the weekends when the calls are cheapest, you get charged 1p/min. Premier Line (cost: £6 per quarter) combined with Friends and Family can drop that down to 0.75p/min. There's also BT Together but last time I heard that saved a maximum of 70p a month or something silly so I'm not bothering with that
Anyway, in perfect conditions you're still going to take 9752.4 minutes. By my reckoning you'd have to pay £73.14 for the phone call at the least.
Once again, my apologies for getting the maths wrong, though I did check it, honest... But it's still not even slightly practical, TBH.
Greg
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
OK.
We seem to be mostly agreed that this is harassment to maintain a stranglehold over the player market. If these things are out there and NOT being pursued, our case is rather stonger.
How can we bring this to the attention of the EFF to use in their defence?
Greg
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
OK, which countries sell region-free players?
The potential problem here, though, is with electricity and output standards. You appear to be in the US - I'm in the UK. If we both bought standalone DVD players then swapped, neither would be usable. You have 525/30 NTSC with 110v AC, we have 625/25 PAL with 240v AC.
Out of interest, what makes region locking globally illegal?
Greg
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
It gets better - that's the cheapest rate with all the standard discounts.
:)
If I want to log on between 8 AM and 6 PM during the week (when I'm at home this is - right now the university pay!) it's 5p/min before discounts, 3.75 after. Daytime rate, even with discounts, that amount of use would cost you £365.70, assuming my maths is better than it was last night
1p = 1.6 US cents, roughly.
Now you see REALLY why we don't like our telecom or the regulator that allows this...
Greg
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
I have to agree about weighted questions, but...
This may well make DVD copying easier. But it's only creating one more avenue.
Let's see. If you can lay your hands on DVD mastering equipment (which seems to be a possibility for a number of firms in Hong Kong) you can just create a bit-for-bit copy. Not protected against in any way.
If you've got a video capture facility - not that uncommon, comes with most TV cards - you can grab the image THAT way and then copy it out however you want. VHS and VCD seem the popular ways. Both are possible, though you may need a descrambler box as they've done some funny things with the data output to try and mess up the equipment.
There seems to be software out there to copy direct to VCD - I've seen it referred to and I once heard someone on another machine in a lab referring to their using it. Can't find a copy to prove it, though.
Theoretically (read I'm told this is possible but research hasn't turned up any links yet) you can write a fake video driver that grabs the data on the way through and can also do what it likes with it.
Then there's DeCSS. Which will, admittedly, produce a decrypted playback stream. But you play that how? You can't burn your own DVD as DVD-R discs are sold with a section pre-burnt blank precisely to stop this. If you can get round this then you really don't need DeCSS as you can just make a bit-for-bit copy, encryption intact. And this can't exactly be traded over the net like an MP3 - the resulting file is GIGABYTES large.
Let's say 4GB for example - well, that's 4096000 KB by my arithmetic. On a 56Kb modem running at maximum possible efficiency you might get 7KB/sec. If I started downloading it now and nothing went wrong on the way, it wouldn't be finished until 23rd March next year! Assume more realistic conditions - my modem normally connects at 31,200 - and I'd be waiting until Christmas 2001.
Somewhere in the film industry there's probably someone who genuinely believes that this is copy protection. They deserve our pity. The only practical purpose this serves is maintaining a stranglehold on who can manufacture players. And I can't see that as defensible.
This suit deserves being laughed out of court. Our perpetuating the MPAA's bogus argument should be avoided, in case we inadvertently give credibility to these individuals.
Disclaimer, before I get accused of being a pirate for researching this: I don't posess a DVD drive of any form. Or any DVDs. Or any pirate VCDs or VHS cassettes I've ripped on friends' computers. I do posess a CD-RW drive, purchased so I can make backups of my work.
Greg
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
I heard that Jon wasn't the actual reverse engineer on this project. He was just the first to publish it from what I heard. According to this link, he said that he wasn't the reverese engineer.
I've been positively dumbfounded at the spin the corporate heads are putting on this. Rumor has it that Gates finally managed an erection thanks to the media coverage. His wife thanks you.
.02
My question is: I'm sure you've explained all the basics to the agressors here - that it doesn't facilitate copying, it doesn't actually break anything, the encryption doesn't protect the disc and it's too expensive to do anyways.
