DVD CCA Applies for Restraining Order

Robert Jones writes "I have just received an email which I think will be of interest to many Slashdotters. Apparently, the DVD CCA [Copyright Control Association] has applied for a restraining order against myself and approximately 70 others to keep us from distributing 'any proprietary property or trade secrets relating to the CSS technology'. The hearing will be at 'the Superior Court of Santa Clara County, State of California, on December 29, 1999, at 8:30 a.m.' This will probably result in the bastards silencing us, but what can you do? If this goes through, I will never purchase a DVD player using current technology." Yes, the e-mail is real. Many people sent copies. We'll post an in-depth story within a day or two.

Trade secrets vs. patents

[HalfFlat]

Is something still a trade secret if it has been reverse engineered? I thought this was the trade off between patenting and keeping something a trade secret. Surely they can't have it both ways?

Re:Trade secrets vs. patents

[MrLizard]

Heh. In case you missed it, there are no more such tradeoffs. A combination of techno-illiterate judges, brain-dead patent officials, and good old fashioned corruption has basically reduced the court system for IP issues to a modern form of 'trial by combat'. In Ye Olden Dayse, you see, issues could be settled by hiring a champion to fight for you. The richest man, obviously, could hire the best champion -- thus assuring himself victory, unless the person he was in disagreement with was named 'Volagr, Destroyer Of Towns' or some such.

Today, the situation is similair, though less physical blood is shed. A court system that inflicts almost no penalty on those who file baseless lawsuits encourages such filings, and the victim often has no resources to challenge it.

The recent 'extension' to the 'limited copyright' granted in the Constitution is a prime example of this.

I tend to be in favor of IP rights as social convention -- they should be honored because it is the right thing to do. The last few years have seen so many attacks on basic rights in the name of protecting IP that I can no longer in good conscience claim that the current system is workable.

Re:Trade secrets vs. patents

[Majestix]

I've read the thread so far regarding this legal action and the consequences will probably shock the lawyers that brought on this action.

The one thing they are trying to prevent (distribution of the DeCSS source code) is going to happen anyway, probably to a wider range of people than it would've orginally.

Another trend in this thread that i find amussing is the whining of some that the DeCSS folks are pirates. Does this mean that the Linux community is supposed to sit on its hands and wait for someone to decide that its time to support Linux with in their DVD products? I'm not a big time Linux Guru but I know that that isn't how Linux got where it is today. Furthermore, the software market is alive and well despite piracy, the Video Cassette market is alive and well, the Compact disk market is alive and well. So much for the rumors that DeCSS is going to kill the DVD market.

A suggestion to the DeCSS authors. While I know it doesn't sit well with the OpenSource philosopy, why not incorporate. Yeah, you'll have to distribute binaries for awhile but hey, at some point declare the source open and let the code go free.

My 2 cents...

Re:Trade secrets vs. patents

[harlows_monkeys]

DeCSS came from the Windows community, not the Linux community. It was then ported to Linux.

The DeCSS authors don't seem all that interested in open source. All the copies of the Windows version I've been able to find have been without source, and the Windows version checks for Soft-ICE and refuses to run if Soft-ICE is present, so it looks like the DeCSS authors don't want their code to be reverse engineered. Anyone else find that hilarious?

slashdot also in the email

[~spot]

slashdot is also mentioned in the email, which is mirrored here: http://douglas.min.net/~drw/css-auth/legal-info/ ~spot

A sad note to end the millenium

[Hobbex]

With only a couple of days to go, I think that this, more than anything else, personifies and highlights the fight we have ahead of us. Nothing is such a danger to the values that ANYONE who loves the Internet and the Information age holds highly then this fight of stupidity (armed with guns) against the progress of the mind.

I'm pretty much at a lack for words right now, so I will just send my moral support to anyone targeted by this outrage. However, this is a battle we can fight on our turf and they can fight on their's. The courtroom is definitely theirs.

There was never a revolution without somebody going under wheel, and there was never a meme to go under without a fight. And there has never been a fighter like corporate society.

-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.

Info

[drwiii]

Here's the nastygram (was sent in MS-Word format, HTMLized [more-or-less] for your pleasure) that I got via email this afternoon. Expect my css-auth mirror to close by midnight tonight. On the advice of legal counsel, I'm not at liberty to discuss matters further.

