Slashdot Mirror
AACS Vows to Fight Bloggers
Jonas Wisser writes "The BBC is carrying the story that AACS has promised to take action against those who have posted the AACS crack online. Michael Ayers, chairperson of AACS, noted that the cracked key has now been revoked, and went on to say, 'Some people clearly think it's a First Amendment issue. There is no intent from us to interfere with people's right to discuss copy protection. We respect free speech.' The AACS website tells consumers how they can 'continue to enjoy content protected by AACS' by 'refreshing the encryption keys associated with their HD DVD and Blu-ray software players.'"
How did you manage to get *that* past the lameness filter?
I didn't RTFA, but how is this anything different from everything else they're trying to do to fight copying? When they come up with a new strategy, let me know. I'll be in my room pirating every movie ever made.
if (way_of_trying_to_shut_down_pirates == "new and different")
wake me up;
else
GTFO;
We're all going to die. i intend to deserve it.
the quesion i have is this.. say you post the key on your site.. you get a take down notice.. what does that notice say? does it say to take down the key or to take down "insert key here" - what if you post it and play dumb that you don't know it is the key.. they would have to tell you what it is they wnat taken down.. and in the document would need to be "insert key here" at that point cause it is a leagl document if they take you to court the key is in the document and is now public record.
then you take it down and repost it with a refrence to the public record document.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
Forget stealing.
I just want a working Video jukebox solution. The major players like Sony don't seem very interested in providing one and the industry will sue anyone else that tries.
The whole point of capitalism is that the garage shops get to fill niches that the megacorps don't want to bother with.
The sad fact remains that I will easily be able to pull BR/HD-DVD's into my Myth setup before there's a proper BR/HD-DVD jukebox from Sony.
A Pirate and a Puritan look the same on a balance sheet.
Um, what, close to a million hits for the key right now on Google?
DMCA applies only in the United States.
What is that sound? A toilet flushing?
I'm not wrong. You haven't thought about it hard enough.
Slashdotters, please dont get worked up.He knows it is a stupid thing to say to a tech savvy audience. He was talking to the chumps who paid big bucks to have their movies "protected by" the DRM. Some weasel clause in the contract would say something like, "while we dont guarantee that this mechanism will never be broken, all we promise to do is to take vigorous action". He will eventually argue that issuing such ridiculous statements constitutes vigorous action. That is all.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
It is not about this particular key. They are threatening so that the next time people think twice about spreading information about hacks. The real purpose is prevention not prosecution of what has already happened for the sake of prosecution. Now, whether it is going to work is a different story, but there is a logic to what they are doing.
Quite right, and moreover, since it is a "lost trade secret", I would argue it has now become "common knowledge." I don't see how any law (DMCA, copyright, etc.) can be used to suppress common knowledge. For instance, Star Wars may be still protected by copyright, but no one can prevent people from quoting it to their heart's content. So many of the quotes have become a part of our culture, our communal consciousness, that they are very much ours, and no amount of government or corporate power can take them from us.
As others have noted in this discussion, this isn't merely about freedom of speech, it is a spontaneous and massive civil disobedience, basically highlighting how the citizens affected by these DMCA do not respect the law, do not want the law, and increasingly do not tolerate the law.
I think it was called the Manhattan project. At the end of the movie the scientist asks "What are you going to do? Make them all disappear?"
Simple fact is that it is out. It is a number. You forbid them from positing it in hex then they will octal, decimal, or binary. They will just invert it or flip the first two bytes so it is no longer the same number. I have a suggestion from now one when we post any HD keys we will just add 42 to each byte. That way we are encrypting it and any attempt to subtract 42 to prove that it is a key is a violation of the DMCA.
It is impossible to prevent the copying of audio or video if people can see it.
It is also rubs people the wrong way to try and control what they do with something they own. Yes if I BUY a DVD I own the DVD. Unless you start making me sign a contract I consider it no different than buying a piece of wood. If I want to watch it on my Ipod I will. If I want to rip it and put it on my server so I can watch it on my notebook I will.
