The Openlaw DVD/DeCSS Forum Frequently Asked Questions (FAQ) List
FAQ originally maintained by Rob Warren, with the help of Paul Fenimore, Sean Standish, Eric Seppanen and Wendy Seltzer. For questions, please contact openlaw@eon.law.harvard.edu.
This FAQ was last modified 10:20 AM EDT Wed, May 03 2000
Please begin reading this FAQ by immediately reading "OFFICIAL DISCLAIMER".
Maintainer's Note:
While this FAQ is now in "stable" release, its content is still subject to revision. We are in the process of debating and researching many of the questions, and the legal landscape around these issues can change on a daily basis. Please do not let a lack of information or a sparseness of presentation in this FAQ lead you to believe that an issue is being glossed over or ignored; more than likely, the problem is simple lack of information.
If you see any errors in the below text, or can provide new information that would add to the accuracy of this FAQ, please contact us at openlaw@eon.law.harvard.edu. Your participation is vital in keeping this FAQ up to date and informative.
Thank you.
Openlaw DVD/DeCSS FAQ Team
1. The Basics
2. On Legal Issues
3. Technical Questions
4. Finding More Information
5. How You Can Help
"IANAL". ("I Am Not A Lawyer.")
The vast majority of the contributors to this FAQ are not attorneys. Nothing written in this FAQ should be considered legal advice; the contributors and the maintainer of this FAQ claim no responsibility related to the accuracy of this information. The contents of this forum and FAQ exist only for the purposes of thought, discussion and information; no other purpose is claimed or intended, express or implied.
Most of the contributors to this FAQ are "techies" - Linux developers, technical writers and such. There are one or two attorneys in our number, and in recent days we have had participation from the defense attorneys for the Electronic Frontier Foundation. Nevertheless, nothing here should be used as legal advice.
Nothing in this FAQ should be construed as a final conclusion, but only as a summary of the discussion to date. Many of these issues - particularly the legal ones - will have to be decided by the courts, and we do not intend to presume those results. Since new evidence is coming to light all the time, these "conclusions" will inevitably change.
The points of view expressed herein are those of the contributors and do not reflect the views of their employers, clients, mailmen, elected officials, relatives, pets, clergy or imaginary friends.
1.1) The Technology
1.1.1) What is DeCSS? What does it do?
1.1.2) What is CSS?
1.1.3) Why was CSS made so weak?
1.1.4) Is it true that CSS prevents the unauthorized copying of DVDs?1.2) The Story
1.2.1) How was CSS broken?
1.2.2) How did the DVD industry respond to the CSS break?
1.2.3) How did the online community respond to the lawsuit threats?
1.2.4) Was DeCSS written to be a component in the LiViD DVD Player?
1.2.5) Is it true that the author of DeCSS was arrested?
1.2.6) Why should I care?1.3) The Players
1.3.1) Who is Jon Johansen?
1.3.2) Who is Derek Fawcus?
1.3.3) Who is Frank Stevenson?
1.3.4) Who is "Kaplan"?
1.3.5) Who is Jack Valenti?
1.3.6) Who are the lawyers working on these cases?1.4) The Organizations
1.4.1) What is the Electronic Frontier Foundation (EFF)?
1.4.2) What is the "MPAA"?
1.4.3) What is the "DVD CCA"?
1.4.4) What is "MoRE"?
1.4.5) What is "LiViD"?
1.4.6) What is "OpenDVD"?
1.4.7) What is "Slashdot"?
1.4.8) What is "2600"?1.5) The Documents and the Treaties
1.5.1) What is the Digital Millennium Copyright Act?
1.5.2) What is the Berne Convention?
1.5.3) What are the WIPO Treaties?
1.5.4) What is Title 17, a.k.a. 17 U.S.C.?
1.5.5) What is the Paris Convention?
1.5.6) What is the Rome Convention?
1.5.7) What are the European Directives?
2.1) Current Court Cases
2.1.1) What U.S. court cases are pending regarding DeCSS? Who is involved?
2.1.2) Why is everyone making such a big deal about DeCSS?
2.1.3) Are we directly challenging 17 U.S.C. 1201 in these cases?2.2) General Legal Issues
2.2.1) Why shouldn't I necessarily refer to this law as the DMCA?
2.2.2) What is the difference between a "defense" and a "right"?
2.2.3) What is the legal definition of "authority"?
2.2.4) Do the definitions of words like "authority" need to be listed in the law in order to be used in court?2.3) Constitutional Issues
2.3.1) Are there constitutional issues here? What are they?
2.3.2) Under what authority do legislators who have contributed to the legislative record claim 1201 was enacted?
2.3.3) Why does legislative authority matter?2.4) Copyright Law and 17 U.S.C. 1201
2.4.1) What is copyright?
2.4.2) What is "copyright infringement", as defined by 17 U.S.C.?
2.4.3) What exclusive rights does the copyright owner have, as defined by 17 U.S.C. 106?
2.4.4) What is a 17 U.S.C. 1201 (a.k.a DMCA) violation?
2.4.5) Does a 1201 violation still matter if copyrights aren't being infringed?
2.4.6) What are the legal penalties for a 1201 violation?
2.4.7) Can the Librarian of Congress declare DeCSS to be not in violation
2.4.8) Does CSS, as a 40-bit algorithm, qualify as "effective" under 17 U.S.C. 1201?
2.4.9) Does an injunction against DeCSS infringe MoRE's DeCSS copyrights?
2.4.10) Can 1201 take away rights or defenses defined elsewhere in 17 U.S.C.?
2.4.11) DeCSS is distributed under the GNU GPL. How does this impact the current court cases?2.5) Fair Use
2.5.1) What is fair use, exactly? How does it impact this case?
2.5.2) Doesn't "For Private Home Use Only" cover DeCSS use?2.6) First Sale
2.6.1) What is "First Sale", exactly? How does it impact this case?
2.6.2) How does "First Sale" doctrine impact the distribution of DeCSS?2.7) Injunctions, Trials and Federal Civil Procedure
2.7.1) What is an injunction? Why are injunctions issued?
2.7.2) I'm one of the seventy-two listed on the California injunction, but I live in Alabama. Do these injunctions still apply to me?
2.7.3) Do the current injunctions prohibit general Internet distribution of DeCSS?2.8) Free Speech and Prior Restraint
2.8.1) Are the current injunctions cases of prior restraint on free speech?
2.8.2) Is it illegal to discuss DeCSS/CSS decryption?
2.8.3) Is my new CopyLeft T-Shirt legal?2.9) Reverse Engineering Exemptions to 17 U.S.C. 1201
2.9.1) Isn't DeCSS covered by the reverse engineering exemptions?
2.9.2) What is the legal difference between legitimate reverse engineering and design theft?
2.9.3) Is the recent Sony vs. Connectix case relevant to these cases?2.10) Trade Secret Law
2.10.1) What is a trade secret?
2.10.2) Is a trade secret protectable on a federal level?
2.10.3) The President of the DVD CCA, John Hoy, inadvertently made the source code for DeCSS part of the public record on January 18th; doesn't that pretty much kill the trade secret case?2.11) Patent Law
2.11.1) What is a patent? How do patents differ from copyrights and trade secrets?
2.11.2) Is CSS patented?
2.11.3) If CSS is patented, would that make DeCSS illegal in the U.S.?
3.1) On CSS
3.1.1) How does CSS scramble DVD contents?
3.1.2) What are 'keys' and how do they work?3.2) On DeCSS
3.2.1) How does DeCSS work, exactly?3.3) On DVD
3.3.1) What is region coding? How does it differ from CSS scrambling?
3.3.2) Is a DVD a program, or is it data?
3.3.3) Is the CSS descrambling software stored on the DVD itself?
3.3.4) Is a DVD player a computer?
3.3.5) Do any computer programs exist which are written in DVD program chains?
3.3.6) Besides region coding and CSS, what other "protections" are used on DVDs?
3.3.7) What computer operating systems currently are without CSS/DVD support?
3.3.8) What are the differences between hardware and software DVD players?3.4) On Computer Programs and Software
3.4.1) What is a "program"?
3.4.2) What does "Turing Completeness" refer to?
3.4.3) What is "reverse engineering"?
3.4.4) What is an "operating system"?3.5) On Cryptographic Systems
3.5.1) What does "40-bit" mean in terms of encryption strength?
3.5.2) Why do some people refer to CSS as a "scrambling" system rather than encryption?
3.5.3) What is a "keyspace"?
3.5.4) What is a "brute force attack"?3.6) On Internet Issues
3.6.1) What is "linking"?
4.1) Historical Information
4.1.1) Where can I find a historical account of the breaking of CSS, October 1999 - Present?
4.1.2) Was there really a source code distribution contest?
4.1.3) Did someone really print T-shirts with source code on the back?4.2) Software
4.2.1) Where can I get a copy of DeCSS or the source code?
4.2.2) Where can I get a copy of LiViD, the Linux Video Player?4.3) Technical Information
4.3.1) Where can I find technical information on CSS and DVD video?
4.3.2) Where can I find more information about cryptographic systems?
4.3.3) Where can I find information about how DeCSS works?4.4) Legal Information
4.4.1) Where can I find an online copy of Title 17, the U.S. Copyright Act?
4.4.2) Where can I find an online copy of the DMCA as it was signed?
4.4.3) Where can I find the court documents of these cases to date?
4.4.4) Where can I find online legal information regarding fair use?
4.4.5) Where can I find an online copy of the U.S. Constitution?
4.4.6) Where can I find information on the legislative history of 17 U.S.C. 1201?
4.4.7) Where can I find an online copy of the Code of Federal Regulations?
4.4.8) Where can I find an online copy of the Federal Rules for Civil Procedures?
