April 25, 2014

avatar

Why the 09ers Are So Upset

The user revolt at Digg and elsewhere, over attempts to take down the now-famous “09 F9 …” number, is now all over the press. (Background: 1, 2) Many non-techies, including some reporters, wonder why users care so much about this. What is it about “09F9…” that makes people willing to defend it by making T-shirts, writing songs, or subjecting their dotcom startup to lawsuit risk?

The answer has several parts. The first answer is that it’s a reaction against censorship. Net users hate censorship and often respond by replicating the threatened content. When Web companies take down user-submitted content at the behest of big media companies, that looks like censorship. But censorship by itself is not the whole story.

The second part of the answer, and the one most often missed by non-techies, is the fact that the content in question is an integer – an ordinary number, in other words. The number is often written in geeky alphanumeric format, but it can be written equivalently in a more user-friendly form like 790,815,794,162,126,871,771,506,399,625. Giving a private party ownership of a number seems deeply wrong to people versed in mathematics and computer science. Letting a private group pick out many millions of numbers (like the AACS secret keys), and then simply declare ownership of them, seems even worse.

While it’s obvious why the creator of a movie or a song might deserve some special claim over the use of their creation, it’s hard to see why anyone should be able to pick a number at random and unilaterally declare ownership of it. There is nothing creative about this number – indeed, it was chosen by a method designed to ensure that the resulting number was in no way special. It’s just a number they picked out of a hat. And now they own it?

As if that’s not weird enough, there are actually millions of other numbers (other keys used in AACS) that AACS LA claims to own, and we don’t know what they are. When I wrote the thirty-digit number that appears above, I carefully avoided writing the real 09F9 number, so as to avoid the possibility of mind-bending lawsuits over integer ownership. But there is still a nonzero probability that AACS LA thinks it owns the number I wrote.

When the great mathematician Leopold Kronecker wrote his famous dictum, “God created the integers; all else is the work of man”, he meant that the basic structure of mathematics is part of the design of the universe. What God created, AACS LA now wants to take away.

The third part of the answer is that the link between the 09F9 number and the potential harm of copyright infringement is pretty tenuous. AACS LA tells everyone who will listen that the discovery and distribution of the 09F9 number is no real threat to the viability of AACS or the HD-DVD/Blu-ray formats. A person getting the 09F9 number could, if he or she is technically skillful, invest a lot of work to get access to movies. But there are easier, less tech-intensive ways to get the same movies. Publishing the number has approximately zero impact on copyright infringement.

Which brings us to the civil disobedience angle. It’s no secret that many in the tech community despise the DMCA’s anticircumvention provisions. If you’re going to defy a law to show your disagreement with it, you’ll look for a situation where (1) the application of the law is especially inappropriate, (2) your violation does no actual harm, and (3) many others are doing the same thing so the breadth of opposition to the law is evident. That’s what we see here.

It will be interesting to see what AACS LA does next. My guess is that they’ll cut their losses, refrain from sending demand letters and filing lawsuits, and let the 09F9 meme run its course.

Comments

  1. Neo says:

    There’s two reasons for (3), above — one is that you add to the momentum of something that has a lot, and is more likely to get noticed or have an effect. The other is the safety-in-numbers factor. If they (law enforcement, the MPAA, whoever) picks out a few people to be made into examples, it’s less likely your number will come up if you’re one of millions versus if you’re one of only hundreds of possible choices. Of course, prominence is a risk factor…

    • the infoanarchist says:

      THE CODE IS: 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
      IN DECIMAL IT’S:13,256,278,887,989,457,651,018,865,901,401,704,640
      FREEDOM OF INFORMATION, FUCK COPYRIGHT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  2. Eric Silva says:

    Thanks for you good coverage of this issue.

    The AACS LA isn’t actually claiming that they own the number. They’re claiming the number is violating the DMCA’s ban on circumvention devices.

    This isn’t a failing of copyright law, but more the DMCA.

    Fred von Lohmann at the EFF wrote a good article that talks about this designation: http://www.eff.org/deeplinks/archives/005229.php

  3. Crosbie Fitch says:

    As long as AACS LA has a committee mentality it will be unable to adapt – only individuals have that capability – obtained through freedom of thought.

    If your remit is to achieve the impossible, your only hope is to be cunning in demonstrating that impossibility to those who gave you the remit.

    Frankly, it will NOT be interesting to see what AACS LA does next. Unsurprisingly, it will again demonstrate the folly of their mission.

  4. Seth Finkelstein says:

    Sigh … I’m just going to tell myself to keep my head down and not tilt at windmills :-( .

  5. Neo says:

    The key is now prominently displayed at http://www.againstmonopoly.org/ and can (as of this writing) still be found on wikipedia, though it’s harder. It’s been redacted from articles and censored from talk pages, but that just makes it visible in the history pages. :)

    • Anonymous says:

      It’s still there, though someone I know said they e-maild the MPAA about it, I don’t think it would work though :-)

  6. Yehuda Berlinger says:

    “What God created, AACS LA now wants to take away.”

    Ha! I knew it!

    God Sues All IP Holders

    Yehuda

  7. MSky says:

    I dont think people get the point. This is not about ownership of a particular number. This is about movie studios protecting a copyrighted material. Why is everyone so up in arms about it? You dont see Microsoft suing AstaLaVista.com, do you?

    You know what is going to happen now? AACS is going to change the key, the public one is not going to work any more and it will all go away, until someone figures it out again.

  8. Shane says:

    This is the equivalent of an automobile manufacturer selling you a car, then suing you for opening the hood to change your own oil. The whole thing is absurd. For technology to progress, people need to break the mousetrap so they can build a better one. Punishing smart people for forcing corporations to develop and upgrade better technologies goes against progress. A sad commentary on the decline of our civilization…

  9. Mike Scott says:

    You can’t say that people should be able to control use of a song or movie but not to own particular numbers, because a digital version of a song or movie is also just a number, albeit a much larger one than the AACS key that is currently in question. To have copyright protection of digital works at all necessitates giving copyright owners the right to restrict the dissemination of certain very large numbers.

  10. Chris says:

    I think your coverage of this topic, and the “you can’t own a random number” perspective promoted on bOINGbOING are slightly dishonest. The individual components of this string may have been chosen randomly, but the string is information. It is made meaningful by the components that know it. The same is true of any song or other intellectual property. Aside from the human brain, the mathematical representation of “Unchained Melody” is meaningless. We don’t say it has no copyright protection because of that.

    The real problem here is not that copyright laws are so inherently irrational, but that people don’t like them. Users simply want to have access to the code. The real question is whether they should have the right to utilize a product they purchased in the way they want.

  11. Greg London says:

    Something I wrote a while back to put it into plain language:

    an automobile company is going to get wind of this (DMCA) anti-circumvention clause. And what they’ll do is build a car with an electronic lock in the hood that only they or a dealer can open. And then they’ll sue any independent garage or car owner who tries to pop the hood without permission. You won’t be able to work on your own car. And you’ll have to go to a dealer for all your parts and repairs.

  12. LeDopore says:

    I don’t buy your argument that nobody can own a number. All digital files can be thought of as numbers, and (for better or for worse) we can own the contents of some digital files, so we can own numbers.

    Why isn’t this number-ownership extremely oppressive? Because there are so *many* numbers. There are about 10^39 different 128-bit numbers. The chances of accidentally selecting one of the million owned 128-bit numbers is therefore 1 in 10^33: negligible.

    Moreover, it’s really the act of pointing out a specific number rather than that number just existing which causes infringement. If you had a hypothetical website with every possible 128-bit number (which would require a hard disk array more massive than Jupiter, assuming 1-pound 1 TB hard drives), I doubt you would be taken down for hosting owned 128 bit numbers, since there’s no way a visitor would know which ones are secret. Indeed, it would take at least 128 bits of information to point to any specific 128-bit number on the site, which is why I say it’s the act of pointing to a number (by saying “this number can be used as an HD DVD crack”, or “that number might sound good as an .mp3″, etc.) that causes the infringement.

    What do you think?

  13. Kristy says:

    The issue isn’t this simple, I’m afraid. Numbers in the abstract may be ownerless, but this is not a number in the abstract. Context matters, too. I bet I can think of a nine-digit number–your SSN–that you’d not only claim to own but that you’d be really upset if somebody put in a LOLcats, especially attached to your name. What’s the problem? It’s just a number. Your phone number is just ten digits, too, but given the right context, it’d be pretty easy to see how giving one of those away to the general public could be harassment. How about the sixteen in your credit or debit cards? Or your bank account numbers?

    There is a perfectly valid complaint that the modern corporate approach to goods is that you are buying a license to use a product in a specified manner, not a product that you can use however you wish. That’s a recent change, and one that I think is damning in its own right. Please don’t conflate the real problem with a specious argument that “the key is just a number,” because lots of things are “just numbers” but protecting their sanctity is pretty damn important. It’s not just a number; it’s a number in context, and the context makes a difference.

  14. tz says:

    One bit of IP which the big media often expose are magicians tricks, and they actually can destroy any marketability for an act.

    Last week, a group in Japan started a lawsuit:

    http://www.themercury.co.za/index.php?fArticleId=3809254

    This might be a silly question, but if the entertainment divisions expose secrets often and sometimes claim journalistic protection, how can they then block the exposure of secrets on any basis? I think it is called “unclean hands” in the legal system.

    Maybe we can get the number on one of the news channel walks.

  15. mo says:

    No, this key really is just a number, it is not the numerical representation of a copyrighted work. It’s like the combination to my luggage only much much longer, and applying it is not nearly as simple. If somebody posted on the internet that the combination to Mo’s luggage was 1-2-3-4 it would take some stretching but I might be able to come up with a lawsuit. On the other hand, if I bought some luggage, but had to call the retailer every time I needed it unlocked I’d be grateful to know the combo. The retailer won’t like it–too bad, I own it, I can break it. The key is not a copyrighted work, its the DMCA prohibition on breaking encryption (prohibition on actually owning what you buy) that makes the key illegal (maybe-as the key alone doesn’t break encryption).

  16. Greg London says:

    Look, they’re not claiming they have a Copyright on the number. They’re claiming the number is an anticircumvention method which violates the DMCA.

    If the number were simply copyrighted, people are allowed to distribute it under Fair Use. You can review a movie and show a clip from that movie without permission. Actually requiring permission means no studio will let you review their movie unless you give them a good review.

    The DMCA, on the other hand, has no Fair Use clause. It has no limit to the monopoly the rights owner can enforce on the public.

    They’re not claiming the number is protected by Copyright. They’re claiming its protected by the DMCA, which is much, much worse.

