April 21, 2014

avatar

Digg Users Revolt Over AACS Key

I wrote yesterday about efforts by AACS LA, the entity that controls the AACS copy protection system used in HD-DVD and Blu-ray discs, to stop people from republishing a sixteen-byte cryptographic key that can unlock most existing discs. Much of the action took place at Digg, a site that aggregates Web page recommendations from many people. (At Digg, you can recommend pages on the Web that you find interesting, and Digg will show you the most-recommended pages in various categories.

Digg had received a demand letter from AACS LA, asking Digg to take down links to sites containing the key. After consulting with lawyers, Digg complied, and Digg’s administrators started canceling entries on the site.

Then Digg’s users revolted. As word got around about what Digg was doing, users launched a deluge of submissions to Digg, all mentioning or linking to the key. Digg’s administrators tried to keep up, but submissions showed up faster than the administrators could cancel them. For a while yesterday, the entire front page of Digg – the “hottest” pages according to Digg’s algorithms – consisted of links to the AACS key.

Last night, Digg capitulated to its users. Digg promised to stop removing links to the key, and Digg founder Kevin Rose even posted the key to the site himself. Rose wrote on Digg’s official blog,

In building and shaping the site I’ve always tried to stay as hands on as possible. We’ve always given site moderation (digging/burying) power to the community. Occasionally we step in to remove stories that violate our terms of use (eg. linking to pornography, illegal downloads, racial hate sites, etc.). So today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code.

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

This is a remarkable event. Critics of Web 2.0 technologies like Digg often say that users are being exploited, that the “communities” on these sites are shams and the company running the site is really in control. Here, the Digg company found that it doesn’t entirely control the Digg site – if users want something on the site badly enough, they can put it there. If Digg wasn’t going to shut down entirely (or become clogged with postings of the key), it had no choice but to acquiesce and allow links to the key. But Digg went beyond acquiescence, siding with its users against AACS LA, by posting the key itself and practically inviting a lawsuit from AACS LA.

Digg’s motive here probably has more to do with profit and market share than with truth, justice, and the American way. It’s not a coincidence that Digg’s newly discovered values coincide with the desires of its users. Still, the important fact is that users could bend Digg to their will. It turns out that the “government” of Digg’s community gets its power from the consent of the governed. Users of other Web 2.0 sites will surely take note.

Comments

  1. Barry says:

    The bad news is that Digg isn’t an “old media” darling, and so this revolt probably won’t make it to the mainstream media. That means that the public won’t be made aware of the defective-by-design nature of HD-DVD and Blu-Ray. Now, if this were happening on MySpace or Facebook….

  2. Robin Blume-Kohout says:

    As of 10:20 AM EDT, “The Day Digg Users Revolted” appears on the front page of the New York Times online edition. Barry’s concern may be unfounded.

    (http://thelede.blogs.nytimes.com/2007/05/02/the-day-the-digg-users-revolted/)

  3. Peter Clay says:

    “If this were happening on MySpace or Facebook…”

    … it would still be ignored, misinterpreted, or misrepresented by “old media”, who both don’t understand technology and prefer to print press releases by companies as that’s less work than actually figuring out the story.

  4. Peter Landwehr says:

    It is worth noting that there is now at least one Facebook group devoted to the cause – http://www.facebook.com/group.php?gid=2338184677. But I’d say that in a Web 2.0 culture, something similar already occurred and _did_ make it into the mainstream media: the ’06 Facebook Revolt over the news feed. There was a plethora of news coverage about the event, and the consensus opinion was that the users won over the company.

  5. Ned Ulbricht says:

    At this point, the “09 F9 …” string has changed meaning. “09 F9 …” is now a political slogan. The conversational context has progressed. The string which represents the number has become, inter alia, the word and lyrics to a song, elements of poetry, and visual art. In all these contexts, “09 F9…” expresses political meaning.

    Above all, it is a firm statement that the integers belong to the public. No person or corporation has any right whatsoever to exclude the general public from all uses of an integer. The integers—as numbers—are not susceptible to ownership.

  6. Luis Villa says:

    Ed, others: I’ve now seen the number so many times it is burned into my retinas, but I still haven’t seen a clear explanation of what the number is, exactly. I’d been under the impression that HD-DVD, unlike good-old-fashioned DVD, wasn’t stupid enough to be vulnerable to distribution of Just One Key like this- that any individual key could be revoked, and/or needed to be paired with another key in order to function. Am I wrong? (likely :) Or is this key merely one key that needs to be paired with another in order to unlock the crypted content? Or…?

