DeCSS

From Example Problems
Jump to navigation Jump to search

DeCSS is a computer program capable of decrypting content on a DVD video disc encrypted using the Content-Scrambling System (CSS).

Origins and history

File:DeCSS.PNG
The DeCSS code can be used by a computer to circumvent a DVD's copy prevention.

DeCSS was devised by persons unknown and released anonymously on the Internet mailing list LiViD in October 1999. Allegedly, one of the authors was Norwegian teenager Jon Johansen, whose home was raided in 2000 by Norwegian police. He was put on trial in a Norwegian court and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. However, on March 5, 2003, a Norwegian appeals court ruled that Johansen would have to be retried on charges that he violated Norwegian Criminal Code section 145 (the hacker law). The court said that arguments filed by the prosecutor and additional evidence merited another trial. On December 22, 2003, the appeals court agreed with the acquittal, and on January 5, 2004 Norway's Økokrim decided not to pursue the case further.

The program was first released on October 6, 1999 when Johansen posted an announcement of DeCSS 1.1b on the livid-dev mailing list. Initially, the source code was not available, but it was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper from a group called Drink or Die, which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.

The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms.

Johansen was involved in a flamewar with another member on livid-dev over the GPL violation issue. Johansen was a FreeBSD supporter and criticized Linux. The main point of the dispute was that Johansen claimed that he had been granted a non-GPL license by Fawcus for the css-auth code, while the other party claimed that he was lying. The flamewar ended when Fawcus confirmed Johansen's side of the story.

At the end of 2000, a document written by an anonymous author surfaced on the Internet [1]. It accuses Johansen of lying, slandering Linux and violating the GPL. The accuracy of the document is in dispute: Johansen's lawyer was a public defender paid by the Norwegian state and Matthew Pavlovich, LiViD project leader, testified in MPAA v. 2600 that UDF under Linux was an issue [2].

On January 23, 2004, the DVD CCA dropped the case against Jon Johansen. [3]

Technology and derived works

When the release of the DeCSS source code made the CSS algorithm available for public scrutiny, it was soon found to be susceptible to a brute force attack quite different from DeCSS. The encryption is only 40 bit, and does not use all keys; a high-end home computer running optimized code is able to brute-force it in 24 hours quite easily.

Programmers around the world created hundreds of programs equivalent to DeCSS, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to add DVD support to open source movie players. The licensing restrictions on CSS make it impossible to create an open source implementation through official channels, and closed source drivers are unavailable for some operating systems, so some users need DeCSS to watch DVDs at all.

Once the unencrypted source video is available in digital form, it can be copied without degradation, so DeCSS does help make mass copyright infringement possible. However, digital copying of DVDs without decrypting them was already widespread before DeCSS, especially in east Asia. Note that this type of copying is not possible using standard DVD-R or DVD-RW blanks, since the section of the DVD that contains the CSS keys is unwritable.

Legal response

In protest against legislation that prohibits publication of DeCSS code in countries that implement the WIPO Copyright Treaty (such as the United States' Digital Millennium Copyright Act), some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through steganography, through various Internet protocols, on t-shirts and in dramatic readings, as MIDI files, as a series of haiku poems[4], and even as a so-called illegal prime number. However, the CSS algorithm seems to require more characters to describe in a computer programming language than the RSA algorithm; one of the shortest implementations of the cipher (called "efdtt") is 434 bytes. Because of this, it has not been distributed by some of the more "inventive" methods used to distribute the RSA algorithm during the days of ITAR — it is not suitable for tattoos, email sigs, etc.

As of 2005, DeCSS (and several copycat programs which have not been specifically brought to court) can be readily obtained over the Internet. Some Linux distributions are able to install a DVD player incorporating a CSS implementation with a single command.

The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in about early November 1999 (Universal v. Reimerdes). As a response to these threats a program also called DeCSS but with an unrelated function was developed [5]. This program can be used for stripping Cascading Style Sheets tags from an HTML page. In one case, a school removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention.

External links and references

de:DeCSS nl:DeCSS fi:DeCSS zh:DeCSS