Douglas R. Winslow

DeCSS, LiViD, css-auth, link!

[Signal+11]

Download this.

Let them try to call a few hundred thousand people into court... I'd like to see that. =)

The Hearing is Coming Up, not Passed

[fishbowl]

I cannot be in Santa Clara on that day, but if there are as many activists within reach of this article as one is led to believe, and if they believe so fully in their views, go be heard in the courtroom venue.

If I read on Dec. 29th that the hearing came and went without a standing-room-only courtroom, with all sides of the issue having been clearly heard, I will stop caring about the intellectual property debate.

It's not as if the article was "they applied for AND RECEIVED a restraining order." There is still an opportunity to influence the court. If nothing else, a judge could be made to realize that this matter is not something that should be decided off the cuff, but rather has very significant implications. Simply having a few thousand people on the courthouse steps that day would probably be enough to effect change.

Do I think it will happen? No. Will I be there? No. When the rubber meets the road on these issues, the bottom line is we really don't care. We Email our congress people, but do we snail mail them? Are these issues even worth $.33 to us? Maybe not. History will tell.

Re:The Hearing is Coming Up, not Passed

[fishbowl]

In California, you can have a full hearing on ANYTHING. Please don't encourage a defeatist attitude. Nothing will ever be won with that.

They can file a TRO, certainly. But if the defendents actually show up, they must be heard. If even ONE of them insists on not giving up their right to a hearing, they must be heard.

It does not cost a trillion dollars to do this, contrary to popular belief. And you are mistaken about this item of jurisprudence:

"and the judge compares the size of their wallets"

It probably looks that way. I've gone to court and won before, and it didn't drive me to bankruptcy.

The simple fact that there are defendants named on a California suit who are not subject to California law would be enough to have the TRO suspended, if only it were to be mentioned properly according to the rules of civil procedure.

It is my sincere hope that some wise person, hopefully one of the named defendants, is corresponding with the court on this very subject, and will be prepared on Friday's court date.

Re:amazing.

[orangesquid]

Yes, of course they/we/whomever has an understanding of the real world.

In the real world, there's this new type of media called DVD, and this format in which it is stored, called CSS. CSS is an encryption format; it's not proprietary, really, as they (the creators) have published papers explaining how it works. What they haven't published, however, are the list of keys that can be used with CSS to decrypt DVD movies.

It is a perfectly feasible option to buy a product which will decrypt DVD movies (so they can be played) without having to know any of the keys.
Such products come in two forms: (a) hardware, or actual physical VCR-like devices that connect to a TV, and (b) software, which decodes the DVD format with the aid of a computer.

Although both schemes require a key to operate, the key is embedded - the end user does not need to know what the key is in order to use the product.

This would work well for any standardized environment; from the hardware point of view, as long as you had a standard 60-hz NTSC television, you could use a NTSC DVD decoder; if you had a 50-hz PAL television, like in Europe, you could use a PAL DVD decoder. Here, there are only two major standards that companies need to produce products for.

In the software world, things are much more complicated. Not only are there different standards for how a software product talks to the operating system, but there are different graphical standards, different standards for talking to the DVD drive, etc.

Software companies so far have fulfilled very few niches in terms of all the standards in use. This means that there is still a demand that is unfulfilled, and in the _real world_, demand and supply go together hand-in-hand.

In other words, in the "real world", by not providing enough supply to make everybody happy, you invite competing products.

The only illegal thing done here is to have reverse-engineered a poorly-written software decoder to extract a key. However, it would also have been possible to brute-force test keys until one was found, although it would have taken a while.

So, here (as I see it) are all the things going on here:
In the case of the company with the poorly-written software, negligence.
In the case of the program crackers, reverse engineering. (but is it really illegal to know what the processor knows? I mean, you *own* the damn processor after all!)

Just my $0.02.


--TheOrangeSquid


The fellow sat down at a bar, ordered a drink and asked the bartender if he
wanted to hear a dumb-jock joke.
"Hey, buddy," the bartender replied, "you see those two guys next to
you? They used to be with the Chicago Bears. The two dudes behind you made
the U.S. Olympic wrestling team. And for you information, I used to play
center at Notre Dame."
"Forget it," the customer said. "I don't want to explain it five
times."

