November 29, 2020

DVD Jon Strikes Again

Jon Johansen, known widely as “DVD Jon” for his work on DVD decryption utilities, has released a tool that lets anyone stream music to the Apple Airport Express.

The Airport Express is a slick little gizmo that plugs into any electrical outlet, and can receive content wirelessly and output it on standard connectors to a printer, stereo speakers, audio components, or network. But Apple designed the Airport Express so that it would only accept audio content that was encrypted with a certain encryption key.

It appears that DVD Jon reverse engineered Apple’s encryption mechanism to learn the encryption key. Now he has published the key, along with software code for a tool that streams music to the Apple device.

It will be interesting to see the reaction to this. As far as I can see, copyright isn’t an issue here, since the new software tool only allows people to play music they already have, and the law does not grant copyright owners the exclusive right to control private playing of music.

Perhaps Apple would have preferred that this had not occurred. But I don’t see any compelling reason to give that preference the force of law, or to give it moral standing over the conflicting preferences of others. Apple would have preferred not to face competition in the sending-music-to-Airport-Express-devices business. But now they will face competition, which may be bad news for Apple but will be good news for everybody else.

[Entry corrected, 3:45 PM. The original version used misleading terminology to describe the encryption key. This is now fixed. Thanks to Adam Shostack for pointing out my error.]

Comments

  1. John Crawford says:

    I seem to be missing some information here. As far as I can tell from reading Apple’s site, you can import CDs and MP3s into ITunes, converting it to AAC. And since ITunes is a free download, I don’t see anything stopping a person from playing *all* of their music to the Airport. What problem is this utility solving?

    John Crawford

  2. The utility lets you play music on the Airport Express without using Apple’s software, which may a) impose onerous license restrictions, b) be unusable on your hardware (linux or older versions of windows or mac os), and c) later become unavailable.

    Further, by publishing the source code, hardware manufacturers can make their embedded devices interoperate with the Airport Express, so that my stereo (for example) can stream music directly to it. That I certainly couldn’t do with Apple’s software.

  3. And on the flipside, I’d been toying with the idea of making my old Rio Receiver able to receive a stream from iTunes. Basically, this is a large step towards taking the closed protocol Apple created and making it into an open, interoperable protocol.

    As for how Apple could quash this, I assume that they could use the same (utterly bogus but apparently legally useful) argument as in Lexmark’s suit against a toner-refill company: by playing a stream to your APEx, you’re “gaining access to” the firmware which decodes the stream, and “bypassing a technological protection measure” in order to do so.

  4. With his playfair hack I think Jon went too far. Apple’s “Fair Play” DRM system lets you burn your AAC downloads to a CDR which can then be reimported into another format. Apple already gave legitimate customers the ability to make real backups of their legally acquired downloads, but that wasn’t enough for Jon.

    If Apple fails because of hacks like that, then we can only expect things like the Hollings bill to be passed with little opposition. This hack may be no big deal, but Jon needs to learn that his actions can ultimately destroy the very cause he seeks to protect.

    Part of me wonders if he isn’t now employed by the RIAA or MPAA specifically to discredit Apple. The RIAA is nervous about the iTunes Music Store because it gives artists a lot of freedom to not need the RIAA and it cuts into profits because you can buy only the songs you want. The cynic in me says that one of these groups hired him to break Apple’s DRM while they go through the legal balancing act of looking like they want Apple to succeed.

  5. Mike: how does Jon’s latest feat discredit the iTunes Music Store? It’s completely irrelevant: Jon’s code just lets you play music on the Airport Express.

    Secondly: why would the MPAA care about iTunes? Less fund its demise? Much less fund *JON*, who broke DVD/CSS for them?

    Lastly: how is this “too far” when DVD/CSS wasn’t? I don’t see any large hue and cry about how DVDs aren’t protected anymore, and I don’t see region codes being dropped from Hollywood movies because they are ineffectual.