    Bounty Hunters: metaphors for Fair IP laws

  17. tz says:

    Another bit of embarrassment must be that a single point of failure existed (and may exist) in the AACS system. They can change it but it will be interesting if the future disks simply have a different key, or N different keys, or a key per disk. Even having strong crypto won’t fix bad implementation or a weak link in the engineering.

    The DMCA doesn’t (or shouldn’t) cover sillyness. I think it was Lexmark who said cloning their protection chip on their inkjet cartridges was a violation.

    Maybe DVD-copy as a whole is a circumvention device, but a single integer? A T-shirt is a circumvention device. I know the law is an ass, but there is a lower bound on asininity.

  18. Rees Clissold says:

    Well, I’m from England where the DMCA doesn’t apply, so I can say the number all I want..!

    All together now: “09 F9…..”

    …Just kidding. Wouldn’t want to get you in trouble just for pressing the keys on my keyboard in a certain order.

  19. John Mark Ockerbloom says:

    I agree that the “numbers can’t be private” argument doesn’t make much sense. There are all kinds of numbers that most of us expect should be kept private, and where we feel we should heve reoourse against people who disseminate them (even if they aren’t the first ones to reveal them).

    And I’m not talking about long numbers either. Credit card numbers, bank account routing numbers, social security numbers, and PINs or numerically-encoded passwords are all numbers that are in most cases smaller than the AACS key. (For example, credit card numbers require no more than 54 bits, whereas the now-widely-distributed AACS key is 128 bits.)

    I think the difference in this case, though, is a different sentiment on whether *this* number *should* be private. Most people have the sense that people have an inherent right to privacy, and that they should be able to control the dissemination of their private information, particularly if that information’s only purpose is to let the recipient appropriate their rights or property. There’s no point in knowing someone’s credit card number, for example, unless you’re going to charge something to it, and the cardholder is supposed to be the only one able to authorize a charge. So you’re not allowed to just spread the number around.

    I think the studios see the AACS key in the same way: there’s no point in knowing the number unless you’re going to misappropriate their “property”. But much of the public doen’s see it that way; even if they’re in general agreement with the principles of copyright, and the right of producers to control the *dissemination* of their works, they don’t see why producers should get to control the private or otherwise appropriately limited *use* of works that consumers buy. Indeed, legal doctrines like fair use and first sale reflect this understanding. To the extent that DRM and the DMCA impose such excessive control, consumers of this sort object. And if the producers aren’t entitled to that level of control, then they aren’t entitled to keep private the number that imposes that control, is how I think the argument implicity goes.

    So, it’s not a question over whether numbers should be kept from the public as much as a question of whether *this* kind of number should be kept from the public.

  20. Joe Stump says:

    You realize that the numbers aren’t copyrighted right? Nobody is claiming ownership over them. The take down is for actively disseminating a known circumvention to a copyright encryption scheme (DRM). That’s what the DMCA is. It has absolutely nothing to do with copyrights. It makes cracking encryption illegal basically.

  21. Anonymous says:

    In EE Times, Lorin Wirbel rightly said:

    “Keepers of both industry and government secrets forget that the onus is on developers of a method for keeping information secret to protect the family jewels. Forcing journalists or coders to ignore a leaky sieve is venturing into constitutionally murky waters. ”

    See http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=199203540

    Maybe the aacsla realised that there would be all of this furore, and planned it that way – the objecive being to take the focus onto the publication of a key, and away from the fact that their system is a leaky seive.

  22. Steve R says:

    Ed,

    What is the law on someone publishing the combination to the door on your business or home? (Example assumes you have one)

    They are not entering your business or home, but they are releasing the number needed to enter.

  23. Anonymous says:

    Quoted from LeDopore:
    “which is why I say it’s the act of pointing to a number (by saying “this number can be used as an HD DVD crack”, or “that number might sound good as an .mp3″, etc.) that causes the infringement.”

    I agree completely. The issue here for the AACS LA shouldn’t be trying to stop random Diggers who have no idea how to use the number, they should be trying to stop people posting circumvention instructions. I mean, it’s a two-part deal, the number and how to use it. They should be going after groups that are posting both parts, not groups hosting the number. Failing that, they should be going after the instructions, not the number.

    As an aside, because I’m honestly confused: Isn’t Doom9 US-hosted? How the heck are they still up?

  24. Crosbie Fitch says:

    Unlike your private property, these keys are supposedly designed to control access to public property.

    Whilst publishers may have willingly supported copyright to enforce their agreement not to print each others’ books, individual members of the public have never made any such agreement.

    Lock up your secrets – they’re yours.

    What you publish is not secret – it’s ours.

    Attempts to lock up public intellectual property will not be tolerated by the public.

  25. Devonavar says:

    No, a song is NOT simply a very long number. Most of you are forgetting a very simple distinction in copyright law: The difference between a work and the medium it is present in. Copyright protects works, no matter what medium they’re in, digital, analogue, or otherwise.

    Essentially, copyright restricts the spread of certain meanings, no matter how those meanings are represented. That means a copyright holder can claim violation if a particular number is spread if that number is being interpreted (i.e. given meaning) in such a way that it violates their copyright. Disseminating the same number interpreted in a different way is not copyright violation.

    But, as others have pointed out, the key isn’t subject to copyright anyway, so the point is moot.

    But I don’t think that negates Ed’s point. I don’t think anyone is quite clear what the legal basis behind AACS-LA’s actions is, but it’s clear that AACS-LA is acting as though they had ownership of 09…. i.e. it is behaving as though it has special rights to restricting the use of the number. And people are upset because there is no basis for this behaviour. They clearly don’t gain these rights through copyright; the number is not subject to copyright, as outlined above.

    The most likely explanation is that they think they have these rights based on the anti-circumvention clauses of the DMCA. Or, maybe, they just want people to think that because they know they can achieve a lot simply by acting as though they do.

    It seems pretty clear to me that the number itself doesn’t (or shouldn’t) run afoul of the DMCA. The number by itself is not a circumvention device. The number is perfectly legitimate — AACS itself uses it to decrypt the content it protects. Were the number itself illegal, so would AACS be.

    The more difficult question is how the key is used. When used in an AACS-compliant device, use and knowledge of the key is perfectly legitimate. When used in a piece of “circumvention software”, it is illegitimate, at least in the eyes of the DMCA. As far as I know, the only way the distinction between legitimate and illegitimate software is whether or not it has been licensed by AACS-LA, which means that, unfortunately, the decision about whether or not a piece of software that uses the key is legal (legitimate) falls to AACS-LA, not the courts as it should. This is why AACS-LA feels entitled to tell people they can or can’t spread the key — after all, they already have the ability to determine whether or not a piece of software that uses the key to decrypt AACS is legal.

    Unfortunately for AACS-LA, and the reason why everyone is so upset, the DMCA grants them the (dubious) ability to declare software illegal, not the decryption keys themselves. Without software that makes use of it, the 09… key is not a circumvention device. It is a key without a lock — useless on its own. It is a number, which is open to any number of interpretations.

    Now, there’s good reason for AACS-LA to want to restrict the use of 09…, since knowledge of the number makes it possible (with certain other knowledge) to build a circumvention tool. But they go too far in expecting the DMCA to protect it as a secret. The DMCA outlaws circumvention devices — it doesn’t outlaw the existence of the raw materials — the 09… key — to create such devices. But AACS-LA is acting as though that were the case.

  26. EchoDitto Labs says:

    Numbers Aren’t Just Numbers…

    I’m no fan of DRM, and I think the AACS LA’s actions are pointless and stupid. But Doctorow and Felten are being disingenuous — they’re simply too smart not to see the problem with this argument….

  27. Anonymous says:

    “The issue here for the AACS LA shouldn’t be trying to stop random Diggers who have no idea how to use the number, they should be trying to stop people posting circumvention instructions. I mean, it’s a two-part deal, the number and how to use it. They should be going after groups that are posting both parts, not groups hosting the number. Failing that, they should be going after the instructions, not the number.”

    The problem with this idea is that the best place to find out how to use this number is on the AACS LA website. They have published a lengthy and very specific set of instructions for using their keys to decrypt HD and BD discs. The theory is that security by obscurity doesn’t work, so they make public the methods they use and rely totally on the secrecy of their keys.

  28. Narc says:

    Since you admit you invented the number in your post intentionally to look like the Forbidden Number, that might make it a derivative work. AACS LA might insist you transfer ownership of this post to them.

    (Yes, I know copyright != access mechanism.)

  29. paul says:

    Devonavar says: “The DMCA outlaws circumvention devices — it doesn’t outlaw the existence of the raw materials — the 09… key — to create such devices. But AACS-LA is acting as though that were the case.”

    I don’t know if this has been litigated for the DMCA, but under other computer-related statutes numbers are indeed considered devices. A friend spent a year-plus in federal prison for unauthorized possession of “N or more access devices” (I think N was 20, but I could be wrong), which translated to “he knew and used a bunch of passwords the feds said he ought not to have known.”

  30. Bruce Boyden says:

    Mike, if you look it up, you’ll find it was a performing rights organization — i.e., representives of composers — that sent a C&D letter to the Girl Scouts (ultimately withdrawn), not a record label, and certainly not a movie studio. And it was the 1831 Congress that made it possible to copyright songs. So, it was different clowns entirely.

  31. Martin O'Brien says:

    Let me preface my statement by saying it may seem like a matter of semantics: This number ISN’T a circumvention device. The software that uses the number to decrypt a HD-DVD is the circumvention device. This number is only a key, and nothing more!

    But, then again, it’s only my opinion, and I may be horribly misinformed!

  32. tom says:

    Martin: the program that employs the key is also a number. The distinction is meaningless, I’m afraid.

    This is the root of the problem: all information can be encoded numerically (at a chosen level of precision, anyway). Therefore so long as you agree that some information deserves protected status (as Ed does by referring to songs and movies), the argument that numbers can’t enjoy protected status is incoherent.

  33. Ed Felten says:

    Note that I didn’t say that no number could be owned.

    It’s true that every copyrighted song or video can be represented as a number. But the copyright owner’s control over that number doesn’t exist just because the copyright owner announced their ownership of the number, or because the copyright owner figured out how the number could be useful, or because the copyright owner wanted to build a business model based on restricting access to the number.

    Here’s what I wrote:

    While it’s obvious why the creator of a movie or a song might deserve some special claim over the use of their creation, it’s hard to see why anyone should be able to pick a number at random and unilaterally declare ownership of it. There is nothing creative about this number — indeed, it was chosen by a method designed to ensure that the resulting number was in no way special. It’s just a number they picked out of a hat. And now they own it?

    Remember, I’m not claiming it’s a logical contradiction for the law to ever control access to digital information. I’m just trying to explain why the 09ers thought AACS LA was being unreasonable.

