I just took a look at their site. It looks good to me. Their FAQ is a little thin, but their idea seems like what I was talking about. If we can persuade them to take up the DVD cases, I think it would be better to use their existing forum than to create a new one.
I just sent a letter to the EFF asking them if they would support such an activity. Hopefully they will respond affirmatively. I definitely think we need somebody who knows something about the legal process involved.
I would like to propose a way for the open source community to participate more actively in legal matters. This would be a way for members of the community to directly assist the EFF.
We should create an open source forum for the creation of legal briefs and legislation, similar to existing open documentation projects. As a pilot, I recommend writing an amicus brief for the DeCSS case. Two other possible projects would be to draft alternative legislation to UCITA and submit a brief to the 9th Circut for the rehearing of the Bernstein case.
An EFF lawyer and/or other interested lawyers should take leadership roles in this. The basic idea is that people could do research and submit arguements and supporting cases & evidence. The lawyers would compile these and merge them into a final product and also compile "to do" lists, including questions for further research.
As with any open source project, individuals could take the output, modify it, and submit it as their own (with proper credit and a different name, of course).
Is is possible to Open Source the Defense of DeCSS? Most of us are frustrated that we can't do anything directly to help besides mirroring the code. If the EFF can use a few thousand hands I think most of us are willing and able to lend them.
I think this is an outstanding idea. I believe that in any lawsuit (especially with issues that affect the public) 3rd parties can submit briefs to the court. I think they are called "Amicus" Briefs which means friend of the court or something.
Essentially, we could treat the development of such a brief as an open source project - using CVS and everything. I think given the vast sums of money we've given the EFF that they should cough up a lawyer to guide the development. This would mean reviewing submissions and guiding research by keeping an updated "to do" list. Such material would be appropriately licenced, so individuals could pick and choose pieces and file their own modified form of the brief.
I think this paradigm could be valuable in other fights as well, so we should start getting some experience with it. Two other potential projects that could be done this way are a brief to the 9th Circuit in the Bernstein case and the creation of a "Software Consumer Protection Act" bill to counter UCITA. Wouldn't it be cool if we could force such a bill onto a state election ballot and get it passed.
Actually, what the MPAA did in this case was a clever dirty trick. They ignored the original posting of the software and hand picked the people to sue for distributing DeCSS to maximize shock value. This allows them to make the case that DeCSS is "for piracy" even when the original intent had little to do with piracy and everything to do with the legitimate interoperability of DVD with Linux.
I think that "dvd-copy.com" probably doesn't represent the mainstream. Unfortunately, it is pretty clear to me that their website (unlike LiViD, et. al) is clearly advocating the stealing of MPAA copyrighted material.
This raises an interesting legal question. Is it possible that dvd-copy.com has violated the DMCA while other groups (eg 2600.com) that post DeCSS have not? Whose intent controls the granting of the reverse engineering exception: the author's or the poster's? If it is the poster's intent, shouldn't each defendent be sued separately?
I like the idea of creating non-MPAA owned media encrypted with CSS. I see no barrier to doing this. Then we can distribute our own "player" and key management system.
As long as we don't actually use the same key as DVD's use it should be fine with DMCA. Of course, our key management will allow importation of a generic key. In fact, with some healthy generalization (allowing longer key's etc...) this might actually be usefull encryption in some cases.
The DVD keys can then be communicated separately, by others. Since the key alone is not functional, I don't think it could be called access circumvention technology. After all, it's just a number. It contains no computer instructions. If it is ruled a violation, people could distribute pieces of the key.
This just goes to show how stupid the DMCA is regarding prior restraint of speach. It would be very difficult to define exactly what is and isn't permissible under it.
The judges blockheadedness with regard to 1201(f) Reverse Engineering is extremely frustrating. He seems to be ignoring the plain text of the law, especially:
1201(f)(2) (2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification and analysis under paragraph [1201(f)](1), or for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
We're going to need to counter all three of his objections:
1. [No evidence for Linux Interoperability] We need to get testimony from Linus, Eric Raymond, Lots of LiViD members, and Johansen into evidence. Selected portions of the LiViD mailing list should also support this. I think a petition of Linux users expressing the desire to have DeCSS solely to allow playback under Linux would be appropriate evidence as well. No evidence was presented because of the judge's failure to give adequate time to the defense. We should ask for a new judge on the grounds that this shows clear bias.
2. [DeCSS runs under NT] A) It is ANSI standard C, so of course it compiles and runs on windows. The task that DeCSS alone performs is not operating system specific. The judge has invented some test other than the one in 1201(f)(2). Read the part about "if such means are necessary". This is the proper test. B) Johansen has stated that the reason it runs under windows is that in Linux, WINE emulation of windows mpeg2 players work. This is a reasonable intermediate step in a development effort and clearly shows a Linux motiviation even though it might appear otherwise at first glance. C) What we're really after is open source software interoperability, which does not preclude it from running on windows, since one could write GPL code for windows. Linux is the predominate open source software platform, but by design interoperating with Linux would not preclude interoperation with other platforms, including windows. D) DeCSS is not a complete thought. It is (only) a part of LiViD. To establish intent you must look at the whole production. It is absolutely clear from his regular posts to the LiViD mailing list that Johansen released DeCSS to advance LiViD. (E) This is a "red herring" argument. Nothing in the statute precludes incidental interoperability with other specific programs.