If I sell it then yea you can sue me.
Go away RIAA and MPAA. You are boring us now. You will become irrelevant. Dear music companies I am going to write my congressman and tell them I don't want them to support you suing innocent people and getting government help for what should be civil court actions. I will also point out that you have a history of supporting drug use, profanity, and violence. Helping you is hurting the children.
Game over. The music industry can be such a jucy Judas Goat.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
This may be one of them. How much does it matter if you can't speak a string of hexes for copyright/DMCA reasons? It doesn't.
Dude it's a number. Granted a large number, but still just a number.
Are you telling me that projects like the one trying to find the largest prime can't publish that they've tested this number as a prime?
There are certain things you should NOT be allowed to own - a number is one of them.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
The problem with barring publication of an encryption key, without more, is that it really is impossible--and I don't mean in a "the internet will route around censorship" fashion.
One of the following series of hex values, according to the AACS, cannot be published by anyone besides them:
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-BF
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0
09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C1
Trying to bar one of them from publication will necessarily reveal what it is. As Wikipedia is discovering, you have to be able to describe what you're not allowed to publish in sufficient detail in order to effectively prevent its publication.
With other forms of intellectual property, the problem is avoided in various ways: in order to obtain a patent, the description itself becomes public domain. In copyright, the description is bounded by the creative content of that which you create. Trademarks are delimited by "confusion in the marketplace," and trade secrets are delimited by that which is actually kept secret.
The DMCA purports to create a fifth type of intellectual property, not limited in time, that would bar distribution of information (rather than just physical devices), but has no boundaries on the AACS's theory of what constitutes a "part" of an circumvention device. The boundary becomes "whatever the AACS moves to protect as a part of a circumvention device." But in order to enforce that right, we all have to know what we're not allowed to distribute.
So maybe the AACS, in order to avoid the paradox, can seek to protect a *range* of values. The scenario just gets even more absurd.
No. The answer is really that the key, without more, cannot be afforded protection as "part" of a circumvention device. It has to be a accompanied by something more, at the very least a description of how it can be used to circumvent. Otherwise it's just a string of text.
And that's where the DMCA falls apart, as people with an interest in circumventing can always break apart the information to such a degree to avoid any one part being classified as a "part."
It's a tough problem, and it should be brought to a court to evaluate. The court in Remierdes had an easy time, because the circumvention device was whole. Fair use will have to be read into the DMCA at some point when it comes to these alleged partial circumvention devices.
I don't need large brains to have a good time.
Here's Michael Ripley from back before AACS was finished.
"Backers of the protection method are betting that AACS technology will finally thwart unauthorized copying of DVDs while allowing consumers to distribute movies legitimately over networks within their homes, play them on a variety of devices (standard televisions, portable movie players, and laptop computers), and store them on home media servers. "We wouldn't be investing our time otherwise," says Michael Ripley, the chairman of the AACS alliance's technical working group."
Well, Michael(s): any high school student could've told you this would never work. The reason is the same as always: you have to provide the machine with everything it needs to play back the disc. It's difficult (college students would say "impossible") to provide those things to the machine without providing those things to the machine. Cf. Cory's age-old piece;
http://craphound.com/hpdrm.txt
My turnips listen for the soft cry of your love
But it's not a prime - that's obvious, since the last digit of the decimal expansion is 0.
Oops - have I just infringed someone's valuable intellectual property?
What if I said it's also divisible by 19?
Or that the next-to-last digit is 4?
Could a lawyer please advise how many clues I can provide before I might get sued?
Me: You probably need to refresh the AACS encryption keys.
Mom: *blinks*
Me: Your encryption keys need to be refreshed in order for you to play protected content.
Mom: I don't have encryption keys or protected content, whatever those are, I just have this movie that won't play.
Me: Right... in order for your movie to play you need to refresh the encryption keys that unlock the protected content on the disc.
Mom: I never had to do that before.