  34. John says:

    I think that one issue is whether the key is a component of a circumvention device. Arguably it might be – but there is a complication. The key is actually part of the genuine player, and as such has a legitimate use.

    If you interpret the DMCA in such a way as a leaked key is a component of a circumvention device, then you don’t have to go much further to get to a point where it is unlawful to mechanically dismantle a legitimate device, because the bits you get are aguably components of a circumvention device.

    On Paul’s point, I suspect that the definition of “access device” for the purposes of computer crime, is a special meaning for the purposes of that legislation, and would not automatically extend to the DMCA.

  35. tom says:

    Isn’t “pick a number at random and unilaterally declare ownership of it” obscuring the issue, though? They’re claiming that it’s being used as a circumvention device, not asserting copyright. It’s just distributing the number with a particular use in mind that’s being forbidden.

    The analogy I would draw is if a company started selling as jewelry a key that happens to open my front door. I wouldn’t have any right to try to make them stop manufacturing the trinkets. However, if they printed my address on the packaging, I would — regardless of how many “for decorative use only!” disclaimers they also included.

  36. Bob Mime says:

    01 03 05 07 09 0B 0D 0E 02 04 06 08 0A 0C 0F

    This is my number
    There are many like it
    But this one is mine….
    but I don’t know if it is or not…
    does someone own my number?

  37. Dscho says:

    I don’t think that “everything digital is a number, and it stupid to claim ownership over a number” is obscuring things.

    There are _fundamental_ differences between physical things and digital things.

    One very important is, that there is no physical law prohibiting transformations and exact copies of digital things. And that is why you can circumvent DMCA easily, which tries to uphold something not backed up by physical laws, but cannot circumvent copying physical things like clothes, which _is_ related to physical limitations: you can copy a file almost infinitely, while copying a shirt takes resources, and thus cannot be done infinitely.

    Now, the problem is that too many people do not want any of that.

  38. Greg London says:

    Fair Use may be thought of as Public Property. Copyright holders get certain rights that are exclusively theirs, but Fair Use says the Public gets some access and doesn’t have to pay the copyright holder or get their permission.

    Fair Use is the basis for why you can quote a work in a critical review. You don’t need to suck up to a copyright holder to get their permission or pay them gobs of money. You can just say “It stunk and here’s an excerpt that really stunk” (roll film). And the copyright holder can’t do anything because Fair Use protects you.

    Fair Use is what allows you to time shift television content. Copyright holders fought vigorously agaisnt the VCR.

    Also, copyright law was never intended to squash research and development, it was never intended to prohibit reverse engineering. Patent law actually requires that the patent holder describe, in complete detail, how their patented device works so that others can understand it and learn from it. Copyright law was intended to protect a particular expression but not ideas, it was intended to protect someone’s specific words, but not the knowledge they contain. But now, you can’t so much as crack open the cover on a DVD player without a takedown alarm going off.

    The DMCA has stolen Fair Use from the Public, it has stolen all the rights that copyright was intended to give the Public. And the DMCA completely turns copyright on its head, taking what was intended to be a thing that PROMOTES SCIENCE AND THE USEFUL ARTS, and turning it into a complete blackout of information to defend someone’s profit interest.

  39. tom says:

    Greg: copyright has no bearing on this discussion whatsoever. The AACS LA isn’t claiming copyright and nobody’s assigning it to them. Fair Use rhetoric is great (I believe in it!) but it applies to copyrighted works that can then be added to or transformed through the work of others. It is completely irrelevant to this issue, I’m afraid.

  40. Per Jonsson says:

    I think a lot have gone wrong latly in the computer/entertainment industry and the future doesn’t look so bright.
    When I bought my first computer (C=128) you got manuals with blueprints, manuals with components, and some manuals for basic. The same was on my next computer, the Amiga, you got the blueprints, you could buy books with all the hardware unvield so you could tweak and test the limit of the computer.

    When you buy a laptop today, you should be glad if the manufacturer know what ethernetcard is in it so you know what driver you should use.

    Why all this rambling? Now with Vista and all this content protecting and later on trusted computing… All the stuff is hidden, none could make cool new stuff without signing NDA’s noone can strech the limits on the same way as the earlier computers could do?

    We are not going to se a break thru as the first Sample or Digitized video on the C64 (remeber Tainted Love anyone?).

    I think it sucks!

  41. sadsac says:

    There is a distinction between the number that comprises this key, and say, the number that represents a movie or song. The former originates as a number, the latter is reduced to a number. The latter’s reduced number can’t be picked at random with any significant degree of likelyhood that it will represent the movie or song from which it originated. The former’s number could have been chosen as any other equivalent length number, and it would have worked just as well.

    The aacsla chose this number, as this number.

  42. z! says:

    It’s never been clear how possession of this number is different from possession of a crowbar. In one hand, it’s just a number (used to pry out nails), in the other it’s a burglary tool (used to pry open a locked door). AFAIK law already makes the distinction between the two based on use, not possession.

  43. Steve R. says:

    Wired has an interesting remark from an un-named industry source: “On April 16, the organization announced that “it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software. Consumers can continue to enjoy content that is protected by the AACS technology by refreshing the encryption keys associated with their HD DVD and Blu-ray software players. This refresh process is accomplished via a straightforward online update.” Ostensibly, the key expiration would happen through the inclusion of new keys on new discs. In order to play them, HD DVD player owners would need to download a firmware update to their players. The AACS Licensing Administrator claims that even though this latest leaked key is a processing key (that works on all AACS-protected HD DVD discs), as opposed to a title key (unique to a specific disc), it will still be possible to update players with the new key using the normal update process.”.

    What this seems to imply for the consumer is that they must have an internet connection, that they must pay for, to simply use their devices. Not only that, but what happens to the consumer is the download site is not available? This degree of “command and control” seems absurd if the keys become public knowledge xx minutes after they are released. I guess the solution will be for the device owner to call the AACS LA just prior to playing their content.

    PS: The earlier post by Steve R, is a different Steve R.

  44. rc says:

    Simple solution: use an ascii text poem as your encrypt key. Poems are copyrightable. Of course, in machine form, it’d look just like ’09 F9…’ but that’s just a translation of the data, and still copyrightable…

  45. Anonymous says:

    “Wired has an interesting remark from an un-named industry source: “On April 16, the organization announced that “it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software.”

    “What this seems to imply for the consumer is that they must have an internet connection, that they must pay for, to simply use their devices.”

    The Wired quote comes directly from the AACSLA website. The AACSLA required software that runs on a PC to be updated, not the stand-alone devices that play HD or BD discs. Since the software was probably obtained through the Internet, it’s reasonable to require it to be updated that way. Even if it was purchased off-the-shelf, the AACSLA requires the software player manufacturers to update the keys in their players on a regular basis. (I have no idea if that is properly disclosed to purchasers, but it should be).

  46. cantremembermuchmath says:

    Re: “But there is still a nonzero probability that AACS LA thinks it owns the number I wrote.”

    I’m a little rusty, but since there are infinitely many numbers that aren’t being claimed as property, the probability that any particular number is owned really is zero (the owned numbers are a set of measure zero)… I could be wrong, I never paid attention in math class that much…

  47. Devonavar says:

    @Paul: “A friend spent a year-plus in federal prison for unauthorized possession of “N or more access devices” (I think N was 20, but I could be wrong), which translated to “he knew and used a bunch of passwords the feds said he ought not to have known.””

    From your description, I’m not clear whether his crime was his possession of the passwords of his use of them. If it really was just possession, I find that chilling and wrong, regardless of what the law says, since it essentially boils down to thoughtcrime: He knew something he shouldn’t have. The only possession knowledge I can even conceive of as a crime is knowledge of state secrets, i.e. treason, and even then I would think the crime would be revealing the secrets, not knowing them.

  48. Greg London says:

    http://www.freedom-to-tinker.com/?p=1154#comment-354644

    Tom said:
    Greg: copyright has no bearing on this discussion whatsoever. The AACS LA isn’t claiming copyright and nobody’s assigning it to them. Fair Use rhetoric is great (I believe in it!) but it applies to copyrighted works that can then be added to or transformed through the work of others. It is completely irrelevant to this issue, I’m afraid.

    The DMCA is nothing but an attempt to end run Fair Use.

    To quote Bruce Lehman, the Patent Commissioner who lobbied Congress to adopt the DMCA, the man responsible for this DMCA mess:

    “Some have argued that because it may now be technically feasible to “meter” each use of a copyrighted work, and to charge a user a fee for the use, the concept of fair use has no place in the NII environment.” — Bruce Lehman, 1995

    And copyright law has everything to do with the issue overall because copyright was never intended to shut down research, development, reverse engineering, and the like. Copyright was never intended to prevent people from KNOWING something. The DMCA is designed to do exactly that. The DMCA is designed to convert certain technology into black boxes that the public is not allowed to discuss.

    And it is only upon Copyright law, and section 8 of the US constitution, that the DMCA can exist. Without copyright, there is no legal justification at all for the DMCA. But the constitution says copyright can only exist for the purpose of Promoting Science and the Useful Arts, not burying it in secrecy.

    So, no, no one is claiming copyright on the number. But every claim based on the DMCA must, inevitably, be measured against the constitutional requirement for copyright law. The DMCA consistently fails.

  49. Greg London says:

    hm, that first paragraph is Tom’s. Everything else is mine for the blame. Seem to have missed a closing italics marker…

  50. Keith Wright says:

    The “It’s only a bunch of numbers” argument is a bunch of hogwash. Have you published anything? It’s only a bunch of letters. Are you going to copyright the very alphabet we all use? Scandalous.

    This bunch of numbers was the secret password that the media companies could help them prevent crazy high amounts of lost revenue due to piracy (especially oversees). They wanted to use legal recourses available to them via laws written with the intent of restricting the distribution of the secrets that make piracy protection almost possible. But members of the public who aren’t hurt by piracy feel wronged by attempts to keep the secret under wraps.

    The notion that the secret password can somehow be erased at this point is a bit foolish, admittedly. The cat is certainly out of the bag. But because people don’t like not having total freedom with the media, they feel they have some god given right to usurp it. And it is shameful, in my opinion.

    Those with their 09F9 banners raised high make all sorts of excuses about who they are helping, and who they are not hurting, and extolling the individual over the big mega-corporations. But they have forgotten that piracy has claimed many victims in the past. Software piracy was so bad in the early days of computers, that very few games companies survived those early days. It seemed as if almost no one honestly acquired their games for systems such as the Commodore-64, and despite huge numbers of game players, the writers of those games (typically very small software companies) shut their doors one by one.

    Please have some respect for the needs of companies to prevent piracy.

