Slashdot Mirror
Interview: Jon Johansen of deCSS Fame (UPDATED)
This week's interview guest, Jon Lech Johansen, has been all over the news (and all over Slashdot) lately. He's the guy behind the whole deCSS thing. Jon has been getting interviewed all over the place, but I'm sure you have questions for him that the "straight" media people would never ask. So go for it! One question per post, please. 10 - 15 chosen questions will be forwarded to Jon Tuesday, and his answers are scheduled to appear Friday.
Update: 01/31 14:52 by michael : Several people have pointed out that LinuxWorld ran an interview with Johansen today. So, rather than repeat the same questions that LinuxWorld asked, people should check out that interview and see what questions they still have about the situation...
I like this questions, because as far as i followed all the development, DeCSS was never
meant to be helping the Linux development, but
more to help making "backups" of DVDs on VideoCDs.
This may sound unfair, but it is the harsh truth. In fact this guy here even denied giving out the sourcecode of DeCSS for helping the Linux Community (yes, its true) - he gave it only to *one* person under a special license.
All the 'we just wanted to play DVDs unter linux' is nothing more than a well-working PR campaign to help protecting some people who just wanted to break copyright.
Although i don't think that Jon should be threatened as hard as he is now by the MPAA, he shouldn't on the other don't made a saint without questions like the one above.
Its true, DeCSS was windows and binary only. This couldn't help linux. Face the truth: There is only one reason for reading out DVDs under Windows: Recompressing it as MPEG1/VCD and burn it on a CD, and this is what 99.9% of all DeCSS-Users are doing.
With that in mind, I'm curious about what lessons we all can learn from this. Specifically, assuming that someone were about to do something similar, what would be the best way to avoid being prosecuted?
The easy and obvious answer is to do so anonymously (which begs the question of the best anonymous means to do so). But I'm wondering about the situation where one didn't want to do so anonymously. Are there any viable defensive strategies here?
Finally, thanks for your efforts. We are all in debt to you.
It seems like the MPAA has just about unlimited amounts of cash, and I'm guessing you don't. Do you have somebody taking care of funding your defense (i.e., the EFF), or can I send some money to a legal defense fund for you?
Hi Jon; When reading the popular press one gets the impression that you were charged numerous vioaltions of the law. What exactly have you been charged with?
Jon:
d ev/2000-January/002777.html )
Gregory Maxwell made a very interesting comment on the LiViD mailing list last week:
> Just because wired said it happend one way, that doesn't indicate that it
> didn't occure some other way entirely.
>
> A few days (perhaps a week or so) after the Xing CSS and key codes were
> cracked, someone released a no-player-key-needed method of finding CSS
> title keys and thus deriving all the player keys without ever knowing one.
>
> If you believe such an ingenious feat of cryptoanalysis occured in such a
> short time, I believe I have a bridge to sell you.
>
> The 'xing' crack was irrelevent. Because of inherit weeknesses in CSS
> (beyond it's 40bit key, which are too technical to discuss here now) we
> needed zero player keys.
>
> The CSS code has been out there for well over a year. I think people were
> waiting for the right time to make it public (i.e. cryptoanalysis that
> defeated the need to have a master key at all; and the death of DIVX),
> some moron decided to jump the gun about two weeks too earlier, and
> released the Xing player key to make it work.
>
> Had they waited another week the cryptoanalysis would have been done and
> NO vendors player key would have been required.
>
> As it stands, the Xing key may have been artificially derrived (say from
> the IBM key) and it was coincidental (or worse) that the key turned out to
> be Xings.
>
> So to be clear: Xing's players weaknesses (was it actually weak, or are we
> taking MoREs word for it) is irrelevent. CSS code was out before that
> player existed. The CSS algo is fundmentally broken (no playerkey
> required key recovery in 2^16 operations in 2^26 bytes memory) well beyond
> it's short key legnth.
>
> It would have been possible for someone to use such an attack (or another,
> say IBM's player key) and generate that Xing key without ever analyzing
> Xing itself.
( see entire comment at: http://livid.on.openprojects.net/pipermail/livid-
Do you have any response to this? The crux of the lawsuit in California is that they claim it is illegal to reverse engineer a program if a dialog box tells you not to. They claim that Xing was reverse engineered because their player key was supposedly the first one found.
In the light of Gregory's e-mail, is this true? Was Xing involved at all? Or is that an unsubstantiated lie from the DVDCCA?
Were you a "moron" for releasing your program before the means to decode CSS without ANY player keys was discovered?
Do you feel that your case is being handled in a particularly unusual way and, if so, how so?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why are they making this out to be a piracy issue when it's clear that it's not?
It's this type of weighted question that really irks me about Slashdot readers. It's analogous to Jim Gray's line of questioning towards Pete Rose at the annoucement of the Century Team (where he basically tried to pressure Rose into admitting he was guilty or apologizing for something Rose doesn't think he's guilty of).