4.4.9) Where can I find general information concerning U.S. copyright law?
4.4.10) Where can I look up general court cases that might be related?
4.4.11) Where can I find some historical context to U.S. Civil Procedures?
4.4.12) Where can I find information concerning First Sale doctrine?
4.4.13) Where can I find more information about trade secret and patent law?
4.4.14) What is "Nimmer on Copyright"?
4.4.15) Where can I purchase legal books?
4.4.16) Where can I look up patents on record?
4.4.17) Where can I find basic information on how to properly conduct legal research?
5.1) Mailing Lists
5.1.1) DVD-Discuss
5.1.2) DVD-Announce
5.1.3) How can I sign up?
6.1) Administrivia
6.1.1) Contributor Biographies
1.1.1) What is DeCSS? What does it do?
DeCSS is an executable binary utility, written for Microsoft Windows. When you execute this program it displays a simple dialog box and two buttons. These buttons are labeled "Select Folder" and "Transfer".
One button reads CSS-scrambled content from a DVD-ROM, and the other deposits unscrambled MPEG-2 video files to the user's hard drive.
Credit for DeCSS itself has been given to Jon Johanson, a 16-year-old Norwegian who worked in cooperation with an unknown German and an unknown Dutch programmer. While Jon has been in the public eye of late, the other two programmers involved remain anonymous. According to Jon, even he does not know their true identities.
The term 'DeCSS' has been commonly applied to an entire class of software, typically any program that allows the playback of CSS-protected DVD content via non-licensed means. This is a misnomer and confuses the 'DeCSS' program with a variety of other, very different, programs.
A screenshot is available at http://www.tiac.net/users/rongus/decss2.gif.
1.1.2) What is CSS?
CSS stands for "Content Scrambling System". It is the data scrambling method used to garble the content of a DVD disc. According to most sources, CSS was put into use for the purpose of ensuring that copyrighted material placed in this format would only be usable with licensed DVD playback mechanisms.1.1.3) Why was CSS made so weak?
CSS uses a 40-bit key. Even if the scrambling algorithm is well-designed, the short key length means that a brute-force search will quickly find the key.
According to common wisdom, CSS was made weak intentionally to avoid government red tape, since at the time (in 1996) the U.S. export regulations banned export of strong encryption technologies.
Several people have pointed out that exceptions existed in the U.S. export regulations for decryption-only media playback such as music and film. It has been suggested by John Gilmore, quoting who he describes as a reliable source, that the concern was not over United States regulations at all but Japanese export regulations, which contained no such exception. This has not been independently confirmed at this time.
According to at least one source, CSS was one of at least two alternatives chosen to implement access control on DVD media. A second method uses multiple 40-bit keys to compose a single 80-bit key.
Source: Tape/Disc Business Magazine, October 1996. "DVD Copy Protection: An Agreement At Last?" by Dana J. Parker. Link: http://www.tapediscbusiness.com/tdb_oct96/feat_protection.html
1.1.4) Is it true that CSS prevents the unauthorized copying of DVDs?
No, CSS does not prevent the unauthorized copying of DVDs.
In various public statements CSS has been referred to as copy protection, access control, and some times simply a "protection system" without stating what is protected. The claim which is most often repeated is that "CSS prevents movies from being illegally duplicated," or some variation on that wording.
There is a great deal of rhetoric circulating in response to this question, but two basic points serve to set the stage for this discussion:
1. In court, the plaintiffs in the NY and CT lawsuits do not allege that unauthorized copying has occurred, nor do they allege trafficking in a device to permit unauthorized copying.
2. The movies on DVDs have been published. Nothing can change the basic fact that at some point people get to watch the movie on the disk. If people are so inclined, they can copy the movie at that point.
In regard to the first item above, the plaintiffs (collectively the MPAA), are suing for alleged violations of trafficking in a device to "circumvent access control," which is not copyright infringement. During the hearing in Judge Kaplan's court, he chastised those who failed to distinguish between circumvention and copyright infringement. The lawsuits are about "access control," not "unauthorized copying."
In regard to the second item above, it has been suggested that CSS prevents "some" copying. What ever the perceived merits of this argument, they fail to address several essential points. First, the idea that a measure prevents "some" copying suggests that more effort, or better technology, will prevent "more" copying. No matter how much effort is expended on CSS-like systems, the whole point of publication is to allow an audience to watch the movie. Copying at this stage can never be eliminated. Second, to the extent that CSS does hinder some copying, it hinders legal activity. Copyright is not a blanket prohibition on copying. There are numerous important and legal uses of all copyrighted material including media-shifting, scholarship, criticism, education and parody. Third, the one form of unauthorized copying that is flatly illegal -- industrial piracy -- is completely unaffected by CSS.
Lastly, some have suggested that the licensing of CSS is used to require the inclusion of copy-control technology in DVD players. While it is true that the licensing of CSS gives the copyright holders a bargaining chip with DVD player manufacturers, this argument again fails to note that at some point, the audience is going to see the movie. No technical measure can ever prevent copying at that stage.
1.2.1) How was CSS broken?
It is unknown at this time who exactly first "broke" the CSS scrambling algorithm. The first "DeCSS"-type program seems to have been "Dod (Drink or Die) Speedripper", released in late September 1999. According to most sources, it used a DVD player key recovered from the object code of the Xing software-based DVD player program.
In early October, Jon Johansen announced on the LiViD mailing list that a friend of his was working on a similar program and perhaps would be willing to release the source code to the Linux developer community. This was in fact done in the middle of October.
In November 1999, an analysis of the "CSS decryption" source code and the underlying CSS algorithm revealed serious weaknesses which made it possible to defeat CSS without a player key.
1.2.2) How did the DVD industry respond to the CSS break?
Almost immediately after the CSS reverse engineering was complete, the DVD-CCA and the MPAA began sending threatening letters to the owners of websites offering CSS decryption programs for download. These letters successfully intimidated some web sites into removing the programs. Similar letters are still being sent today.
Often letters are sent to individuals' internet service providers, who sometimes remove the programs or suspend access because they fear the cost of legal scuffles. One university student lost his job at the university because of a letter from the MPAA.
These letters have threatened legal action for theft of trade secrets, copyright infringement, contempt of court, and trafficking in circumvention technology. Many letters have been sent to people and places outside of the United States, threatening lawsuits in U.S. courts and quoting U.S. court injunctions. Some of these letters have suggested that the recipient would be in violation of a court order when in fact the order in question plainly did not apply to the recipient.
Only a few actual lawsuits have been filed so far (see question 2.1.1).
In addition, The MPAA have been making public statements painting the authors and distributors of CSS decryption programs in a very unfavorable light. Mark Litvack, the MPAA's "legal director for worldwide antipiracy", compared DeCSS links to child pornography links in an interview with Salon. Jack Valenti, president of the MPAA, wrote in a Los Angeles Times editorial, "The intent of these Web sites is clear. Break the encryption. Steal the product. The posting of the hacking code is akin to mass producing and distributing keys to a department store. The keys have only one real purpose: to allow a thief to open a locked door to steal the goods he targets." (See question 3.1.2 for information on how keys actually work).
Sources:
http://www.geocities.com/zkarpinski/
http://www.salon.com/tech/log/2000/04/06/decss/index.html
"If You Can't Protect What's Yours, You Own Nothing", by Jack Valenti. Printed in the L.A. Times' Opinion section, Sunday, January 30, 2000.1.2.3) How did the online community respond to the lawsuit threats?
When the first whispers began to spread that legal action was being taken - namely, when Derek Fawcus first mentioned on the LiViD mailing list that copyright charges against him were being explored - it became clear to many that the "DeCSS" technology could easily be silenced and removed from online distribution. It is not known who posted the first "mirror" - an independently hosted copy of the program - but in the weeks following the beginning of November, 1999 hundreds and thousands of websites, FTP sites and even email mirrors appeared around the world. Each of these distribution points were established for a single goal - spread the program as widely as possible, in as many hands as possible. The theory went that even if a handful of individuals were forced to remove the code, there were far too many mirrors in far too many jurisdictions to ever force DeCSS technology out of circulation. This strategy was dubbed by one unknown individual as the "Whack The Mole" strategy - one club, millions of holes. Hit one mole, and millions remain.
Every time new word got out that further legal actions were taken, or that mirrors had been forced offline, hundreds more mirrors would appear around the world. At last count, the estimated total number of active DeCSS mirrors worldwide start conservatively in the low thousands. The true number is unknown and may well be much, much higher.
Following the injunctions in January 2000, several individuals as well as 2600 magazine, a defendent in one of the cases, attempted a worldwide organized protest of the MPAA actions. Organized protests to date have met with limited success.
1.2.4) Was DeCSS written to be a component in the LiViD DVD Player?
Several people have suggested that DeCSS, released by MoRE in October of 1999, was a legitimate reverse engineering effort aimed at creating an "open source" DVD player. The LiViD project is usually pointed to as the DVD player project in question. If this is the case, it is argued, then DeCSS may well qualify under the reverse engineering exemptions to 17 USC 1201.
Jon Johansen of MoRE has repeated stated, in both public interviews and private correspondence, that the intent of the MoRE programmers was to "bring DVD playback to open source platforms", namely FreeBSD and Linux.
Popular tech press and defendent advocates have been declaring the DeCSS-LiViD relationship as fact; the evidence suggests that the reality is a bit more complex.
According to LiViD mailing list archives, the Linux DVD effort had been working towards a CSS unscrambling solution since at least July of 1999. The archives suggest that MoRE was not involved in this effort.
Between July and September, Derek Fawcus was provided with code fragments claimed to be CSS descrambling routines by various individuals. At the point where Jon Johansen of MoRE released CSS descrambling algorithms to Fawcus in September 1999, the LiViD CSS descrambling routines were very close to completion; only a single vital element of the descrambling routines remained unknown.
