August 29, 2016

avatar

AACS Plays Whack-a-Mole with Extracted Key

The people who control AACS, the copy protection technology used on HD-DVD and Blu-ray discs, are apparently trying to shut down websites that publish a certain 128-bit integer. The number is apparently a “processing key” used in AACS. Together with a suitable computer program, the key allows the decryption of video content on most existing HD-DVD and Blu-ray discs.

I won’t publish the key here but you can spot it all over the Web. It’s a long string starting with “09 F9”.

The key has been published on a few websites for months, but in recent days the AACS “Licensing Authority” (AACS LA) has taken to sending out demand letters to websites that publish the key, claiming that the key is a circumvention technology under the DMCA. News of these demand letters, and the subsequent disappearance of content and whole sites from the Net, has triggered an entirely predictable backlash, with thousands of people reposting the key to their own sites.

The key will inevitably remain available, and AACSLA are just making themselves look silly by trying to suppress it. We’ve seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.

It’s hard to see the logic in AACS LA’s strategy here. Their end goal is (or should be) to stop unauthorized online distribution of high-def video files ripped from HD-DVD or Blu-ray discs. The files in question are enormous and cumbersome to store and distribute, containing more than a gigabyte of content. If you can’t stop distribution of these huge files, surely there’s no hope of stopping distribution of a little sixteen-byte key, or even of decryption software containing the key. Whatever tactics can stop distribution of the key should be even more effective against distribution of movies.

My guess is that AACS LA miscalculated, thinking that a few demand letters would succeed in suppressing the key. As the key spread, it seemed natural to continue sending letters – to do otherwise would be an admission of defeat. Now the key is spread so widely that there’s no point in sending any more letters.

The next question is whether AACS LA will try to sue somebody who defied a demand letter. There’s no real strategic point to such a suit, but even big organizations act out of spite sometimes.

Comments

  1. avatar Anoather Kevin says:

    The constant is already on a T-shirt:

    http://www.ghacks.net/2007/04/30/09-f9-11-02-t-shirt

  2. According to: http://reddit.com/info/1m4mo/comments

    the constant is already registered as a .com domain name. I imagine it would be hard to cease and desist all the DNS servers in the world?

  3. Yes, it is registered.

    Also, aacsla appear to want to block anyone from finding a certain website, and any other sites linking to it. A strategy like that is doomed to failure.

    My money says that those involved at aacsla have seen matters discussed on that site which suggest that poking holes in the upgraded software players will occur sooner rather than later, and that the x-box hack will be of great assistance.

    In my opinion, the only way to prevent people distributing copied material through the Internet is to close down the Internet worldwide. The studios might be big, but they’re not that big.

  4. avatar Anonymous says:
  5. I wonder if the content organizations could essentially poison the well by releasing large numbers fake keys, paying websites to change the key to a non working one, etc. Essentially, make it likely that any key you find on a random website won’t actually work.

  6. Can I copyright the speed of light in meters per second and demand physics web sites take down the information?

    Will they take down Google (as searching on the few hex digits above returns over a million hits)?

    Or if they show too detailed pictures of the tee shirts?

    I’m missing something here. Under what legal theory is a number protected? It’s hard enough getting identity information (e.g. address, phone) removed, and it probably ought not be protectable.

    Do MIDI music within an octave based on octal if they dislike hex?

  7. I don’t think anyone is suggesting that the key value itself is copyrightable. I think that sort of argument was thrown out in the garage door opener case.

    As regards the argument that the key value is itself a circumvention technology – I suspect that there is a load of mileage for the lawyers there. What we are getting down to is the unauthorised disclosure of information, and the use of the correct technology, but in an unauthorised way. To my mind, “circumvention technology” connotes something other than the “genuine” technology itself – not the use of the “genuine” technology but in an unauthorised way.

    I imagine they are concerned about the way in which a huge aacs hacking community is developing, but I doubt if they can do much about it by trying to censor links to sites they disapprove of. As is said above, there are now huge numbers of sites and links, and probably too many for what I would call a brute force defence.

  8. Worse, someone published one of the takedown notices, which contains the key. Sort of reminds me of when DeCSS was part of the public court record for a few days (they didn’t ask for the transcript to be sealed until someone asked about it at the beginning of the hearing).

  9. avatar Per Jonsson says:

    More domains has been registred, .org, .net, .info.

    Maybe it’s aacsla who have registred them, but they have to register a lot in that case…

  10. avatar Anonymous says:

    I suppose that the next thing will be a Wikipedia entry just for that key.

  11. There is an article which suggests possible aacsla motives here:

    http://blogs.zdnet.com/hardware/?p=382

  12. Hope you don’t mind. 100111111001000100010000001010011101011101001110001101011011110110000100000101010110110001011100011010101101000100011000000

  13. I prefer to think of it as a 125 digit integer beginning 65667993785.

  14. This Post Sponsored By the Number Eleventy-Billion…

    A number you don’t recognize? Perhaps some background is in order…
    ……

  15. avatar Anonymous says:

    By all accounts, that key is spreading all over the Internet like wildfire.