The MPAA is making this out to be a piracy issue because to them it is a piracy issue. It doesn't matter to them that you or any other Slashdot reader doesn't think it's a piracy issue. To them it is a piracy issue, because whether or not the program was intended to do so, the fact remains that it does make piracy easier. There's no getting around that. Now it's up to the courts to decide whether it really is a piracy issue and whether or not the MPAA has a valid complaint. You can argue that all you want.
I'm sorry, I don't want to answer questions that are going to someone else, but honestly, this is completely weighted. You're asking a question that automatically prejudges an answer and also requires that the person take a side they may or may not agree with. Jon may have a different answer than me, but I'm still of the opinion that blatant "leading" such as this should be pointed out immediately, especially since they get pushed up so high by moderators who share many of the same biases.
And that's before we get to the fact that your asking Jon to shed light on motives that he has had no part in shaping.
There have been articles on Slashdot about the increasing use of Slashdot for mainstream articles, looks at the open source movement, etc. Apparently that has yet to sink in. Believe it or not, someone actually reads your posts, and when you say "fuck the law", that can (and has) been used against you.
I think the DVD case (among others) will be very important for the future of the Internet. It will decide reverse-engineering, home use, encryption, the reach of major companies (with major lobbying power), and the rights of consumers. And I would like to see strong encryption, the freedom to reverse-engineer, etc. But, this will only come if we play it smart. Support your cause without turning into 9 year old potty mouths. Don't give the opposition ammo.
it's been suggested that someone in germany did the hack, not yourself. who did what?
in another interview you were asked why decss was written for windows when the idea was to make a player for windows. you stated it was made for windows while linux's ability to deal with the dvd fs was being sorted. why didn't you just copy the vob file? (not enough disk space?) did the computers the police took have linux versions of the decss code?
lastly i think it would be good to get a bitof tech clarification since i know next to nothing about dvd's. say a person was able to decrypt the vob. what exactly could they do with the resulting file? just watch the movie? or are the value added features on dvd's contained in the vob? perhaps a quick run through of dvd tech,or a link to it would be enlightening to those of us not up on dvd.
US Citizen living abroad? Register to vote!
Do you have any plans to talk to media outlets that will listen to your side of the story? Do you KNOW of any such outlets? I believe the word needs to spread to everyone who has ever touched a DVD movie, the net, or even a computer. The only problem with that is it is SO SEXY to portray people like you in a mischevious light, and to make you out to be the bad guy. WE know that's not the case, but every medium and their company (save Slashdot) paints this as a "they-want-to-copy-movies" situation. How do you think we should educate the masses, and through which mediums?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Your father was also arrested when you were.
Did he know that you put DeCSS on his server, and what that software did?
Does he agree with your stance on DVD encryption, and the need for software players for Linux?
Gerv
How do you feel about the fact that the Norwegian police essentially played the part of hired goon to a large corporate conglomerate? It's bad enough when this happens in the United States, but the fact that the Norwegians did this has to surprise you quite a bit.
-- atomly
Where did your original programming experience come from? I'm speaking in terms of your ability to reverse engineer the encryption and apply the key in a useful mannor.
Justen Stepka
Are "Shrink wrap" agreements enforcable in your country, and are you as a 16 year old subject to contract law? In the us, 16 year olds cannot enter into a contract, I'm wondering if it's the same with you.
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
In discussing this topic with "regualr people" (those folks who don't live and breath tech) I've found general support for the people and very little for the MPA(A).
What, IYHO, is the general reception you have felt about this issue? Have you been able to explain your position and have it understood? What are some of the stranger assumptions you have come up against?
+&x
I just found this (from the livid-dev mailing list archive). It explains how DeCSS was done and by whom, as well as Jons involvement.
Please have a look at it. It clears up a couple of things...
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
It's easy for people on /. to talk about not letting big corperations push them about, but I'd guess that it's a lot more difficult when you actually have to do so, in face of being arrested.
Considering that you compiled promptly with the original cease and desist order, do you envisage a situatition where you have had enough, and admit "guilt", to get off with a "warning", or will you struggle to be complete exhonerated?
IMO, It's important to resist, because of the precedent it could set, but it's on thing to talk the talk, and different to walk the walk.
--
Exigo spamos et dona ferentes
Why do you think that DeCSS was made to be such a big deal. The movie pirating community has been copying DVD's with computers, using software just like yours for over a year now. I personally ahve copies of 3 different peices of software dating to march 99. So, what was all the ruckus over DeCSS?
It has been noted in several articles that your case was mentioned in the Norwiegen Parliament.
Have they done anything about the treatement you, and your father received from the Police? Or have they decided to sit on the and let the MPAA run the show of things?
What overall is the people's (that are in charge) reaction to your arrest and questioning by the police and the manipulation of the media (somewhat) by the MPAA?
Is it progress if a cannibal uses a fork?
Did the arresting officers say or do anything that blatantly hinted that they were doing this because of pressure from the MPAA or the United States government? What kinds of questions did they ask during the interrogation? Were they looking for other people to arrest?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Have you found any support from people (aside from family) in Norway? Has the public reaction to the arrest been favorable (i.e. in support of you) or negative?
In Soviet Russia...michael would be rotting in Siberia!