This issue has nothing to do with piracy

[Xeger]

Although I'm sure 99% of Slashdot readers understand this point intuitively, I'm going out of my way to make it extra clear to those who don't know much about the subject or who haven't put much though into it:

The breaking of CSS encryption has absolutely nothing to do with piracy. Think about it for a second: how feasible is it to move around 5- and 6- gigabyte DVDs? How do you store them? Not on your hard drive, that's for sure! How many people do you think can afford a DVD burner capable creating true dual-layer DVDs (and not DVD-RAM discs, which are something completetly different?) And when DVDs can be bought online by a judicious shopper for as little as $5 per title, do you really think anyone's going to go out of his way to pirate them? It's far easier to hook a VCR to the video output of your DVD decoder card and videotape the damned things! The loss of quality is far less than if one were to recompress an MPEG2 stream using a lossier but higher-compression encoding.

No, the issue at hand here is that of free access to information--an issue that has traditionally been very important to the open-source community and very unimportant to the corporations that write your software and, to an increasing degree, control your life.

You see, when the DVD manufacturers came up with CSS, their goal was not to protect the intellectual property contained on DVDs; rather, they were establishing an ironclad grip on the entire DVD market. They control who gets to view DVDs, how, and with what hardware and software. They have accomplished this end through the use of a proprietary encryption scheme (CSS) about which they have released no information. Of course, if they'd bothered to consult with any security professional, they would have been told that security through obscurity simply doesn't work, as has been proven endlessly, usually at the expensive of the implementor of said obscure security.

Now, someone has broken their cute little encryption scheme, which they never patented and never published. In what is basically a panic response, they are wasting millions of dollars and contemplating turning the entire DVD market on its side just so they can maintain total control of the market.

As if this wasn't bad enough, they are threatening legal action against the people who cracked CSS, an activity that never was and still isn't illegal, and they are trying to block them from publishing anything else they find out about the non-patented CSS encryption algorithm. This is a violation of the CSS crackers' right to free speech which, if you'll recall, if a constitutional right.

This is an old story, of course. Those of you who have been around long enough can remember countless other occasions where some company's naive encryption scheme was broken and the corporate response was to attempt a legal assassination of the cracker in order to maintain security.

So, instead of whining irrelevantly about piracy, why don't you boycott DVDs yourself in order to protest the violation of someone's first amendement rights? Somebody might someday do the same thing for you when you find yourself against the wall.

Re:The list of defendants (Are you one of them?)

[Oates]

How does a State Superior Court have any impact or bearing on a citizen of Denmark, Australia, or whatnot?

It's not a US federal court case. As far as I know, the state of California does NOT have any extradition treaty with Denmark or Australia, for example.

What do non-US nationals have to fear? Also, what about US residents who have given up their US citizenship and live only as citizens of another US state? (Yes, I've seen a few--it's a good way to get out of Social Security and the IRS.)

Chris

yeah, i got one too

[emmons]

Yeah, I recieved one of those lovely letters also... you can read it here. Contrary to what was written in the email, it's perfectly legal to distribute the notice.

I promptly called my lawyer (actually a close friend) after recieving the email and he said I have nothing to worry about. Firstly, such a notice must be mailed to me, not emailed. And even by post is not legally binding. Secondly, if they do get their little restraining order, it must be delivered to me in person... hehe, I'm in germany right now. Based on what I told him he said (gasp) that they're just trying scare tactics. I forwarded the email to him, he will review it and give me more advice tomorrow morning.

This sure is a fun, isn't it?

-----

Don't bend over!

[BOredAtWork]

Taken from The Letter:

On information and belief, this proprietary information was obtained by willfully
"hacking" and/or improperly reverse engineering software created by CSS licensee Xing Technology Corporation ("Xing"). Xing's software is and was licensed to users under a license agreement which specifically prohibits reverse engineering.

Taken from The Online Ethics Center for Engineering and Science:

Article Number 142
Reverse engineering and patent infringement

In most instances, "reverse engineering" is an acceptable option for creating new products. However, there are legal and ethical limitations that must be considered.

