Slashdot Mirror
Legal Actions Against Linux-DVD authors
Teancum writes "Legal actions have already started to happen against the programmers who wrote the DVD-CSS decription routines. This page contains the official response by the programmer, who has had his web site shut down by his ISP. I guess that the DVD Forum doesn't want to see an open source project that can read DVD-Video. More info about the Livid project can be found here. " Update: 11/05 04:33 by H :Check out the latest announcement from his site - eMedia has done a great report on the whole thing - read this.
Where do we send legal defense contributions? Do not let these coders suffer for their efforts!
-=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
If there's going to be a major court battle, it's going to get expensive. I hear a lot of talk about what is/isn't prosecutable around here, but when it actually comes to a case, does the open source movement have a legal defence fund?
I know the FSF has a legal team, but I've never heard that they'd do anything but enforce the GPL. Would they get involved in this kind of thing?
--Parity
--Parity
'Card carrying' member of the EFF.
The emperor has no clothes. Sound familiar? Like the story, nobody wanted to acknowledge that the DVD encryption sucked - it was trivial to crack! I'm sure the people that initially released this knew it was weak. I mean... 4 bytes for encryption?
Now somebody comes out and says "Sir, you have no clothes"... and boy is the emperor pissed! MS did the same thing with hotmail (bad hackers, bad!) - blame somebody else. Security is not about ignoring issues.. it's about confronting them. Make it public.. let people try to crack it. If it stands the test of time... THEN it's secure, and not before then. The movie industry just spent several billions on security training.
--
Once the jinni gets out of the bottle, it's damned hard to get it back in. Lawsuits might harass individuals, but it won't stop the momentum.
The only way I can see this thing being stopped is for a "DVD2" to come out and for "the industry" to obsolete all DVD currently on the market, and if that happened, I'd bet the consumers would raise bloody hell over it. ESPECIALLY considering how long everyone waited to get the freaking DVD standard in the first place.
-=-=-=-=-
-=-=-=-=-
My mom's going to kick you in the face!
Now ask yourself if you want the ability in the coming millenium to make your own desktop movies, your own music CDs, and be able to go on the net and sell 'em to people on your own without going to CBS or Universal Studios? It doesn't matter that much if you're not good, do you want the _ability_ to express yourself in this way?
The alternative is exactly what Bruce says, allowing commercial interests acting as trusts to make it difficult for you to be in the business unless you go through one of the established studios- and there's a LOT of evidence that this is sheer exploitation. I'm not sure how bad it is in film, but in the music industry the exploitation is very very bad, insanely so, outright fraudulent. It's brutal.
The counterbalance to this is ability to produce your own artworks, at several important levels.
- First, it needs to be legal and possible to do the actual artwork. This would compare to being allowed to own recording equipment at all, if you're a musician. This is tough to lose- it would be tyrannical and indefensible to eliminate it, though you'll see just this happening indirectly- you're taxed on blank media by the industries, supposedly to defend against 'pirates'.
- Second, it needs to be legal and possible to distribute your artwork. There are some ways to challenge this, though it is tough. This is the level of ability to record your own work on media that is played on industry standard consumer level players, such as CD players. Soon it will be a question of making your own DVD desktop films and being able to give friends your work to play on their consumer DVD players. I _think_ DVD already punishes independents in that you can't do that yet, you have to be a licensee for huge sums or you don't have ability to record that format and play it on a consumer deck. That's bad, very bad, and it must be changed.
- Third, you need to have the ability to go somewhere and get 1000 CDs/DVDs pressed. Here, CDs have traditionally been strong- there are many small outfits that will burn a case of CDs for you. I think there is a concerted effort going on to make it so no such availability will be there for DVDs. If you have a hit underground rock album and enough grassroots/net distribution to justify pressing them in the thousands, you can do that today. I'm not aware of any way to legally and practically have a hit underground _film_ and press DVDs of it in the thousands, and this is a very serious problem and concern for freedom. We are not talking about pirates here, we are talking about the voice of the artist or independent filmmaker.
- Finally, you get up to extremely heavy distribution. There may be a problem in getting along with the big entertainment trusts, but if you're playing on those levels you already have your own distribution networks and can cut deals from a position of strength, by shipping X many products and saying 'There. I could move 6X as many with your distribution. You can have a cut of that, or you can sit by and I'll get someone else for it or grow until I'm doing it myself'. At this level the artist does not need that much protection as he or she has _arrived_ and is doing business effectively, with extensive distribution already.
