The people who control AACS, the copy protection technology used on HD-DVD and Blu-ray discs, are apparently trying to shut down websites that publish a certain 128-bit integer. The number is apparently a "processing key" used in AACS. Together with a suitable computer program, the key allows the decryption of video content on most existing HD-DVD and Blu-ray discs.
I won't publish the key here but you can spot it all over the Web. It's a long string starting with "09 F9".
The key has been published on a few websites for months, but in recent days the AACS "Licensing Authority" (AACS LA) has taken to sending out demand letters to websites that publish the key, claiming that the key is a circumvention technology under the DMCA. News of these demand letters, and the subsequent disappearance of content and whole sites from the Net, has triggered an entirely predictable backlash, with thousands of people reposting the key to their own sites.
The key will inevitably remain available, and AACSLA are just making themselves look silly by trying to suppress it. We've seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.
It's hard to see the logic in AACS LA's strategy here. Their end goal is (or should be) to stop unauthorized online distribution of high-def video files ripped from HD-DVD or Blu-ray discs. The files in question are enormous and cumbersome to store and distribute, containing more than a gigabyte of content. If you can't stop distribution of these huge files, surely there's no hope of stopping distribution of a little sixteen-byte key, or even of decryption software containing the key. Whatever tactics can stop distribution of the key should be even more effective against distribution of movies.
My guess is that AACS LA miscalculated, thinking that a few demand letters would succeed in suppressing the key. As the key spread, it seemed natural to continue sending letters – to do otherwise would be an admission of defeat. Now the key is spread so widely that there's no point in sending any more letters.
The next question is whether AACS LA will try to sue somebody who defied a demand letter. There's no real strategic point to such a suit, but even big organizations act out of spite sometimes.
Front page posts
[...] (read more at freedom to tinker.). [...]
The constant is already on a T-shirt:
http://www.ghacks.net/2007/04/30/09-f9-11-02-t-shirt
According to: http://reddit.com/info/1m4mo/comments
the constant is already registered as a .com domain name. I imagine it would be hard to cease and desist all the DNS servers in the world?
Yes, it is registered.
Also, aacsla appear to want to block anyone from finding a certain website, and any other sites linking to it. A strategy like that is doomed to failure.
My money says that those involved at aacsla have seen matters discussed on that site which suggest that poking holes in the upgraded software players will occur sooner rather than later, and that the x-box hack will be of great assistance.
In my opinion, the only way to prevent people distributing copied material through the Internet is to close down the Internet worldwide. The studios might be big, but they're not that big.
Tee shirt anyone?
http://www.cafepress.com/rsrw.128882590
[...] Freedom To Tinker [...]
I wonder if the content organizations could essentially poison the well by releasing large numbers fake keys, paying websites to change the key to a non working one, etc. Essentially, make it likely that any key you find on a random website won't actually work.
Can I copyright the speed of light in meters per second and demand physics web sites take down the information?
Will they take down Google (as searching on the few hex digits above returns over a million hits)?
Or if they show too detailed pictures of the tee shirts?
I'm missing something here. Under what legal theory is a number protected? It's hard enough getting identity information (e.g. address, phone) removed, and it probably ought not be protectable.
Do MIDI music within an octave based on octal if they dislike hex?
I don't think anyone is suggesting that the key value itself is copyrightable. I think that sort of argument was thrown out in the garage door opener case.
As regards the argument that the key value is itself a circumvention technology - I suspect that there is a load of mileage for the lawyers there. What we are getting down to is the unauthorised disclosure of information, and the use of the correct technology, but in an unauthorised way. To my mind, "circumvention technology" connotes something other than the "genuine" technology itself - not the use of the "genuine" technology but in an unauthorised way.
I imagine they are concerned about the way in which a huge aacs hacking community is developing, but I doubt if they can do much about it by trying to censor links to sites they disapprove of. As is said above, there are now huge numbers of sites and links, and probably too many for what I would call a brute force defence.
Worse, someone published one of the takedown notices, which contains the key. Sort of reminds me of when DeCSS was part of the public court record for a few days (they didn't ask for the transcript to be sealed until someone asked about it at the beginning of the hearing).
More domains has been registred, .org, .net, .info.
Maybe it's aacsla who have registred them, but they have to register a lot in that case...
I suppose that the next thing will be a Wikipedia entry just for that key.
There is an article which suggests possible aacsla motives here:
http://blogs.zdnet.com/hardware/?p=382
[...] Posted by cmdln on May 1st, 2007 Professor Felten has a reasonable write up. Cory’s class blog was one of those sites receiving a demand letter. I thought AACS was so technically superior that the licensing authority could cope by issuing key revocations? Perhaps I have misunderstood the material I’ve read on the subject and the 128-bit integer in question is not one of the many keys in the system that can be revoked. Or if it is, maybe it just isn’t practical to do so. I rather suspect that latter. [...]