Reverse engineering is a common procedure that typically involves the disassembly, examination, and analysis of a product to reveal its design and function. Normally, this is done for competitive analysis, and sometimes for the purpose of building and selling a similar product. It is legally and ethically acceptable for a company to purchase a commercially available product, to analyze it thoroughly, to design and develop a similar product and a method for its manufacture; provided the new product and method do not violate the patent rights of another company.

Seems to me (and I'm NOT a lawyer, nor do I play one on TV) that the programmers were completely within their rights here. What really jumps out at this letter at me is that NOWHERE do they reference an actual patent number that I could look up. If they did, I'd be able to pick it apart a bit more; I can only assume that they intentionally left this out of the document because they're hoping a judge isn't smart enough to ask for it. I would think that if the patent helps their cause, they'd certainly quote it or reference it. My understanding of their letter is that they have their panties in a knot over illegal copying and distribution. The fact is, none of these defendants has been accused of either copying or distributing DVD movies. To quote the letter again:

49. Defendants knew or should have known when they posted or provided "links" to the DeCSS program on their web sites that it was being made available by virtue of the unauthorized use of proprietary information and that they were misusing proprietary confidential information gained through improper means. This is because the DeCSS program has the capability to defeat DVD encryption software and, as a result, the DeCSS program allows users to illegally pirate the copyrighted motion pictures contained on DVD videos - - activity which is fatal to the DVD video format and the hundreds of computer and consumer electronics companies whose businesses rely on the viability of this digital format.

Two things about this scare the living hell out of me. First, this business about "the DeCSS program allows users to illegally pirate the copyrighted motion pictures contained on DVD videos": Sure, it makes such things possible. At the same time, one can mix fertilizer, black powder and some other goodies together such that one could blow a building to hell. A camera makes it possible for one to observe you in the shower. A photocopy machine makes it possible for one to distribute damn near any document. But nobody's sueing Miracle Grow. Nobody's sueing Kodak. Nobody's sueing Xerox. See, the fact that Product X enables one to achieve a nasty objective DOES NOT make Company X liable. This has been established time and time again in the court system. And it holds, so long as Product X's primary purpose is NOT to assist in achieving the nasty objective. The software in question IS NOT written to aid in copying DVDs. It's NOT written to aid distributing illegal copys. It's primary objective was to make DVD's playable on Linux. Quite legal, if ya ask me.

Now, the second thing that really worries me here is that they're going after people who were NOT distributing the software. There are sites on that list who just LINK to the software, or a site that distributes it. Hasn't at least one prior ruling already said that this is a legal activity? If it's not, God help Google, and any other search engine out there. Or anyone who links to anyone who links to the software. And so on.

I'm also completely unsure if this program is anywhere near the stuff used by the licensed friends of the DVD CCA. If they're totally different, and don't make use of the same proprietary algorithms, etc, the case has just grown exponentially weaker. Me thinks that if these guys get shot down, someone oughta rewrite the program such that it doesn't use anything from Xing except the key - and whoops, that can be brute forced in a matter of weeks once a non-proprietary algorithm implementation is in place (see distributed.net efforts w/weak encryption cracking).

Anyways, I highly encourage these defendants to pull together and find a decent defense attorney (anyone out there who is one, and reads slashdot...?), and make sure that DVD CCA doesn't force them to bend over and take this...

--

Re:The list of defendants (Are you one of them?)

[choco]

After reading that list - I'm confused.

Can someone explain to me exactly what right an organisation has trying to use a US court to tell non-US citizens what they can or cannot put on a web page which is not hosted within the USA or on a USA controlled domain name ?

Perhaps someone needs to point out to these lawyers that some bits of the world which aren't the USA take a very different attitude to IPR generally (eg many places have many to avoid the lunacy of software patents altogether thus far - even if some bits of Uncle Sam are now exterting pressure on us to change our policies)

I'll let the people in the US comment on the wrong and wrongs of this case under US law. But I hope those people named who are not in the US tell complainents exactly where they can stick their legal action.

Important fact number one:

Several countries named have decided both as a matter of principle and as a matter of law that reverse engineering of certain types similar to this are legal - whatever companies or other countries might wish.