3. [Reverse Rngineering exception not applicable] I really don't understand what the judge is saying. This seems like absolute nonsense to me. I really would like to just say "what are you talking about you Moron". I'll try a less insulting arguement. The judge wrote:
... Section 1201(f) permits reverse engineering of copyrighted computer programs only and does not authorize circumvention of technological systems that control access to other copyrighted works, such as movies.
A) CSS is what was reverse engineered - it IS a computer program and we meet this misreading of the criteria B) The "computer programs only" part is confied to 1201(f)(1) which grants exceptions to the access prohibitions of 1201(a)(1). This is not the applicable part of 1201(f), and 1201(a)(1) is not effective until October of 2000, so no exception to it is needed. C) Indeed 1201(f)(2) does grant circumvention to access control for movies and anything else. Read the word "OR" just after the reference to (f)(1), which expands the exception beyond the judge's reading of scope. Taking the applicable parts of the sentence we are left with: "...a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure,... [OR] for the purpose of enabling interoperability..." D) The most pertinent part of "legislative history" is the plain text of the statute. 1201(f)(2) contains no language to support the asserted limits on the exception.
The articles don't really give much of the technical details. I have never used AOL (thank god), so I don't know what the issue is. What exactly does the AOL installer do to inhibit other internet connections.
If it deletes user owned configuration data without specific warnings, I would say that this meets the definition of virus, or more accurately, a trojan. I don't think "default ISP" means "sole ISP".
Anyone know what laws are on the books regulating malicious computer code?
"This is a perfect case of companies who want to screw their customers over," Torvalds said today, drawing cheers from the crowd of thousands. The DVD industry "wants to control the market not by being a good technical solution, but by just locking customers into a certain solution."
I wonder if Linus would consider testifying in the case. That would legitimze the "interoperability with Linux" arguement in the eyes of the court.
Torvalds said he hopes "the DVD consortium will lose this lawsuit, and we'll just have DVD on Linux," but if that doesn't happen, he hopes commercial companies will license the appropriate software.
Actually, I hope nobody licences the software. If they do we should boycott it. If we can't watch purchased DVD's on our terms, then to hell with them. I bet as Linux grows for home use that the economic blunder the MPAA is engaging in will start to sink in.
Thanks, but I'm already a member. In fact, I link them on my home page. I think the EFF is a good at litigating, and maybe they can become a more powerful political lobby. My question still stands though - how can we (you, me, the EFF, slashdot readers, linux users, free software writers, etc...) be more effective at grabbing the software/technology agenda in politics.
Perhaps the best defence to the UCITA is a good offense. We could draft our own software quality legislation. I think many states have mechanisms whereby voters can directly put propositions on the ballot. I think most people would support a bill entitled "Software Consumer Protection Act" or somesuch.
Parts of the UCITA that try to account for banning of reverse engineering AT THE STATE LEVEL are explicitly given by the DMCA AT THE FEDERAL LEVEL. Thus, UCITA in this regard automatically loses. State legislation cannot override federal laws or deny rights given by federal law.
I hate to burst your bubble, but the reverse engineering exception in 1201(f) of DMCA only provides a defense against claims arising under the DMCA. No "right to reengineer" is "explicitly given" by it.
Besides that, it seems to be the recipient of a lot of lawyerly and judicial double-speak about how it doesn't really apply to anthing.
I'm tired of watching bad laws and precedents get pushed forward that nobody I know wants and most people I know dislike. Somehow we've got to find better ways to get our message into the minds of more people in government.
I think there are a LOT of people who are sympathetic to our ideals for free and open software, but I don't think our views are well represented to people in politics. I'm also somewhat disappointed in the "linux companies" ability to stand up for their customer's values in the political arena. I don't know about others, but I would definately smile on a distro and be more likely to purchase it if I felt that by doing so I would promote some pro-consumer political activism. I consider this part of the "service" I want.
I'd like to hear from people on how we can be more effective at getting our message to the politicians. I think we may need to take a look at the methods of other successful grassroots organizations and see if we can't combine some of their methods with the strenghths of this community. Anybody got any ideas?
Note to lawyers: this message does not hyper-link to any material. people.a2000.nl/mwielaar/dvd-css/csspaper/css.ht ml www.lemuria.org/DeCSS/crypto.gq.nu/ www.derfrosch.de/decss/ Get the paper and source for the attacks (can be found from the last paragraph in the paper) while they are still free (libere).
What kind of crappy moderation marks this down !!! This information is absolutely critical to the merits of the plaintiffs in the DVD trade secret case. It answers my question that was moderated UP.
> A few days (perhaps a week or so) after the Xing CSS and key codes were > cracked, someone released a no-player-key-needed method of finding CSS > title keys and thus deriving all the player keys without ever knowing one.
Where is this code!! Can somebody provide the link! This code should be enough to get the CA trade secret case dismissed. Moreover, it should be protected under the "encryption research" exception to the DMCA. We need to mirror this code so that it doesn't get lost. After all, they can change the keys, but they can't change the whole encryption scheme as easily.
Did you violate the End User Licence Agreement for the Xing player? Did you even accept it? Can the keys be extracted from the Xing player without accepting the EULA? Can DeCSS be recreated without exploiting the openness of the keys in the Xing player?
How many DVD's have your purchased? What do their copyright notices say? Have you (or anyone you know) "pirated" any DVD's in violation of the copyright notices as you understand them?
This is not about copying of works, but about playing them.