  51. supagold says:

    I’m not a big fan of the current state of IP law in this country, but it seems clear to me that there is a legitimate public interest in protecting encryption keys. I mean when it comes right down to it, there’s no difference between these keys, my login info to my server, my credit card number, the private key used by the CA who issued my bank’s SSL certificate, or even the keys to my house. I think it’s right and proper that these unique numbers should be protected.

    You can’t claim that there’s nothing special about these numbers in the same sentence that you claim that they were chosen specifically because they weren’t special. What you’re really saying is that they were chosen because they’re good candidates for strong encryption.

  52. celebrim says:

    This is a highly spurious line of argument.

    In the digital era, all content can be rendered as a single number – the binary string which records that content.

    This isn’t about ownership of the number, and even if it was the law recognizes the right to own a number in a particular context and considers the distribution of the number in that context to be infringment – because it is.

    Likewise, there are many other circumstances where distribution of a number in a particular context is a crime, for example identity theft.

    It’s somewhat embarassing how many good minds have bought into this and other similar lines of reasoning.

    As I’ve said before, the notion that ‘information wants to be free’ only proves that the holder of that notion hasn’t thought very deeply on the matter.

  53. Frank G says:

    My social security number is just a number, but it would harm me if someone searched it out and published it in connection with me. Your email password is “just a number”, but vitally important to you when associated with your email account.

    “Just a number” is an idiotic argument. That number is part of a system for lawfully protecting intellectual content. Publishing it in connection with how it is to be used does damage to the people who chose and are using it.

  54. John says:

    The whole point of the aacs system is that hackers should not be able to get their hands on the keys, but that if they do, a mechanism exists to replace the keys and limit the compromise. I don’t think that a strategy of trying to use legal proceedings to make secret something that everyone knows will work, nor is it something that I imagine was planned for.

    I suspect that it is becoming obvious that the key revocation mechanism is a clumsy and long winded process which is already disrupting production and costing the studios money. Although it is speculation, it is possible that already manufactured disks encrypted with the compromised keys for unreleased titles have had to be scrapped.

    There is also the issue of the x-box hack. My money is that the upgrades to windvd and powerdvd handle pre-revocation disks differently to post revocation ones so that a successful side channel attack cannot be launched by observing how the players handle older disks where the hackers already know the keys. But if, as the hackers say, they can extract the volume key from any disk using the x-box hack, then there is a possibility that this makes the upgraded players far more vulnerable than was supposed. This is made worse by the fact that addressing the x-box hack requires the updating of stand-alone players with all the hassle that entails, and some believe that firmware hackers could trivially defeat that process anyway.

    My money says that the studios were sold a dream of a self healing system where the revocation mechanism would be seamless and transparent to the producers. It is quite clear that it is anything but that. I imagine that the aaacsla are having to reply to some very tough questioning – and are probably under huge pressure to “do something” – but what?

    So where does that leave them.

    The problem is that the aacs system is no good. It has been described as a leaking seive.

    So what can the aacsla do?

    Abandon aacs altogether, and replace it with something else – with all the consequences that entails?

    The last resort appears to be to try and stop hacking communities from using the internet as a means of communication, and so stifle the progress they are making. And the argument about the processing key and the DMCA is merely a means to that end. And I think we have seen how effective that is.

  55. Ned Ulbricht says:

    tom,

    You, Fred von Lohmann, AACS LA and a bunch of politicians and lawyers can argue all day long that “copyright has no bearing on this discussion whatsoever.” But, at the end of the day, our federal government is a limited government of enumerated powers.

    The AACS LA has claimed a right against the general public to forbid the publication of a certain number. Where did this claim come from? Under what authority was this monopoly supposedly granted?

    You can call it a “technological protection measure” —or you can call it a Peking Duck— but it quacks like a copyright claim.

    For two centuries, copyright has existed in some tension with the limitations on Congress expressed by the First Amendment. Part of that tension has been resolved by looking to the language of the Progress clause for the scope of copyrightable material.

    If Congress is not acting under the grant of authority in the Progress clause, then by what authority do these people pretend any right to suppress the publication of this information?

    May Congress technically circumvent the Constitution?

  56. Steve R. says:

    Keith you point to a fundamental issue: “Please have some respect for the needs of companies to prevent piracy.” Why would I have respect for a company that: first – has no respect for my rights and second – wants to reduce my rights to fair use. Content producers that respect the rights of the consumer deserve our respect and the consumers support to reduce piracy.

    To a degree, I find “piracy” to be a “red herring” – an appeal to the masses – so that the real intent of DRM is disguised. The real intent of DRM is to reduce interoperability to lock consumers into a specific corporate product mix. Apple stuff will only work with Apple stuff, Sony stuff will only work with Sony stuff, Microsoft stuff only works with Microsoft stuff and so-on.

  57. Devonavar says:

    @Tom: “This is the root of the problem: all information can be encoded numerically (at a chosen level of precision, anyway). Therefore so long as you agree that some information deserves protected status (as Ed does by referring to songs and movies), the argument that numbers can’t enjoy protected status is incoherent.”

    Why some of you keep conflating numbers and information? The numerical encoding used to represent information is arbitrary and irrelevant? If 09… can be protected, why is the hexidecimal form protected instead of some other encoding? Shouldn’t the protection extend to the same number in decimal form (as Ed noted), or binary? What about an MD5 hash, or a ROT-13 encoding? What if I encrypt the number again and pass the encrypted number along with the decryption key to you? The information I spread is the same, but the number is nowhere to be found. What if I subtract 1 from 09…, pass that number to you and tell you to add 1?

    I agree that some information should be protected, but let’s be clear that it is the information that deserves protection, not the number. All of the examples I listed above contain the information about the 09… key. Why should the 09… encoding be protected over any other way of communicating the information?

    Now, it’s true that some people do infringe copyright by copying certain numbers, when they download a movie, for example. But the number that represents the movie is incidental — it’s not its numerical statusthat makes it worthy of copyright. If you changed some of the digits around so that the background to the FBI warning was a slightly different shade of red, it would still fall under the same copyright, despite being represented by an entirely different number.

    The same goes for programs … such as the circumvention program you referred to. Programs are fundamentally algorithms, not numerical strings of machine code. That circumvention program would be illegal regardless of what string of bits was used to represent it.

  58. Ed Felten says:

    Let’s dispense with some bogus arguments.

    (1) The argument that some other numbers (such as those that represent the binary encodings of creative works) can be legitimately owned, therefore this one must be legitimately owned.

    This just doesn’t follow. As I wrote above, this number is not a creative work. What happened here is that somebody picked millions of numbers at random and then unilaterally declared ownership of them. You have to justify why, as a matter of public policy, all of these numbers should be owned, and why they should be owned by these particular people. If these numbers were hard to pick, or if they encoded creative decisions, I would be more impressed.

    (2) The argument that publishing other numbers might do harm to somebody, therefore publishing this number should be illegal.

    Again, this doesn’t follow. You have to make arguments about these numbers, and why our government should help stop people from publishing them.

    (3) The idea that banning publication of this number without the permission of certain companies would advance the business interests of those companies, therefore such publication should be banned.

    Again, doesn’t follow. If you want to use an argument like this, you have to argue that the public interest is harmed by not giving these people veto power over who can publish this number. And you have to argue that the benefit of assigning that veto power is large enough and certain enough to outweigh the free speech issue.

  59. tom says:

    Ned Ulbricht: You can call it a “technological protection measure” –or you can call it a Peking Duck– but it quacks like a copyright claim.

    I’m sorry, but I disagree. I think that people are anxious to collapse the issue into a copyright problem because our copyright system is particularly screwed up, and the rhetoric around what’s wrong with it is relatively well-developed. The arguments come more easily. But not all intellectual property restrictions involve copyrights — this one certainly doesn’t — and the distinctions are important. It’s also worth noting that copyright is one of the most restrictive forms of IP, giving a lot of rights to the author and ceding very few. Other forms that are more similar to this situation — trademark, say — only apply in context.

    Devonavar: I think you’re confused about what I’m arguing. I agree, the information is what’s at issue, not any particular encoding (this is why I find all of the “fair use” examples on BoingBoing so unconvincing).

    Ed Felten: What happened here is that somebody picked millions of numbers at random and then unilaterally declared ownership of them.

    I think that using the “ownership” frame is inaccurate and obscures the issue. The AACS is not asserting ownership over the numbers. It’s asserting that you can’t redistribute them for purposes of cracking their technology. A more apt analogy would be a neighborhood association insisting that a local store not sell spray paint to minors. The association is not asserting ownership over the paint, it’s just restricting its distribution for a particular purpose.

    I suppose that an extremely radical libertarian reading could interpret this as “asserting ownership”, but I don’t think it’s very convincing. It’d be like saying that I’m asserting ownership over everyone’s guns by insisting that they not shoot me.

    Now, I happen to think (as I suspect that most of you do) that the DMCA’s prohibition on the distribution of circumvention technology is bad policy — it’s both impractical to enforce and stifles innovation. But that doesn’t make the “they’re taking out numbers!” argument any more coherent. I think we should make our case in good faith, and I don’t think that’s possible with this particular argument.

  60. graphex says:

    For those arguing that DMCA does not have anything to do with copyright, I just wanted to remind you that DMCA stands for Digital Millenium Copyright Act.

    At its core, this whole tea party results from this awful legislation (thank you, 105th congress) and the rights which it took away from the public.

    I produce copyrighted material for a living, and I hate the idea that someone would duplicate and sell that material without cutting me in on the deal. I think it is great that it is illegal for someone to copy and sell, say, a photograph of mine.

    I don’t think, however, that my rights should have been extended by the DMCA such that (let’s make this simple) I can chop up my photograph in to 4 pieces, re-arrange them and tell you that the order they’re in is 3124 when I license the photograph to you, and then expect Digg to delete your account when you link to an article on your blog which says “all the photographs from graphex are chopped in to 4 quadrants and saved in the order 3124″.

    This is just my opinion, others who have posted here seem to think that I should expect Digg to delete your account, and I should be able to sue them into nonexistence if they don’t. Personally, I’m happier if it is just illegal for you to actually give away or sell the 3124 ‘encrypted’ photographs that I licensed to you. It is easier for the public to understand that way, too.

  61. Eric says:

    Look folks. It’s essential that enforcement against media piracy be STRICTLY enforced. Otherwise, Hollywood profits will take a big hit, and so will contributions to the Democratic Party, our only hope against the conservatives, who just want to control what individuals do.

  62. Anonymous says:

    I would class a decrypted processing key as “information which can be used to facilitate unauthorised access to a copyright work” but which is neither a device nor technology.

    The issue would then be whether it is contrary to the DMCA to publish information like that.