Me: No, no you didn't.
Mom: So how do I do that?
Me: I'm not really sure... I heard the assholes that made this all so hard in the first place have instructions on how to fix this mess on their website. I don't know if that applies to your model of HD DVD player though.
Mom: So if it doesn't, then what?
Me: Then you'll have to get the owners manual for your HD DVD player out and look through it.
Mom: Why does this have to be so difficult? I just want to watch my movie...
Or something like that. Then she'd start crying because she's easily frustrated by technology when it doesn't work. My parents have called me from half-way across the country because they didn't know what button to press on the remote to get sound out of the TV. There's no way they'll be able to "refresh their AACS encryption keys" if it's not automatically done for them. It's not like there's a "Refresh AACS encryption keys" button on the remote that I can tell them to press...
DRM = media content + frustrating, crippling, broken security
The AACS Founding members IBM, INTEL, MICROSOFT, PANASONIC, SONY, TOSHIBA, WALT DISNEY and WARNER BROS should be ashamed.
Reduce, reuse, cycle
I hope they don't "take action" against the digital painting I did, which is featured on the front page of my website and incorporates the key. I also hope they don't "take action" against the HDDVD song I wrote here: http://www.myspace.com/stevepordon (I made an arp synth line by converting to binary and using C1 for zeros and C2 for ones). Both of these things are, naturally, original works of art and are clearly protected by the first amendment, DMCA or not.
Fuck you, AACS, and fuck you, MPAA.
Ironically, I wouldn't be so eager to kick the MPAA in the balls if they hadn't claimed under perjury that I was hosting DeCSS about a year after I voluntarily removed it from my site. Oops!
Since you appear to be in the U.S., I'd remind you that:
1. Today is Friday.
2. The post was meant as a joke. Ha ha, hee hee, the irony of it all...
Lighten up.
To try to extend your explanation a bit. And this may be incorrect info. But my appreciation is that if one has the volume ID one can now read in the bit image of the disk. As you say, transferring these bits to anew disk may not result in a playable disk if the volume ID cannot be physically written to it. However, just being able to read in the bits now allows one to search those bits for the Media key. Eventually it will be figured out where the media key is stored. at that point any software player that can access the bits can grab the keys. Of course I suppose the media key is encrypted with a player specific key that can be revoked. However if the player specific key for the Xbox is known it's unlikely they would actually dare revoke it.
So what it comes down to is a hardware hack, not generally available to the public, to access the Volume ID. One player key that is so widespread they can't dare revoke it. then the rest is just patience and software. Since individuals won't have access to the hardware, this won't be like DeCSS where anyone can use it. It will be pro-pirates that have this. People may be able to download cracked movies via piratebay and such but they won't be able to crack or backup their own movies.
Did I get this right?
Some drink at the fountain of knowledge. Others just gargle.
this isn't merely about freedom of speech, it is a spontaneous and massive civil disobedience, basically highlighting how the citizens affected by these DMCA do not respect the law, do not want the law, and increasingly do not tolerate the law.
Actually, the bulk of the civil disobedience could be attributed as a reaction to heavy-handed censorship at Digg - at site that claimed to give users editorial control. By heavy-handed, I mean not only deleting anything with the number, and banning users who posted it, and then deleting any negative commentary even if it didn't have the number, and banning any users critical of them, and denying they had a financial relationship with the AACS LA, and deleting any comments pointing that out, and banning any users who attempted to call attention to that relationship (even if they never posted about the number itself).
The truth is, the key was made public on February 11. This whole thing didn't blow up until Digg started their poorly advised, heavy-handed censorship, of the key and of all dissenting opinions. Had Digg handled this differently, such as posting conspicuously what they were doing, and only deleted the messages with the key, and not banned anyone, and allowed dissenting viewpoints (perhaps calmly stating their case), and honestly disclosed their relationship with the AACS LA, then in all likelihood this never would have blown up and caused the key to be replicated everywhere by rightfully angry users. The key had been public for 7 weeks, but it hadn't become widely published until only a few days ago when Digg handled this whole thing in about the worst possible way (given the nature of their site and userbase).