Actually, it's not even about playing movies. It's about free speach and opening secret protocols. The DeCSS source code CANNOT playback movies. Source code is merely precise instrucitons on how to create an executable - it is not the executable itself. This is a case about your rights to communicate the fact that you figured out somebody else's secret.
In the Bernstein case, source code in general and encryption source code specifically was ruled to be protected speach and it's expressive content was ruled to override any aspects of its ability to control a machine when those aspects might validly be used to regulate it.
think the EFF should stop using the "source code is speech" argument in their defense.The Bernstein decision on which this was based was controversial in the first place, so I don't think this carries much legal weight.
Are you NUTS ?! The REASON FOR EXISTANCE of the EFF is to fight for and win protection for these fundamental RIGHTS when exercised in new technological arenas.
Bernstein was controversial because the court emphatically said that protecting the freedom of speach inherent in source code was so important that NOT EVEN claims of NATIONAL SECURITY interests could set it aside. Protecting DVD's is chickenshit in comparison to this. However, to say that a circuit court decision doesn't carry much weight is simply wrong. In fact, the two circuit judges that concurred affirmed a lower court ruling, and the one dissenting judge took pains to say that he dissented only because the opinion was so sweeping in its rejection of ANY regulation of source code. Bernstein is clearly a landmark case.
The relevance of Bernstein to the DVD cases is absolute. Contrary to what you hear, the source code for DeCSS does not decrypt DVD's. It also does not do DVD playback. In fact it doesn't DO anything.- it communicates HOW TO do these things in a precise language (called C). If you actually want to DO the things described, you must know how to use a compiler to create an executable binary. Even if the binary falls under the law, the source code does not. For example, the chemical synthesis of LSD and fertilizer bombs is readily availbable, unregulatable, protected speach. Instructions on how to make fair use of the DVD's you've already paid for will stand up just fine, as long as encryption source code is speach. Bernstein says PRECISELY THIS. Not to argue this VIGOROUSLY would be negligent.
I'm confused. Why didn't the police get a search warrent for the encrypted file. How is encrypting a file different than putting a lock on your Cedar chest in your house.
The search warrent process has safeguards built in: you have to demonstrate probable cause to a judge to get a warrent. This should include a description of what you hope to find. Trying to go on a "fishing trip" hoping to find something, when you have no idea what is there does not qualify as probable cause. If they can't get a warrent, they have no right to keep the files, but if they do, he should decrypt them.
Also, now that Mitnick is free, why not hand over the key, let the cops decrypt it, have his lawyer seal the evidence, and milk "double jeapordy" for all it's worth. I'm sure that most statues of limitation have surely passed for any possible new crimes that might be demonstrated by the contents.
I believe the interoperability argument you have could be torn apart by the lawyers.
[...] it is still pretty easy to argue that the DVDROM/CDROM device driver can work just fine with other programs without descrambling CSS. You have to go outside your computer to the program that encodes information onto the DVD media to show that CSS is required for interoperability, defined as the exchange of information.
A DVD movie is nothing more than data in a particular file format. _ALL_ programs can be expressed as taking some input data, operating on it, and producing output data.
I listed three programs that taken together, AS A SET, will not interoperate correctly when the input file consists of the data in the DVD movie data file format. At the device driver level, this data is no different than any other data and can be read.
DVD movie data > DVD/CD-ROM device reader ## succeeds - correctly read media
DVD movie data > DVD/CD-ROM device reader | mpeg2play | video driver ## fails - error or jibberish
DVD movie data > DVD/CD-ROM device reader | DeCSS-compiled | mpeg2play | video driver ## succeeds - you see meaningful stuff
DVD movie data > DVD/CD-ROM device reader | DeCSS.c | mpeg2play | video driver ## nonsense - DeCSS.c is not executable
I raise the last point to hammer again the point DeCSS.c (or is it.h ?) does not provide access to the movie - it's "how-to build the decryptor" instructions.
Again, how is this ANY different than Star Office reading MSWord files?
And, a simplistic reading pretty much shows that legally DeCSS is screwed, at least given the arguments that the EFF Lawyers are using. The reverse engineering clauses do not apply directly to decoding DVD because the language does specifically state that reverese engineering is solely allowed for the interoperatbility of computer programs of which the content of a DVD is arguably not.
What are you talking about? The programs which are interoperating include at a minimum: 1) linux DVD/CD-ROM device driver 2) mpeg2player program under linux 3) linux video device driver
The DVD medium contains information in the DVD movie file format that is not displayed properly by the above programs working together without DeCSS. That is, they don't interoperate correctly. This is exactly the same thing as Star Office (among others) using MS Office's word document format.
Luckily as you stated 1201(f), and specifically 1201(f)(4) is an out. There interoperability is defined as the ability of computer programs to exchange information.
Above you say "a simplistic reading pretty much shows that legally DeCSS is screwed" here you argue (correctly) that the DCMA definition of interoperability allows DeCSS. Would you like to clarify or revise your comments above?
The judge seems to believe that the source code actually controls the machine. He missed the point of the Bernstein decision entirely (which specifically ruled that ENCRYPTION source code is protected free speach) and that this OVERRIDES any aspect of its use for controlling a machine regarding prior restraint of free speach.
In fact source code does not control the machine and must be compiled, after which it can be discarded. The binary executable controls the machine. We need to stop granting the point that the DeCSS source can decrypt or playback anything. It is merely written instructions on how to do this!!