  6. Hatch’s Hit List #27 – DVD Jon’s AirPort Express Hack

    What is Hatch’s Hit List? Sen. Orrin Hatch (R-UT) has introduced the Inducing Infringement of Copyrights Act (IICA, née INDUCE Act) in the Senate. The bill would make it illegal to “intentionally induce” copyright infringement, but is worded so broadly…

  7. Mike:

    Your appeasement ideas and conspiracy theories are intriguing, and I wish to subscribe to your newsletter.

  8. C. Scott Ananian,

    I said “this hack may be no big deal,” referring to THIS hack. The PlayFair hack came before this one. It breaks the DRM on iTunes itself. Such an unnecessary hack too, all you have to do to get around iTunes’ DRM is to burn a CD with your downloads on it and reimport the tracks as MP3s.

    Nat,

    It’s not appeasement, it’s recognizing that Jon is calling an air raid on our rights by attacking the biggest legitimate online music store. The ITMS as it is right now is the most liberal store. Do you want them to fail and have their much more draconian competition dominate?

    This is a matter of being pragmatic. DRM is a bad idea, but Apple’s DRM is very generous to Apple’s customers. Unless you want to associate that liberalism with failure in the marketplace, which is very bad for your being able to argue against more laws like the DMCA, CBDTPA and INDUCE, then I suggest you reevaluate your support of Jon.

    I supported him during the DeCSS fight, but I cannot support him if he keeps this up. This hack is no big deal, but his other iTunes hack, and possibly future ones, skirts around ethics and practicality. If he really cares so much about digital rights, then why didn’t he target Real and Napster, two services which are much more anti-customer than Apple?

    At the rate he’s going, he’ll only vindicate the organizations that want to turn your computer into a VCR with an office suite.

  9. Mike:

    ## “It’s not appeasement, it’s recognizing that Jon is calling an air raid on our rights by attacking the biggest legitimate online music store.”

    It’s Apple and others who use DRM who are calling air raids on our rights.

    ## “The ITMS as it is right now is the most liberal store.”

    Actually, eMusic, Magnatune, Bleep and others which don’t use DRM are the most liberal.

    ## “Do you want them to fail and have their much more draconian competition dominate?”

    I want DRM to fail. I’m not into appeasement so I couldn’t care less that Apple’s DRM rules are “better”.

    Apple has already changed the DRM rules once at the request of the RIAA. Do you know which changes the RIAA will demand next time?

    The iTMS failing scenario is highly unlikely. Did the DVD format fail because of DeCSS?

    ## “This hack is no big deal, but his other iTunes hack, and possibly future ones, skirts around ethics and practicality.”

    and DeCSS didn’t?

  10. Mike: Thank you for clarifying your unclear earlier comments. I look forward to your responses to the other two questions in my post.

  11. Those of you who think that Apple is fair game ought to take a second look at the whole Apple culture. Mac is the closest thing to complete user control and security that you are going to see, and for a looong time.

    The alternative is poised to scarf up the whole pie, you know that – even as their code, crap to begin with, cumbles under the weight of (it is to laugh) “patches.”

    Use your head.

  12. “Mac is the closest thing to complete user control and security that you are going to see, and for a looong time.”

    Have you heard about Linux, FreeBSD, etc? (I’m assuming that you meant to write MacOS X instead of Mac).

    Why wouldn’t Apple be fair game? The good they do doesn’t excuse the bad they do.

  13. Mike:

    You seem to miss the relationship between this hack and the DeCSS hack that you said you backed up. There was already software available for Windows PCs allowing the playback of DVDs. What DeCSS did is allow the decryption and therefore playback to be done on any platform with any OS. Currently iTunes only runs on Windows and OS X and so if you do not use any of these two OSs then the AirPort Express is worthless to you. If anything, this may decrease their control over what is going through the airwaves, but it should definately increase their unit sales.