I just want to know what on earth they say when faced with such obvious and amazingly verifiable facts. How can they continue to accuse you of being a portal for piracy when that's so obviously not the case?
Thanks for your pains man, there are a lot of people that wouldn't go to bat for what they believe.
My
Quux26
My
Quux26
www.crashspace.net
Are "Shrink wrap" agreements enforcable in your country, and are you as a 16 year old subject to contract law? In the us, 16 year olds cannot enter into a contract, I'm wondering if it's the same with you.
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
In discussing this topic with "regualr people" (those folks who don't live and breath tech) I've found general support for the people and very little for the MPA(A).
What, IYHO, is the general reception you have felt about this issue? Have you been able to explain your position and have it understood? What are some of the stranger assumptions you have come up against?
+&x
I just found this (from the livid-dev mailing list archive). It explains how DeCSS was done and by whom, as well as Jons involvement.
Please have a look at it. It clears up a couple of things...
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
It's easy for people on /. to talk about not letting big corperations push them about, but I'd guess that it's a lot more difficult when you actually have to do so, in face of being arrested.
Considering that you compiled promptly with the original cease and desist order, do you envisage a situatition where you have had enough, and admit "guilt", to get off with a "warning", or will you struggle to be complete exhonerated?
IMO, It's important to resist, because of the precedent it could set, but it's on thing to talk the talk, and different to walk the walk.
--
Exigo spamos et dona ferentes
Why do you think that DeCSS was made to be such a big deal. The movie pirating community has been copying DVD's with computers, using software just like yours for over a year now. I personally ahve copies of 3 different peices of software dating to march 99. So, what was all the ruckus over DeCSS?
It has been noted in several articles that your case was mentioned in the Norwiegen Parliament.
Have they done anything about the treatement you, and your father received from the Police? Or have they decided to sit on the and let the MPAA run the show of things?
What overall is the people's (that are in charge) reaction to your arrest and questioning by the police and the manipulation of the media (somewhat) by the MPAA?
Is it progress if a cannibal uses a fork?
Has that coverage been fair in describing your beliefs, or does it appear to be strictly the MPAA/authority view?
Most of all, how do you think it compares with U.S. media coverage (CNN, L.A. Times, etc) of DeCSS?
--Humpty Dumpty was pushed!
Given the DeCSS mess will be resolved in court where excellent (read expensive) lawyers will decide the results (round after round). How well funded are you? Will you need monetary support to robustly and sufficiently defend yourself? If so, how can 'the community' help?
(Perhaps Andover.net could operate a fund for this pariticular case?)
Did the arresting officers say or do anything that blatantly hinted that they were doing this because of pressure from the MPAA or the United States government? What kinds of questions did they ask during the interrogation? Were they looking for other people to arrest?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Is this legal? In the US, this would be classified as illegal exhibition of copyrighted works. Bars/restaurants in the US can't just go rent movies from the local Blockbuster and play them for their customers.
Good point. I would suspect that the laws are not uniform (maybe the EU has something to say about it, but maybe not). We could get arround this by having the bars provide the TV & player and allowng anyone who wants to bring in a DVD play it. The local anti-MPAA people could order themselves DVDs of new releases that are not released in Europe and watch them at a bar. Where other people would see the movie and want to know how they got it before it was released, thus spreading the word. A bar is a personal enough setting that it *might* be hard to attack anyone involved if it was not explicitly a promotional stunt by the bar.
Jeff
BTW> The majority of MPAA movies are not very good so actually seeing bits and pieces of the movie would take the thrill out of going to the theater for many people.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
If it's Illegal, then could anyone buy a DVD from a different region, try to play it in their own region, and as it won't work, sue the DVD player manufacturer? The MPAA? Anyone? Would it be possible to start a grand scale legal crusade against all DVD manufacturers, just as they are (3 litigations and counting)???