First of all, it is NOT A CONTRACT, nor can it be. It is an End User Licence AGREMENT.
A contract requires "consideration" prior to entering and almost always involves legal documentation of the event. EULA's are simply not contracts.
It is very unclear and untested law whether an agreement such as a shrink wrap licence has any significance. For example, you and I could agree to go to lunch. I am free to change my mind and not show up. Too bad for you.
Everyone should also read the transcript from the NY hearing.
1201(a)(2)(B) is what I assume will be the MPA[A]'s reponse to the defense that DeCSS was written to bridge the gap between DVD and Linux -- they'll make an effort to show that the possible illegal uses of DeCSS, regardless of its intended use, mean that Johansen should go to jail.
Indeed, reading the transcript above, the judge makes it clear that 1201(a)(2)(B) is the strongest arguement for the plaintiffs. Moreover, he notes this is not a 1201(b)(1) claim (this section bans distributing technology for copyright infringement as opposed to technology for circumventing access controlin (a)(2) ). In my opinion, cries of "Piracy!" would be (b)(1) claims, whereas "unathorized playback" would fall under (a)(2). The "Piracy!" claims are thus designed to mislead and sensationalize the issue.
...to 'circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.
We must hammer this home: DVD licences "for home viewing only" and "fair use" both show that linux playback is not unathorized access, and thus no circumvention occurs to allow a claim under (a)(2). The playback right you purchase with the DVD, not with the player, and no "tying" can legally occur. Indeed such tying is anti-competitive and anti-consumer and perhaps runs afoul of antitrust laws. Even if access isn't authorized by the copyright holder (which it was, despite attempts to retroactively retract it) it is AUTHORIZED BY THE FIRST AMENDMENT which forms the basis of "fair use" exceptions to copyright.
A better arguement still is that source code alone does not perform access. Perhaps compiling the source code in some case might be illegal, but the source itself does none of the activities bannable under (a)(2). Source code is no different that an instruction on how to do something.
the following section will probably be DeCSS's defense [...] (f) REVERSE ENGINEERING
Surprisingly, the defense did not go to town on this. In fact, they didn't even raise it very forcefully. Worse, the plaintiffs submitted a brief mentioned in the transcript (I don't have a link for this) in which they argue the bizarre idea that 1201(f) was only meant to protect computer programs and since movies aren't computer programs, the exception doesn't apply. Worse still, the JUDGE BOUGHT IT !!!! Uh, duh CSS is a computer program and a DVD contains computer files and so even under this compeletly bogus reading of 1201(f) it's allowed. Indeed reengineering of proprietary file format protocols is EXACTLY what is at hand.
This point was VERY POORLY ARGUED for the defense during the preliminary injunction hearing.
I stronly urge people to read the transcript in it's entirety. The judge came across as extremely biased. He seems to recognize that the code is speach but for some odd reason believes that copyright protections outweigh this EVEN THOUGH HE WON'T DISCUSS "FAIR USE".
I think this is a very important point. I've heard, but never seen the source, that after the initial crack was done, others have examined the CSS scheme and discovered efficiencies that allow the search space to be reduced.
If anybody has information about this, please post it!!
Instead of merely mirroring DeCSS, I think we should also focus on creating new and diverse variations on the theme, especially if they aren't "derivitive" works and counter the arguement of "Well he MUST've clicked on the licence" Some ideas:
1) Screen Savers that allow time-shared brute force key searches 2) Clever programs for key searches. 3) Obfuscated code that outputs DeCSS 4) Essays or somesuch where the number of characters in each sentence is the next hex value for the key...
"No person shall circumvent a technological measure that effectively controls access to a work protected under this title."
If you aren't given licensed access to protected media, you are circumventing the measure. If there are no licensed tools available for Linux, then ipso facto you are violating the above provision if you are viewing CSS protected DVDs on Linux.
The part of the DMCA quoted is from 1201(a)(1). Follow the original link: DMCA, you'll see THE VERY NEXT SENTENCE says this part of the code is only effective two years after its enactment, which occurs in Oct 2000.
Regarless, even thereafter it won't shouldn't ban linux based playback -- You are incorrectly assuming that it is the playback technology that grants copyright access. This is false. Only the copyright holder can grant access to his work - this is the publisher of each individual DVD. DVD copyrights typically grant access "... for home viewing only..." (I got this from my copy of "The English Patient") Thus even if I use a playback tool that is "unlicenced", I am not "CIRCUMVENTING" the access control by the definition of this term in DMCA (1201(a)(3)(A), since I use it within the bounds of my copyright authorization as represented at the time of sale.
Furthermore, even if a COMPILED binary of DeCSS are held in some cases to be technology that can "circumvent access control", the SOURCE CODE does not, since by itself, it is not a technological measure that can DO anything, but rather merely an instruction on how to build one. As such it is protected by freedom of speach and 1201(c)(4)
Read on... 1201(f) grants an exception to the the whole thing for reverse engineering for interoperability purposes, which includes by 1201(f)(3) redistribution.
Finally 1201(g) would grant a legitimate cryptographer the rights to publish research into weakness of the DVD cryptography system.
I think the DCMA as actually written is a good law and probably provides protection against devices such as cable descramblers that would allow you to watch pay-per-view movies that you haven't paid for.
Slashdot Mirror
How about openlaw?
I just took a look at their site. It looks good to me. Their FAQ is a little thin, but their idea seems like what I was talking about. If we can persuade them to take up the DVD cases, I think it would be better to use their existing forum than to create a new one.