  63. Paul says:

    If everyone who thinks the code should be freely available guarantees that they will never use it simply to crack and play something they hadn’t actually aquired legally in the first place, then I think the lawsuit should just be dropped. Just promise that nobody will ever use it to make a copy of your friend’s copy of the movie.

    No, didn’t think so.

    As others have said, the high minded, morally outraged, fair use are being disingenuous here. People want the code so they can copy stuff for free. This isn’t civil rights, free speech. It’s greed.

  64. Dscho says:

    Fred G: the problem _literally_ _is_ that they are just numbers. Otherwise you would not have to have lawyers to ensure that these works are not copied.

    Jack Guyant: you’re correct. Kronecker was referring to the natural numbers only.

  65. graphex says:

    Paul says: As others have said, the high minded, morally outraged, fair use are being disingenuous here. People want the code so they can copy stuff for free. This isn’t civil rights, free speech. It’s greed.

    I heartily disagree with you, Paul. I have no intention of ever copying an HD-DVD I didn’t buy, and I paid for every piece of software I use (well, every piece that isn’t intended to be free) this means that last year I personally spent between $5,000 and $10,000 on software that I use. I feel pretty good about that. I make software, and I buy software. I create artwork and I buy artwork that others have created.

    I do, however, want to be able to take some of the DVDs I’ve purchased and put them on my computer hard drive upstairs as MPEG-4 files, then watch them downstairs in my home theatre.

    I am proudly not to be a pirate – I buy what I use – and I resent that you’re lumping me in with people who truly are doing something unethical, and calling me a criminal for simply wanting to change the format of a movie I purchased so it is more convenient for me to watch in the privacy of my home.

    Sure, there is some greed involved in wanting the freedom to, uh, tinker and set up a good solution which works at my convenience. And maybe some avarice in wanting to be the cool geek that figured out how to have remote control access to 50 of his DVDs, but I should have the freedom to do that, and don’t you call me a pirate, because I paid upwards of $20 for each and every one of those DVDs.

  66. slack says:

    “like 790,815,794,162,126,871,771,506,399,625.”

    too low by 13,256,278,097,173,663,488,891,994,129,895,305,015

  67. Kevin says:

    Prof. Picker’s post got me thinking and I’ve come to equate this with Martin Luther King’s March on Washington:

    http://www.copyrightings.com/2007/05/digital-march-on-washington.html

    Does that make sense to you?

  68. Jesse says:

    @rc: You wrote, “Simple solution: use an ascii text poem as your encrypt key. Poems are copyrightable.”

    I believe this was disproved in the Lexmark case, or maybe Accolade. If the work is essentially no more than a key, then you can’t use copyright to stop it from spreading, because it’s being used as a technical component instead of just a creative work. That is, if this particular poem is *required* for interoperability, then you’re allowed to use it.

    @Paul: You wrote, “As others have said, the high minded, morally outraged, fair use are being disingenuous here. People want the code so they can copy stuff for free. This isn’t civil rights, free speech. It’s greed.”

    Hate to break it to you, but some of those high minded, morally outraged folks honestly believe it’s a fundamental human right to freely share information and culture – that copyright is a free speech issue.

    You might as well claim that women who demanded the right to vote were just being “greedy”. They believed it was their right to vote in a democracy, and many people today believe it’s their right to share content in a digital era where it can be done for free. Yes, some of them would like to take advantage of that right themselves, but surely you don’t think it’s only OK to demand rights that you yourself won’t benefit from!

  69. Jim says:

    Companies have been claiming ownership over everyday things for a long time, for example Cadbury chocolate seems to think they own the colour purple. Its time everyone makes some noise and we stop this nonsense.

  70. MisterVader says:

    Playing devil’s advocate here…

    How is an “unspeakable number” different from uttering a password to some sensitive website online? Or to someone’s credit card account? I’m trying to wrap my head around the difference because at this point, I don’t feel there is one.

  71. Crosbie Fitch says:

    MisterVader, the key difference is that passwords control access to private property, whereas in this case an industry cartel is attempting to use a published numeric key to control access to public property – and the legal abomination that is the DMCA to sanction such nonsense.

    That is the essential problem, and is not, as many are misreading it, a rebellion against the idea of owning a number.

    The fact that all digital art is in essence a number is a red herring. The problem is not that no-one should own or be able to lock up numbers (or digital artworks) that are useful or interesting to them (they can), but that no-one should own or lock up PUBLISHED numbers.

    And the contents of published DVDs and the chips in everyone’s DVD player are published, public knowledge, public works.

    Freedom to Tinker is: owning the devices you buy and the numbers upon or within them.

  72. apples says:

    The point Graphex raises is the simplest and the one to be focused on – that if you make a product and someone wants to buy it – Graphex should get paid what the market considers fair value

    Arguments around DMCA and its limitations and complaints about the restrictions on interoperability all laid out above are wholly irrelevant.

    Instead of trying to work out how to crucify the suppliers the consumers ought to be clubbing together to deliver to the market a demonstration of pre-demand that resolves any questions rights holders of anything have about opening up interoperability. If the business makes sense a solution will be found.

    If the same consumers feel let-down then they boycott the original product – and this seems to have worked well for Linux and Apple and prompts either a more open policy from microsoft or if you take the argument to its logical conclusions and they remain inflexible – adoption of the alternative product – ie my picture because Graphex is too ugly and he won’t publish it anyway and besides i’m more handsome

    ….however if you want a great example of how it all goes tits up if you don’t think carefully about piracy, the value of content and fair protection – see south korea where anyone can watch anything on a low subscription fee – this means no domestic product can recoup production budgets without support from international demand (which luckily remains high) – otherwise if you don’t make the cash back on theatrical you’re screwed.

    If that becomes a worldwide problem then there is the infinite supply the upstarts here demand – which results in total lack of production – the studios are cockroaches and they will always adapt but it’s “bye bye” first to every independently produced film you’ve loved that cost more than a $1 million (i believe you could finance movies for less than this purely on internet demand using Swarm Of Angels models). Then the same retards that cause the upset complain there’s nothing good on tv anymore and restrictions are applied – oughtn’t there to be a happy medium somewhere? isn’t it in the consumers BEST interests to try and use their power to support both production AND control the supplier? Isn’t this what the power of the internet community ought to be used for – positive supportive action rather than value destruction?

    I’m certainly a bit lost

  73. Ed Felten says:

    Apples,

    Most DMCA opponents are all in favor of letting the market decide. The part of the DMCA at issue here starts like this:

    “No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that …”

    This bans a whole category of products, including some reasonable products that consumers want.

  74. Thomas Claburn says:

    As an explanation, you might also include the overall objection to DRM, which is that it takes away legitimate fair use rights. It judges the user before the user has violated copyright law.

    @Paul: “People want the code so they can copy stuff for free.”

    Some no doubt, but taking away everyone’s rights to police a subset of everyone is not a valid approach. Enforcement must happen after the fact.

  75. J-Man says:

    Let’s see here:

    No one is allowed to manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, the number 12345.

    I have this as copyright and it is the number to my brief case!!

  76. tz says:

    The DC Madam apparently had a phone book with numbers which were traceable and ABC will be “publishing” the results tonight.

    But here is the difference. I can have my computer run through every social security number in a few seconds, but I don’t have the rest of the information attached to it (name, address, birthdate). What the AACS seeks to suppress is not the circumvention collection, or even significant pieces of a decryptor, but one specific setting of that machine. I doubt banning a complete implementation in something like supercopyhddvdpluswhatever.zip on multiple sites would create a problem and create the large opposition and the whack-a-mole effect. Banning a single integer as if it is an equivalent threat does. It is the difference between copyrighting or enforcing trademark on a large passage or character from a novel and a short sequence of common words like “This is it”. (Looney toons themesong?).

    There is a line where something becomes a piracy device, and a lone integer isn’t it, and if it is ever accepted as such the results will be chilling. There is a perhaps subconscious thought that if I could stick my pen through someone’s eye far enough I could kill them and thus we should ban pens as weapons. In effect if anyone, anywhere can misuse something then it should be legally prohibited. Most people use a more reasonable standard that if in normal use things aren’t designed to harm, they should be permitted. And they know if it is banned on a blogpost, it can be banned on a t-shirt, so where do you stop?

    But go further. What about publishing two numbers which add up to the value, or an easily reversed function like a compliment or inc/decrement? Can those be banned? If N = f(x), how do you ban all the f and x components?

  77. Anonymous says:

    I think we all know what is going to happen with the first key that gets extracted from the upgraded (sic) system.

  78. Crosbie Fitch says:

    tz, we are all copyright holders and we are all beneficiaries of the DMCA (not that we are all thankful for such unethical law, but there you go).

    This means that we can also do senseless things such as affix ineffective TPMs to our works and go around bullying people who disclose the keys to them.

    Check out Schrödinger’s Copyright for an example of how silly things can get.

  79. Greg London says:

    Instead of trying to work out how to crucify the suppliers

    Crucify? To demand Fair Use is to Crucify?

    the consumers ought to be clubbing together to deliver to the market a demonstration of pre-demand that resolves any questions rights holders of anything have about opening up interoperability.

    What planet do you live on? Have you looked at the history of court cases around copyright? Rights Holders have demonstrated that they can demonstrate an insatiable appetite for monopolistic rights.

    Note the tooth and nail fight against the VCR. Note how since that decision the rights holders didn’t actually lose money from VCR’s but probably gained money being able to sell tapes.

    Note that when the Sonny Bono act was passed in 1998 to extend copyright terms to Life-Plus-70-Years, it was suggested to make terms forever minus one day.

    Note that Mark Twain argued for infinte copyright terms. Note that when copyright was first put into law, rights holders were arguing for infinite terms.

    Jack Valenti said in 2003 that if you want a backup copy of a disc, that you should buy another disc. Back in teh Betamax days he compared the VCR to the Boston Strangler.

    What you have to get is that there is a strain of copyright holders who will be dissatisfied with anything less than a complete and total monopoly of rights.

    And therefore, suggesting that the public must come up with a solution to satisfy the insatiable is absurd. It will never happen.

    If the business makes sense a solution will be found.

    What you need to understand is that copyright is a legally mandated monopoly. It is bestowed by the government and given to the copyright holders. It isn’t a problem of “business model” working or not.

    The business model is actually quite simple.

    Copyright is a reward created by government to entice people to create new works. Copyright is like a bounty put out by the government to catch a bad guy. The bounty or reward should be set as low as possible, but just high enough to get the job done.

    What copyright has become, instead, is corporate welfare. Rather than paying the reward to the lowest bidder, the bounty’s have been set to the point that Disney, for example, is pulling in 20 Billion dollars a year. Disney then turns around and donates millions of dollars to your congressmen and senators to purchase their votes to make sure copyright terms remain longer and longer.