You would have difficulty getting the case to court since the damages are so small, but a class action lawsuit might work. It would be a good idea to file complaints with the various consumer protection orginisations who normally handle the class action lawsuits. It would also be interesting to file hundereds of suits in small claims court, but I don't know how well this would really work,
The best solution is probable to try and get the regionless DVD players that they sell in some countries (the ones who inforce the laws about region locking being illegal) out onto the open market, i.e. set up a mail order shop in one of these countries. We could really hurt the movie industry by getting Europeans access to cheap american DVDs that come out before the movie is released in theaters (assuming people play them in public so that no one will want to wantch the movie) and giving everyone access to cheap indian DVDs.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
The MPAA is making this out to be a piracy issue because to them it is a piracy issue. It doesn't matter to them that you or any other Slashdot reader doesn't think it's a piracy issue. To them it is a piracy issue, because whether or not the program was intended to do so, the fact remains that it does make piracy easier. There's no getting around that. Now it's up to the courts to decide whether it really is a piracy issue and whether or not the MPAA has a valid complaint. You can argue that all you want.
This is not true! We do not know their real reasons, but ANY good analysis of the situation should take into consideration things like region codes and independent film distribution. The relevent facts are:
1) Region codes are illegal (under international law and many national laws), but very few countries enforce these law. The MPAA wants to protect their illegal use of region codes to provide crappy (delayed) releases in Eurpoe and extort additional money from Europeans. The biggest threat that DeCSS represents to the MPAA is that Europeans will buy DVDs legally before they are released in Europe's theaters.
2) The MPAA wants to control distribution. Currently, they have a strangle hold on independent films because they control printing. The real threat to their dominance from independant film would come if people started distributing independant films directly via selling DVDs.
There has been a lot of talk about fighting the MPAA by boycotting movies. I think this is a wonderful idea, but I think we would be more effective if we make it easyer for the masses to boycott movies. How do we do this?
The answer is: open Linux DVD theaters in European resterants and bars! If Europeans start seeing the new releases in bars before they come out in theaters they will be less likely to see the movie in the theater. This in one of the best ways to hurt the MPAA's pocket book, so if you live in Europe you shouldconsider helping you local bar wire up a regionless DVD player or a Linux box to play new releases from America!
And that's before we get to the fact that your asking Jon to shed light on motives that he has had no part in shaping.
This is correct, but it is likely that Jon knows more then the author of the original post.. and can probable provide additional hypothetical incentives (like the above) which are much more realistic then the MPAA's piracy argument.
Jeff
BTW> It would be nice if someone would post the address of a place to order a regionless DVD player.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I own DVDs. I don't own a DVD player. It belongs to one of my roommates, and is currently in our basement community room. If I feel like watching a semi-crappy-quality VCD on my 19" monitor in my room, I'm entitled to do so. If I need software like deCSS to help me, then so be it. For that matter, VCD's aren't that great looking. What's to stop me from dumping VHS tapes to VCD under fair use? Nothing. What's the difference in quality? It can't be much. We're crunching 70 minutes of video and stereo sound into the space normally required by raw sound at 44.1KHz.
Sorry, OT, I know.
Read the article at Wired. He says himself that it wasn't he that broke it, but two other anonymous members of MoRE!!!
Have you found any support from people (aside from family) in Norway? Has the public reaction to the arrest been favorable (i.e. in support of you) or negative?
In Soviet Russia...michael would be rotting in Siberia!
Considering the effects of your code: the media attention, the legal disputes,and the freedom that it might help to bring, would you do the same (or something similar) again?
let me just say, ARGH.
The guy being charged, Mr. Johansen never released a Windows program of any sorts. What he *did* release was the source code to decode the encryption.
With the source code, someone else created a Windows program to decode the DVD. While I'm on the subject. He also did *not* write the code to break the encryption, he was merely the one who posted it and stood behind it.
Hope that helps.
There seems to be software out there to copy direct to VCD - I've seen it referred to and I once heard someone on another machine in a lab referring to their using it. Can't find a copy to prove it, though.
I found this link in an earlier DeCSS article; it lists no less than 19 programs under the DVD-rippers header. Now, from what I can gather, a few of these programs need to be used in concert, but the fact remains that there are several methods to rip DVDs out there, only one of which is DeCSS. Now, I haven't used any of them, but from what I can gather--especially from looking at some of the quite detailed "how to rip DVD's using blah" articles I found on the above link--it appears to be quite a lot easier to get yourself either a lossless or a reduced-size mpeg of your DVD's using the tools that were already out there than with DeCSS.
If you had it to do all over again, would you still do it, know the (unfair) legal mess it would land you in?