I just sent a letter to the EFF asking them if they would support such an activity. Hopefully they will respond affirmatively. I definitely think we need somebody who knows something about the legal process involved.
I would like to propose a way for the open source community to participate more actively in legal matters. This would be a way for members of the community to directly assist the EFF.
We should create an open source forum for the creation of legal briefs and legislation, similar to existing open documentation projects. As a pilot, I recommend writing an amicus brief for the DeCSS case. Two other possible projects would be to draft alternative legislation to UCITA and submit a brief to the 9th Circut for the rehearing of the Bernstein case.
An EFF lawyer and/or other interested lawyers should take leadership roles in this. The basic idea is that people could do research and submit arguements and supporting cases & evidence. The lawyers would compile these and merge them into a final product and also compile "to do" lists, including questions for further research.
As with any open source project, individuals could take the output, modify it, and submit it as their own (with proper credit and a different name, of course).
Is is possible to Open Source the Defense of DeCSS? Most of us are frustrated that we can't do anything directly to help besides mirroring the code. If the EFF can use a few thousand hands I think most of us are willing and able to lend them.
I think this is an outstanding idea. I believe that in any lawsuit (especially with issues that affect the public) 3rd parties can submit briefs to the court. I think they are called "Amicus" Briefs which means friend of the court or something.
Essentially, we could treat the development of such a brief as an open source project - using CVS and everything. I think given the vast sums of money we've given the EFF that they should cough up a lawyer to guide the development. This would mean reviewing submissions and guiding research by keeping an updated "to do" list. Such material would be appropriately licenced, so individuals could pick and choose pieces and file their own modified form of the brief.
I think this paradigm could be valuable in other fights as well, so we should start getting some experience with it. Two other potential projects that could be done this way are a brief to the 9th Circuit in the Bernstein case and the creation of a "Software Consumer Protection Act" bill to counter UCITA. Wouldn't it be cool if we could force such a bill onto a state election ballot and get it passed.
Actually, what the MPAA did in this case was a clever dirty trick. They ignored the original posting of the software and hand picked the people to sue for distributing DeCSS to maximize shock value. This allows them to make the case that DeCSS is "for piracy" even when the original intent had little to do with piracy and everything to do with the legitimate interoperability of DVD with Linux.
I think that "dvd-copy.com" probably doesn't represent the mainstream. Unfortunately, it is pretty clear to me that their website (unlike LiViD, et. al) is clearly advocating the stealing of MPAA copyrighted material.
This raises an interesting legal question. Is it possible that dvd-copy.com has violated the DMCA while other groups (eg 2600.com) that post DeCSS have not? Whose intent controls the granting of the reverse engineering exception: the author's or the poster's? If it is the poster's intent, shouldn't each defendent be sued separately?
I like the idea of creating non-MPAA owned media encrypted with CSS. I see no barrier to doing this. Then we can distribute our own "player" and key management system.
As long as we don't actually use the same key as DVD's use it should be fine with DMCA. Of course, our key management will allow importation of a generic key. In fact, with some healthy generalization (allowing longer key's etc...) this might actually be usefull encryption in some cases.
The DVD keys can then be communicated separately, by others. Since the key alone is not functional, I don't think it could be called access circumvention technology. After all, it's just a number. It contains no computer instructions. If it is ruled a violation, people could distribute pieces of the key.
This just goes to show how stupid the DMCA is regarding prior restraint of speach. It would be very difficult to define exactly what is and isn't permissible under it.
The judges blockheadedness with regard to 1201(f) Reverse Engineering is extremely frustrating. He seems to be ignoring the plain text of the law, especially:
... Section 1201(f) permits reverse engineering of copyrighted computer programs only and does not authorize circumvention of technological systems that control access to other copyrighted works, such as movies.
... [OR] for the purpose of enabling interoperability ..."
1201(f)(2) (2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure, in order to enable the identification
and analysis under paragraph [1201(f)](1), or for the purpose of enabling interoperability of an independently created computer program
with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute infringement under this title.
We're going to need to counter all three of his objections:
1. [No evidence for Linux Interoperability] We need to get testimony from Linus, Eric Raymond, Lots of LiViD members, and Johansen into evidence. Selected portions of the LiViD mailing list should also support this. I think a petition of Linux users expressing the desire to have DeCSS solely to allow playback under Linux would be appropriate evidence as well. No evidence was presented because of the judge's failure to give adequate time to the defense. We should ask for a new judge on the grounds that this shows clear bias.
2. [DeCSS runs under NT]
A) It is ANSI standard C, so of course it compiles and runs on windows. The task that DeCSS alone performs is not operating system specific. The judge has invented some test other than the one in 1201(f)(2). Read the part about "if such means are necessary". This is the proper test.
B) Johansen has stated that the reason it runs under windows is that in Linux, WINE emulation of windows mpeg2 players work. This is a reasonable intermediate step in a development effort and clearly shows a Linux motiviation even though it might appear otherwise at first glance.
C) What we're really after is open source software interoperability, which does not preclude it from running on windows, since one could write GPL code for windows. Linux is the predominate open source software platform, but by design interoperating with Linux would not preclude interoperation with other platforms, including windows.
D) DeCSS is not a complete thought. It is (only) a part of LiViD. To establish intent you must look at the whole production. It is absolutely clear from his regular posts to the LiViD mailing list that Johansen released DeCSS to advance LiViD.
