Slashdot Mirror
Interview: Jon Johansen of deCSS Fame (UPDATED)
This week's interview guest, Jon Lech Johansen, has been all over the news (and all over Slashdot) lately. He's the guy behind the whole deCSS thing. Jon has been getting interviewed all over the place, but I'm sure you have questions for him that the "straight" media people would never ask. So go for it! One question per post, please. 10 - 15 chosen questions will be forwarded to Jon Tuesday, and his answers are scheduled to appear Friday.
Update: 01/31 14:52 by michael : Several people have pointed out that LinuxWorld ran an interview with Johansen today. So, rather than repeat the same questions that LinuxWorld asked, people should check out that interview and see what questions they still have about the situation...
With that in mind, I'm curious about what lessons we all can learn from this. Specifically, assuming that someone were about to do something similar, what would be the best way to avoid being prosecuted?
The easy and obvious answer is to do so anonymously (which begs the question of the best anonymous means to do so). But I'm wondering about the situation where one didn't want to do so anonymously. Are there any viable defensive strategies here?
Finally, thanks for your efforts. We are all in debt to you.
It seems like the MPAA has just about unlimited amounts of cash, and I'm guessing you don't. Do you have somebody taking care of funding your defense (i.e., the EFF), or can I send some money to a legal defense fund for you?
Hi Jon; When reading the popular press one gets the impression that you were charged numerous vioaltions of the law. What exactly have you been charged with?
Jon:
d ev/2000-January/002777.html )
Gregory Maxwell made a very interesting comment on the LiViD mailing list last week:
> Just because wired said it happend one way, that doesn't indicate that it
> didn't occure some other way entirely.
>
> A few days (perhaps a week or so) after the Xing CSS and key codes were
> cracked, someone released a no-player-key-needed method of finding CSS
> title keys and thus deriving all the player keys without ever knowing one.
>
> If you believe such an ingenious feat of cryptoanalysis occured in such a
> short time, I believe I have a bridge to sell you.
>
> The 'xing' crack was irrelevent. Because of inherit weeknesses in CSS
> (beyond it's 40bit key, which are too technical to discuss here now) we
> needed zero player keys.
>
> The CSS code has been out there for well over a year. I think people were
> waiting for the right time to make it public (i.e. cryptoanalysis that
> defeated the need to have a master key at all; and the death of DIVX),
> some moron decided to jump the gun about two weeks too earlier, and
> released the Xing player key to make it work.
>
> Had they waited another week the cryptoanalysis would have been done and
> NO vendors player key would have been required.
>
> As it stands, the Xing key may have been artificially derrived (say from
> the IBM key) and it was coincidental (or worse) that the key turned out to
> be Xings.
>
> So to be clear: Xing's players weaknesses (was it actually weak, or are we
> taking MoREs word for it) is irrelevent. CSS code was out before that
> player existed. The CSS algo is fundmentally broken (no playerkey
> required key recovery in 2^16 operations in 2^26 bytes memory) well beyond
> it's short key legnth.
>
> It would have been possible for someone to use such an attack (or another,
> say IBM's player key) and generate that Xing key without ever analyzing
> Xing itself.
( see entire comment at: http://livid.on.openprojects.net/pipermail/livid-
Do you have any response to this? The crux of the lawsuit in California is that they claim it is illegal to reverse engineer a program if a dialog box tells you not to. They claim that Xing was reverse engineered because their player key was supposedly the first one found.
In the light of Gregory's e-mail, is this true? Was Xing involved at all? Or is that an unsubstantiated lie from the DVDCCA?
Were you a "moron" for releasing your program before the means to decode CSS without ANY player keys was discovered?
Do you feel that your case is being handled in a particularly unusual way and, if so, how so?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Why are they making this out to be a piracy issue when it's clear that it's not?
It's this type of weighted question that really irks me about Slashdot readers. It's analogous to Jim Gray's line of questioning towards Pete Rose at the annoucement of the Century Team (where he basically tried to pressure Rose into admitting he was guilty or apologizing for something Rose doesn't think he's guilty of).
The MPAA is making this out to be a piracy issue because to them it is a piracy issue. It doesn't matter to them that you or any other Slashdot reader doesn't think it's a piracy issue. To them it is a piracy issue, because whether or not the program was intended to do so, the fact remains that it does make piracy easier. There's no getting around that. Now it's up to the courts to decide whether it really is a piracy issue and whether or not the MPAA has a valid complaint. You can argue that all you want.
I'm sorry, I don't want to answer questions that are going to someone else, but honestly, this is completely weighted. You're asking a question that automatically prejudges an answer and also requires that the person take a side they may or may not agree with. Jon may have a different answer than me, but I'm still of the opinion that blatant "leading" such as this should be pointed out immediately, especially since they get pushed up so high by moderators who share many of the same biases.
And that's before we get to the fact that your asking Jon to shed light on motives that he has had no part in shaping.
it's been suggested that someone in germany did the hack, not yourself. who did what?
in another interview you were asked why decss was written for windows when the idea was to make a player for windows. you stated it was made for windows while linux's ability to deal with the dvd fs was being sorted. why didn't you just copy the vob file? (not enough disk space?) did the computers the police took have linux versions of the decss code?
lastly i think it would be good to get a bitof tech clarification since i know next to nothing about dvd's. say a person was able to decrypt the vob. what exactly could they do with the resulting file? just watch the movie? or are the value added features on dvd's contained in the vob? perhaps a quick run through of dvd tech,or a link to it would be enlightening to those of us not up on dvd.