    Your argument implies that the “business model” does not work, and it it up to the public to fix it. The business model already works. What we’re arguing about now is whether copyright is intended to be a way to make sure Mickey Mouse never enters the Public Domain. Ever. Or whether Disney made a sufficient profit on “SteamBoat Willy” and now it’s time to allow it to enter the Public Domain.

    If the same consumers feel let-down then they boycott the original product

    This is so naive it’s silly.

    One could use the same argument to say the government should abolish the Food and Drug Administration, and just let the public boycott companies who make unsafe products.

    Because its really just government intervention. Let the public work it out directly. And if the business model makes sense, go for it.

  80. Curious says:

    What about credit card numbers? MasterCard presumably claims ownership of quite a few 16-digit numbers. But it’s not the numbers by themselves that are valuable — it’s the number in conjunction with _whose_ number it is.

    The same would apply to Social Security numbers. That’s a lot of 9-digit numbers that are “owned”. (I’m not sure ownership is really the right term here. “Private,” perhaps?)

    In this case, is AACS-LA asserting that they own the number, or that the number in conjunction with the knowledge that it’s the key to their encryption is theirs? What other information in combination with this number would rise to the level of reasonably “private”?

  81. German says:

    What happens if the next secret number is 3.14159265358979 ? It will be banned?

  82. Nathan Tyler says:

    The real house analogy:

    I saw one post that likened this to a house, and the real reason this consumer backlash. Here is what the MPAA and RIAA are doing to abuse the DMCA in an more accurate analogy to a house and then I will explain.

    Say I have $200K and wish to buy a house. I go to a real estate agent, who shows me houses and I find the one I want. I go through all the contractual agreements to buy the house and I pay the money to buy it. However, buried in the contract is a term that tells me that the house I just bought contains the real estate agency’s Intellectual Property (IP).

    I pay the money, buy the house, but they do not give me the key. They point to the this section where they have IP in the house and therefore they control the access. I can either call them up each time I want to get in the house and they will come let me in[1], or if I pay an additional fee they will keep someone posted right by my door to let me in each time I want in [2]. I pay the fee for the person to stand by my door and let me in. But, if the guy dies from starvation[3] I have to pay again to have someone else stand by my door.

    I get sick of this and I just want the key to my own house. I should have a legal right to posses the key to the house I purchased. The house is legally mine by contract it is even on “public record” that I own the property. I have fair use of entering and exiting the house anytime I want and should not have to pay for someone else to let me into the house I own.

    I do not own the IP on the house, but I own the physical property that includes the physical house and I have every right to get in when I want and have the key to my property. The IP in the house is only the structure design of the house or the “blueprints” to which the real-estate agency can make other houses exactly the same as mine. I do not have the right to go build an exact house for others to live in based on that IP.[4]

    Now, I contrary to what most people think (for this analogy…I am not advocating violence), I do have the right to the key and I also have the right to punch the guy sitting by my door and take the key forcefully from him.[5]

    Now, no one else has the legal right to come up to the guy, punch him (again only for this analogy), take the key, even if they were planning on giving the key to me. They don’t have that right. They certainly don’t have any right to take the key copy it, and give it to everyone else, even if it is found out that key is the same key to all the houses sold by this real-estate agency. They can’t take the key from someone else and give me the key even if they know that the key will fit my lock. Nor can they sell me this key to get into it or even the lockpicks for me to get into it.[6] Though there are some exceptions to even that rule most.[7]

    But here is where the law is really murky. What is fair use? If I have the right to get into my house because I purchased, and I should have the right to also allow others of my choosing to get into the house say for instance my wife and son (actually I am not married that is only for the analogy). Should I not be allowed to copy they key so that they can gain access to the house I purchased any time they want to because I want them to live there with me?[8]

    And, how about if the person sitting at the door is really big and strong and I am incapable of punching (only an analogy) the guy and forcefully taking the keys myself. Should I, having the right to have the key, not be allowed to ask someone who is much bigger and stronger than myself to punch the guy and take the key to give it to me? Even if that means I have to pay that bigger stronger person?[9]

    [1] This is likened to the pay-per-view model.
    [2] This is me buying the HD-DVD disc only to realize I also have to buy all of the encryption decryption stuff for HD anything including players and screens that control all output to the monitor and limit any form of copying or any other limits they see fit to impose.
    [3] Any hardware malfunction, or many other problem.
    [4] Such as I buy the physical media HD-DVD disk and have a legal right to access the content thereon, but the studios still have the right to reproduce that HD-DVD. I do not have the right to reproduce the DVD.
    [5] Contrary to what everyone says. . . the DMCA does NOT prohibit circumventing when it is for a legitimate purpose. This was placed in the law specifically to keep in harmony with understood “fair use” rights.
    [6] This is the anti-circumvention clause that most people mistake for the former. This is what many companies have been charged with even though their product was designed for people to exercise their fair use rights. They were creating the tool to circumvent.
    [7] Several exemptions are even in place for the anti-circumvention clause including security professionals and encryption education specialties, and libraries and other public institutions that are determining if they want to procure the license to the work.
    [8] This would be considered Fair Use, but there has to be a line drawn when it comes to IP…. Where is that line drawn?
    [9] I should be allowed to ask a hacker or find a “circumvention tool” to allow me to exercise my “fair use” rights. However this is where the DMCA abuse comes in. No one is technically allowed to provide such a tool even if I ask them too. And that is where the real revolt against the DMCA needs to be focused. That is why I fully support anyone willing to publish the key and any code for circumvention even if that is technically unlawful or illegal. The law is unjust and needs to be revoked.

  83. John says:

    Given that the compromised processing key will not be used any more (Ayers at the AACSLA wrongly states that it has been revoked) they appear to be making a song and a dance about it all of a sudden.

    Which has started to lead to speculation as to why all the fuss about a key that has been public for months.

    There is an interesting article about just that at

    http://blogs.zdnet.com/hardware/?p=391

  84. Todd says:

    When Ayers says the key has been “revoked” he’s using the language of the AACS system. That term implies that the key will not be of any futher use and “John” is correct – that’s not true. The key will always be valid for the discs that used it, but there’s a catch.

    What Ayers really means is that a group of software players has been revoked. In the AACS system, a software player is called a “host.” The AACS LA has two methods of revoking a player. The first is to simply stop using the famous 09 F9 processing key (and all other processing keys that players in the revoked group can calculate) on new discs. That cuts off new titles.

    The “catch” is teh second method of recation. The AACS LA can use what’s called a “Host Revocation List” to tell any disc drive to stop working with revoked software. That prevents old titles from being played with revoked software. When a new disc is inserted into a drive, the drive is supposed to update its HRL and stop talking to revoked “host” software.

    Of course, the hackers have already modified the software on some drives to ignore the HRL on a new disc.

  85. Crosbie Fitch says:

    John, the fuss may be expected and thus created deliberately precisely because they need to render players and/or DVDs non-functional – which will piss the purchasers off quite a bit.

    This publicity presumably lays the blame at the foot of vandals rather than AACS LA – who are completely blameless and wear a shiny halo.

  86. Anthony Ettinger says:

    I think it will be interesting to see how this pans out, although I doubt it will have an effect on much at all…there will always be people trying to protect copyrighted material, and those trying to distribute it illegally.

    The rest of can make our “one backup copy”.

    http://www.chovy.com/consumer-advocacy/got-decss-how-about-hd-dvd-09-f9/trackback/

  87. John says:

    I have alreacy said that this goes beyond just aacsla concern over that key per se. I reckon that it extends beyond just HD movies and started towards the end of March.

    Various sites that host software and methods for copying CSS protected DVD’s with additional things like aarccos started to disappear, and unless you know where to look, some of these tools are getting hard to find. Examples are Ripit4me and FixVTS, and some forums have started preventing discussion about hacking methods.

    I reckon that there has been a co-ordinated attempt to rid the Internet of sites and fiorums where hackers discuss these matters and exchange program ideas etc.

    I reckon that they are woried that too much progress is being made by too many hackers too quickly.

    If that is the case, then that suggests to me that drm is not really much good and that the studios etc. are now resorting to try and control the spread of knowledge and information on the Internet.

    For several weeks they were getting away with it. I am not so sure now.

  88. Crosbie Fitch says:

    They can only:
    be seen to be doing something
    appear to be suppressing information
    litigate anyone they fancy – at random
    worry those prone to worrying

    They cannot actually achieve anything apart from briefly removing graffiti from the sidewalk and rearranging the deck chairs on the Titantic.
    They cannot:

    Shut down the Internet
    Suppress information
    Stop binary digits from being copied.
    Force people to pay more for less and damn well like it

    So, we have two possibilities concerning C&Ds and any actions by the cartel, whether RIAA, or AACSLA, etc..

    Are a mindless committee with a doomed mission and no clue apart from doing just enough due diligience not to get sacked (until a better job comes along)
    They know the impossibility of their mission and know precisely what they’re doing.

    In the former case there’s nothing to worry about. The edifice of the copyright industry is inexorably falling off the rapidly eroding cliff into the sea. Stand well back!
    In the latter case, they know their mission is impossible, but they need to demonstrate this impossibility to their shareholders, business partners, customers, musicians, movie makers, and the public at large. It’s not enough for just us few cognoscenti to know their doom, they have to educate the entire world by demonstrating that no matter what they do they cannot actually stop copying. Unfortunately, they have to be seen to try even highly punitive and socially repressive measures – which means some ‘examples made to educate the rest of us’ serve as cannon fodder – the more apparently naive and unwitting the better, e.g. children, grannies, small struggling families, students, the recently deceased/bereaved, etc. The more hateful their actions the more easily they can eventually justify their abandonment of copyright.
    So, you have to decide: Incompent headless chickens? or Ultimately cunning foxes?

  89. Crosbie Fitch says:

    (Now with manual numeric lists rather than HTML)

    They can only:
    1) be seen to be doing something
    2) appear to be suppressing information
    3) litigate anyone they fancy – at random
    4) worry those prone to worrying

    They cannot actually achieve anything apart from briefly removing graffiti from the sidewalk and rearranging the deck chairs on the Titantic.

    They cannot:

    1) Shut down the Internet
    2) Suppress information
    3) Stop binary digits from being copied.
    4) Force people to pay more for less and damn well like it

    So, we have two possibilities concerning C&Ds and any actions by the cartel, whether RIAA, or AACSLA, etc.

    1) They are a mindless committee with a doomed mission and no clue apart from doing just enough due diligence not to get sacked (until a better job comes along)
    2) They know the impossibility of their mission and know precisely what they’re doing.

    In the former case there’s nothing to worry about. The edifice of the copyright industry is inexorably falling off the rapidly eroding cliff into the sea. Stand well back!