(E) This is a "red herring" argument. Nothing in the statute precludes incidental interoperability with other specific programs.
3. [Reverse Rngineering exception not applicable] I really don't understand what the judge is saying. This seems like absolute nonsense to me. I really would like to just say "what are you talking about you Moron". I'll try a less insulting arguement. The judge wrote:
A) CSS is what was reverse engineered - it IS a computer program and we meet this misreading of the criteria
B) The "computer programs only" part is confied to 1201(f)(1) which grants exceptions to the access prohibitions of 1201(a)(1). This is not the applicable part of 1201(f), and 1201(a)(1) is not effective until October of 2000, so no exception to it is needed.
C) Indeed 1201(f)(2) does grant circumvention to access control for movies and anything else. Read the word "OR" just after the reference to (f)(1), which expands the exception beyond the judge's reading of scope. Taking the applicable parts of the sentence we are left with:
"...a person may develop and employ technological means to circumvent a technological measure, or to circumvent protection afforded by a technological measure,
D) The most pertinent part of "legislative history" is the plain text of the statute. 1201(f)(2) contains no language to support the asserted limits on the exception.
The articles don't really give much of the technical details. I have never used AOL (thank god), so I don't know what the issue is. What exactly does the AOL installer do to inhibit other internet connections.
If it deletes user owned configuration data without specific warnings, I would say that this meets the definition of virus, or more accurately, a trojan. I don't think "default ISP" means "sole ISP".
Anyone know what laws are on the books regulating malicious computer code?
In the article, Linus is quoted about DVD:
"This is a perfect case of companies who want to screw their customers over," Torvalds said today, drawing cheers from the crowd of thousands. The DVD industry "wants to control the market not by being a good technical solution, but by just locking customers into a certain solution."
I wonder if Linus would consider testifying in the case. That would legitimze the "interoperability with Linux" arguement in the eyes of the court.
Torvalds said he hopes "the DVD consortium will lose this lawsuit, and we'll just have DVD on Linux," but if that doesn't happen, he hopes commercial companies will license the appropriate software.
Actually, I hope nobody licences the software. If they do we should boycott it. If we can't watch purchased DVD's on our terms, then to hell with them. I bet as Linux grows for home use that the economic blunder the MPAA is engaging in will start to sink in.
We have one, the EFF. You should join.
Thanks, but I'm already a member. In fact, I link them on my home page. I think the EFF is a good at litigating, and maybe they can become a more powerful political lobby. My question still stands though - how can we (you, me, the EFF, slashdot readers, linux users, free software writers, etc...) be more effective at grabbing the software/technology agenda in politics.
Perhaps the best defence to the UCITA is a good offense. We could draft our own software quality legislation. I think many states have mechanisms whereby voters can directly put propositions on the ballot. I think most people would support a bill entitled "Software Consumer Protection Act" or somesuch.
Parts of the UCITA that try to account for banning of reverse engineering AT THE STATE LEVEL are explicitly given by the DMCA AT THE FEDERAL LEVEL. Thus, UCITA in this regard automatically loses. State legislation cannot override federal laws or deny rights given by federal law.
I hate to burst your bubble, but the reverse engineering exception in 1201(f) of DMCA only provides a defense against claims arising under the DMCA. No "right to reengineer" is "explicitly given" by it.
Besides that, it seems to be the recipient of a lot of lawyerly and judicial double-speak about how it doesn't really apply to anthing.
I'm tired of watching bad laws and precedents get pushed forward that nobody I know wants and most people I know dislike. Somehow we've got to find better ways to get our message into the minds of more people in government.
I think there are a LOT of people who are sympathetic to our ideals for free and open software, but I don't think our views are well represented to people in politics. I'm also somewhat disappointed in the "linux companies" ability to stand up for their customer's values in the political arena. I don't know about others, but I would definately smile on a distro and be more likely to purchase it if I felt that by doing so I would promote some pro-consumer political activism. I consider this part of the "service" I want.
I'd like to hear from people on how we can be more effective at getting our message to the politicians. I think we may need to take a look at the methods of other successful grassroots organizations and see if we can't combine some of their methods with the strenghths of this community. Anybody got any ideas?
Note to lawyers: this message does not hyper-link to any material.t ml
people.a2000.nl/mwielaar/dvd-css/csspaper/css.h
www.lemuria.org/DeCSS/crypto.gq.nu/
www.derfrosch.de/decss/
Get the paper and source for the attacks (can be found from the last paragraph in the paper) while they are still free (libere).
What kind of crappy moderation marks this down !!!
This information is absolutely critical to the merits of the plaintiffs in the DVD trade secret case. It answers my question that was moderated UP.
Boo Hiss to the moderater...
> A few days (perhaps a week or so) after the Xing CSS and key codes were
> cracked, someone released a no-player-key-needed method of finding CSS
> title keys and thus deriving all the player keys without ever knowing one.
Where is this code!! Can somebody provide the link! This code should be enough to get the CA trade secret case dismissed. Moreover, it should be protected under the "encryption research" exception to the DMCA. We need to mirror this code so that it doesn't get lost. After all, they can change the keys, but they can't change the whole encryption scheme as easily.
Did you violate the End User Licence Agreement for the Xing player? Did you even accept it? Can the keys be extracted from the Xing player without accepting the EULA? Can DeCSS be recreated without exploiting the openness of the keys in the Xing player?