[...] Related links http://rudd-o.com/archives/2007/04/30/spread-this-number/ http://www.freedom-to-tinker.com/?p=1152 http://www.boingboing.net/2007/04/30/aacs_drm_body_censor.html Google Search Tech « Weng Weng [...]
Hope you don't mind. 100111111001000100010000001010011101011101001110001101011011110110000100000101010110110001011100011010101101000100011000000
[...] Freedom to Tinker » Blog Archive » AACS Plays Whack-a-Mole with Extracted Key (tags: 09_F9_11_02_9D_74_E3_5B_D8_41_56_C5_63_56_88_C0 AACS BluRay HDDVD DRM 09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0) [...]
I prefer to think of it as a 125 digit integer beginning 65667993785.
This Post Sponsored By the Number Eleventy-Billion...
A number you don’t recognize? Perhaps some background is in order…
......
By all accounts, that key is spreading all over the Internet like wildfire.
If they send C&D letters to every site that that key is posted on, there is going to be a shortage of ink, paper and envelopes, and the USPO will have to hire extra help.
One of my students had it on his t-shirt today in class. We spend some class time talking about Joel Furr's perl-RSA shirt, and the gallery of DeCSS implementations at CMU.
"Total user revolt at Digg over HDDVD key 'censorship'. Every single front page post at Digg is currently a post about the HD DVD processing key, which the MPAA seems to have forced Digg to censor." - metafilter
[...] story is pulled, user is banned, then story goes up about banning user (people speculate it’s because HD DVD was an advertiser) update: Ed Felten has a good post about general efforts to take all references to the key off the web [...]
[...] Ed Felten has already blogged about the event: My guess is that AACS LA miscalculated, thinking that a few demand letters would succeed in suppressing the key. As the key spread, it seemed natural to continue sending letters — to do otherwise would be an admission of defeat. Now the key is spread so widely that there’s no point in sending any more letters. [...]
I've gotten some C&D letters myself, from (for example) the ESRB because we have a "hentai" parody of their logo (http://www.jlist.com/PRODUCT/shirt-warning1), which we declined to follow. I've learned from this that these lawyers bill at $175 per hour and up, and apparently prefer to receive this payment for sending a C&D letter than say to their clients, "It's useless. You shouldn't bother" and get nothing.
[...] This is insane, all of the stories on Digg home page are currently related to a HD DVD encryption processing key that has been cracked. Under pressure from the MPAA, Digg admins removed the original articles and now the Digg users have started rebelling and in protest are burying normal stories, while digging up the HD DVD stories. [...]
> I suppose that the next thing will be a Wikipedia entry just for that key.
It's been tried. See:
http://en.wikipedia.org/wiki/Wikipedia:Protected_titles/May_2007
[...] A note to the HD DVD folks: You can’t just pick up Mercury with your fingers. It breaks into dozens of little pieces. Sort of like this: [...]
[...] I understand why Digg removed those stories which contain that key. Maybe AACSLA emailed them to remove them just like what the Freedom To Tinker tells us here. The key has been published on a few websites for months, but in recent days the AACS “Licensing Authority†(AACS LA) has taken to sending out demand letters to websites that publish the key, claiming that the key is a circumvention technology under the DMCA. News of these demand letters, and the subsequent disappearance of content and whole sites from the Net, has triggered an entirely predictable backlash, with thousands of people reposting the key to their own sites. [...]
Information can't not exist after it exists. The first homo sapiens to proffer the idea of heliocentricity lost their lives, but the information didn't die.
In this case, the speed and breadth of the net should server to demonstrate that any attempt at censorship is not only as useless as it has always been, but now will produce the opposite effect from that desired by those seeking to censor.
At least no lives were lost in the process this time.
[...] HD-DVD Ftw!! Meer info hier. Voor technische achtergrond: hier. [...]
I think that the talents AACSLA and their lawyers are wasted. They wiould be far better to abandon copy protection and the law, and to diversify into advertising and marketing.