    In the latter case, they know their mission is impossible, but they need to demonstrate this impossibility to their shareholders, business partners, customers, musicians, movie makers, and the public at large. It’s not enough for just us few cognoscenti to know their doom, they have to educate the entire world by demonstrating that no matter what they do they cannot actually stop copying. Unfortunately, they have to be seen to try even highly punitive and socially repressive measures – which means some ‘examples made to educate the rest of us’ serve as cannon fodder – the more apparently naive and unwitting the better, e.g. children, grannies, small struggling families, students, the recently deceased/bereaved, etc. The more hateful their actions the more easily they can eventually justify their abandonment of copyright.

    So, you have to decide: Incompent headless chickens? or Ultimately cunning foxes?

  90. greglas says:

    Hi Ed –

    I understand how counter-intuitive it is, but there is actually some precedent out there for numbers as property:

    See
    http://terranova.blogs.com/terra_nova/2005/08/123321456787654.html

    Cf. this bit from Eben Moglen, which relies heavily on the “numbers can’t be property” intuition:

    “Like everything else in the digital world, music as seen by a CD player is mere numeric information; a particular recording of Beethoven’s Ninth Symphony recorded by Arturo Toscanini and the NBC Symphony Orchestra and Chorale is (to drop a few insignificant digits) 1276749873424, while Glenn Gould’s peculiarly perverse last recording of the Goldberg Variations is (similarly rather truncated) 767459083268.

    Oddly enough, these two numbers are “copyrighted.” This means, supposedly, that you can’t possess another copy of these numbers, once fixed in any physical form, unless you have licensed them. And you can’t turn 767459083268 into 2347895697 for your friends (thus correcting Gould’s ridiculous judgment about tempi) without making a “derivative work,” for which a license is necessary.

    At the same time, a similar optical storage disk contains another number, let us call it 7537489532. This one is an algorithm for linear programming of large systems with multiple constraints, useful for example if you want to make optimal use of your rolling stock in running a freight railroad. This number (in the U.S.) is “patented,” which means you cannot derive 7537489532 for yourself, or otherwise “practice the art” of the patent with respect to solving linear programming problems no matter how you came by the idea, including finding it out for yourself, unless you have a license from the number’s owner.

    Then there’s 9892454959483. This one is the source code for Microsoft Word. In addition to being “copyrighted,” this one is a trade secret. That means if you take this number from Microsoft and give it to anyone else you can be punished.

    Lastly, there’s 588832161316. It doesn’t do anything, it’s just the square of 767354. As far as I know, it isn’t owned by anybody under any of these rubrics. Yet.”

    Excerpted from this:
    http://emoglen.law.columbia.edu/my_pubs/anarchism.html (1999)

  91. Anonymous says:

    I’m not so sure that there is a direct analogy.

    In the cases cited above, the integer is the numerical representation of a computer program, and it is from the copyright of the program that the copyright of the number is derived. But a key is not a computer program.

    I suspect that it is arguable that if a number is not the representation of something that is copyrightable, that the number itself is also not copyrightable.

    An analogy would be a copyright poem. Translate it into another language and it is still a copyright poem. But a string of characters that is not a representation of something else that is copyright is arguably a different matter.

    In any event, they are not claiming that the key is copyright.

    However, some people are saying that the key is a DMCA Act circumvention device because of the CSS ruling. But in that case DeCSS was a separately written computer program capable of unscrambling DVD content. DeCSS was not a piece of information that someone lifted verbatim out of a computer memory whilst a player was playing a DVD.

    I think there is mileage in the argument that the CSS ruling is not directly in point, and that the situation of a key lifted from memory whilst a genuine player is playing a disk might be distinguishable.

  92. Anonymous says:

    If you do a Google search for that key – the 32 character string without any spaces, dashes etc – on the first page of results, the key is hosted on the MPAA web site. I wonder if they have received a C & D notice.

  93. Crosbie Fitch says:

    The trouble people have in coming to grips with IP is largely due to being brainwashed by copyright – it addles everyone’s brains.

    Numbers CAN be owned.
    Numbers CAN be private property.
    Numbers CAN be private intellectual property.

    However, if a number is communicated or copied, the information/copy belongs and becomes owned by the recipient (jointly). Sometimes the number is actually transferred (if large) rather than copied and thus is no longer owned by its former possessor.

    So, I have a lucky number. It is my number – I own it. You have no right to wrest it from me. It is my property, and I’ll only give you a copy if I want to.

    You may have a lucky number too. It may, coincidentally be the same as mine, but we don’t know that.

    We each own our own lucky numbers.

    I could sell you a copy of my number for $50 – you might buy it. If you do, you would then own a copy of my lucky number. You would then realise that it was the same as yours, however, you have not consequently, enabled me to make a copy of your number. You can still sell me a copy of your number for $100.

    Where things go crazy is when copyright is introduced. This isn’t about owning numbers, but about having the exclusive right to communicate/copy/modify the number. It is as if you still own all copies/modifications of your numbers even after you’ve given them to someone else (which is crazy).

    Thus if I sold you a copy of my lucky number, you could resell it or give it to someone else, but because of copyright, you could not make any copies of it, nor could you even increment it. And if your lucky number happened to be the same, you’d better hope you have a diary entry to establish this, otherwise people might suspect you’d copied mine.

    So, the general rule is (irrespective of copyright/DMCA) that we all own the numbers we possess, and we can copy them and give copies into others’ possession for them to own. So, if I tell you my PIN number, you know my PIN number, you can copy it down into your notebook. I still have my PIN number, and I still own it. You also have the same number, and own a copy of it.

    Therefore if a shop sells you a DVD player and a DVD then you own all the numbers in both. They may hope you don’t deduce certain numbers in your possession, but they’re still your numbers – your property – numbers that you now own.

    Copyright and DMCA interfere with our property rights, they attempt to restrict what we can do with the numbers that we own.

  94. enigma_foundry says:

    ow the AACS LA sees fit. It really is that simple: Stop trying to steal my PC from me AACS LA!

    If that right is taken away, the PC revolution is in danger. The PC has been an enormously empowering invention, leveling the playing field between individuals and large corporations, and placing the means of production in the hands of many. There are those who would like very much to put the PC genie back in the bottle, and take control of PC’s away from users. All that is made possible by DRM. So when Ed Felten says:

    It will be interesting to see what AACS LA does next. My guess is that they’ll cut their losses, refrain from sending demand letters and filing lawsuits, and let the 09F9 meme run its course.

    I rather disagree, seeing that there seems to be a deeply malevolent streak in some of the public statements by the AACS LA. The AACS LA seems to want to really fight it out, and really go after someone. As covered at the BBC website:

    Bloggers “crossed the line” when they posted a software key that could break the encryption on some HD-DVDs, the AACS copy protection body has said.

    Thousands of websites published the key, which had been uncovered in a bid to circumvent digital rights management (DRM) technology on HD-DVD discs.

    Many said they had done this as an exercise in free speech.

    An AACS executive said it was looking at “legal and technical tools” to confront those who published the key.

  95. enigma_foundry says:

    The analogy that the AACS LA is trying to spin in the media is that distribution of the key is akin to distributing the combination of the combination to my bicycle combination. But that analogy is deeply flawed, because the key is to something I already own, that is a Blu-Ray or HD-DVD drive. If I own a PC, I should be able to use it in the way I see fit, not how the AACS LA sees fit. It really is that simple: Stop trying to steal my PC from me AACS LA!

    If that right is taken away, the PC revolution is in danger. The PC has been an enormously empowering invention, leveling the playing field between individuals and large corporations, and placing the means of production in the hands of many. There are those who would like very much to put the PC genie back in the bottle, and take control of PC’s away from users. All that is made possible by DRM. So when Ed Felten says:

    It will be interesting to see what AACS LA does next. My guess is that they’ll cut their losses, refrain from sending demand letters and filing lawsuits, and let the 09F9 meme run its course.

    I rather disagree, seeing that there seems to be a deeply malevolent streak in some of the public statements by the AACS LA. The AACS LA seems to want to really fight it out, and really go after someone. As covered at the BBC website:

    Bloggers “crossed the line” when they posted a software key that could break the encryption on some HD-DVDs, the AACS copy protection body has said.

    Thousands of websites published the key, which had been uncovered in a bid to circumvent digital rights management (DRM) technology on HD-DVD discs.

    Many said they had done this as an exercise in free speech.

    An AACS executive said it was looking at “legal and technical tools” to confront those who published the key.

    ….

    Michael Ayers, chair of the AACS business group, said it had received “good cooperation from most folk” in preventing the leak of the key.

    He described the row between Digg and its users as an “interesting new twist”.

    “It started out as a circumvention effort six to eight weeks ago but we now see the key on YouTube and on T-Shirts.

    “Some people clearly think it’s a First Amendment issue. There is no intent from us to interfere with people’s right to discuss copy protection. We respect free speech.

    “They can discuss the pros and cons. We know some people are critical of the technology.

    “But a line is crossed when we start seeing keys being distributed and tools for circumvention. You step outside of the realm of protected free speech then.”

    He said tracking down everyone who had published the keys was a “resource intensive exercise”. A search on Google shows almost 700,000 pages have published the key.

    Ok, they are in fact really, really silly. But here Mr Ayers says something that indicates is really, really dumb, and viscious too:

    Mr Ayers said that while he could not reveal the specific steps the group would be taking, it would be using both “legal and technical” steps to prevent the circumvention of copy protection.

    “We will take whatever action is appropriate,” he said. “We hope the public respects our position and complies with applicable laws.”

    The public neither respects your position, nor does it feel obligated to comply with an unjust law. On the contrary, certain portions of the public feel compelled to disobey such unjust laws. Many even feel that it would be immoral NOT to break such a law.

    And remember this: if you are going to start suing posters, you will in fact lose, and lose big. Just read about Dmitry Skylarov, or talk to someone at Adobe who mishandled that case. Mr Ayers, if you think that you have seen all of this rebelion at digg over their decision to remove posts with your key, you ain’t seen nothing yet. If you actually sued 1/1000 of those who posted the code, the DMCA there would be major fallout, and the DMCA would be history.

    But, the DMCA won’t become history be itself. Those who are concerned must speak out, and speak out now, very loudly. Politely, yes, but loud too. After all, it is our freedoms that are at stake.

    The action to take? The AACS LA is just a scheme by a few large corporation to do their dirty work. We can’t let those corporation distance themselves from the AACS LA.

  96. enigma_foundry says:

    So, from the AACS LA website, the corporate founders are:

    IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Walt Disney Co. & Warner Bros.