Important fact number two:

Were the complainants to start legal proceedings in those countries they would have absolutely no hope of winning.

Important fact number three:

In the UK and in much of Europe - if someone launches a civil action against another person and they loose that civil action - then they are (almost always) made to pay ALL of the legal costs involved - *including* the costs incurred by the defendent. These costs in IPR cases are likely to be very high.

Important fact number four:

The UK civil courts have a very robust attitude to people trying to use their procedures in an oppresive manner. They have various powers to deal with organisations which cynically abuse legal process and have shown themselves (on occasion) to be willing to use them. These powers include forcing one side or the other to pay sufficient money into court to cover all the likely relevant costs if they loose, or declaring individuals "vexatious litigants" which means they cannot launch any civil actions without the prior permission of the court.

Important fact number five.

Some people in the UK, the EU and several other countries are already rather touchy on the issue of US courts attempting to exert their authority in other people's countries. Some such people are just waiting for an opportunity to show the US courts exactly where their jurisdiction ends. This looks like it might be a promising candidate.

MODERATE THIS UP! -- Group planning to meet at 8am

[Dredd13]

Chris Dibona and myself (and hopefully others!) are planning to meet at the courthouse at 8am. Chris' page for this is at: http://www.dibona.com/social/dvd/index.shtml ... Hope to see you there! D

Santa Clara Coordination.

[chrisd]

Okay, we plan on meeting at the courthouse at 8am. See my site at http://www.dibona.com/social/dvd/ for more details and ongoing planning.

Chris DiBOna
--
Grant Chair, Linux Int.
VP, SVLUG

Re:So where can we get the code *tonight* ?

This is from: http://www.2600.com/news/1999/1112-files/crypto.gq .nu/ Even if the *can* get all the copies of the sourcecode (not bloody likely) off the net... below is the general crypto system used... Vengence. 0 General disclaimer. This information is provided as is, with no warranties on its accuracy or usability. It is based on a piece of source code claiming to be the css algorithms, and which have since been confirmed to interoperate with the CSS system. The author has not read any official CSS documentation, and any errors in the terminology is a result of this. This information has not to the knowledge of the author been made available through breaches of the DVD consortium Non Disclosure Agreement. 1 System overview. Every DVD player is equipped with a small set of player keys. When presented with a new disc, the player will attempt to decrypt the contents with the set of keys it possesses. Every disk has a disk key data block that is organized as follows: 5 bytes hash of decrypted disk key ( hash ) disk key encrypted with player key 1 (dk1 ) disk key encrypted with player key 2 (dk2 ) ... disk key encrypted with player key 409 (dk409) Suppose the player has a valid key for slot 213, it will calculate (1) Kd = DA( dk213 , Kp213 ) To verify that Kd is correct, the following check is done, if the check fails, it will try the next player key. (2) Kd = DA( hash , Kd ) An obvious weakness stems from this check, by trying all 240 possible Kd, disk key can be deduced without knowing any valid player key. As will be shown later, this attack can be carried out with a complexity of 225, making such an attack feasible in runtime applications. Another obvious attack is that by having 1 working player key, other player keys can be derived through a similar search. This can be done offline, also keys obtained from the former attack can be used as a starting point. To decrypt the contents an additional key tk - the title key is decrypted with the now decrypted and verified disk key. (3) Kt = DB( tk, Kd) Each sector of the data files is the optionally encrypted by a key that is derived from Kt by exclusive or of specified bytes from the unencrypted first 128 bytes of the 2048 bytes sector. The decryption is done with the CSS stream cipher primitive described in section II. 2 CSS streamcipher primitive: The CSS streamcipher is a very simplistic one, based on 2 LFSRs being added together to produce output bytes. There is no truncation, both LFSR are clocked 8 times for every byte output, and there are 4 ways of combining the output of the LFSRs to an output byte. These four modes are just settings on 2 inverter switches, and the modes operation are used for the following purposes. 1.Authentication to DVD drive ( not discussed ) 2.Decryption of Disk key (DA) 3.Decryption of Title key (DB) 4.Decryption of data blocks. LFSR1: 17 bits ? taps, and is initialized by the 2 first bytes of key, and setting the most significant bit to 1 to prevent null cycling. LFSR2: 25 bits 4 taps, is initialized with byte 3,4,5 of the key shifting all but the 3 least significant bits up 1 position, and setting bit 4 to prevent null cycling. As new bits are clocked into the LFSRs, the same bits are clocked in with reversed order to the two LFSRs output bytes. ( With optional inversion of bits. ) The output of LFSR1 is O1(1), O1(2), O1(3) ... Likewise LFSR2 produces O2(1), O2(2), O2(3) ... These two streams are combined through 8 bits addition with carry carried over to the next output. The carry bit is zero at start of stream. (4) O(i) = O1(i) + O2(i) + c where c is carry bit from O(i-1) This streamcipher is very weak, a trivial 216 attack is possible with output bytes known for i = {1,2,3,4,5,6}. Guess the initial state of LFSR1, and clock out 4 bytes. O2(1), O2(2), O2(3), O2(4) can then be uniquely determined, and from them the state at i=4 is fully known. The guess on LFSR1 can then be verified by clocking out 2 or more bytes of the cipher and comparing the result. Another important attack is the case when only O(i) for i = {1,2,3,4,5} is known. Guess the initial state of LFSR1, and clock out 3 bytes. Now O2(1), O2(2) and O2(3) can be found as in the above attack. This will reveal all but the most significant bit of LFSR2s state at i=3. If both possible settings for MSB is tried, and LFSR2 is clocked backwards 24 steps, a state where bit 4 is set at i=1 can always be found. ( This is stated without proof ). Select the setting of the most significant bit for LFSR2 such that LFSR2 is in a legal state at i=1, and clock out two more bytes to verify the guess of LFSR1. For some values of O( i = {1,2,3,4,5} ) multiple start states can be found, and for others none. Selecting the correct start state is not a problem, as this attack is used in situations where only the first five output bytes are of significance ( encryption of keys ). 3 CSS mangling step: When the CSS streamcipher is used to encrypt keys such as in DA(data,key) and DB(data,key), an additional mangling step is performed on the data. This cipher is best illustrated with the following block diagram: A(1,2,3,4,5) are the input bytes (data) C(1,2,3,4,5) are the output bytes (data) ki = O(i) where O(i={1,2,3,4,5}) is streamcipher output from key B(1,2,3,4,5) are temporary stages The cipher is evaluated top down, with exceptions indicated by an arrow.