  14. The ITMS as it is right now is the most liberal store.

    Mike:

    i wouldn’t call ITMS “by far the most liberal music store”. Hava a look at Magnatune.com, for example,
    where all music can be listened to fully before you buy and then it is sold under a Creative Commons licence (uncompressed) at a price partially set by the buyer, 50% of which go to the artist. I don’t think Apple is that liberal.

    regards
    Geza

  15. Let’s clarify:

    1. Apple is the most liberal store working with the major labels.

    2. The Airport Express hack doesn’t affect the Fairplay DRM on the songs itself. Apple used a separate scheme to encrypt music sent from iTunes to AX; with two consequences – 1. only iTunes could send music and 2. the music being sent could not be read by just anyone with a wifi receiver. Jon’s hack allows another application to send music to the AX, i.e., AX responds properly. Whether the underlying music is DRMed or not is not at issue.

    3. The Apple DRM changes tightened an area where it’s hard to understand why people would need to do it, namely, making more than ten (reduced to 7) CD copies of the EXACT SAME playlist; but relaxed an area that truly affects people (going from 3 to 5 computers). To combat piracy (I hope you think it’s right to combat piracy in the strict sense of the word; if not, there’s no discussion here), it certainly seems fair to limit “automated” copies of the exact same playlist.

    The new restriction only affected songs going forward, not retroactive, so you know if you buy any new songs what the rules are and can choose not to buy. And yet the relaxation was retroactive. That certainly seems fair.

    Regarding the principle of making any DRM changes, I think we should be vigilant about opposing new going-forward restrictions that don’t fight piracy, but I certainly would allow them to make going-forward changes to fight piracy. Not only do labels and artists pay the price for piracy, the law-abiding citizen does too via higher prices, restrictions, etc. Note that I say this despite having no love for the greedy, dumb labels.

    SIMPLE TRUTH: If nobody pirated content, then there would be no DRM. By pirate, I mean copying not for personal/home use, but for fast and wide distribution to anyone in the world. FACT: There was no DRM until people started mass-producing pirated videotapes – which led to protection on DVDs.

    4. I agree with Mike about the Fairplay hack, not this one. As more DRMs get broken (and the most liberal at that), the more draconian the government response will be to protect other digital content; first up: High Definition Video (TV or movies). And the less likely that high-quality content will become digitized for sale. For CDs and current lower-quality DVDs, it’s too late.

    DeCSS differs in that the DVD restrictions were onerous even to law-abiding citizens. Certainly, CSS could’ve allowed for limited copying to other media like Fairplay does.

    Sometime settling for good (Fairplay-style DRM) gets in the way of the best (completely unrestricted personal/home movement and use on any device). But in balancing rights, it may be necessary to do so until technology or people’s attitudes allow further movement toward the best. Or we wind up going from good to worse (broadcast flags, INDUCE).

  16. Has anyone here (particularly Kev and Mike) heard of Weblisten or AllOfMP3 ? Mainstream music and NO DRM. And they’re legal: they work with local performers royalty-collecting agencies bypassing the major labels. The labels don’t like it but that’s only because they’re not involved.

    I disagree with the statement “If nobody pirated content, then there would be no DRM.” In fact I don’t think DRM has anything to do with preventing piracy. Its real agenda is about creating and enshrining cartels. Consider the DVD-CSS protection. YOU DO NOT NEED TO BREAK IT TO PIRATE DVDs: you can just copy them bit-for-bit. It’s there to allow the movie studios to extort money from manufacturers of DVD players, and to force the protectionist region-lock system on consumers.

    IMHO acceptance of DRM as the natural state of things is what allows things like broadcast flags and INDUCE to be seriously considered. Any DRM, no matter how “good” or “liberal” it is, is a step towards INDUCE. Hacking it is one way to change the culture. And in any case, I see no good reason why Linux users should not be able to use iTunes music.

  17. I’ve heard of Weblisten and AllOfMP3, and that’s great; all the more power to it. But it’s the artist’s choice. If the artist (through the nefarious influence of their label agent) decides to sell with DRM, why should I hack and override their choice? My choice is I can just not buy, or buy it via other media (like CDs). I have no right to steal.