The cake is a pie
Has your legal team considered a large-dollars countersuit, alleging slander, libel, and harassment (specifically, that they are claiming you to be a video pirate in absence of proof otherwise)?
Maybe if you took a logic course, you'd understand the term "weighted". In legal terms, you'd be "leading the witness".
... "How often do you beat your wife" infers that you <em>do</em> beat your wife. The question, honestly asked, would be "Do you beat your wife, and if so, how often?"
The idea is to ask a question with an answer in it
His comment that to the MPAA this is a piracy issue wasn't a weighted question because it wasn't a question.
Period.
- Michael T. Babcock (Yes, I blog)
What kind of software work have you done before this? Have you always been interested in codes and/or code-breaking? Code-breaking isn't the type of thing that everyone figures out easily; do you find yourself a natural? On a side-note, would you take a job from the NSA? :-)
- Michael T. Babcock (Yes, I blog)
Did you violate the End User Licence Agreement for the Xing player? Did you even accept it? Can the keys be extracted from the Xing player without accepting the EULA? Can DeCSS be recreated without exploiting the openness of the keys in the Xing player?
You've obviously witnessed the hoopla the release of the DVD code has created in the movie industry, and it's effects of prosecutions and even your home being raided. Thus said, if before you released the DeCSS code, you knew of all these consequences and controversies that would be created, would you still have released it? Or, knowing these consequences, what other steps may you have taken to release the code to the public?
make world, not war
I think that the charges you are facing is rather ridiculous, but I have to wonder: Why Windows? If the motive of you and the group you worked with was to have a DVD player for Linux, why release this program that works only under Windows?
I'll do it for cheesy poofs.
How have your non-hacker friends in your normal life responded to your notoriety? Do you get weird looks in school, or at the supermarket? Any interesting propositions from the ladies? Does anyone even know or care about what you did?
Unix: Where
Why didn't you simply create the source in secret or using a forged identity or perhaps an alias? If one wishes for something to spread in some way the usual method to do so is to allow the talent to not be destroyed or diluted in any way. My question did you consider the possibilities about breaking this encryption scheme and what kind of response you would have generated?
Slashdot social engineering at it's finest
You say:
"Legally, the keys and encryption are (i believe) the intelectual property of the MPAA(or someone related)."
This is meaningless. Everything he worked with was sold to him; those keys were somehow mixed in on the disk and player, which he bought. Figuring out the key on the disk is no different than processing any other legally acquired copyrighted material -- is it against the law for me to count the number of words in the paperpack I just purchased, or otherwise analyze it ?
If I apply some stylometry techniques to some of the junk paperbacks out there and discover that one of those prolific authors is actually four or five, can I be sued for revealing the secret ? No, because if the publisher didn't want me to look at the book, they shouldn't have taken my money and given me the book. If the DVD producer had a secret, then they shouldn't have put it on hardware and disks that they sold all over the world. Instead they wanted to both have a secret and share it, and their math wasn't clever enough. Not our problem.
You say:
"It's like breaking into someone's home (by whatever means, violent or nonviolent) to steal or copy something of theirs that you feel you should have."
It's not like that at all. Some moneyd interests might approve of you saying so, since they want people to feel guilty about cracking those keys, but he didn't go to anyone else's home; he was in his own home, with property he purchased legally. In what way did he steal anything ? Immitation is not stealing.
You say:
"Since they're still the creaters/owners of the encryption, it's their right to determine who has access to the keys."
Setting aside for the moment how you can possibly own an encryption, I'd like to point out they sold him those keys on the disk and hardware.
Now, they didn't count on him being able to read it. But that is simply a bad business break. You can't expect the courts to go around throwing people in jail everytime some little piece of information makes your business plan out of date.
You say:
"And while their not including Linux does suck (i agree!), how do you feel that what you did for DeCSS is justified?"
Why does he have to justify anything ? If he took that damn player out in the woods and blew it to pieces with a shotgun just for jollies, well, it's his player. Instead he looked at it and figured out a bit about how it worked, and told some other people. What's wrong with that ? If the MPAA wants an uncopiable medium, why don't they make one and sell it ? Ok, so they did try, but they missed. Is that reason to take your lumps and try again, or is that reason to run to the government that always takes your soft money campaign contributions and demand that they start throwing people in jail ?
Knowing what you know now, would you do it again?