That's basically 4 levels. Currently, with regard to CD-Roms, the levels to watch out for are second and third- if new consumer CD hardware refuses to play the existing format, it would be suicidal but would also be a way of 'taking back' control of CD authoring from the independents. More significantly, the people who can press 1000 CDs for less than a grand have to be protected- if they are harassed out of business, the independent would have to try releasing their work on blue dye-CDs pressed one at a time, and that doesn't scale. Access to the industrial duplicators _must_ remain.With regard to DVDs, it looks like the entire first three levels are at serious risk. I'm not certain you can burn the DVD format at home with your own material: THAT has got to change (rejoicing if I'm wrong here, but I kind of doubt it.). By the same token, if you can't burn it you can't give it to a friend, the datasizes are not comparable to the industry offerings, and if it's made illegal to 'pirate' defined as burn movie content onto a DVD (backing up HDs OK but video content, you're not allowed to?) then level two is shot- if you distribute your own work burned in DVD format you could get done for piracy even though it's your own work. Finally, the third level is the volume producers- if they are stamped out in the name of antipiracy it is an incredible imposition on the independent artist, because without that ability to work hard enough to earn the money to ship the commercial grade content on standard media in volume, nobody is ever going to get to stage 4, the stage of jockeying for position and making room for yourself at the table. To do that you _have_ to be able to move the units yourself and present the big distributors with a fait accompli- giving them an unsolicited tape will not cut it, you have to show them your network and the amount of units you're currently doing.
Are we going to let the industry BAN us from producing artworks as independents? (insert 'poetic license' joke here!
The _first_ order of business should be getting control of the ability to master consumer DVDs, just as we are able to master audio CDs legally and unharassed. If that means losing the encryption so be it- there are important issues at stake for the millenium. The technology _will_ come, and people _will_ be able to do desktop filmmaking. It's a question of whether the consumer media becomes a wholly controlled property of vast conglomerates, or whether individual artists will be allowed to pursue their artwork using common consumer media for output. You can burn a CD and play it for people (especially if they have a CD-Rom, but maybe even on their CD players.) What if you were only allowed to record on DATs and had to go to Atlantic Records to be allowed to have it made into a CD?
Every monolithic organization uses the legal system of the country that they're in to bully people when their profits are threatened.
Look at the RIAA they made Diamond spend tons of money to fight their claim in court when the RIAA knew all along that they'd lose.
They wanted to scare other companies into not making MP3 players. Had Diamond not been as successful in the past they wouldn't have been able ot beat the RIAA in court.
Because these programmers are most likely not multi-millionaires and can't afford 60k(US) in lawyer fees the hope is for them to just disappear.
Like the guys who wrote HLE, like the guys who cracked NT SP4's "security", the DeCSS guys are going to be pounded until they are forced to disappear or by some miracle are cleared.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Bruce
Bruce Perens.
A brief update. Derek posted moments ago to the mailing list. Seems the ISP shut down the site because it "potentially violates the Copyright, Designs & Patents Act 1988; Sectiond 296(1) and (2)".
.sig: Now legally binding!
Well, the replies on livid-dev are just starting. As of right now, not much is known. According to Derek's most recent message, it "potentially violates the Copyright, Designs & Patents Act 1988; Sectiond 296(1) and (2)". You can keep up with the discussion if you want at http://livid.on .openprojects.net/pipermail/livid-dev/1999-Novembe r/, which is the archive for the livid-dev mailing list.
Also, to get your own copy of the code, do the following for bash (*csh people, export your variables properly with setenv instead :)
--
Jeremy Katz
I'm not sure I understand why they (the entertainment industry) has their shorts all in a bundle over this. Surely they new that at least some people would be knock off DVDs via a redigitalization of the analog signal? Sure, it isn't as high quality and the seconday channels are lost, but aren't they already subject to piracy galore with VCRs? And yet they make money hand over fist on VCR rentals and sales. I am fully capable of copying videos at home, and yet most of my videotapes are purchased, pre-recorded videos.
Frankly, I think piracy should be regarded as competition. If you lower your price enough, people are simply not that tempted to pirate. I think most people would buy rather than pirate depending on price.
In shrink wrap software (which I hardly ever have to buy anymore, thank you FSF and Linus et.al.!), I would buy just about any title at $20 or less. I'll even go up to about $60 for something like Quicken (where's the Linux version, Intuit? -- BTW, I've sent them letters swearing that I'll not upgrade again until they make Linux version. What could any future version do that my current one can't?)
In movies, at an average price of $20, I seem to be content enough to buy them.
I can't help but be outraged, however, at the fact that DVDs, which cost them FAR less to make than videocassettes, are consistently more expensive! I have stuck with VCRs for now because of that (well, and because I expect HDTV to be the "must" for upgrade to DVD -- why get a DVD and feed it to my 24-inch academy ratio 3-inch mono speaker TV?).
I guess I'm saying it should be a linear programming problem to compute the price at which they get the most money rating rate of sale against rate of piracy. I don't care how much technology they throw at it. If it can be viewed, it can be copied somehow, even if it's sampling the voltages at the CRT! Give it up. Keep it open and make it cheap. People will pay then.
> Like the guys who wrote HLE, like the guys who cracked NT SP4's "security", the DeCSS guys are going to be pounded until they are forced to disappear or by some miracle are cleared.
And the irony is, the movie industry will end up suppressing access by the honest people who would have ended up buying DVDs to play under alternative OSes. But the crooks who want to make massive bootleg issues undoubtedly already have the code, and won't have it posted on a web site where it's easily spotted and stamped on. The pirates will thrive, but sales won't be increased.