    CSS protection applied to DVD players before burners were available on computers. So I disagree, it was there first to stop pirating. Computers obsoleted it. But I am ignorant and curious about how much the DVD player mfrs paid the studios for it?

    If you don’t want DRM, boycott it. Make the non-DRM stores a rousing success (not yet happening). Advocate vocifierously for a new business model that will compensate the artist and give you freedom; whether it be the broadband tax method or something else.

    And how exactly do Linux users BUY iTMS songs?

  18. By the way, I do not like DRM so I do not own any DRMed-songs. I simply choose to buy CDs on sale (most at $10, almost all under $12).

    Ripping’s a snap, and I have a perfect backup that can be re-ripped to the latest and greatest format as needed.

  19. “If the artist (through the nefarious influence of their label agent) decides to sell with DRM, why should I hack and override their choice?”

    Because copyright is a bargain with the public, not a natural right.

    “I have no right to steal”

    Removing DRM isn’t theft. Not even copyright infringement is theft.

    “It follows that interference with copyright does not easily equate with theft, conversion or fraud. The Copyright Act even employs a separate term of art to define one who misappropriates a copyright: “Anyone who violates any of the exclusive rights of the copyright owner,” that is, anyone who trespasses into his exclusive domain by using or authorizing the use of the copyrighted work in one of the five ways set forth in the statute, “is an infringer of the copyright.””
    — Supreme Court Justice Harry Blackmun back in 1985, in Dowling v. the United States

  20. Why should anyone be able to override my property rights over data on MY computer? I agree with Bill, copyright is not a natural property right, it’s a legal privilege. The freedom to control my own computer data and my own equipment is the natural property right.

    If someone is allowed to use DRM and it’s illegal to over-ride it, the next logical step is allowing them to take active steps to ensure compliance with licence conditions… leading to proposals like the Two Howards’ bill to legalize hacking by copyright-holders.

    To clarify, sites like Weblisten and AllofMP3 can exist because in Spain and Russia music downloads are treated by copyright law in much the same way as radio broadcasts, so are handled by royalty-collecting agencies. The artists don’t “choose” whether the music is on their sites, but they do get a much better deal out of it.

    Why aren’t they as well-known as iTunes et al? *Because* they don’t have big-label backing so aren’t hyped so effectively, perhaps? What makes iTunes so well-known also makes it a not-so-good choice.

  21. From the DVD Cartel’s own website it costs US$15000 to get a licence to build a DVD player. Implementing region-locking is also a requirement.

    >

    This is a non-sequitur. Most pirating is not done with ordinary consumer equipment. It is done with specialist equipment. The gangs which pirate DVDs on a large scale use specialist equipment which, as mentioned before, copy bit-for-bit, encryption region-lock and all. Much the same is true of all organized piracy. It’s not easy to imagine being able to copy large quantities of disks on even the most advanced home equipment available.

    The encryption is anyway to weak to be of any real use in stopping copying. [Obviously, as a hobbyist programmer was able to crack it.] Its purpose is, in tandem with the DMCA, to give the DVD cartel suing power over consumers and manufacturers.

  22. Sorry my last post got mangled. The “non-sequitur” is Kev’s statement:
    “CSS protection applied to DVD players before burners were available on computers. So I disagree, it was there first to stop pirating.”

  23. BTW I have an iBook and a linux-only PC. So I’m exactly the sort of person who might want to buy iTMS music then play it on Linux.

    “But who would want to …?” is never a valid justification for DRM. Invariably, *someone* will.

  24. In addition to the interoperability problems previously discussed, I’d like to add that when I pay iTMS prices for music, I expect to be able to backup and protect that investment in the ORIGINAL quality and size (no decoding/transcoding, and no resampling). DRM systems do not support this requirement.

    One day, your first iTunes authorized computer will fail (or you’ll forget to deauthorize it before formatting the disk, etc.) Ditto for the 2nd and third authorized computers. Three strikes and you’re out!