It was following the MoRE release that Fawcus announced that he had written functional CSS unscrambling routines. At no time did he claim that he simply rewrote the routines supplied to him from Johansen; it's reasonable to assume that the Fawcus routines were an amalgam of the various code fragments he had received to date, plus a fair amount of original code.
When DeCSS 1.1b was released on October 6, 1999, it was released in Microsoft Windows executable form only, but apparently source code was released privately to Fawcus. He mentions in the LiViD archives at this point that DeCSS 1.1b contained the LiViD CSS descrambling code in place of the original MoRE algorithm. Presumably each version of DeCSS that has since been released has contained the Fawcus routines that were written intentionally for the LiViD DVD player.
Three weeks later, Fawcus posted a description of the CSS algorithm on his website, with the hope that others in the LiViD project would reimplement the algorithm using "clean room" methods. At this point DeCSS, the executable, had been in wide circulation for several weeks.
So, to answer the question, there is no evidence that DeCSS itself - a Microsoft Windows interface surrounding the Fawcus descrambling code - was written to be in any way a part of the LiViD project. DeCSS is not a listed module of the LiViD player, nor is it included in the standard LiViD release package. Only the internals of recent versions, not written by MoRE, were written as part of LiViD. While the vital component of the CSS algorithm may have been supplied by the MoRE routines, no one has conclusively stated this at this time.
No evidence has turned up so far to support the claim that DeCSS was written merely as a "proof of concept" or a UDF-filesystem test for the LiViD CSS decryption code; nor has any evidence appeared to demonstrate that this alleged testing was in any way coordinated with the LiViD group. According to the LiViD archives, prototype UDF support in Linux was being actively used by LiViD as early as July 1999.
DeCSS, as written by the programmers of MoRE, was not a part of the LiViD project, though the source code was released to LiViD after the executable program was released. The true intent of the MoRE programmers in writing DeCSS remains unknown.
1.2.5) Is it true that the author of DeCSS was arrested?
On January 24, 2000, the The National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway searched the home of Jon Johansen, confiscating computer equipment and a Nokia cellular phone. Jon Johansen was taken in for questioning, and was interrogated for seven hours without a break for food. Because he was ill at the time, Jon's father Per was questioned at home. This treatment drew condemnation from over fifty civil and human rights groups from around the world.
According to EFF archives, Johansen is charged with two possible violations of Norwegian Law. The first involves "breaking a security arrangement" to access data; the other is an infringement of copyright law, Norwegian Copyright Act sect. 54.
The EFF has already offered to provide legal services to the Johansens.
Sources:
http://www.eff.org/IP/Video/DeCSS_prosecutions/Johansen_DeCSS_case/20000124_johansen_statement.html http://www.linuxworld.com/linuxworld/lw-2000-01/lw-01-dvd-interview.html http://www.eff.org/IP/Video/DeCSS_prosecutions/Johansen_DeCSS_case/20000125_bing_johansen_case_summary.html
1.2.6) Why should I care?
The impact of the Digital Millennium Copyright Act stretches far beyond Linux, the Open Source movement and DVD. All three could disappear from the earth tomorrow, and this set of laws would continue to affect your life.
Congress never meant for copyright law to grant absolute power to anyone. This is in effect what Section 1201(a)(2) does by banning circumvention technologies without any real exceptions, while at the same time separating this ban from any question of copyright infringement. In effect, 17 U.S.C. 106, which defines the exclusive rights of copyright owners, becomes moot - the copyright owner now has the legal power to technologically enforce any "rights" they wish, and it is illegal to bypass the technological measures enforcing those "rights."
In short, fair use stops being a de facto right and becomes a gift from the copyright owner; in reality, absolute power is given to the copyright owner.
The upcoming court trials will be an important test for the DMCA. If the MPAA wins this case, a court precedent will be set, and that precedent can and will be used to contract consumer rights in all forms of copyrighted digital media. It is precisely that there are seemingly no limits to how far this could go that makes this such an important issue.
As a wise man once said, "Just because you don't take an interest in politics, doesn't mean politics won't take an interest in you."
1.3.1) Who is Jon Johansen?
Jon Lech Johansen is the Norwegian teenager who took the CSS decryption algorithm and codified it into a Windows utility called DeCSS. He was/is a member of MoRE (see question 1.4.4), and on January 24th, 2000 was detained by Norwegian authorities and questioned for seven hours regarding his role in DeCSS. While the MPAA officially states that they were in no way involved with this incident, the Norwegian authorities say differently. This episode drew condemnation from civil rights and human rights organizations worldwide.
1.3.2) Who is Derek Fawcus?
Derek Fawcus, in cooperation with the LiViD project, is the author of the 'css-auth' program for Unix platforms, which unscrambles CSS for the LiViD player.
(see question 1.4.5)
1.3.3) Who is Frank Stevenson?
Frank Stevenson is one of the participants of this forum, and the author of the CSS algorithm whitepaper: "Cryptanalysis of Contents Scrambling System". This paper was based on an analysis of DeCSS and the Fawcus css-auth code. Frank also contributed greatly towards streamlining the CSS defeat in the Fawcus code, making real-time decryption possible.
1.3.4) Who is "Kaplan"?
"Kaplan" refers to Judge Lewis A. Kaplan, United States District Court in New York. This is the judge presiding over the New York 1201 case. On January 21st, 2000, Judge Kaplan granted an injunction to the MPAA restricting the distribution of DeCSS.
1.3.5) Who is Jack Valenti?
Jack Valenti is the current President and CEO of the Motion Picture Association of America. (see question 1.4.2)
1.3.6) Who are the lawyers working on these cases?
Defense:
EFF staff attorney Robin D. Gross is coordinating the defense team, which includes:
- Lead litigator Martin Garbus, of Frankfurt Garbus Klein & Selz, representing 2600.com
- Allonn Levy, of Huber & Samuelson, P.C.
- Eben Moglen, of Columbia Law School
- Avery S. Chapman, of Chapman & Associates, LLC, representing Jeraimee Hughes in the Connecticut case
Plaintiffs:
The DVD Copy Control Association is represented by Weil Gotshal & Manges LLP.
The movie studio plaintiffs (often referred to collectively as the MPAA, although the Motion Picture Association is not a named plaintiff) are represented by Proskauer Rose LLP.
1.4.1) What is the Electronic Frontier Foundation (EFF)?
This from the EFF website at http://www.eff.org/:
EFF, the Electronic Frontier Foundation, is a non-profit, non-partisan organization working in the public interest to protect fundamental civil liberties, including privacy and freedom of expression, in the arena of computers and the Internet. EFF was founded in 1990, and is based in San Francisco, California, with offices in Washington, DC, and New York City.Source: http://www.eff.org/EFFdocs/about_eff.html#INTRO1.4.2) What is the "MPAA"?
The MPAA is the Motion Picture Association of America; it began as an export association in the aftermath of the Second World War, attempting to reestablish American films in the world market. Today they represent most of the U.S. film industry.
This from the MPAA website at www.mpaa.org:
The Motion Picture Association of America (MPAA) and its international counterpart, the Motion Picture Association (MPA) serve as the voice and advocate of the American motion picture, home video and television industries, domestically through the MPAA and internationally through the MPA.The eight studio members of the MPAA are currently pursuing the New York 1201 case.
These studios are Universal City Studios, Inc; Paramount Pictures Corporation; Metro-Goldwyn-Mayer (MGM) Studios Inc.; Tristar Pictures Inc.; Sony/Columbia Pictures Industries, Inc.; Time Warner Entertainment Co. L.P.; Disney Enterprises Inc. and Twentieth Century Fox Film Corporation.
Source:
http://www.mpaa.org/about/1.4.3) What is the "DVD CCA"?
The DVD CCA is the DVD Copy Control Association; their website is at dvdcca.org. These are the individuals pursuing the California trade secret case. According to their website, they are affiliated with License Management Incorporated; according to some sources, they are actually an owned subsidiary of Matsushita, the company mainly responsible for the development of DVD and CSS. This has not been confirmed at this time.
The DVD CCA and the Motion Picture Association of America (MPAA) are not directly related organizations.
1.4.4) What is "MoRE"?
"MoRE" stands for "Masters of Reverse Engineering". From most accounts, this is/was a group of individuals in Norway and Germany who were directly responsible for the "cracking" of the CSS scrambling algorithm. To this date the only member of this group identified by name is Jon Johansen, the author of DeCSS.
1.4.5) What is "LiViD"?
This from the LiViD project website:
LiViD is a nifty abbreviation for Linux Video and DVD. The web site is http://linuxvideo.org and there is a CVS repository at cvs.linuxvideo.org.The LiViD Project is a collection of video and dvd related sub-projects. The idea is to provide one central location for users to find information and support for video hardware and software. The other major advantage for organizing all the video related projects is the reduction of the amount of duplicated code, and a better collaboration on the design of interfaces.
Our goals are simple-- provide a unified development and user resource center for video and dvd related work for Linux.
1.4.6) What is "OpenDVD"?
For purposes here, "OpenDVD" most likely refers to "OpenDVD.org", which stands as a headquarters of sorts for issues relating to DeCSS, css-auth and this entire DVD mess. The OpenDVD.org website can be found, surprisingly enough, at opendvd.org.
This should not be confused with "Open DVD", a name applied to the standard for-sale DVD format, also known as the sell-through format.
1.4.7) What is "Slashdot"?
Slashdot is a "techie" news website that mainly caters to the open source and general computer technical communities.
Slashdot's web site is at http://slashdot.org.
1.4.8) What is "2600"?