Did you violate the End User Licence Agreement for the Xing player? Did you even accept it? Can the keys be extracted from the Xing player without accepting the EULA? Can DeCSS be recreated without exploiting the openness of the keys in the Xing player?
You've obviously witnessed the hoopla the release of the DVD code has created in the movie industry, and it's effects of prosecutions and even your home being raided. Thus said, if before you released the DeCSS code, you knew of all these consequences and controversies that would be created, would you still have released it? Or, knowing these consequences, what other steps may you have taken to release the code to the public?
make world, not war
I think that the charges you are facing is rather ridiculous, but I have to wonder: Why Windows? If the motive of you and the group you worked with was to have a DVD player for Linux, why release this program that works only under Windows?
How have your non-hacker friends in your normal life responded to your notoriety? Do you get weird looks in school, or at the supermarket? Any interesting propositions from the ladies? Does anyone even know or care about what you did?
Unix: Where
You say:
"Legally, the keys and encryption are (i believe) the intelectual property of the MPAA(or someone related)."
This is meaningless. Everything he worked with was sold to him; those keys were somehow mixed in on the disk and player, which he bought. Figuring out the key on the disk is no different than processing any other legally acquired copyrighted material -- is it against the law for me to count the number of words in the paperpack I just purchased, or otherwise analyze it ?
If I apply some stylometry techniques to some of the junk paperbacks out there and discover that one of those prolific authors is actually four or five, can I be sued for revealing the secret ? No, because if the publisher didn't want me to look at the book, they shouldn't have taken my money and given me the book. If the DVD producer had a secret, then they shouldn't have put it on hardware and disks that they sold all over the world. Instead they wanted to both have a secret and share it, and their math wasn't clever enough. Not our problem.
You say:
"It's like breaking into someone's home (by whatever means, violent or nonviolent) to steal or copy something of theirs that you feel you should have."
It's not like that at all. Some moneyd interests might approve of you saying so, since they want people to feel guilty about cracking those keys, but he didn't go to anyone else's home; he was in his own home, with property he purchased legally. In what way did he steal anything ? Immitation is not stealing.
You say:
"Since they're still the creaters/owners of the encryption, it's their right to determine who has access to the keys."
Setting aside for the moment how you can possibly own an encryption, I'd like to point out they sold him those keys on the disk and hardware.
Now, they didn't count on him being able to read it. But that is simply a bad business break. You can't expect the courts to go around throwing people in jail everytime some little piece of information makes your business plan out of date.
You say:
"And while their not including Linux does suck (i agree!), how do you feel that what you did for DeCSS is justified?"
Why does he have to justify anything ? If he took that damn player out in the woods and blew it to pieces with a shotgun just for jollies, well, it's his player. Instead he looked at it and figured out a bit about how it worked, and told some other people. What's wrong with that ? If the MPAA wants an uncopiable medium, why don't they make one and sell it ? Ok, so they did try, but they missed. Is that reason to take your lumps and try again, or is that reason to run to the government that always takes your soft money campaign contributions and demand that they start throwing people in jail ?
Now you know about all the hassle that has resulted from your posting DeCSS, the arrest, the press attention etc.. If you could go back and change your miund about posting it, would you?
Breaking commercial level encryption is quite a feat for a 16 year old. What is your background and experience in programming ? What platforms and programming languages are you familiar with ?
Do you feel that this entire "legal" debacle was prompted not by your own local jurisdiction's concern, but rather as a result of the U.S. government's ability to make a decision, then force said decision on everbody else? I.e. Do you feel that you were you arrested because *your* government decided to, or because the U.S. government decided to?
.------------ - - -
| big bad mr. frosty
`------------ - - -
As is a (thankfully) usual reaction to such a blatant injustice, the Slashdot community (and many others) have been scrambling to figure out ways to help you and others prosecuted in the name of this whole DeCSS fisasco.
As one (if not the) most persecuted individual as a result of DeCSS, what do you think the rest of the supporting world should do to help you out? What should the people who want to help do, besides the obvious posting of the DeCSS source and the general badmouthing of the MPAA?
------------
"Okay, who taught the cat how to type ctrl alt delete?"
To what extent would you be willing to comply with 'them'(ie, the MPAA, the gov't...)? Is there anything(code- or principle-wise) that you would be absolutely unwilling to compromise?
===
-Ravagin
Karma: T-rexcellent.
What do you think of all of the publicity that you have received over this. What do you want to say to the reporters/articles (ZDNET,CNET,Wired, et al) that have characterized you as a criminal hacker that is trying to ruin the entire movie industry.
kwsNI
Considering that you face criminal charges, shouldn't you be concerned that any statements you make here may be used against you at trial?
Anomalous: inconsistent with or deviating from what is usual, normal, or expected
Anomalous: deviating from what is usual, normal, or expected
Canard: a false or unfounded repor
Being from a fairly liberal nation, it must be fairly puzzling to be made the "example" of by the american government. How has your opinion of your native country, and that of america been chasnged by all of your experiances- especialy considering you've cooperated for the most part?