How many DVD's have your purchased? What do their copyright notices say? Have you (or anyone you know) "pirated" any DVD's in violation of the copyright notices as you understand them?
This is not about copying of works, but about playing them.
Actually, it's not even about playing movies. It's about free speach and opening secret protocols. The DeCSS source code CANNOT playback movies. Source code is merely precise instrucitons on how to create an executable - it is not the executable itself. This is a case about your rights to communicate the fact that you figured out somebody else's secret.
In the Bernstein case, source code in general and encryption source code specifically was ruled to be protected speach and it's expressive content was ruled to override any aspects of its ability to control a machine when those aspects might validly be used to regulate it.
think the EFF should stop using the "source code is speech" argument in their defense.The Bernstein decision on which this was based was controversial in the first place, so I don't think this carries much legal weight.
Are you NUTS ?! The REASON FOR EXISTANCE of the EFF is to fight for and win protection for these fundamental RIGHTS when exercised in new technological arenas.
Bernstein was controversial because the court emphatically said that protecting the freedom of speach inherent in source code was so important that NOT EVEN claims of NATIONAL SECURITY interests could set it aside. Protecting DVD's is chickenshit in comparison to this. However, to say that a circuit court decision doesn't carry much weight is simply wrong. In fact, the two circuit judges that concurred affirmed a lower court ruling, and the one dissenting judge took pains to say that he dissented only because the opinion was so sweeping in its rejection of ANY regulation of source code. Bernstein is clearly a landmark case.
The relevance of Bernstein to the DVD cases is absolute. Contrary to what you hear, the source code for DeCSS does not decrypt DVD's. It also does not do DVD playback. In fact it doesn't DO anything.- it communicates HOW TO do these things in a precise language (called C). If you actually want to DO the things described, you must know how to use a compiler to create an executable binary. Even if the binary falls under the law, the source code does not. For example, the chemical synthesis of LSD and fertilizer bombs is readily availbable, unregulatable, protected speach. Instructions on how to make fair use of the DVD's you've already paid for will stand up just fine, as long as encryption source code is speach. Bernstein says PRECISELY THIS. Not to argue this VIGOROUSLY would be negligent.
I'm confused. Why didn't the police get a search warrent for the encrypted file. How is encrypting a file different than putting a lock on your Cedar chest in your house.
The search warrent process has safeguards built in: you have to demonstrate probable cause to a judge to get a warrent. This should include a description of what you hope to find. Trying to go on a "fishing trip" hoping to find something, when you have no idea what is there does not qualify as probable cause. If they can't get a warrent, they have no right to keep the files, but if they do, he should decrypt them.
Also, now that Mitnick is free, why not hand over the key, let the cops decrypt it, have his lawyer seal the evidence, and milk "double jeapordy" for all it's worth. I'm sure that most statues of limitation have surely passed for any possible new crimes that might be demonstrated by the contents.
[...]
.h ?) does not provide access to the movie - it's "how-to build the decryptor" instructions.
it is still pretty easy to argue that the DVDROM/CDROM device driver can work just fine with other programs without descrambling CSS. You have to go outside your computer to the program that encodes information onto the DVD media to show that CSS is required for interoperability, defined as the exchange of information.
A DVD movie is nothing more than data in a particular file format. _ALL_ programs can be expressed as taking some input data, operating on it, and producing output data.
I listed three programs that taken together, AS A SET, will not interoperate correctly when the input file consists of the data in the DVD movie data file format. At the device driver level, this data is no different than any other data and can be read.
DVD movie data > DVD/CD-ROM device reader ## succeeds - correctly read media
DVD movie data > DVD/CD-ROM device reader | mpeg2play | video driver ## fails - error or jibberish
DVD movie data > DVD/CD-ROM device reader | DeCSS-compiled | mpeg2play | video driver ## succeeds - you see meaningful stuff
DVD movie data > DVD/CD-ROM device reader | DeCSS.c | mpeg2play | video driver ## nonsense - DeCSS.c is not executable
I raise the last point to hammer again the point DeCSS.c (or is it
Again, how is this ANY different than Star Office reading MSWord files?
And, a simplistic reading pretty much shows that legally DeCSS is screwed, at least given the arguments that the EFF Lawyers are using. The reverse engineering clauses do not apply directly to decoding DVD because the language does specifically state that reverese engineering is solely allowed for the interoperatbility of computer programs of which the content of a DVD is arguably not.
What are you talking about? The programs which are interoperating include at a minimum:
1) linux DVD/CD-ROM device driver
2) mpeg2player program under linux
3) linux video device driver
The DVD medium contains information in the DVD movie file format that is not displayed properly by the above programs working together without DeCSS. That is, they don't interoperate correctly. This is exactly the same thing as Star Office (among others) using MS Office's word document format.
Luckily as you stated 1201(f), and specifically 1201(f)(4) is an out. There interoperability is defined as the ability of computer programs to exchange information.
Above you say "a simplistic reading pretty much shows that legally DeCSS is screwed" here you argue (correctly) that the DCMA definition of interoperability allows DeCSS. Would you like to clarify or revise your comments above?
The judge seems to believe that the source code actually controls the machine. He missed the point of the Bernstein decision entirely (which specifically ruled that ENCRYPTION source code is protected free speach) and that this OVERRIDES any aspect of its use for controlling a machine regarding prior restraint of free speach.