They would have been better off not using encryption in the first place.
--
It's October 6th. Where's W2K? Over the horizon again, eh?
Sheesh, evil *and* a jerk. -- Jade
As I understand it, it works like this:
The actual multimedia (audio/video/etc) data is encrypted with a single key, unique to that title, called the "title key". You need the title key to watch the movie. Each movie gets a different title key.
The title publisher puts many copies of the title key on the disc. Each copy is encrypted with a different manufacturer key (and not with the title key, so you don't need the title key to decrypt it).
Each DVD player manufacturer is given one of those manufacturer keys. They then build their DVD player with the capability to decrypt their copy of the title key, allowing you to play the movie.
The crack was assited when some company forgot to encrypt their copy of the title key -- they storied their copy of the title key in unencrypted form. This let the DeCSS people unlock a disc without knowing how CSS worked, which made the reverse engineering of CSS easier.
Since then, the DeCSS people have cracked more then one hundred additional manufacturer keys. Apparently, the CSS manufacturer keys are very easy to break.
It is worth pointing out that the DeCSS people would have cracked CSS eventually, even without help. The screw-up by that company just made things quicker.
The DVD people are now suing anyone they can get in their sights in an attempt to close the barn doors after the horse has wandered off. Typical knee-jerk corporate reaction.
That is my understanding of all this. I could be wrong.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
The record and video industry has been crying about this for years, but I think it's still a red-herring. Their real purpose is to make it difficult for you to be in the business unless you go through one of the established studios. They don't want artists to be able to do their own distribution, electronicaly, and keep all of the profits.
Thanks
Bruce
Bruce Perens.
Actually, two I suppose.
1) Everyone, get a copy of the source. If you can legally serve it up (meaning no patent issues on the encryption) do it. Basically, spread the information so far and wide that it's useless to go after anyone, because it would take more money than even the entertainment inductry has.
2) Figure out how to start a good legal defense fund. DVD on Linux would be a Good Thing.
This said, I do have a few issues with the people who cracked the decryption. Making it possible to save the unencrypted movie on a hard disk was unnecessary and uncalled for. It's possible to rite a player without that capability, and that's what they should have done, at least at first. Were they trying to get into trouble by writing that capability into their software right off the bat?
And yes, I know it's Open-Source, so someone else could easily have written software to copy the DVD movie. But the people who cracked the decryption shouldn't have been the ones to do that, if only as a gesture of goodwill towards the industry. The capability would always be there for someone who wants to do it, and the original hackers come out of it looking at least tolerable to the indistry.
Both sides are in the wrong this time, albeit in different ways. But I'm sticking by the hackers, who are wrong only by virtue of a rather shortsighted design mistake, rather than the industry which, which is wrong due to undue technophobia, a healthy dose of greed, and the inability to see that copying DVD's to another DVD is pointless since a single DVD-RAM disk costs more than most DVD movies. It's cheaper just to buy it legitimately, so piracy is pretty much pointless.
Except, I suppose, for potentially wrecking the idiotic "tiered-release" schedule the entertainment industry uses. But that's no big loss.
But i don't remember how Linux is getting dragged into this argument. I don't recall hearing the the hackers were breaking the DVD's codes simply to be able to watch DVD's in Linux. They were doing it in order to show the futility of DVD's copy-protection scheme.
All of you that are dragging Linux into this are really doing something bad for Linux. You need to be careful, lest if become regarded as the "renegade" OS... "Linux users don't respect intellectual property, look what they did to DVD." I'm not saying that, but it could be said in a boardroom somewhere.
I really don't think that the movie industry singled out Linux when thinking of copy-protection schemes... They were just more concerned with Windows users, because, face it, that's where the primary market is. Most industry publications have Linux relegated to the server closet, and just recently has it's head started to pop out. It would have happened had more and more people started using Linux on the client side.
But that's a separate argument. The fact remains (in me view) that Linux was not involved, it was simply people demonstrating that after all their hard work, the copyprotection scheme used by the movie people was flawed.
We need make our displeasure known using peaceful and legal means
To make our displeasure known is not enough. We need to know and remember who did what. We need, basically, a database that knows that on such-and-such date such-and-such firm threatened/sued/shut down a programmer/group/site because of this-and-that. In this way people in position to pressure the offending organization will know if it needs pressuring (and, for example, has a history of hostility towards, say, MP3s).
Of course, there will have to be a significant threshold to cross before some action gets into such database. We don't want script kiddie complaints that their ISP shut them off for trying random 'spoits to end up in there.
And yes, I understand that it is likely to end up being known as "The Slashdot Black List".
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
In terms of what the ISP can do with the site,
the terms and conditions of use say that they
are allowed to disable it if they feel like it.
But see below.
I've just had been supplied with information on
the relavent bit of the Act, and it's seems to
be about circumventing copy protection mechamisms.
I'm supprised we have such lunacy in our Law.
Thus that page may well fall foul of English Law.
So don't bother the ISP, they are taking a
reasonable course of action.
I guess I basically need to visit a Solicitor
on Monday.
Derek Fawcus