"2600: The Hacker Quarterly", has been publishing since 1984. This journal can be found on the magazine stands at major booksellers such as Barnes and Noble.
A decent description of 2600 can be found at alt.culture's website, at http://www.altculture.com/aentries/t/twenty60.html.
2600's website is at http://www.2600.com.
1.5.1) What is the Digital Millennium Copyright Act?
The Digital Millennium Copyright Act, Public Law No. 105-304, 112 Stat. 2861 (Oct. 28, 1998) (also referred to as the "DMCA") was passed by Congress in October 1998 and was signed into law by President Clinton on October 28, 1998. This legislation substantially rewrites Title 17, the U.S. Copyright Act, by creating new copyright-related rights not limited to the prevention of traditional copyright infringement. The Act imposes civil and possible criminal liability for the circumvention of access control measures and for the distribution of technology to circumvent access or copy controls.
While most of the focus has been on 17 U.S.C. 1201, which was introduced by the passage of the DMCA, this rewrite involved changing and adding a great deal of material in Title 17.
Amended Title 17 sections include: 101, 104, 104A, 108, 112, 117, 411A, 507A, 801-803. Passages in 35 U.S.C., 5 U.S.C. and 28 U.S.C. were amended as well.
New sections to Title 17 include Chapter 12, "Copyright Protection and Management Systems" (Sections 1201-1205); Section 512, "Limitations on Liability Relating to Material Online"; and Chapter 13, "Protection of Original Designs". Section 4001 was added to 28 U.S.C. as well.
On the part of Congress, the primary motivation for enacting the Digital Millennium Copyright Act seemed to have been to bring United States law in line with the requirements of inclusion in the World Intellectual Property Organization (WIPO) treaties, which mandate that any participating nation take legislative steps towards banning "access control circumvention" devices. (See question 1.5.3)
The official "party line" is that the U.S. entertainment industry's main motivation was to quell fear on the part of movie makers that the easy availability of digital media would destroy their ability to enforce their distribution rights; the evidence to date seems to indicate that Matsushita/MPAA/DVD heavily lobbied for these laws because they knew that CSS would be broken. This last theory states that they simply wanted a legal club to use when that day happened, which it did in October of 1999.
It should be pointed out that while violation of copyright law can be pursued criminally, it is most often done through civil action. The current DMCA/DeCSS court cases are all civil cases.
1.5.2) What is the Berne Convention?
Berne Convention for the Protection of Literary and Artistic Works, Paris Act of July 24, 1971. Signed by 96 countries, including the U.S., it requires that signed members recognize the moral right to integrity and attribution.
http://www.wipo.int/eng/iplex/wo_ber0_.htm1.5.3) What are the WIPO Treaties?
World Intellectual Property Organization.
There are two of these treaties:
WIPO Copyright's Article 11 is most relevant to 17 U.S.C. 1201:
Obligations concerning Technological MeasuresContracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law
WIPO Copyright Treaty: http://www.wipo.int/eng/diplconf/distrib/94dc.htm
WIPO Performances and Phonograms Treaty: http://www.wipo.int/eng/diplconf/distrib/95dc.htm
1.5.4) What is Title 17, a.k.a. 17 U.S.C.?
17 U.S.C. is the United States Copyright Act. This is the set of federal laws that regulates the bestowing of copyright by the government and the terms of copyright enforcement. See question 4.4.1.
1.5.5) What is the Paris Convention?
Paris Convention for the Protection of Industrial Property of March 20, 1883.
http://www.wipo.int/eng/iplex/wo_par0_.htm1.5.6) What is the Rome Convention?
Rome Convention, 1961, International Convention for the Protection of Performers, Producers of Phonograms and Broadcasting Organizations.
http://www.wipo.int/eng/iplex/wo_rom0_.htm1.5.7) What are the European Directives?
The European Directives are the European Union's internal attempt to conform to the WIPO copyright agreement.
The full text PDF of the European Directives on "Copyright and Related Rights in the Information Society" is available here: http://europa.eu.int/comm/internal_market/en/intprop/intprop/1100.htm
and an amended proposal is available from here: http://europa.eu.int/comm/internal_market/en/intprop/intprop/copy2.htm#2
The original 1995 Green paper was used as a rationale for the need for DMCA. http://europa.eu.int/en/record/other/istocen.htm
Other links:
http://europa.eu.int/index-en.htm
http://www2.echo.lu/legal/en/labhome.html
http://europa.eu.int/comm/internal_market/en/intprop/index.htm
2.1.1) What U.S. court cases are pending regarding DeCSS? Who is involved?
There are three U.S. court cases currently involving DeCSS.
The first is a trade secret case in California, in which the DVD CCA filed suit against 72 individuals and websites claiming misappropriation of CSS trade secrets and willful dissemination of same. A preliminary injunction was granted in this case on January 18th, 2000.
The second case is a federal case based on 17 U.S.C. 1201 in New York federal court, now solely against 2600 Magazine, http://www.2600.com. The other defendants, Shawn Reimerdes and Roman Kazan, withdrew in a consent judgement in March 2000. An injunction was granted in this case on January 21st, 2000, and a trial is scheduled for December 5, 2000.
The third case is another 1201 case in Connecticut, against Jeraimee Hughes.
2.1.2) Why is everyone making such a big deal about DeCSS?
Our reasons for taking this issue seriously are listed above, under "Why should I care?". The motivations of the MPAA and the DVD CCA are different issues entirely.
The MPAA and DVD CCA have each posted their own lists of Frequently Asked Questions enumerating their concerns. The MPAA FAQ can be found at www.mpaa.org/Press/DVD_FAQ.htm; the DVD CCA FAQ can be found at www.dvdcca.org/dvdcca/faq.html.
2.1.3) Are we directly challenging 17 U.S.C. 1201 in these cases?
Since the unconstitutionality of 1201 would be a defense to liability under that section, yes. The lawyers will probably start narrow and work toward the broader arguments -- beginning with the claim that DeCSS doesn't violate 1201 or is excepted by the section's terms -- bringing out the big guns of constitutionality challenges as backup. The argument sequence might look something like this (with a lot packed into level 3):
0) The court doesn't have jurisdiction (wrong parties, procedural problems)
1) DeCSS doesn't circumvent
2) DeCSS is within one of the exceptions
3) 1201 is unconstitutionalThis sequence reflects courts' preference not to reach constitutional arguments when they have other grounds for decision.
2.2.1) Why shouldn't I necessarily refer to this law as the DMCA?
Most online copies of the "DMCA" are copies of the bill as signed by President Clinton in 1998. Title 17 (U.S. Copyright Act) is the currently standing law. While the bill states that the law itself may still be referred to as the DMCA, this is non-specific and fails to make the distinction between a pre-signed bill and a standing law. Using "DMCA" is fine in non-specific conversation, but hinders precision in formulating legal arguments.
Legal citations should be cited from the actual standing law as written in the U.S. Code. For example, if you wanted to talk about the "anti-circumvention" provision of the law, you should cite it as 1201(a), and possibly be more specific than that, depending on the nature of the argument.
A very good introduction to legal citation is "Introduction to Legal Citation", by Peter W. Martin, and can be found at: http://wwwsecure.law.cornell.edu/citation/citation.table.html
2.2.2) What is the difference between a "defense" and a "right"?
A right can compete equally with another right whereas a defense always loses to an explicitly stated right. In this case, fair use is not a right so if there is something in 1201 which explicitly prohibits fair use, you cannot in any simple manner bring the fair use aspects into the argument.
2.2.3) What is the legal definition of "authority"?
Surprisingly enough, 17 U.S.C. 101 (Definitions) does not define the term "authority" in reference to any of the sections of Title 17.
Black's Law Dictionary contains a fairly detailed definition of "authority", along with a number of contextual variants:
http://cyber.law.harvard.edu/archive/dvd-discuss/msg01504.html
2.2.4) Do the definitions of words like "authority" need to be listed in the law in order to be used in court?
Many terms used in law are not defined within the laws themselves. In recent years, U.S. courts have grown more and more dependent on "standard" law dictionaries such as Black's Law Dictionary.
http://www.werbach.com/stuff/hlr_note.html
http://www.law.seattleu.edu/library/htude.html
http://appling.kent.edu/Massardier-Kenney/dictions.htm
2.3.1) Are there constitutional issues here? What are they?
Defendants will likely argue that if DeCSS doesn't fit within one of the exceptions, 1201 is unconstitutional either as applied to DeCSS or on its face. Elements of this argument may include:
a) puts too much burden on free speech
i) code is speechb) outside congressional power (Copyright or Commerce)
ii) 1201 is unsupported by the necessary legislative findings for intermediate scrutiny (Turner I)
iii) takes away fair use (fair use is constitutionally mandated to meet the copyright "delicate balance")
i) potentially unlimited timesc) procedurally unsound
ii) patent-like monopoly without the patent-requisite disclosure
iii) engenders antitrust problems / copyright misuse
i) void for vagueness
ii) ex post facto effects
iii) impermissible delegation to private entities
2.3.2) Under what authority do legislators who have contributed to the legislative record claim 1201 was enacted?
This issue is highly up for debate, because the only thing so far that is clear is that 1201 as written pushes the boundaries of the Copyright Clause quite a bit. There are a number of questions regarding whether Congress in fact exceeded its constitutional authority in enacting 17 U.S.C. 1201.
According to at least one legislator - Rep. Tom Bliley, Chairman of the Committee on Commerce - 17 U.S.C. 1201 was enacted under a "paracopyright" authority, by authority not only of the Copyright Clause of the Constitution but the Commerce Clause as well. It is unclear what exactly "paracopyright" is supposed to mean, assuming it means anything at all.