PJRC: Electronic Projects, 8051 Microcontroller Tools
That's great, except that Philips does not - to my knowledge - make a 300+ DVD changer, much less a BR/HD version of such a beast. Sony is one of the very few that actually makes a jukebox for video formats which does not have a 4 or 5 digit price tag.
Is it just my observation, or are there way too many stupid people in the world?
Here's a timeline:
:)
The hex code is a key. The key has certain protections under U.S. law. They have revoked the key. It is no longer a key. It no longer has certain protections under U.S. law. It is just a number that used to be a key. You publish the former key on your website. Nothing happens.
There, wasn't that fun?
Don't blame that poor AACS-LA spokesperson. He is just doing what he is required to do, i.e. claim that AACS "has not been broken", is "very robust" and that they will "vigourously fight" those oh-so-evil hackers who distribute keys. If he did not do that then he might jeopardize their future chances in DMCA litigation, and movie companies would sue AACS-LA into oblivion. If he admitted the obvious, that AACS simply cannot effectively protect content then the movie companies would jump ship and he would lose his job. I petty that guy, really. He is in a no-win situation.
The real issue here is if movie companies will learn from this. Let's see... first they spent millions of dollars to finance the development of AACS and have it peer-reviewed, then they held back their movies past the optimum release date to wait until AACS is "ready" (whatever that means -- bus encryption still did not make it into the standard, so volume IDs are transfered in the clear -- ROTFL). Then they spent lots more money on buying new software, training their staff how to use AACS and on following AACS procedures (content-signing by AACS-LA etc.), next there were the inevitable DRM-related compatibility problems leading to recalls and bad press. Shortly afterwards (and long before HD ever reached critical mass in the market) AACS was broken. Now they are holding back movie releases yet again, hoping for some magic AACS fix, and in the case of Blu-ray hoping for BD+ to magically solve all problems. Exactly how much money did they spend on all of that, how much revenue did they lose by delaying releases while waiting for DRM, and how many movies could they have produced with that money instead ?
The funny thing is that they made all those bad decisions after they had already been burned by the DVD DeCSS fiasco, and after industry experts had predicted that exactly this would happen again. Bruce Schneier's May 2001 CryptoGram article should have been required reading for all of them http://www.schneier.com/crypto-gram-0105.html#3. I wonder just how long it will take for them to learn. From what I have seen so far I fully expect the next round of AACS to be broken within one day, and BD+, once it is used, within one week, and no "technical measures" or take-down threats by AACS-LA will be able to stop that.
That was very clever, I take my hat off to you.
Now, this got me to thinking. How about if a person - call him/her X - posts the AACS number, but encrypted with some new key K. Then replicating that key, K, is an offense, as it circumvents a digital lock, meant to protect X's encrypted data. So if K is published, person X can sue, just like the AACS can sue right now. Now we get to the tricky part.
Let's say that it is public knowledge that the encrypted data is, in fact, the AACS key. No-one can legally (in the US) test if that is true! Now, person X won't go around suing people, of course. But the AACS-LA can't sue person X for publishing the AACS key, since if they do that, in order to prove that the encrypted data is, in fact, the AACS key, they need to break the law, i.e. violate the DMCA, which is exactly what they would want to sue person X for doing...
Make sense? Possibly there is some loophole I am missing...
I just want to add who I think our audience is or should be: the public. Not Hollywood: unless we can align their interests with ours, convincing them of the futility of DRM will only alter their strategy.
The processing key protest has taken on symbolic importance. If we can frame the event in terms of free speech, we will have won. I don't think we're succeeding. Hollywood and the AACS folks are explaining it in terms of property and theft. News media are reporting about mobs and an online riot. The wider public may end up believing that a mob of hackers and teenage vandals attacked Digg, disregarding the property rights of others and in order to enable theft - and that users must be prevented from controlling the Web. If that's what they believe, they may start passing laws to back it up (witness the attacks on MySpace and other social networking sites).