    Thanks in advance for any clear and succinct explanation :)

  7. Peter Burns says:

    It was my impression that much of the revolt wasn’t over threads about the AACS key being taken down, but rather on the deletion of threads on the site that were simply about the fact that there was censorship going on.

    The first was boneheaded and silly, the second was a violation of what many had come to understand Digg to be about.

  8. cm says:

    I fail to see how this incident invalidates the general claim that “users are being exploited, that the “communities” on these sites are shams and the company running the site is really in control”. Exploitation and control are not yes/no phenomena, but matters of degree, both in the aggregate and down to individual transactions/relationships.

  9. w00tastic says:

    Frankly I think at this point the law suit ought to be (even if it really isn’t) incredibly difficult to win. What with the key all over the place.

  10. Tomer Chachamu says:

    Luis Villa: Essentially, it’s the “processing key”. It’s what software gets after it applies its device key, so the processing key cannot be revoked.

    The processing key could have easily been made different on every master disc, but for some reason AACSLA has used the same processing key for every disc. (I guess they didn’t understand the problem with reusing it.) The processing key is therefore specific to all current HD-DVD discs, but new ones will use a different processing key.

  11. Seth Finkelstein says:

    “Critics of Web 2.0 technologies like Digg often say that users are being exploited, that the “communities” on these sites are shams and the company running the site is really in control.”

    Yes, they are. Look , the critique of the exploitative digitial-sharecropping that is “Web 2.0″ doesn’t fall because there’s some cause-celebre where the powers that be decide they’re better off presenting themselves as revolutionaries. Being a con-man or a demagogue is not a completely top-down activity, and it’s a strawman to present it that way.

    We’ve been around all this cause-celebre before, with DeCSS. In fact, also with your paper :-) .

  12. John says:

    That processing key will be revoked, and in the long term will only be of use in decrypting disks that it was relevant to.

    But i don’t think that this is about trying tio get the genie back in the bottle as regards those disks. I think they are not so worried about what hackers have already done, as to what they might be doing now.

    I suspect that this is about trying to suppress access to sites where people talk about hacking aacs, and that they have contrived an argument that the key itself is a circumvention measure – and therefore that this justifies take down notices.

    A number of reports question whether a key value itself can be a circumvention measure, and perhaps that ought to be tested in the courts.

  13. Keith says:

    “The bad news is that Digg isn’t an “old media” darling, and so this revolt probably won’t make it to the mainstream media. ”

    There is now an article about this on the front page of the BBC news page!

  14. John says:

    It isn’t just forums and mainstream news now.

    A growing number of people are adding that key to their postings or entries on sites as a keyword spamming method. People have added the key to the keywords on their You Tube entries where the posting has nothing to do with this topic.

    And Ebay auctions are starting to appear which include that key.

    I suppose next it will be on South Park or The Simpsons.

  15. chriskalani says:

    I love this whole thing! It is cool… we’re making history here.

  16. Anonymous says:

    Back in January, there was a thread here entitled “AACS: Modeling the Battle” in which debate was about how things might develop between the aacsla and the hackers.

    Had, at that time, anyone predicted that the content owners would end up trying to control the Internet, people would have said that the studios might be stupid, but they are not that stupid.

  17. Richard Norris says:

    Maybe Ed can post the tenure committe reports for the Center for Information Technology Policy faculty, as well as his own teaching class evaulations. Then there’d be something more interesting to read than his curent drivel.

    RN

  18. Barry says:

    Guess I could be wrong! Personally, I’m glad to hear it.

    Now the question is whether the reasons for the mass posting of the key in the first place will be lost on the “old media”. Will they talk about the controversies surrounding DRM’s effects on legitimate private uses of legally purchased media, or the need to make backup copies, or other instances of fair use? Or will they simply associate this with anarchy and piracy without touching on the more important issues at hand?

  19. Lawrence D'Oliveiro says:

    So the key will be revoked. But in the meantime…

    …all your key are decode to us.