A few legal facts.

[Froomkin]

There is no obligation on plaintiffs to be "non-discriminatory" in who they sue. It suffices that they sue wrongdoers. If there are more who are left out who owed duties to the sued defendants, they can implead them (defendants turn around and force others in to the case). But if you are part of a gang that beats up Bob, and Bob sues just you, it's no defense to your liability to say that you were part of a gang.

Of course, suing people who are not guilty is a big no-no: "If a claim of misappropriation is made in bad faith, a motion to terminate an injunction is made or resisted in bad faith, or willful and malicious misappropriation exists, the court may award reasonable attorneys' fees to the prevailing party." Cal. Civ.Code 3426.4.

I'm not a California lawyer, and california law has all sorts of strange wrinkles. Plus, the complaint raises a claim for "misappropriation of trade secrets" which sounds like it may have some common law component as wall as a statutory aspect(??). But here, in any case, is an arguably relevant statute, Cal Civil Code sec. 3426.1:

3426.1. Definitions
As used in this title, unless the context requires otherwise:
(a) "Improper means" includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means. Reverse engineering or independent derivation alone shall not be considered improper means.
(b) "Misappropriation" means:
(1) Acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or
(2) Disclosure or use of a trade secret of another without express or implied consent by a person who:
(A) Used improper means to acquire knowledge of the trade secret; or
(B) At the time of disclosure or use, knew or had reason to know that his or her knowledge of the trade secret was:
(i) Derived from or through a person who had utilized improper means to acquire it;
(ii) Acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or
(iii) Derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use; or
(C) Before a material change of his or her position, knew or had reason to know that it was a trade secret and that knowledge of it had been acquired by accident or mistake.
(c) "Person" means a natural person, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity.
(d) "Trade secret" means information, including a formula, pattern, compilation, program, device, method, technique, or process, that:
(1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and
(2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.