[...] If you follow tech related sites, by now you’ve heard the story that the folks who control AACS, the copy protection used in next generation DVDs, have decided to send DMCA takedown notices to various sites that have posted the 128-bit integer that is needed, along with some software, to decrypt the video content on these new DVDs. This is odd for a few reasons. The key came out many months ago and has been available on the web for quite some time. There are, of course, the basic questions concerning whether or not this key alone really does violate the anti-circumvention clause of the DMCA — but that’s a separate issue. What’s more intriguing here is trying to understand the thought process behind the decision to send out these takedown notices. As anyone who’s been online for more than about two days knows, the more you try to suppress something online, the more attention you’re going to call to it. Years back, we joking referred to this as the Streisand Effect — after an incident where Barbara Streisand tried to remove some photos from the web, making them a lot more popular. The name has stuck, and it still amazes us that anyone doesn’t recognize what will happen when they try to make such a move. While the group has forced some sites to pull pages here and there, every page they pull is just increasing the anger from a growing group of folks who are making sure the number shows up in many, many more places — including directly in a URL. Digg, which was one of the sites accused of taking down pages about this, has been under a massive effort from folks to make sure that every story on the front page somehow points to the key in question (and it’s interesting to see the anger of users turned against Digg for taking down some of these stories, even though they’re pretty much required to thanks to the DMCA). As happened with DeCSS, it’s only a matter of time until someone writes a song incorporating the key as well. Effectively, all that’s been done here is to draw much, much more attention to the fact that the encryption on next generation DVDs is incredibly weak — so that a lot more people now know about it. Most of us honestly couldn’t have cared any less about the integer or the inner workings (or non-workings) of the encryption system — and yet now we know a lot more. That can’t be the intended consequence of these notices, but that’s what’s happened. Nice work, Hollywood. [...]
Been there, done that, got the tee shirt. Now listen to the song:
http://www.youtube.com/watch?v=L9HaNbsIfp0
The thing is, with the Xbox 360 HD DVD hack, all processing keys can be found. It does not matter if they revoke the current ones.
Revocation is now irrelevant.
I think that the xbox hack relates to volume keys, and that is not the be-all and end-all of copying a disk.
However, if:
(a) the upgraded players handle pre-revocation disks differently from post revocation discs, and
(b) already knowing the volume key for a title is an advantage when hacking into a player,
then the xbox hack could be a very crucial step forward in handling the "upgraded" players.
The number of sites hosting that key now runs in to tens of thousands. I think that Proskauer Rose need to order plenty of franking machine ink.
[...] Freedom to Tinker … is your freedom to understand, discuss, repair, and modify the technological devices you own. « AACS Plays Whack-a-Mole with Extracted Key [...]
They just don't get it. They treat people like criminals, they will say "so be it" and start acting the part.
The key's on Wikipedia alright: scroll down Talk:Advanced_Access_Content_System a short way and you'll find it.
Trying to suppress the key is doubly-stupid, both because of the Barbra Streisand effect and because posting the key doesn't infringe copyright or even the DMCA anti-circumvention clause.
Because if this key is a circumvention device, then my front door key is a lock pick and qualifies as a prohibited burglary tool, and I can be arrested just for carrying it around in my pocket.
Any legal theory under which the key can be suppressed is going to fail spectacularly -- either it makes my pocket's contents illegal, or it permits very short works to effectively be copyrighted (I hereby copyright "the" -- everyone who uses it please pay up now or I'll suppress your derivative works), or something similar.
The key could be trademarked, but using it to refer to AACS would not infringe any more than using "Coca-Cola" to refer to Coca-Cola does.
The key might once have qualified as a trade secret, but it is clearly widespread enough knowledge now not to qualify as such any more.
But IANAL, so take this with a grain of salt.
[...] “The people who control AACS, the copy protection technology used on HD-DVD and Blu-ray discs, are apparently trying to shut down websites that publish a certain 128-bit integer,” Ed Felten wrote on Freedom to Tinker , in a May 1 posting to his blog. Felten is a professor of computer science and public policy at Princeton University. [...]
[...] The next question is whether AACS LA will try to sue somebody who defied a demand letter. There’s no real strategic point to such a suit, but even big organizations act out of spite sometimes. Source: AACS Plays Whack-a-Mole with Extracted Key [...]
[...] A host of other blog posts on the Digg implosion have been appearing all over the net today: Mashable: Digg Out of Control SlashDot: Digg.com Attempts To Suppress HD-DVD Revolt Mashable: Scenes from the Digg Implosion BoingBoing: Digg users revolt over AACS key ParisLemon: 32 digits driving Digg users crazy InfortmationWeek: HD DVD/Blu-ray Decryption Key Widely Posted Online TechCrunch: Digg surrenders to the mobb Rudd-O.com: Spread this number Freedom-to-Tinker: AACS plays whack-a-mole with Extracted Key CJ Millisock: How I got banned from Digg Pronet Advertising: Mob takes over Digg, User Revolt Gizmodo: Digg Riot in Full Effect Over Pulled HD-DVD Key Story [...]