Representative Bliley had this to say on the subject on October 12, 1998:
In making our proposed recommendations, the Committee on Commerce acted under both the `copyright' clause and the commerce clause. Both the conduct and device provisions of section 1201 create new rights in addition to those which Congress is authorized to recognize under Article I, Section 8, Clause 8. As pointed out by the distinguished law professors quoted above, this legislation is really a `paracopyright' measure. In this respect, then, the constitutional basis for legislating is the commerce clause, not the `copyright' clause.Source: http://www.hrrc.org/bliley_full_comments.htmlI might add that the terminology of `fair use' is often used in reference to a range of consumer interests in copyright law. In connection with the enactment of a `paracopyright' regime, consumers also have an important related interest in continued access, on reasonable terms, to information governed by such a regime. Protecting that interest, however denominated, also falls squarely within the core jurisdiction of our Committee.
We thus were pleased to see that the conference report essentially adopts the approach recommended by our Committee with respect to section 1201.
2.3.3) Why does legislative authority matter?
Traditionally, copyright law has been based on Article I, Section 8 of the U.S. Constitution, which gives Congress the power:
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and DiscoveriesHowever, the same section of the U.S. Constitution also gives Congress the power :To regulate Commerce with foreign Nations, and among the several States, and with the Indian Tribesalong with the power:To make all Laws which shall be necessary and proper for carrying into Execution the foregoing PowersThese two provisions historically have been probably the most widely construed in the entire constitutional framework, with the possible exception of a part of the fourteenth amendment.This from Benjamin Reeve:
"If one scans the legislative record associated with the DMCA (see Question 4.4.6), one realizes that Congress recognized that the DMCA was a departure from traditional copyright principles. One also notes that the departure is described justified upon two oft-repeated grounds: 1. 'regulating electronic commerce' (the phrases appears a hundred times), and 2. accomodating the WIPO treaty, again an international commerce issue.Does this mean, for example, that an argument about 'duration -- not limited' regarding 17 U.S.C. 1201 cannot be made? No, it doesn't. But it definitely means that the 'simple' argument: 'it says limited - but this ain't limited' will go nowhere. The argument will have to rise to a supported claim about the interrelationship between copyright rights and commerce regulation. Same kind of thing, maybe a bit less complex, as to the 'necessary and proper' clause."
2.4.1) What is copyright?
Copyright is a grant of certain exclusive rights to the creator of an expressive work. Those exclusive rights include reproduction, distribution and public performance (17 U.S.C. s. 106). Congressional power to enact copyright law derives from the Copyright Clause of the Constitution:
"Congress shall have the power . . . To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries" (Art. I, cl. 8)Copyright protects only "original works of authorship fixed in any tangible medium of expression." (17 U.S.C. 102). It does not protect ideas or functional elements of a work. This focus on the expression of ideas, rather than on the ideas themselves, distinguishes copyright from other forms of intellectual property in the United States, such as patents and trade secrets.
Copyright has been called a "delicate balance" between the interests of creators and those of the public. Its "limited monopoly" is an incentive to the production of works that will be made available through publication and will ultimately become part of the public domain.
2.4.2) What is "copyright infringement", as defined by 17 U.S.C.?
17 U.S.C. 501(a) defines a copyright infringer as someone who, "violates any of the exclusive rights of the copyright owner as provided by sections 106 through 118" of the bill, or who imports copies or phonorecords in violation of 17 U.S.C. 602.
2.4.3) What exclusive rights does the copyright owner have, as defined by 17 U.S.C. 106?
According to Section 106 of U.S.C. 17, a copyright holder is granted the exclusive right 'to do and to authorize' the following activities in regards to his/her work:
- To reproduce the copyrighted work in copies or phonorecords.
- To prepare derivative works based upon the copyrighted work.
- To distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending.
- In the case of literary, musical, dramatic, and choreographic works, pantomimes, and motion pictures and other audiovisual works, to perform the copyrighted work publicly;
- In the case of literary, musical, dramatic, and choreographic works, pantomimes, and pictorial, graphic, or sculptural works, including the individual images of a motion picture or other audiovisual work, to display the copyrighted work publicly.
- In the case of sound recordings, to perform the copyrighted work publicly by means of a digital audio transmission.
In addition to these rights, Section 106A gives authors of visual artworks analogues to European "moral rights" -- rights of attribution and integrity in their artworks. (from the Visual Artists' Rights Act, VARA)
2.4.4) What is a 17 U.S.C. 1201 (a.k.a DMCA) violation?
17 U.S.C. 1201, introduced by the Digital Millennium Copyright Act, establishes legal penalties for circumventing technology that "effectively controls access" to copyrighted work , as well as manufacturing and/or making available to the public devices designed to circumvent access control mechanisms. Currently only the manufacture/distribution parts of this law are in effect - the act of circumvention itself becomes illegal in the U.S. in 2001.
2.4.5) Does a 1201 violation still matter if copyrights aren't being infringed?
Yes. According to the newly rewritten Title 17, there is no need to show or allege an act of copyright infringement in order to claim a violation of 1201 (i.e. "circumvention").
The right to control "access" to a copyrighted work is a novel addition of section 1201, distinct from traditional copyright infringement. If a work is protected by a technological measure, it is a violation of 1201(a)(1) to circumvent that measure even if the circumvention is not to copy or publicly perform the work.
Chapter 12 of Title 17 is only concerned with "commercial advantage or private financial gain" for the purpose of determining if violations of section 1201 (or 1202) can be prosecuted as criminal violations. The financial aspect of "circumvention" has no bearing on whether a civil violation has occurred.
(see question 1.2.6)
2.4.6) What are the legal penalties for a 1201 violation?
According to 17 U.S.C. 1204, criminal prosecution for a 1201 violation is limited to intentional violations committed for commercial or personal financial gain. In other words, you can't go to jail for downloading DeCSS or for giving a copy to someone else, unless possibly you're doing so in contempt of court.
In the situation of a criminal prosecution, the first offense of a 1201 violation carries up to a five year prison sentence and a US$500,000 fine. Each subsequent offense carries up to ten years and US$1,000,000.
The vast bulk of copyright cases that are tried in U.S. courts are not criminal, but civil. The current court cases are all civil cases; the defendents are not being tried as criminals, but in fact are being sued. The fact is, if all copyright cases were tried as criminal cases the courts would be clogged for decades and no one else would be prosecuted.
17 U.S.C. 1203 grants the court the power to award several types of civil remedies, including attorneys fees, injunctions, damages, cost recovery and destruction or modification of the infringing device. Damages can either be actual or statutory; statutory damages range from $200 to $2500 USD per 1201 violation. 17 U.S.C. 1203 does not set limits on actual damages.
2.4.7) Can the Librarian of Congress declare DeCSS to be not in violation of Section 1201?
No. In October 2000, the Librarian of Congress will declare certain uses of certain classes of works to be exempt from the anticircumvention provisions of Section 1201(a)(1). Until then, there is no prohibition on use of circumvention devices, but subsections (a)(2) and (b), which prohibit distribution of devices to circumvent technological controls, are already effective. The Copyright Office is currently holding a rulemaking proceeding to determine which uses and classes of works should be exempt, for a period of three years.
The movie studios are challenging the distribution of DeCSS under 1201(a)(2). Depending on the classes of copyrighted works and uses exempted from 1201(a)(1), it might be possible to argue that those uses were a "commercially significant purpose or use other than to circumvent a technological measure," so the distribution of DeCSS should be permitted, but that argument doesn't even apply yet.
2.4.8) Does CSS, as a 40-bit algorithm, qualify as "effective" under 17 U.S.C. 1201?
17 U.S.C. 1201 seems to isolate its concerns over circumvention technology to that which bypasses "effective" access control measures. A number of people have suggested that CSS, as a very weak 40-bit algorithm, does not meet the criteria of being an "effective" access control measure, making DeCSS not prosecutable under 1201. (see question 3.5.1)
According to 1201(a)(3)(B):
a technological measure ''effectively controls access to a work'' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.This would seem to make the strength of the control irrelevant to the question of "effectiveness".2.4.9) Does an injunction against DeCSS infringe MoRE's DeCSS copyrights?
17 U.S.C. 511 states that government officials, even when acting within their official capacity, are not immune from liability in the case of copyright infringement. In theory - and assuming that the DeCSS copyright is registered - an injunction interferes with distribution rights as defined in 17 U.S.C. 106 and could possibly be considered copyright infringement.
At the same time, however, 17 U.S.C. 1203 explicitly gives the courts the right to grant temporary and permanent injunctions against devices that violate 17 U.S.C. 1201.
2.4.10) Can 1201 take away rights or defenses defined elsewhere in 17 U.S.C.?
17 U.S.C. 1201(c)(1) states:
"Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title."
2.4.11) DeCSS is distributed under the GNU GPL. How does this impact the current court cases?
The GNU General Public License, commonly referred to as the GNU GPL, is a software license which grants extra rights to software users, allowing them to copy and modify the software. A growing body of software, including the Linux operating system, is licensed under the GNU GPL.
If offering DeCSS to the public is found to be a 1201 violation, then the author has no legal right to distribute it in the U.S., and cannot license others to distribute it, either. Therefore the GPL does not affect the current cases.
The GPL can be viewed at http://www.gnu.org/copyleft/gpl.html
2.5.1) What is fair use, exactly? How does it impact this case?
Fair use is the general concept in copyright law that states that the rights of a copyright owner are not absolute. Tradition holds that the owner of a copyright does not have absolute control over his or her work, and that certain actions on the part of a copyright user - which would otherwise be considered infringement - in certain cases are not.