If the above is the law that applies, and if the person who reverse engineered and disclosed had a contractual obligation NOT to, and if the named defendants knew or should have known these facts and if the court has jurisdiction over them, then and only then this statute suggests the judge may grant the injunction.

Please don't get me wrong, I'm not advocating that outcome, just reporting. I should also note that sec. 3426.2(a) says that injunctions must be lifted if someone demonstrates that the "trade secret has ceased to exist" and that sec. 3426.2(b) says that "If the court determines that it would be unreasonable to prohibit future use, an injunction may condition future use upon payment of a reasonable royalty for no longer than the period of time the use could have been prohibited."

All that aside, an injuction against "linkers" as opposed to posters would seem to me to be outrageous. But there is a little bit of (ugly) precedent floating around....

Final point: while showing up in numbers can't hurt, it would be a lot better if one of the free software groups could get a lawyer down there and attempt to appear either as an intervenor or as a friend of the court. Much more likely to have some effect. Spectators are not allowed to talk in court.

A. Michael Froomkin,
U. Miami School of Law,POB 248087
Coral Gables, FL 33124,USA

Everything to do with DMCA

[Pratik+Dave]

You're right, a good reading of the injunction makes clear that they're not defending the terrible copy protection in the dvd mechanism. However, this has a lot to do with recent changes in the U.S. copyright laws, I recommend that folks read H.R. 2281 - The Digital Millenium Copyright Act. The Library of Congress has an easier to read summary online.

What it really comes down to is that the defendants were informed that they should have removed the offending materials and refused to do so (it's right at the top... of the injunction right beneath the 69K of MS-XML.) They can't touch the guy who wrote DeCSS because he complied upon notification of transgression.

If you haven't yet actually read anything about the DMCA, you'll find the WIPO/Title I sections useful in understanding what they new laws have to say about reverse engineering of the sort used in DeCSS. WIPO is the World Intellectual Property Organization, and Title I is the U.S. Congress ratifying general new international agreements about intellectual property. Read Educause's summary, particularly the section on: "Prohibitions on Circumvention of Technological Protection Measures ."

Pratik Dave
ps: Given the specific burden of proof placed upon service providers and their DMCA agents given by the DMCA, I'm especially shocked that some of the defending sites were .edu sites. Since we're (academic sites == service providers) monetarily culpable if we don't take "prompt" action upon notification, seems like someone at rpi dropped the ball.

This part doesn't take effect for a few months, but see if you don't find it the slightest bit relevant (and frightening):
''(b) ADDITIONAL VIOLATIONS.--(1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
''(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
''(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
''(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.

Re:Everything to do with DMCA

[Jeff+Licquia]

The DMCA is scary, sure, but I think the DeCSS people have more of a leg to stand on than you imply.

The conditions you mention all contain the qualification that the code not have any significant commercial impact or legitimate use. The DeCSS code was designed for the sole purpose of writing a DVD player for Linux. This has commercial impact, as it will become essential for Linux to have an impact in the consumer market, and it is legitimate - at least as legitimate as playing DVDs on Windows is. I doubt that an argument could be made that playing DVDs on a computer is illegitimate unless you run monopolistic OSes.

I don't believe that the DVD lawyers are using this tactic. Their angle is that the license for the Xing DVD player forbids reverse engineering, which was done to extract the initial keys, and they violated this license and revealed trade secret information. I can't see how they can win from a legal standpoint, but the whole "bleed them dry" legal strategy can't be counted out.

Of course, neither can the "whack-a-mole heavy mirroring" and "foreign development" legal counter-strategies be dismissed easily, so I guess it's a fair fight.

:-)

What I plan to do.

[jammer]

I am the original poster of this story; what I had originally done was to remove those files from my website pending the outcome of the hearing. Due to the mammoth support here, I have put them back and put a notice on the front page of my website informing all visitors of what is going on. I urge you to visit my site at http://www.devzero.org now and get the software while you still can. Like someone said in a previous comment, it's like playing bop-a-mole. They may get me and 70 others, but hundreds more will be distributing by then.

And yes, I am on the East coast, and will not be able to be at the hearing. Anyone and everyone who is within range, GO, please, and make your voice heard.