I believe this is wrong on every count. Most in this "mob" have a better understanding of the issues involved than do their opponents. The distinction between theft and copyright violation (never mind trafficing a circumvention device) has been covered numerous times on Slashdot. And criticism of user participation displays a tragic ignorance both of who creates the value of web sites like Digg, and of the original purpose of the World Wide Web which was supposed to allow the browsing and creation of content by all of its users.
The sheer absurdity and irrelevance of the number itself makes it the perfect issue. The courts may see otherwise, but for the vast majority of the public and of the protesters, it is a symbol, not a "circumvention device". Protesters are not going home and using that number to pirate videos, so their protest must be seen as an act of disobedience, not of self-interested theft.
We have a good story. We need to get it out to the people that matter. The AACS LA may be the opponent, but winning on their terms gets us nowhere. Winning the minds of the public, however, is the first step to getting these disastrous and immoral laws fixed.
[Actually, since the first nibble is zero, it's the key, so you don't need to list it separately.]
Dear Mom,
Salutations! Mom, everyone enjoyed Dad's famous macaroni quiche. Knowing
how radical grub is obviously quintessential, let his entrepreneurship
invent jellied pickles---I'm just gluttonously ingesting jelly lately!
Love,
"Pip" David
It could have been a trade secret at one time, but by printing it in the take down notices it is now public knowledge and trade secret laws do not apply.
"...a free society is one where an individual can make any decision they want, as long as they do not directly harm the physical property or body of another individual. Speech can not do physical harm, so speech can not be criminal, no matter how repulsive it is. The effect of the speech could be a physical reaction, but if that physical reaction is performed by a person other than the speech giver, the speech giver has not caused harm."
You've simplified the problem far too much, I'm afraid. Technically, it's true that speech can do no physical harm, but what you're saying is a bit like standing on a crowded sidewalk and swinging a baseball bat wildly until someone gets knocked on the head. TECHNICALLY, they could have walked around you. Realistically, though, you were endangering people by being a moron. Oh, but that's physical, right? How about telling a deaf person that it's safe to walk on the train tracks, even though you know there's a train coming right behind him? How about a boss knowingly putting a worker in danger? How about a politician lying? What if that lie causes a war?
The idea is to put *reasonable* restrictions on actions (including speech) that negatively affect the safety and livelihood of others. If you don't consider that freedom, well, that's your opinion. But when done correctly, it's about as good as it gets. In my opinion.
Welcome to the new world then, where the AACS can sue ANY IPv6 address and claim that it just so happens to be their "secret number" and you must Cease & Desist immediately. Of course they won't have to proof that or anything, you just have take their word for it.
The reason this is significant is that they are threatening to take down sites who post the code, even if it's user generated. So sites like Digg, whose users submit the number and not the admins, are being ordered to take down the code. In this case, a search engine displaying the search term is user generated content and is illegal, according to them. It is meant to show the ridiculousness of their actions.
If they only tell me one key that means I'm free to publish the rest. Otherwise, they tell me all their still-secret keys. W00t!
but now that they REVOKED the key have they not made it legal to post under the DMCA? I mean if the key is rovoked it can not be used to bypass a DRM so how can they say it does?
The only way to bust a doper--is when you yourself become a smoker!
I'm not sure if you're very confused here or mostly getting it right, but just in case, I'll clarify:
1. Hardware players can be individually revoked. That is, per physical unit, not per product line.
2. However, the X-box is not a hardware player. It can't even read HD-DVDs at all.
3. However, the X-box add-on HD-DVD drive exists, but it is not a hardware players, it is a device to be accessed by a software player. Those follow different rules, and as far as I know cannot be indivdually revoked.
And as it turns out, it is mostly the X-box drive people are hacking at this point. This is not so much because it is hard to revoke, which is true, but because it is cheap and ubiquitous and can be connected to a computer instead of an X-box just as well.