    If they send C&D letters to every site that that key is posted on, there is going to be a shortage of ink, paper and envelopes, and the USPO will have to hire extra help.

  16. One of my students had it on his t-shirt today in class. We spend some class time talking about Joel Furr’s perl-RSA shirt, and the gallery of DeCSS implementations at CMU.

  17. Total user revolt at Digg over HDDVD key ‘censorship’. Every single front page post at Digg is currently a post about the HD DVD processing key, which the MPAA seems to have forced Digg to censor.” – metafilter

  18. I’ve gotten some C&D letters myself, from (for example) the ESRB because we have a “hentai” parody of their logo (http://www.jlist.com/PRODUCT/shirt-warning1), which we declined to follow. I’ve learned from this that these lawyers bill at $175 per hour and up, and apparently prefer to receive this payment for sending a C&D letter than say to their clients, “It’s useless. You shouldn’t bother” and get nothing.

  19. Information can’t not exist after it exists. The first homo sapiens to proffer the idea of heliocentricity lost their lives, but the information didn’t die.

    In this case, the speed and breadth of the net should server to demonstrate that any attempt at censorship is not only as useless as it has always been, but now will produce the opposite effect from that desired by those seeking to censor.

    At least no lives were lost in the process this time.

  20. avatar Anonymous says:

    I think that the talents AACSLA and their lawyers are wasted. They wiould be far better to abandon copy protection and the law, and to diversify into advertising and marketing.

  21. avatar Anonymous says:

    Been there, done that, got the tee shirt. Now listen to the song:

    http://www.youtube.com/watch?v=L9HaNbsIfp0

  22. avatar xboxer says:

    The thing is, with the Xbox 360 HD DVD hack, all processing keys can be found. It does not matter if they revoke the current ones.

    Revocation is now irrelevant.

  23. I think that the xbox hack relates to volume keys, and that is not the be-all and end-all of copying a disk.

    However, if:

    (a) the upgraded players handle pre-revocation disks differently from post revocation discs, and

    (b) already knowing the volume key for a title is an advantage when hacking into a player,

    then the xbox hack could be a very crucial step forward in handling the “upgraded” players.

    The number of sites hosting that key now runs in to tens of thousands. I think that Proskauer Rose need to order plenty of franking machine ink.

  24. They just don’t get it. They treat people like criminals, they will say “so be it” and start acting the part.

  25. The key’s on Wikipedia alright: scroll down Talk:Advanced_Access_Content_System a short way and you’ll find it.

    Trying to suppress the key is doubly-stupid, both because of the Barbra Streisand effect and because posting the key doesn’t infringe copyright or even the DMCA anti-circumvention clause.

    Because if this key is a circumvention device, then my front door key is a lock pick and qualifies as a prohibited burglary tool, and I can be arrested just for carrying it around in my pocket.

    Any legal theory under which the key can be suppressed is going to fail spectacularly — either it makes my pocket’s contents illegal, or it permits very short works to effectively be copyrighted (I hereby copyright “the” — everyone who uses it please pay up now or I’ll suppress your derivative works), or something similar.

    The key could be trademarked, but using it to refer to AACS would not infringe any more than using “Coca-Cola” to refer to Coca-Cola does.

    The key might once have qualified as a trade secret, but it is clearly widespread enough knowledge now not to qualify as such any more.

    But IANAL, so take this with a grain of salt.

  26. Does anyone know why the aacsla are suddenly concerned about this key being on web sites?

    Until now, their attiitude appears to have been that, as regards disks with drm derived from that processing key, the genie was out of the bottle, and that with the passage of time, and more new disks coming out, the problem of copiable disks and un-upgraded players would diminish as a percentage of the total number of disks and titles around, and be confined to those early releases.

    Yet all of a sudden, they have become paranoid about that key being on the net – even though it has been publicly available for months.

    Which makes one wonder if there is some technical or other reason why continued availability of that information is a problem to them which goes beyond the fact that already sold disks are compromised.

  27. “I’m missing something here. Under what legal theory is a number protected? “

  28. “I’m missing something here. Under what legal theory is a number protected? “

    What is a song on CD or mp3 but a large number? What is software but a large number? What is this text that i’m writing? They’re all numbers. In general, the larger the number, the stronger legal copyright protection it can get.

    (apologies for the last dupe post)

  29. avatar Ned Ulbricht says:

    Andrew S,

    You’re missing some core distinctions. In copyright, there’s a fundamental distinction between an original work of authorship and its embodiment in a tangible medium of expression. But you also must distinguish the encoding of a work as a string of characters, in ASCII, EBCDIC, UCS4 —or some yet to be invented system— from any abstract number which also may encoded by that exact same string. Holding a statutory monopoly over some original work of authorship does not grant any right to exclude people from using any of the natural numbers. Numbers—as numbers—are not original to any known human author.