This is about intellectual freedom, not "copyright infringement" or violation of trade secrets.

In defense....

[Shaheen]

With all the great information that may be gleaned from the pages of Slashdot, surely this is one way in which it can make a real difference. I personally will not be at the hearing (I didn't receive the e-mail either), but it would be really great if someone would print out the best posts to this story, and others about DVD encryption hacks, and submit them to the court at the hearing.

I believe that the views expressed on Slashdot deserve more of a voice than the archives of a web site... here is their chance. The following are the articles which I have found on Slashdot which go along this theme:

• Linux DVD One Step Closer
  
• DVD for Linux
  
• DVD for Linux: Interview with the Developers
  
• LinuxDVD CSS Decrypt - Source Available
  
• Watching DVDs in Linux HOWTO
  
• Why DVD Encryption Crack was a Cinch
  
• Legal Actions Against Linux DVD authors
  
• DVD Hack Delays DVD Audio
  

Re:Hand out free floppies at the courthouse!

[seanb]

This is a REALLY cool idea that deserves more discussion. Show up with a duffle bag full of floppies with the DeCSS source code.

Be prepared for some VERY pissed off lawyers.

Unfortunately, I am nowhere near California. Otherwise, I would be cranking out floppies right now.

Who let the RIA design our mass storage?

[SurfsUp]

You see, when the DVD manufacturers came up with CSS, their goal was not to protect the intellectual property contained on DVDs; rather, they were establishing an ironclad grip on the entire DVD market.

This debate is rightly focused on issues of free speech and openess of hardware specifications, but there is another BIG issue that isn't getting much air time: how the heck did we get into a situation where our mass removable storage systems are being designed by the recording industry and movie industry? What is all that encryption hardware doing in there and why does it make my computer work better? To put this another way, why are we being served up hardware that was designed in the best interests of people who aren't us, and why do we accept that?

This kind of market inversion is the same thing that has forced the spectaular rise of the open source movement. Owners of proprietray, closed source, defacto standard software systems ground us under their foot for so long that we had to react. Now what we need is a similar, open hardware movement. Sure, there are problems that are harder - designing hardware requires expensive equipment. Manufacturing it requires even more expensive equipment. But it's not like it used to be - prices are coming down. Money for open projects is abundant. So please, lets have a high-density ROM disk design that's designed according to our needs, not those of the RIA.

I want it to be a smaller format - 5 1/4 should have gone out with 5 1/4 disks, sucks for laptops and won't fit in your pocket. I want it to have current densities - in other words, even higher than what DVD offers. I want it to be completely free of any hardware that isn't directly connected with making it work better and/or cost less.

Who will design my dream ROM disk for me? Who will bankroll them? Who will manufacture it? How would we make it hit critical mass so laptop manufacturers will use it? (hint: make it cheap)

DVD was a bad idea right from the start and still is. Take out the "V", all I want is the Digigital and Disk

The cat is out of the bag.

[Ungrounded+Lightning]

The purpose of a trade secret [laws] is to provide a legal means of prosecuting when somebody "spills the beans" and discloses stuff they've seen

... provided they have agreed to keep the secret. If somebody who has NOT entered such a contract with the secret's owner figures out the secret (by himself, with no "guilty knowlege" obtained from someone else who violate such a contract), he is under no obligation to remain silent.

Patents give a government-enforced limited-time monopoly in return for disclosure of the invention. (They exist to encourage the development and disclosure of such ideas.)

Trade secrets can last longer, but they last only as long as the secret is kept. After that they pop like a bubble. The only thing left once the cat is out of the bag is a legal claim against the person who let it out - IF he obtained the secret in violation of an agreement or from an agreement violator.

Caveat: I'm not a lawyer yadda yadda...

IIRC the EFF is ooking for a plaintiff

[FreeUser]

If I recall correctly, the EFF is looking for a plaintiff specifically on the DVD reverse engineering issue. I suggest those involved get in touch with them and look into the possibility of coordinating a counter attack on the DVD Forum. I suspect if this ever went to trial with a reasonably well financed plaintiff, the DVD Forum would stand to lose allot of clout when their licensing terms become unenforcable.

This is about intimidation -- the DVD Forum has allot more to lose in a trial than a plaintiff does.