In fact source code does not control the machine and must be compiled, after which it can be discarded. The binary executable controls the machine. We need to stop granting the point that the DeCSS source can decrypt or playback anything. It is merely written instructions on how to do this!!
First of all, it is NOT A CONTRACT, nor can it be. It is an End User Licence AGREMENT.
A contract requires "consideration" prior to entering and almost always involves legal documentation of the event. EULA's are simply not contracts.
It is very unclear and untested law whether an agreement such as a shrink wrap licence has any significance. For example, you and I could agree to go to lunch. I am free to change my mind and not show up. Too bad for you.
Everyone should also read the transcript from the NY hearing.
...to 'circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.
1201(a)(2)(B) is what I assume will be the MPA[A]'s reponse to the defense that DeCSS was written to bridge the gap between DVD and Linux -- they'll make an effort to show that the possible illegal uses of DeCSS, regardless of its intended use, mean that Johansen should go to jail.
Indeed, reading the transcript above, the judge makes it clear that 1201(a)(2)(B) is the strongest arguement for the plaintiffs. Moreover, he notes this is not a 1201(b)(1) claim (this section bans distributing technology for copyright infringement as opposed to technology for circumventing access controlin (a)(2) ). In my opinion, cries of "Piracy!" would be (b)(1) claims, whereas "unathorized playback" would fall under (a)(2). The "Piracy!" claims are thus designed to mislead and sensationalize the issue.
We must hammer this home: DVD licences "for home viewing only" and "fair use" both show that linux playback is not unathorized access, and thus no circumvention occurs to allow a claim under (a)(2). The playback right you purchase with the DVD, not with the player, and no "tying" can legally occur. Indeed such tying is anti-competitive and anti-consumer and perhaps runs afoul of antitrust laws. Even if access isn't authorized by the copyright holder (which it was, despite attempts to retroactively retract it) it is AUTHORIZED BY THE FIRST AMENDMENT which forms the basis of "fair use" exceptions to copyright.
A better arguement still is that source code alone does not perform access. Perhaps compiling the source code in some case might be illegal, but the source itself does none of the activities bannable under (a)(2). Source code is no different that an instruction on how to do something.
the following section will probably be DeCSS's defense [...] (f) REVERSE ENGINEERING
Surprisingly, the defense did not go to town on this. In fact, they didn't even raise it very forcefully. Worse, the plaintiffs submitted a brief mentioned in the transcript (I don't have a link for this) in which they argue the bizarre idea that 1201(f) was only meant to protect computer programs and since movies aren't computer programs, the exception doesn't apply. Worse still, the JUDGE BOUGHT IT !!!! Uh, duh CSS is a computer program and a DVD contains computer files and so even under this compeletly bogus reading of 1201(f) it's allowed. Indeed reengineering of proprietary file format protocols is EXACTLY what is at hand.
This point was VERY POORLY ARGUED for the defense during the preliminary injunction hearing.
I stronly urge people to read the transcript in it's entirety. The judge came across as extremely biased. He seems to recognize that the code is speach but for some odd reason believes that copyright protections outweigh this EVEN THOUGH HE WON'T DISCUSS "FAIR USE".
I think this is a very important point. I've heard, but never seen the source, that after the initial crack was done, others have examined the CSS scheme and discovered efficiencies that allow the search space to be reduced.
If anybody has information about this, please post it!!
Instead of merely mirroring DeCSS, I think we should also focus on creating new and diverse variations on the theme, especially if they aren't "derivitive" works and counter the arguement of "Well he MUST've clicked on the licence" Some ideas:
1) Screen Savers that allow time-shared brute force key searches
2) Clever programs for key searches.
3) Obfuscated code that outputs DeCSS
4) Essays or somesuch where the number of characters in each sentence is the next hex value for the key...
"No person shall circumvent a technological measure that effectively controls access to a work protected under this title."
... 1201(f) grants an exception to the the whole thing for reverse engineering for interoperability purposes, which includes by 1201(f)(3) redistribution.
If you aren't given licensed access to protected media, you are circumventing the measure. If there are no licensed tools available for Linux, then ipso facto you are violating the above provision if you are viewing CSS protected DVDs on Linux.
The part of the DMCA quoted is from 1201(a)(1). Follow the original link: DMCA, you'll see THE VERY NEXT SENTENCE says this part of the code is only effective two years after its enactment, which occurs in Oct 2000.
Regarless, even thereafter it won't shouldn't ban linux based playback -- You are incorrectly assuming that it is the playback technology that grants copyright access. This is false. Only the copyright holder can grant access to his work - this is the publisher of each individual DVD. DVD copyrights typically grant access "... for home viewing only..." (I got this from my copy of "The English Patient") Thus even if I use a playback tool that is "unlicenced", I am not "CIRCUMVENTING" the access control by the definition of this term in DMCA (1201(a)(3)(A), since I use it within the bounds of my copyright authorization as represented at the time of sale.
Furthermore, even if a COMPILED binary of DeCSS are held in some cases to be technology that can "circumvent access control", the SOURCE CODE does not, since by itself, it is not a technological measure that can DO anything, but rather merely an instruction on how to build one. As such it is protected by freedom of speach and 1201(c)(4)
Read on
Finally 1201(g) would grant a legitimate cryptographer the rights to publish research into weakness of the DVD cryptography system.
I think the DCMA as actually written is a good law and probably provides protection against devices such as cable descramblers that would allow you to watch pay-per-view movies that you haven't paid for.