US Citizen living abroad? Register to vote!
Do you have any plans to talk to media outlets that will listen to your side of the story? Do you KNOW of any such outlets? I believe the word needs to spread to everyone who has ever touched a DVD movie, the net, or even a computer. The only problem with that is it is SO SEXY to portray people like you in a mischevious light, and to make you out to be the bad guy. WE know that's not the case, but every medium and their company (save Slashdot) paints this as a "they-want-to-copy-movies" situation. How do you think we should educate the masses, and through which mediums?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
Where did your original programming experience come from? I'm speaking in terms of your ability to reverse engineer the encryption and apply the key in a useful mannor.
Justen Stepka
Are "Shrink wrap" agreements enforcable in your country, and are you as a 16 year old subject to contract law? In the us, 16 year olds cannot enter into a contract, I'm wondering if it's the same with you.
Hey Rob, Thanks for that tarball!
"Going to war without France is like going deer hunting without your accordion." - Jed Babbin
In discussing this topic with "regualr people" (those folks who don't live and breath tech) I've found general support for the people and very little for the MPA(A).
What, IYHO, is the general reception you have felt about this issue? Have you been able to explain your position and have it understood? What are some of the stranger assumptions you have come up against?
+&x
I just found this (from the livid-dev mailing list archive). It explains how DeCSS was done and by whom, as well as Jons involvement.
Please have a look at it. It clears up a couple of things...
I strongly believe that trying to be clever is detrimental to your health. -- Linus Torvalds
It's easy for people on /. to talk about not letting big corperations push them about, but I'd guess that it's a lot more difficult when you actually have to do so, in face of being arrested.
Considering that you compiled promptly with the original cease and desist order, do you envisage a situatition where you have had enough, and admit "guilt", to get off with a "warning", or will you struggle to be complete exhonerated?
IMO, It's important to resist, because of the precedent it could set, but it's on thing to talk the talk, and different to walk the walk.
--
Exigo spamos et dona ferentes
It has been noted in several articles that your case was mentioned in the Norwiegen Parliament.
Have they done anything about the treatement you, and your father received from the Police? Or have they decided to sit on the and let the MPAA run the show of things?
What overall is the people's (that are in charge) reaction to your arrest and questioning by the police and the manipulation of the media (somewhat) by the MPAA?
Is it progress if a cannibal uses a fork?
Did the arresting officers say or do anything that blatantly hinted that they were doing this because of pressure from the MPAA or the United States government? What kinds of questions did they ask during the interrogation? Were they looking for other people to arrest?
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Have you found any support from people (aside from family) in Norway? Has the public reaction to the arrest been favorable (i.e. in support of you) or negative?
In Soviet Russia...michael would be rotting in Siberia!
You've obviously witnessed the hoopla the release of the DVD code has created in the movie industry, and it's effects of prosecutions and even your home being raided. Thus said, if before you released the DeCSS code, you knew of all these consequences and controversies that would be created, would you still have released it? Or, knowing these consequences, what other steps may you have taken to release the code to the public?
make world, not war
I think that the charges you are facing is rather ridiculous, but I have to wonder: Why Windows? If the motive of you and the group you worked with was to have a DVD player for Linux, why release this program that works only under Windows?
How have your non-hacker friends in your normal life responded to your notoriety? Do you get weird looks in school, or at the supermarket? Any interesting propositions from the ladies? Does anyone even know or care about what you did?
Unix: Where
Now you know about all the hassle that has resulted from your posting DeCSS, the arrest, the press attention etc.. If you could go back and change your miund about posting it, would you?
Breaking commercial level encryption is quite a feat for a 16 year old. What is your background and experience in programming ? What platforms and programming languages are you familiar with ?
Do you feel that this entire "legal" debacle was prompted not by your own local jurisdiction's concern, but rather as a result of the U.S. government's ability to make a decision, then force said decision on everbody else? I.e. Do you feel that you were you arrested because *your* government decided to, or because the U.S. government decided to?
.------------ - - -
| big bad mr. frosty
`------------ - - -
As is a (thankfully) usual reaction to such a blatant injustice, the Slashdot community (and many others) have been scrambling to figure out ways to help you and others prosecuted in the name of this whole DeCSS fisasco.
As one (if not the) most persecuted individual as a result of DeCSS, what do you think the rest of the supporting world should do to help you out? What should the people who want to help do, besides the obvious posting of the DeCSS source and the general badmouthing of the MPAA?
------------
"Okay, who taught the cat how to type ctrl alt delete?"
To what extent would you be willing to comply with 'them'(ie, the MPAA, the gov't...)? Is there anything(code- or principle-wise) that you would be absolutely unwilling to compromise?
===
-Ravagin
Karma: T-rexcellent.
Being from a fairly liberal nation, it must be fairly puzzling to be made the "example" of by the american government. How has your opinion of your native country, and that of america been chasnged by all of your experiances- especialy considering you've cooperated for the most part?