  30. So what would happen if an encoding string were to contain some copyrightable material – imagine my encryption key was a bunch of random hex digits, and a poem I’d written. Could I send take down notices then? (putting aside any crypto problems this would cause)

  31. Unlike patents, copyright does not work on similarity (except in having reasonable cause to suspect copying), but on provenance.

    This is obviously ludicrous in the digital domain, but that’s the way it works.

    If you have a string that you obtained through copying then it counts as a copy. If you have a string that you originated yourself (without being aware of the other string to thus copy by inspection), then it doesn’t matter even if it’s identical, it is NOT a copy (and cannot infringe).

    I’d remind folk also, that a key can only be regarded as a circumvention device if it circumvents a TPM of a copyrighted work. If you utilise the same TPM on a non-copyrighted work then the DMCA does not prohibit circumvention of such TPMs. Therefore, this key may actually have been created for circumventing the TPM of an HD-DVD that contains non-copyrighted work.

  32. avatar Ned Ulbricht says:

    So what would happen if an encoding string were to contain some copyrightable material

    Let me rephrase your hypothetical as it came across to me, and let’s hope I’m not doing to much damage to what you meant: You asked whether people who are very clever with words might mangle copyright law to prevent others from communicating mathematics.

    My answer is really quite simple. As someone who has been occasionally mistaken for a genuine mathematician, it is repugnant to me that anyone would claim ownership over any natural number. Furthermore, as I read Feist, such a claim is repugnant to the Constitution. But whether or not the courts agree with me, if Congress purports to pass a law granting monopoly of any number, then as a matter of personal conscience and reason, I feel no duty to obey that silly, pernicious, purported law.

    Number systems abstract patterns visible in the world around us. Number systems model nature. Congress has no power to alter or abolish those observed facts of nature. A bunch of innumerate thugs with guns have no right to stop me from expressing myself using the tools which are the common heritage of all mankind.

    Does that answer your question?

    I’m not denying that the Progress clause grants Congress the power to secure authors their writings. But just because a particular sequence of bits might possibly encode an expression of your poem or song or story, that doesn’t give you the right to prevent all other uses of that bit sequence.

    The nation cannot afford to surrender our ability to encode numbers in efficient ways.

  33. Wikipedia is now behaving outrageously, as Digg was — and stupidly. Most egregious, they’ve actually protected talk pages, which are always supposed to remain editable.

    Not that it’s accomplishing anything vis-a-vis suppressing the key:
    http://en.wikipedia.org/w/index.php?title=Talk:Advanced_Access_Content_System&action=history

    History pages at Wikipedia retain a record of everything — including things that are “deleted”. If you examine the provided link you shall find many occurrences of the key in the edit summaries, not to mention that the key is in some of the diffs you can reach from that page. In particular, compare any “removed key” or similar entry to the preceding one. :)

    It is sad though that Wikipedia continues to depart further and further from being “the encyclopedia that anyone can edit”. Increasingly it’s “the encyclopedia that you have to register to edit”. It seems to be a general trend of all organisations once they grow large to clamp down and become increasingly controlling, arbitrary, and gratuitous in their behavior, and increasingly stodgy, conservative, and authoritarian; the latter both as in “you must obey us” and as in “we will knuckle under to any political or legal pressure at the drop of a hat”.

  34. DeCSS Redux…

    Tremble before the might of my mighty link-fu! Witness the awesome fury of the 128-bit Palm Exploding Heart Technique:
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Damn. I didn’t have room for The 128-Bit Programming Challenge. Maybe somebo…

  35. As the key has already been posted on many sites as a 128 bit binary number, I suppose that you could always list the key as a list of 8bit integers but that could still be too close to the original key, so why not list some arbitrary 16bit integers (2553, 4353, 40309, 58203, 55361, 22213, 25430, 35008) or maybe 32bit numbers (167317762, 2641748827, 3628160709, 1666615488)
    ;-)

  36. As the key has already been posted on many sites as a 128 bit binary number, I suppose that you could always list the key as a list of 8bit integers but that could still be too close to the original key, so why not list some arbitrary 16bit integers (2553, 4353, 40309, 58203, 55361, 22213, 25430, 35008) or maybe 32bit numbers (167317762, 2641748827, 3628160709, 1666615488)
    ;-)
    sorry for any duplicate posts … I’m doing this from my mobile phone (not the best way to post to a forum etc )

  37. > If you can’t stop distribution of these huge files, surely there’s no hope of stopping distribution of a little sixteen-byte key,

    Yea, you know.

    DRM has absolutely nothing to do with
    “stopping distribution of these huge files”. It’s about nothing more than turning all content, everywere, into a monthly subscription model. They just have to boil the frog a bit slowly.