  20. graphex says:

    I wonder what the odds are that the AACS LA will now act on its threat and sue DIGG. I don’t know if it would be a very good test of the DCMA at this point, since the primary purpose of 09:F9 is probably more political now than circumventive, so a judge could just note that, throw it out and return us to the legal limbo we’re in which results in AACS LA’s ability to so effectively threaten people.

    This is certainly an interesting case. I like how some mainstream news agencies have described it as a “digital riot” which, if you regularly reloaded digg’s front page last night, you might see as a pretty accurate description. The sheer mass of real-time activity was pretty amazing. It seems to have quickly stabilized after Kevin posted his capitulation, but for a few hours yesterday, watching this drama unfold was real-time entertainment.

  21. Ned Ulbricht says:

    described it as a “digital riot” which, if you regularly reloaded digg’s front page last night, you might see as a pretty accurate description.

    No. I don’t see “digital riot” as an accurate description.

    Where’s the destruction of property? Where are the injuries? For pete’s sake, where’s the teargas? Where’s the “Miami model” of proactive policing?

    No matter how the news-scribblers spin it, I just don’t see any violence, and I don’t see a riot.

  22. Dscho says:

    It even made it to the biggest German online journal, Spiegel online.

    For what it’s worth, I think it has been high time the internet showed it’s democratic potential. After all, democracy is not about backing the industry, but about decisions of the majority of the voters. Even the decision was stupid, it still would be the majority’s decision.

    The rationale behind this is that most people behave sensibly. So, a majority’s vote would by definition include at least some of them. I welcome this new development.

  23. graphex says:

    Yeah, no teargas was involved, but digg did destroy some accounts and erased quite a few digg counters. Many of the blogs which initially contained the code are now defunct (wordpress seems to have been pretty heavy-handed). There was the creative post about Digg deleting someone’s hard drive (and the error message was “the code”), and the “move along, nothing to see here” error page that sporadically appeared as Digg’s servers hit capacity.

    The wikipedians had to stand inside several of their doorways with shotguns (“the code” was blocked on wikipedia, entries for HD-DVD, Digg, Kevin Rose, and others were locked down and monitored to avoid collateral vandalism).

    It is entirely possible that the AACS LA police were standing around video taping everything, ready to press charges against as many of the actors as possible – we’ll see if they go on the offensive in the next couple of weeks.

    So, well, what would constitute an internet riot? An irate mob of people was certainly involved, there was destruction of data on quite a few sites, and eventually Digg was intimidated in to submission. In this case the rioters got what they wanted, but I wonder what things would look like now if Digg hadn’t capitulated.

    In any case, I like the word riot for this because it captures the essence of this being an event – it happened and was over, you were either ‘there’ or you weren’t. I’ve got a DeCSS shirt, but I can’t say it is “about the night of May 1st, 2007″.

    09 F9 05/01/07!

  24. Lawrence D'Oliveiro says:

    Would it be illegal in decimal:

    790135794162121871174506300771

  25. Dscho says:

    Lawrence: that was funny.

    And it proves again that the lawyers fail to see something very important. You cannot transform a physical thing into a number. You can describe things that way, yes. But a thing and a number are not equivalent. But _everything_ in the internet _is_ equivalent to a number. In the mathematical sense. You can transform it as often as you want, it is still equivalent to a number. And numbers are ethereal, they always existed, and will always exist. You cannot destroy them, and you cannot — brace yourselves, IP advocates — invent them. Therefore you cannot protect them either.

  26. Tarkeel says:

    graphex said:
    (…)“about the night of May 1st, 2007″.

    09 F9 05/01/07!

    Quite fitting that May 1st is the Day of the International Solidarity of Workers.

  27. Tel says:

    Digg’s motive here probably has more to do with profit and market share than with truth, justice, and the American way.

    On the contrary, profit and market share IS the American way.

  28. Mr Flibble says:

    I’d quite like, one day, to be able to play legitimately-purchased HD and/or Blu-Ray DVDs using open-source software, as I can now with ‘standard’ DVDs. (Oh, and 05/01/07 is 5 January 2007…)

  29. Steve C says:

    Now tell me how that this wonderful ‘AACS technology’ is going to solve a social problem? DRM is like that speed hump in the road that makes people want to drive faster, just for the fun of it. Never mind that the files from the HD media are so large that they are actually difficult to share over the Internet, these people are just doing it to get even with the MPAA, for the fun of it. The MPAA should just save their money and solve the social issues instead.