[...] A host of other blog posts on the Digg implosion have been appearing all over the net today: Mashable: Digg Out of Control SlashDot: Digg.com Attempts To Suppress HD-DVD Revolt Mashable: Scenes from the Digg Implosion BoingBoing: Digg users revolt over AACS key ParisLemon: 32 digits driving Digg users crazy InfortmationWeek: HD DVD/Blu-ray Decryption Key Widely Posted Online TechCrunch: Digg surrenders to the mobb Rudd-O.com: Spread this number Freedom-to-Tinker: AACS plays whack-a-mole with Extracted Key CJ Millisock: How I got banned from Digg Pronet Advertising: Mob takes over Digg, User Revolt Gizmodo: Digg Riot in Full Effect Over Pulled HD-DVD Key Story [...]
Does anyone know why the aacsla are suddenly concerned about this key being on web sites?
Until now, their attiitude appears to have been that, as regards disks with drm derived from that processing key, the genie was out of the bottle, and that with the passage of time, and more new disks coming out, the problem of copiable disks and un-upgraded players would diminish as a percentage of the total number of disks and titles around, and be confined to those early releases.
Yet all of a sudden, they have become paranoid about that key being on the net - even though it has been publicly available for months.
Which makes one wonder if there is some technical or other reason why continued availability of that information is a problem to them which goes beyond the fact that already sold disks are compromised.
[...] Naturligtvis blev sÃ¥dana Ã¥tgärder bara en bränsle pÃ¥ numrets pÃ¥gÃ¥ende multiplicering, som nu gett det en sÃ¥ solid redundans att det räcker att säga “It’s a long string starting with ‘09 F9′” för att budskapet ska gÃ¥ fram. Ännu roligare blev det när kontrollförsöken hunnit sippra ett antal led ner genom nätverksnivÃ¥erna. Vad som hände efter att Digg.com uppmanades radera alla referenser till siffran har väckt ofantlig uppmärksamhet. Först försökte Digg desperat plocka bort alla referenser, men koden fortsatte att dyka upp överallt pÃ¥ sajten, varpÃ¥ Digg ändrade sig och “>själva valde att publicera koden. Till sina användare förklarade man: now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be. [...]
09F911029D74E35BD84156C5635688C0...
Hier, le 1er mai 2007, le blog Freedom to Tinker nous apprenait que l'AACSLA (Advanced Access Content System Licensing Administrator) envoyait depuis quelques jours une lettre type à tous les webmasters ayant publié sur leur site Internet la fameuse...
[...] Also, be sure to read Danny Sullivan’s excellent overview of the whole fracas, along with his thoughts about whether the DMCA even applies in the case of Digg (or Google, which has also been asked to stop indexing sites with the key). And Ed Felten of Freedom to Tinker says the AACS is being silly — but that doesn’t mean it’s going to stop. [...]
[...] If you follow tech related sites, by now you’ve heard the story that the folks who control AACS, the copy protection used in next generation DVDs, have decided to send DMCA takedown notices to various sites that have posted the 128-bit integer that is needed, along with some software, to decrypt the video content on these new DVDs. This is odd for a few reasons. The key came out many months ago and has been available on the web for quite some time. There are, of course, the basic questions concerning whether or not this key alone really does violate the anti-circumvention clause of the DMCA — but that’s a separate issue. What’s more intriguing here is trying to understand the thought process behind the decision to send out these takedown notices. As anyone who’s been online for more than about two days knows, the more you try to suppress something online, the more attention you’re going to call to it. Years back, we jokingly referred to this as the Streisand Effect — after an incident where Barbara Streisand tried to remove some photos from the web, making them a lot more popular. The name has stuck, and it still amazes us that anyone doesn’t recognize what will happen when they try to make such a move. While the group has forced some sites to pull pages here and there, every page they pull is just increasing the anger from a growing group of folks who are making sure the number shows up in many, many more places — including directly in a URL. Digg, which was one of the sites accused of taking down pages about this, has been under a massive effort from folks to make sure that every story on the front page somehow points to the key in question (and it’s interesting to see the anger of users turned against Digg for taking down some of these stories, even though they’re pretty much required to thanks to the DMCA). As happened with DeCSS, it’s only a matter of time until someone writes a song incorporating the key as well. Effectively, all that’s been done here is to draw much, much more attention to the fact that the encryption on next generation DVDs is incredibly weak — so that a lot more people now know about it. Most of us honestly couldn’t have cared any less about the integer or the inner workings (or non-workings) of the encryption system — and yet now we know a lot more. That can’t be the intended consequence of these notices, but that’s what’s happened. Nice work, Hollywood. [...]
"I’m missing something here. Under what legal theory is a number protected? "
“I’m missing something here. Under what legal theory is a number protected? “
What is a song on CD or mp3 but a large number? What is software but a large number? What is this text that i'm writing? They're all numbers. In general, the larger the number, the stronger legal copyright protection it can get.
(apologies for the last dupe post)