In the most general sense, "fair use" could be described as any action over a copyrighted work that does not fall within the list of rights granted to the copyright owner in Section 106 of Title 17. (see question 2.4.3)
More specifically, "fair use" is defined in Section 107 as limitations on exclusive rights of the copyright owner. The concept of fair use has also been refined through many, many court precedents. One such example of fair use would be personal use of legally obtained copyrighted material. For more information regarding fair use, see question 4.4.4.
2.5.2) Doesn't "For Private Home Use Only" cover DeCSS use?
This is still being debated. What is known is that 17 U.S.C. 401, which deals with registration and display of copyright notice, makes no mention of any legal significance placed on notices added to traditional copyright notices. Neither does 17 U.S.C. 501, which deals with copyright infringement, nor 17 U.S.C. 106, which defines the rights considered exclusive to the copyright owner. If on-package "license notices" like "For Private Home Use Only" have any legal weight whatsoever, it doesn't seem to do so under Title 17.
One possible legal justification, however, is the court case of Hadady Corp vs. Dean Witter Reynolds, 739 F. Supp. 1392 (C.D. CA 1990). In this case, the court found that the content of the copyright notice can create abandonment of the copyright and that this can be used as a defense in copyright cases. The standard for abandonment was cited as "the copyright owner must have clearly manifested that intention through some affirmative act".
2.6.1) What is "First Sale", exactly? How does it impact this case?
Generally, "first sale" states that if you legally purchase a copyrighted work, you may resell it to someone else without infringing on the copyright owner's exclusive rights of distribution. It mainly applies to the transfer of title for copyrighted works.
There is currently an argument that "first sale" doctrine implies that the legal purchase of a DVD relinquishes the copyright owner's right to restrict access to it. This is still being debated.
2.6.2) How does "First Sale" doctrine impact the distribution of DeCSS?
First sale is a statutory provision, 17 U.S.C. 109(a):
Notwithstanding the provisions of section 106(3), the owner of a particular copy or phonorecord lawfully made under this title, or any person authorized by such owner, is entitled, without the authority of the copyright owner, to sell or otherwise dispose of the possession of that copy or phonorecord.The First Sale doctrine divests the copyright holder of control over a particular copy of a work once he has sold that copy. To make first sale meaningful for access-controlled works, a purchaser must be able to transfer his rights to access the work, not only the physical encrypted copy. Defendants are likely to argue that the copyright holder can't circumvent first sale limitations on his rights simply by adding access controls, so the physical DVD itself should convey the complete authority to access the content.
2.7.1) What is an injunction? Why are injunctions issued?
An injunction is a civil remedy granted by the courts which states that the affected parties are not allowed to continue in an activity. Injunctions basically come in three flavors - temporary, preliminary and permanent.
A temporary injunction is one given in situations where any delay at all in the proceedings may cause damage to the case if the questionable activity is still being committed. The temporary injunction remains in effect until the hearing for a preliminary injunction.
A preliminary injunction has scope to the end of a court trial, to prevent the questionable activity until a judge has decided whether the activity is actually illegal.
To win a preliminary injunction in the Second Circuit, a party must demonstrate (i) irreparable harm and (ii) either a likelihood of success on the merits, or serious questions going to the merits to make them a fair ground for litigation and a balance of hardships tipping decidedly in its favor. A party should not win a preliminary injunction if all its expected injury could be compensated with money damages after trial.
A permanent injunction may be granted as a result of the trial. This permanently places restrictions on the questionable activity.
2.7.2) I'm one of the seventy-two listed on the California injunction, but I live in Alabama. Do these injunctions still apply to me?
While trade secrets are protectable on a federal level in the United States, the injunction was granted by a California State Court, not a Federal Court. While criminal trade secret misappropriation charges may be filed in federal court, they have not been filed there yet.
To say the least, there are serious questions regarding the jurisdiction of the California injunction.
2.7.3) Do the current injunctions prohibit general Internet distribution of DeCSS?
According to Civil Procedure rules, the injunctions only directly apply to those listed in the suit and their associates who have personally received notice of the order of injunction.
Federal Rules on Civil Procedure, Rule 65(d) states:
Every order granting an injunction and every restraining order shall set forth the reasons for its issuance; shall be specific in terms; shall describe in reasonable detail, and not by reference to the complaint or other document, the act or acts sought to be restrained; and is binding only upon the parties to the action, their officers, agents, servants, employees, and attorneys, and upon those persons in active concert or participation with them who receive actual notice of the order by personal service or otherwise.Source:
http://www2.law.cornell.edu/cgi-bin/foliocgi.exe/frcp/query=[jump!3A!27rule65!27]/doc/{@696}?
2.8.1) Are the current injunctions cases of prior restraint on free speech?
It is axiomatic that injunctions are restraints. Because injunctions prohibit future events, a court which enjoins speech is making a prior restraint. Moreover, a preliminary injunction even on continued publication of existing speech prevents that speech before its legality can be tested in a full trial on the merits.
The question at hand is if programs or source code are speech. In Junger v. Daley and Bernstein v. Department of State, U.S. courts have ruled that source code is protected speech. While neither of these decisions is binding in the NY or CT lawsuits, their reasoning, that source code has expressive content, should be persuasive in other Circuits.
The issue of whether executable programs are protected by the First Amendment has not been definitively addressed by a U.S. court. An executable program contains both expressive elements (speech) and functional elements. Although the government may have an interest in regulating the functional elements of a program, if such a regulation also restricts speech it will be subjected to "intermediate scrutiny" by the courts.
Although not all prior restraints on speech are unconstitutional, the standards of harm necessary to support a prior restraint are so high that prior restraints are rarely applied. If the injunctions in these lawsuits are found to enjoin speech, then it is likely that they will be overturned.
References:
Junger v. Daley, 2000 Fed. App. 0117P (6th Cir., April 4, 2000)
Bernstein v. Department of State, 974 F.Supp. 1288 (N.D. Cal. 1997)
2.8.2) Is it illegal to discuss DeCSS/CSS decryption?
No. The California trade secret injunction prevents dissemination of CSS-related information, but its scope and jurisdiction is limited. Injunctions only apply to those people listed on the injunction and their associates.
2.8.3) Is my new CopyLeft T-Shirt legal?
Unless you're one of seventy-two individuals in Santa Clara, California, probably. The New York case so far isn't attacking source code, only the executable Windows binary called "DeCSS". Only in the California case has an injunction been granted against the dissemination of all things CSS, and that injunction only applies to the individuals listed on the injunction and personally served with the order.
2.9.1) Isn't DeCSS covered by the reverse engineering exemptions?
According to 1201(f), a "a person who has lawfully obtained the right to use a copy of a computer program" may circumvent access control technology for two purposes:
- To analyze and identify "those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs".
- To achieve said interoperability between computer programs.
These actions are limited to the extent that committing them constitutes copyright infringement.
There is considerable doubt as to whether this passage applies to digital media, and to whether or not reverse-engineering CSS constitutes an attempt to achieve interoperability between computer programs. See 3.4.1 for the legal definition of "program".
The Senate Committee Report on the DMCA says:
Section 1201(f) applies to computer programs as such, regardless of their medium of fixation, and not to works generally, such as music or audiovisual works, which may be fixed or distributed in digital form. ... The committee emphasizes that nothing in those subsections can be read to authorize the circumvention of any technological protection measure that controls access to any work other than a computer program.2.9.2) What is the legal difference between legitimate reverse engineering and design theft?
This is probably one of the touchiest questions in the computing industry. Where do you draw the line between legitimately gaining knowledge from the workings of a device and stealing the intellectual property of the company that created it?
So far the answer seems to be the "clean room" or "Chinese Wall" approach. The idea here is to have two teams, one which disassembles the original device and analyzes it, and another which is designing the new device. The analysis team writes a functional specification describing all the functions of the device, and the design team uses the specification to create a completely new design that performs the same tasks. Beyond this specification, these two teams have no other contact.
This ensures that the new resulting device is only based on the functions of the patented design, but doesn't compromise any of the actual patented design elements. This is how the IBM BIOS chip was cloned by Phoenix Technologies, how AMD and Cyrix clones of Intel microprocessors are created.
Connectix used a similar procedure to reverse engineer the Sony Playstation BIOS. Rather than having the "Chinese Wall" in the form of two teams, they built the wall on the functional level: the Connectix teams downloaded the Sony BIOS and studied how it functioned against their own hardware platform. They used the knowledge gained from this exercise to build their own device.
2.9.3) Is the recent Sony vs. Connectix case relevant to these cases?
Despite a number of important differences - such as the fact that Sony vs. Connectix was not a 17 U.S.C. 1201 suit, but in fact a copyright infringement case - the recent Sony vs. Connectix suit is similar enough to the current DeCSS situation to be an important reference.
What happened was this. Connectix Corp. built a software emulator for the Apple Macintosh to play Sony Playstation games. To do this, the Connectix engineers downloaded a copy of the Playstation BIOS from the Internet and reverse engineered it using "clean room" methods. The resulting emulator plays about a hundred Playstation games. Sony sued.
At first, a district court granted an injunction based on Sony's claim of copyright infringement, as well as their claim that the fact that the emulator isn't official Sony code would mean a deterioration in the Playstation market.
On February 10, 2000, Judge Canby of the 9th District Court of Appeals overturned the injunction, on the grounds that the reverse engineering was legitimate and that no copyrights were infringed in the process. In his opinion, he cites a number of court cases and opinions that themselves have direct bearing on this case, pertaining to reverse engineering, fair use, copyright, and technology law.
2.10.1) What is a trade secret?
The Uniform Trade Secrets Act (UTSA) defines "trade secret" as:
information, including a formula, pattern, compilation, program device, method, technique, or process, that: (i) derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable by proper means by, other persons who can obtain economic value from its disclosure or use, and (ii) is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.Uniform Trade Secrets Act (UTSA), subsection 1.4.
2.10.2) Is a trade secret protectable on a federal level?