    This is the ‘Gang of Eight’ that we should boycott, if we are really opposed the suppression of our First Amendment rights. The one that might be amenable to pressure, and probably doesn’t fit in with the others is IBM. Panasonic , Intel, and Toshiba, as hardware manufacturers, are only in this group because they want to see their hardware gain market traction, and for that to happen, they need to bring the content owners (Sony, Walt Disney, Warner Bros and perhaps even Microsoft*) along only until their format has market acceptance. Once that happens, they don’t need AACS LA anymore. They just want to sell hardware that works, and tho the extent DRM stops that, it stops hardware sales. So Intel, Toshiba, and Panasonic may yeild to some amount of market/community pressure.

    IBM, however, has a substantial amount of their future business plans invested in open source. The open source community could start pressuring IBM to leave the AACS LA. IBM will, of course, try to distance themselves from the actions of the AACS LA. Of course they will, those actions are abhorrent. The community should accept nothing less then IBM’s leaving the AACS LA as a condition of halting any boycott against IBM.

    * It is, of course, very doubtful that Microsoft has any IP content that is worth protecting, but they seem to think they do, so I won’t enter into that tangent here

  97. tz says:

    Let me try a potential real example.

    First, the “key” is more like a password and not in and of itself a circumvention device.

    Lets say a game had a “secret” mode that was accessible by password, but through all existing published disks. They sell a separate “add on” which merely contains the password. People buy it and discover that it is 1. The word “Anonymous”, and 2. is identical across all disks.

    Can such a simple thing be a “circumvention device”?

    When the DMCA was passed, part of the question is whether something trivial could be considered protection and thus publishing something trivial would be considered a violation. Some said the courts would decide. This might be their chance.

    Note that most of the AACS information is available, and much of the problem is of their own making. They didn’t have to have identical keys at this stage, so the publication also exposes a defect in some part of their process.

    If publishing the key is sufficient to circumvent the protection, then the protection is trivial and shouldn’t be considered as protectable on that basis (consider if the key actually was all zeros or “AACS” repeated or something equally simple and that fact was published instead of the hex string). Security through obscurity isn’t. Conversely, if publishing the key doesn’t really circumvent the system, i.e. it is just a trivial and fixable piece or the result of a problematic habit, then it can’t be a violation. Which is it?

  98. John says:

    C & D notices have been going out for weeks, and they are not only confined to sites that host that key. They have also been aimed at sites that host information on cracking the drm on (standard) DVD’s, and forums that discuss such matters.

    It looks like it may have been a joint attempt by different parties to remove all information on the Internet relating to copying any sort of disk.

    But for the revolt at Digg, they might have got away with it.

    A few days ago, that key was hosted on not that many, and mainly obscure sites. The latest count is about 1.5 million with spaces between the character pairs, and 200,000 for the contiguous character string. That does not include tee shirts, mugs, songs on YouTube, or animated Flash jig-saw puzzles.

    I haven’t seen it distributed in spam emails yet – although I suppose the hackers are saving that for new keys that get pulled out the upgraded players.

    I doubt if the most expensive and extensive marketing campaign could have attracted that amount of publicity in such a short space of time.

    That is an awful lot of letters they are going to have to send out. My tip is to buy Pitney Bowes shares.

  99. Anonymous says:

    There is an interesting article at

    http://observer.guardian.co.uk/business/story/0,,2073249,00.html

    entitled

    “Blu-ray’s secret key: now showing at websites everywhere.”

    The following passage in the article just about sums it all up:

    “There is no such thing as an uncrackable protection system, and no way to stop circulation of the hack that breaks it.”

  100. Vandell says:

    Y’know, this got me thinking a little. The second amendment of the United States constitution declares that the people shall always have the right to a weapon, in order to protect all other constitutional rights of a human being – aka, the government should be afraid to take a constitutional right away from the people.

    In an odd sense, the internet is something similar. If an entity attempts to claim ownership over something that simply can’t be owned, such as the 09 F9 number, the people should be free to use the “Internet” as a form of weapon against said entity. This has, essentially, been accomplished – the people have revolted against a breach in free speech

  101. sadsac says:

    As it is now almost easier to list websites that don’t make some reference to “the number”, the number alone communicates the “information”. But at some point early in this avalanche, there had to be a subject to the sentence – or else all of the subsequent echoes of the number would be meaningless.

    1. 09 F9 …

    2. The AACS processing key is 09 F9 …

    So, what’s the distinction between plastering the net with #1 (absent some prior linkage to #2), and doing the same with #1 (having widespread understanding that it refers to #2).

    We probably can’t know, since “the number” alone would likely never have been disseminated in such a fashion absent the prior publication of #2.

    Does the AACSLA have a weaker case when they make the claim that the attribute of the number alone is a circumvention device, compared to when it is predicated to some or all of the words “AACS processing key”?

  102. Devz says:

    Unfortunately for anyone restricting the development of new technologies to challenge crackers minds:

    The human brain is a circumvention tool.

    What the first thing it does when given a problem? (when its not drunk, deteriorated by work hours, or stresses of money.. those nasty controlling methods that keep you in line.)

  103. John says:

    One positive aspect of the current copyright campaign (not just confined to the oh nine eff issue) is that it is starting to attract mainstream publicty and rattle the cages of previously uninvolved third parties.

    The RIAA is trying to saddle the education system with the costs of policing illegal downloading by students – and that is creating a stir.

    Eg

    http://www.law.harvard.edu/news/2007/05/01_nesson.php

  104. down with DMCA says:

    ******* PLEASE UPDATE WIKIPEDIA *******

    http://en.wikipedia.org/wiki/Illegal_prime

    http://en.wikipedia.org/wiki/Illegal_number

    I tried to update the above wikipedia pages on “illegal number” and “illegal prime”, in an attempt to reflect the above article, but my addition was promptly removed, the admins on wikipedia who are moderating these articles are intentionally trying to cover up the fact that these ideas are controversial, that it is a FACT that MANY people do not agree with the laws pertaining to this situation.

    Also, I tried adding this blog as a reference of relevance and it was taken out as well.

    I strongly urge everybody who reads this to go to wikipedia and update the articles, mentioning something along the lines of:

    “Many people feel that this notion that a number can become “illegal” to possess, utter or propagate, is a direct violation and threat against the inalienable human right to freedom of speech.”

    The following excerpt from the above article states FACTs. I strongly feel that these FACTS need to be posted in some NPOV form (worded appropriately) in the relevant wikipedia articles on this subject.

    Quote:
    Net users hate censorship and often respond by replicating the threatened content. When Web companies take down user-submitted content at the behest of big media companies, that looks like censorship. But censorship by itself is not the whole story.

    …the fact that the content in question is an integer — an ordinary number, in other words. The number is often written in geeky alphanumeric format, but it can be written equivalently in a more user-friendly form like 790,815,794,162,126,871,771,506,399,625. Giving a private party ownership of a number seems deeply wrong to people versed in mathematics and computer science. Letting a private group pick out many millions of numbers (like the AACS secret keys), and then simply declare ownership of them, seems even worse.

    ******* PLEASE UPDATE WIKIPEDIA *******

  105. cdmiller says:

    I think the point is relying on legal censorship of a publicly distributed key is not how to create an effective crypto system. The DMCA is proving to be a flawed implementation of law and business practice. To really capitalize on digitized works will require business savvy, not legislation.

    As for owning or censoring numbers, an idea or “work” can be encoded to be any number. Now who owns what?

  106. Craig says:

    Were it the case that only an integer had been posted, nothing would have come of it but when the integer in question was associated with the fact that it could be used to circumvent a system, it became an issue.

    People would like to apply noble reasons to what was done but in most cases from the viewpoint of many who saw it happen, it seemed more like children throwing a temper tantrum when finding out there was something they couldn’t do but wanted to.

    Copyright, DMCA, MPAAA, all irrelevant. Kids went off on a temper tantrum, nothing more, nothing less.

  107. Tarky7 says:

    To Hear is to Obey !

    Found you on Boing Boing ! Keep the faith !

    My PC Badness in response to your very intellectual position !

    http://tkekkonen.blogspot.com/

  108. Neo says:

    The illegal number article at Wikipedia currently shows a link to this blog. Perhaps they’ve gotten a bit more NPOV. Then again, they’ve semi-protected the page, which is not such a good sign.

  109. Neo says:

    Clarification — illegal prime is semi-protected and doesn’t link here; illegal number links here and isn’t semi-protected.

  110. David Gerard says:

    Most of the reason the number isn’t on Wikipedia is that it’s at distributed spam levels. And distributed spam is spam.

    See : Wikipedia:Keyspam

    I’m the one who added “Some of us would consider it appropriate to use orbital lasers to burn the key in 500-foot-long letters across the middle of Hollywood …” But I personally still don’t want the number removed from the site spam filter for at least a while, because I have no wish to encourage future memespam.

  111. Neo says:

    More interesting is

    http://www.google.ca/search?q=%2209+f9%22+site%3Awikipedia.org&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

    The full key is visible in several of the summaries … Wikipedia’s meticulous self-documenting and historical records make it nigh-impossible for anything placed there to really be expunged. Heh heh heh … Up yours, AACS LA. You have lost the war.

  112. Gene says:

    “circumvention device” …

    An integer/string is hardly a device (see dictionary) and much less a circumvention device (like TZ says above)

    The key is uses it to directly decrypt, not circumvent the encryption.

    I could see perhaps the method of obtaining the key as being circumventive, but that’s also a very gray given someone can obtain it just by looking at their RAM without any sort of hacking.

  113. Anonymous says:

    Gene makes a valid point “Circumvention” connotes the use of some specially manufactured device or technology whose sole purpose is to by-pass the correct decryption method.

    What is going on at the moment is the implementation of the correct decryption method, but in an unauthorised manner.

  114. DRJ says:

    Project idea: If that same decryption key could be found in a copy of a copyrighted website cached BEFORE the AACS developed and implemented the key, then it existed as prior art and cannot be legitimately claimed by the AACS. Ok, now go find it! : )

  115. tz says:

    Meanwhile in meatspace, states are making it harder to sell “used” CDs:

    http://arstechnica.com/news.ars/post/20070507-record-shops-used-cds-ihre-papieren-bitte.html

  116. fugu fool says:

    I have created an encryption/decryption routine. A file copyrighted file has been encrypted with it that can be decrypted with ANY 128bit key but not a smaller or larger key.

    Now, anyone publishing ANY 128-bit number is publishing a key that can decrypt my files. They are guilty of publishing information that can be used for copyright protection circumnavigation!

    I’ll be suing………

  117. carnivore says:

    http://rapidshare.com/files/49829193/RipIt4Me.zip.html

    that link is to download a complete RipIt4Me package. Copy until
    your content. Enjoy :)

  118. Anonymous says:

    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0