Do you have any advice for other hackers thinking of challenging the system?
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name
Whatever Jon says here will be used against him and others in future court cases. Count on it.
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name
2) Given the fact that you were well within your rights if I understand Norwegian law correctly, are you planning a civil suit? If so, how much are you planning on asking in damages? Would you plan to include defamation of character due to the comments in the LA times story?
Ok, that's more like 4 questions...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
So now that Kevin Mitnick has been released, what do you think of the theory that you are the new "evil hacker" persona that the powers that be have decided to make an example of?
Enter the DirtMerchant
When you first put DeCSS on your website, did you expect the fuss and attention it has gained? or was this a huge suprise to you.
Now you know about all the hassle that has resulted from your posting DeCSS, the arrest, the press attention etc.. If you could go back and change your miund about posting it, would you?
Breaking commercial level encryption is quite a feat for a 16 year old. What is your background and experience in programming ? What platforms and programming languages are you familiar with ?
Do you feel that this entire "legal" debacle was prompted not by your own local jurisdiction's concern, but rather as a result of the U.S. government's ability to make a decision, then force said decision on everbody else? I.e. Do you feel that you were you arrested because *your* government decided to, or because the U.S. government decided to?
.------------ - - -
| big bad mr. frosty
`------------ - - -
As is a (thankfully) usual reaction to such a blatant injustice, the Slashdot community (and many others) have been scrambling to figure out ways to help you and others prosecuted in the name of this whole DeCSS fisasco.
As one (if not the) most persecuted individual as a result of DeCSS, what do you think the rest of the supporting world should do to help you out? What should the people who want to help do, besides the obvious posting of the DeCSS source and the general badmouthing of the MPAA?
------------
"Okay, who taught the cat how to type ctrl alt delete?"
To what extent would you be willing to comply with 'them'(ie, the MPAA, the gov't...)? Is there anything(code- or principle-wise) that you would be absolutely unwilling to compromise?
===
-Ravagin
Karma: T-rexcellent.
Copying DVDs bitwise can be done.
One should suppose the movie business would like DVD going to Linux, opening a new market.
Therefore it's a little strange to see them suieing someone who lets players be more abundant. Do you agree that their real fear might be raw video from DVDs being modified and republished?
Would the DeCSS technology allow players (the hardware, not the software) to be made by companies that have not bought licenses from DVD CCA? Would there be legal issues beyond the claims that are being made against you? It seems that this also poses a threat to the DVD CCA's bottom line.
Best of luck.
"You can't get something for nothing." - my grandfather, on the stock market and Reaganomics.
Do you plan to use this unwanted fame and become a spokesperson for Freedom of Information or will you do your best to step out of the spotlight once this thing is over? (I can assume that a movie deal with you as the hero is not in your future... :)
-----
No Zen is good zen
I would be curious to know whether you have any indication from the police of when they might conclude their investigation and either bring charges or return your machines.
-- Eythain
What tools/techniques did you use to reverse engineer the protocol/scheme?
Are you able to describe the methods or are you prevented from makeing those public as well?
*** www.linuxuk.co.uk relaunches 1 Mar 2000 ***
blog and junk
What do you think they should have used for their encryption and what do you think they will do next w/r/t encryption of DVD?
What do you think of all of the publicity that you have received over this. What do you want to say to the reporters/articles (ZDNET,CNET,Wired, et al) that have characterized you as a criminal hacker that is trying to ruin the entire movie industry.
kwsNI
Do you consider yourself to be a hacker, and do you think that the negative stereotypes fasley assosiated with the term "hacker" have effected how the government has handled itself in your case.
--Hephaestus_Lee
"[Y]our wise men don't know how it feels to be thick as a brick." -- Ian Anderson
I haven't seen a direct statement from you as to what type of help you need most right now, but I'm sure there are many who would like to assist.
Considering that you face criminal charges, shouldn't you be concerned that any statements you make here may be used against you at trial?
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
Being from a fairly liberal nation, it must be fairly puzzling to be made the "example" of by the american government. How has your opinion of your native country, and that of america been chasnged by all of your experiances- especialy considering you've cooperated for the most part?
How do you expect your age to influence the charges against you?
Judge Pag, the Learned, Impartial, and Very Relaxed
When can I buy the book And will it have the source included?