Prior to 1996, the answer to this question would have been "no" - trade secrets could only be protected on the state level in the United States.
On October 11, 1996, President Clinton signed "The Economic Espionage Act of 1996" into law, making trade secret theft prosecutable as a federal crime. Not only is the federal status of trade secret law new, but the criminal nature is also a relatively new occurrence.
2.10.3) The President of the DVD CCA, John Hoy, inadvertently made the source code for DeCSS part of the public record on January 18th; doesn't that pretty much kill the trade secret case?
On January 18th, 2000, John J. Hoy (President of the DVD Copy Control Association) included the source code to DeCSS 1.2 as Exhibit B to his Reply Declaration to the injunction granted in Santa Clara, California. For two weeks - until the court agreed to seal the records - the "trade secret" was a part of public record and put there by the very man who is fighting to prevent its dissemination. Many people have suggested that this act "puts the last nail in the coffin" of a trade secret case, since it can no longer really be called a secret.
This may in fact be the case. However, subsequent consulting with attorneys suggest that this will not have the desired impact in court, and that the court will probably overlook this event as an act of inadvertence.
Sources:
http://cryptome.org/dvd-hoy-reply.htm http://cyber.law.harvard.edu/archive/dvd-discuss/msg00013.html
2.11.1) What is a patent? How do patents differ from copyrights and trade secrets?
>From the US Patent and Trademark Office (http://www.uspto.gov) brochure General Information Concerning Patents (http://www.uspto.gov/web/offices/pac/doc/general/whatis.htm)
A patent for an invention is the grant of a property right to the inventor, issued by the Patent and Trademark Office. The term of a new patent is 20 years from the date on which the application for the patent was filed in the United States or, in special cases, from the date an earlier related application was filed, subject to the payment of maintenance fees. US patent grants are effective only within the US, US territories and US possessions.The right conferred by the patent grant is, in the language of the statute and of the grant itself, 'the right to exclude others from making, using, offering for sale, or selling' the invention in the United States or 'importing' the invention into the United States. What is granted is not the right to make, use, offer for sale, sell or import, but the right to exclude others from making, using, offering for sale, selling or importing the invention.
Patents differ significantly from both copyrights and trade secrets. Patents focus on the concept that has been developed, which is (or should be) a new, non-trivial idea. Copyrights focus on the form of the expression. A copyright does not cover the ideas expressed, but how they are expressed. Patents prevent someone else from implementing the same concept, even if in different form.
Trade secrets are also much different than patents. First, patents are necessarily published as a part of the submission process, while trade secrets by definition are not. In fact, the holder of a trade secret must make an effort to keep the trade secret private in order for the trade secret to be valid and enforceable. Note that this protection does not have to be significant or difficult to circumvent, for example, a click-wrap license fits this requirement. Second, the idea or concept behind a trade secret is not necessarily protected by the force of law. If someone had the inclination, they could implement an alternative 40-bit encryption system for DVDs without infringing on the claimed trade secrets of the DVD CCA.
An invention can be protected by both trade secrets and copyrights (for a particular implementation), or by patents (on the idea) and copyrights (on the implementation). Integrating patents and trade secrets is likely to be much harder.
Other information: www.patents.com
2.11.2) Is CSS patented?
At this time, no patent is known to cover the descrambling of CSS-scrambled data.
Approximately half a dozen patents have been suggested that might cover the CSS scrambling system. Although some of these patents may describe extensions to CSS-like systems, none of them obviously cover the descrambling of CSS-scrambled data nor do they seem to describe other aspects of an ordinary DVD player's operation.
Sources:
http://www.patents.ibm.com/details?pn=US06009171__
http://www.patents.ibm.com/details?pn=US05915018__
http://www.patents.ibm.com/details?pn=US05910987__2.11.3) If CSS is patented, would that make DeCSS illegal in the U.S.?
As far as the NY lawsuit is concerned, no allegation of patent infringement has been made. Even if a patent covering the operation of DeCSS is found the probable outcome of a patent-related claim is unclear for three reasons.
First, there are questions about whether or not, and how far, a patent may be used to "interfere with" copyright. In U.S. v. Paramount 334 U.S. 131 (1948) the U.S. Supreme Court found that "block licensing" was illegal tying under anti-trust law. It is possible that the courts will find that patented access control schemes may not be used to achieve something copyright law does not permit. In concrete terms, a patent on CSS might allow the MPAA members to use their near-monopoly in copyrighted movies to achieve a monopoly in, or restrain trade in, play-back devices.
Some choice quotes from the decision show the court's reasonsing:
"For a copyright may no more be used than a patent to deter competition between rivals in the exploitation of their licenses.""That enlargement of the monopoly of the copyright was condemned below in reliance on the principle which forbids the owner of a patent to condition its use on the purchase or use of patented or unpatented materials."
Source:
http://caselaw.findlaw.com/cgi-bin/getcase.pl?navby=case&court=US&vol=334&invol=131Second, no one has made a specific announcement based on a comprehensive patent search as to whether DeCSS violates a patent or not.
Third, there is speculation that CSS may be unpatentable by virtue of failing the necessary test of "non-obviousness." However, no one on dvd-discuss is hanging their hat on this point yet.
There are probably Japanese patents too, but DVD-Discuss participants have not bothered to track them down as it is not clear that they have relevance to a U.S. court case, and some of the more directly related questions are still unanswered.
3.1.1) How does CSS scramble DVD contents?
According to the cryptographic analysis carried out by Frank Stevenson, CSS scrambles DVD contents by first using a series of keys (see question 3.1.2 ) to validate the authenticity of both the DVD and the DVD player, unlocking a title key which is then itself used as the main unscrambling key.Every DVD player on the market today is coded with a small set of "player keys" which identify that player as an authorized CSS playback mechanism; these keys are provided by the DVD licensing authorities (currently the DVD Copy Control Association) for a sizeable fee. There are currently just over four hundred player keys in circulation.
Every DVD disc on the market today is coded with a "disk key", identifying that disc. This key is not stored on the DVD in plaintext, but in encrypted form only. Each DVD contains a list of all valid player keys currently in circulation, encrypted against that DVD's disk key. The disc also contains an plaintext hash value of the disk key.
When a DVD player attempts to read a DVD, the player uses it's player key and proceeds down the list of encrypted disk keys on the disc, attempting to decrypt a disk key that matches the disk key hash on the DVD. If a correct disk key is found, this validates the player key and in turn the "title key" for the DVD becomes available.
The title key is then used to do the actual unscrambling of the DVD content via an XOR-style mangling algorithm.
For more information on this subject, see "Cryptographic Analysis of Content Scrambling System", by Frank A. Stevenson. (see question 4.3.1)
3.1.2) What are 'keys' and how do they work?
The technical answer would be: "A key is a variable information element which is required by a cryptographic algorithm in order to encipher or decipher data."
But that doesn't really help. It works like this :
You start with the original message; in cryptography circles this is called the "plaintext". This could be your grocery list, a book of nuclear codes or an email message. In the case of CSS, the plaintext is the original playable MPEG-2 video datastream.
Then you have some sort of well-defined process for transforming information in a fixed and predetermined way. This process is called the "algorithm". The algorithm is the engine that mangles the plaintext.
We could make a substitution cipher that re-encodes each letter in the alphabet with a different letter. One simple way of doing this is to shift each letter three places in the alphabet and to wrap the end of the alphabet back to the start. This scheme changes "A" into a "D", "B" into "E", and the end of the alphabet "X" becomes "A", "Y" moves to "B" and so forth.
A "key" is any information that is used with the algorithm to make it work in a slightly different way, according to the key. This forces anyone who wants to get at the original message to know *both* the algorithm and the key. One or the other doesn't do much good unless the key is so simple that it can be guessed through trial and error.
In our example cipher - known as a Caesar cipher - the key is the number of shifts made to each letter. In this case, the key is 3; the word "cat" would encode to "edv". If we chose a key of 4, the encoded text would be "few". The algorithm remains constant - alphabet shifting. But both the algorithm *and* the key are required in order to retrieve the plaintext message.
In digital encryption this whole process is much more complicated, but the principles are the same. The algorithm is usually a complex mathematical formula which requires a string of numbers as a key. The key then skews the formula to produce a different, but reliable, result.
It's a general rule in cryptography circles that a secure cryptographic system assumes that the "enemy" knows the algorithm; the security lies in the size of the key. A larger key allows for more possible different keys given the same key size, making it that much harder to guess the key and retrieve the plaintext message.
3.2.1) How does DeCSS work, exactly?
DeCSS operates much as any other DVD player operates - it uses a player key to unscramble the scrambled contents of a DVD to make playable MPEG-2 video files. DeCSS uses a player key obtained from the Xing software-based DVD player for Windows.
All versions of DeCSS currently in release are built around the Xing player key, which reportedly has been revoked at the time of this writing. If this is true, no newly-released DVDs can be descrambled with this player key; DeCSS will not work on these DVDs.
The "keyless" algorithm developed by the LiViD group was never incorporated into DeCSS. This algorithm allows the real-time identification of an available player key from the data on a DVD disk. It is not truly keyless; the algorithm determines a valid player key at run-time.
3.3.1) What is region coding? How does it differ from CSS scrambling?
"Region coding" is a technological scheme designed to make a DVD purchased in one part of the world unusable anywhere else. This is done by splitting the world up into seven "regions" and then coding a DVD to only be usable on players coded for those regions.
The reasons for this is primarily marketing. When a film opens in Europe, it often has already had its run in the United States and is coming to video and DVD. By placing technological blocks in place to keep DVD's coded for North America ("Region 1") from being usable on European ("Region ") players, this avoids movies being imported on DVD before they reach the theaters.
The other reason deals with the differing economic situations in various countries. DVD producers can afford to charge more for a DVD in certain countries (the U.S., for example) than in others (for example, India). Without region coding, nothing stops an enterprising DVD importer from importing hundreds of thousands of DVD's from countries in which the retail prices of DVD's are far lower. This would drive the price of retail DVD's to the level of VHS video.
What region a DVD may be played in is determined by a single byte in the data on the DVD. A region code of "0" indicates that a DVD may be played in all regions. While most "official" DVD players are coded for one particular region, there are some DVD players which are not. Some of these players have been modified to ignore region coding, or to change regions as the user wishes. Others allow a certain number of changes to the player's native region before no more changes are allowed.
The legal implications of region coding are a matter of debate; there have been discussions regarding whether region coding is legal, due to the fact that it allows potential problems with price fixing and other forms of market control. For these reasons region coding has already been outlawed in New Zealand.
There is no technological relation between region coding and CSS encryption; there are plenty of region-coded DVD's that are not CSS-encrypted. According to knowledgable sources, the CSS player licensing agreement however mandates that all CSS-licensed DVD players are also region coded.
None of the current DeCSS cases have anything to do directly with region coding.
3.3.2) Is a DVD a program, or is it data?
"It depends on what your definition of "program" is. According to the definition cited in 4.1 (above):
A ''computer program'' is a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.By this definition, a DVD can certainly be considered a program. Of course, it also contains data. However, DVD Video discs containing movies are created (authored) in such a way that it's very hard if not impossible to draw the line between what is "program" and what is "data" (or content). The DVD Video format allows for a great deal of interactivity and navigation within a well-defined specification, and the commands, menus, options, and instructions that enable the DVD movie content to be displayed on a DVD standalone player or on a DVD-equipped PC vary greatly between individual titles depending upon the unique content to be displayed. Navigation and search information specific to the video and audio content are included in the files that contain the video and audio - so that the program would be meaningless without the data, and the data would be useless without the program. Also, it would be impossible to "strip out" the data and use the remaining program on another, different set of audio/video data, or to change even a few bytes of information without affecting - or disabling - the way the program is displayed.
See the DVD FAQ, http://www.dvddemystified.com/dvdfaq.html#4.10
3.3.3) Is the CSS descrambling software stored on the DVD itself?
A number of people have suggested that the reverse engineering exemption applies because DeCSS provides interoperability between the LiVid player and CSS. To support this, claims have been made that CSS descrambling software is stored on the DVD itself.
This is not true. What is stored on a DVD is only the result of CSS scrambling; neither the scrambling nor descrambling applications are found on the media. Hardware DVD consoles contain the descrambling software built-in, as do software DVD players. DVD-ROM drives are not built with CSS descrambling circuitry.
3.3.4) Is a DVD player a computer?
3.3.5) Do any computer programs exist which are written in DVD program chains?
Digital Leisure, a Canadian DVD media company, produces a full line of computer video games for use with hardware DVD video players. Their products currently include DVD renditions of the 1980's arcade games Dragon's Lair, Dragon's Lair II and Space Ace, in addition to a number of others. Most of their products include versions specifically designed to operate on console DVD players without any external PC support.
3.3.6) Besides region coding and CSS, what other "protections" are used on DVDs?
Macrovision describes several signals that are added to the analog output of a DVD player. Most VCRs cannot properly record from an input containing Macrovision signals. Macrovision can be enabled or disabled by bits embedded in the DVD video format.
CGMS is an acronym for "copy generation management system." It is intended to prevent copies of copies of copies. CGMS/A refers to CGMS applied to line 21 of an analog NTSC signal.
CGMS/D is CGMS/Digital and is not yet finalized.
3.3.7) What computer operating systems currently are without CSS/DVD support?
Ron Gustavson, a participant in the Openlaw DVD Forum, has been researching this question. You can see his current findings on his website.
3.3.8) What are the differences between hardware and software DVD players?
Descrambling a CSS-scrambled datastream takes time and resources. In order to more efficiently play DVD's on computers in real time, physical chipsets have been created to do this descrambling independently of the system's CPU. These hardware playback systems do all the real work in unmangling the scrambled datastream; this frees up resources in the system itself and makes the entire process nearly transparent to the operating system and the CPU. The only thing the application needs to know is how exactly to interface with the decoder board.
A software-based DVD player does the same job as the hardware-based player, but does it all using system resources. No special additional software is required. While this method takes up much more resources (and hence usually requires a faster CPU and more memory) it also does not need special interface specifications outside of the ability to read a Micro-UDF format. The LiViD DVD Player is a software-only DVD playback system for Free Unix systems, mainly Linux.
3.4.1) What is a "program"?
17 U.S.C. 101 (Definitions), says the following:
A ''computer program'' is a set of statements or instructions to be used directly or indirectly in a computer in order to bring about a certain result.This is the legal definition for purposes of arguing 1201. A number of suggestions have been giving for defining it in engineering terms, such as the Turing Completeness of the language in which it is "written". (see question 3.4.2)
3.4.2) What does "Turing Completeness" refer to?
Turing Completeness is a term for computing environments - normally programming languages - which exhibit and can represent all of the functions of a Turing Machine. The Turing Machine is the theoretical foundation for all computing sciences that followed. The shorthand is that if a machine can emulate a Turing Machine, then it itself is a Turing Machine; it is then referred to as Turing Complete or Turing Equivalent.
Before Bryan Taylor looked it up and found the "program" definition in the copyright law (see 3.4.1), this was a point of contention within the forum. Turing Completeness was one of the criteria given for defining "program", and since it is referenced in the list, the question remains here.
For the most part, however, it is generally agreed to be irrelevant.
3.4.3) What is "reverse engineering"?
>From a purely technical sense, reverse engineering is the taking apart of something to figure out how it works. Legally, it's a bit more complicated.
This is what Judge Canby had to say on the matter in the recent Sony vs. Connectix reverse engineering case:
Reverse engineering encompasses several methods of gaining access to the functional elements of a software program.
They include:
(1) reading about the program;
(2) observing "the program in operation by using it on a computer;"
(3) performing a "static examination of the individual computer instructions contained within the program";
(4) performing a "dynamic examination of the individual computer instructions as the program is being run on a computer. Id. at 846.Method (1) is the least effective, because individual software manuals often misdescribe the real product. See id. It would be particularly ineffective in this case because Sony does not make such information available about its PlayStation. Methods (2), (3), and (4) require that the person seeking access load the target program on to a computer, an operation that necessarily involves copying the copyrighted program into the computer's random access memory or RAM.
Connectix employed method #2 in its reverse engineering of the Sony Playstation BIOS. The entire passage is substantially longer than the above; a full reading of the judge's opinion is recommended.
3.4.4) What is an "operating system"?
>From the DOJ v. Microsoft trial "Findings of Fact", issued by Judge Thomas Penfield Jackson on November 5, 1999:
An 'operating system' is a software program that controls the allocation and use of computer resources (such as central processing unit time, main memory space, disk space, and input/output channels). The operating system also supports the functions of software programs, called "applications," that perform specific user-oriented tasks. The operating system supports the functions of applications by exposing interfaces, called 'application programming interfaces,' or 'APIs.' These are synapses at which the developer of an application can connect to invoke pre-fabricated blocks of code in the operating system. These blocks of code in turn perform crucial tasks, such as displaying text on the computer screen. Because it supports applications while interacting more closely with the PC system's hardware, the operating system is said to serve as a 'platform.'
3.5.1) What does "40-bit" mean in terms of encryption strength?
"40-bit" refers to the size of the key used in the scrambling scheme. The size of the key is a measure of the length of time it would take to recover the scrambled data by the simple expedient of trying every key. For this measure of a scrambling systems' stength to be valid, the scambling algorithm must not have any weaknesses that reduce the length of time necessary to recover a scrambled message. A 40-bit key is five ASCII characters long, with 2^40 possible permutations, and hence 2^40 possible keys. That's about one trillion possible keys.
40-bit encryption is typically considered insecure and vulnerable to a brute force attack on the keyspace.
3.5.2) Why do some people refer to CSS as a "scrambling" system rather than encryption?
CSS is different from other examples of cryptography such as encrypted e-mail. Unlikey encrypted e-mail where the objective of the encryption is to maintain privacy, CSS has nothing to do with maintaining privacy or secrecy of the video. Anyone who buys a DVD containing a CSS "encrypted" movie can view that movie by placing it in a DVD player. This is totally unlike encrypted mail which only the intended recipients can read.
3.5.3) What is a "keyspace"?
A "keyspace" is the theoretical set of all possible permutations of a key, given a set key size. For example, if a key were two bits long, the keyspace would consist of four keys: 00, 01, 10, and 11.
3.5.4) What is a "brute force attack"?
A brute force attack on a keyspace means to run each permutation of the key through the decryption algorithm, one by one, until the correct key is found. Depending on the size of the effective key and the power of the machine doing the work, this process can take anywhere from a few milliseconds to the time from this moment to the heat death of the universe.
Brute-forcing a keyspace is typically the last resort in bypassing encryption, much as brute-forcing a password is the last resort in computer intrusion. It is usually far easier to find weaknesses in the system itself to exploit, possibly to find ways of reducing the effective size of the keyspace in order to make brute-forcing more feasible.
3.6.1) What is "linking"?
"Linking" refers to using hypertext links to make a reference to a location on the internet. After a browser reads the link, the link typically appears on the page in a different color as the rest of the text; clicking the mouse on the link loads the linked page.
Linking is the primary way on the web to reference one website from another.
Programming language compilers also use a stage called "linking" which means combining several object code files together. This is a completely different meaning, and the two have no relationship.
4.1.1) Where can I find a historical account of the breaking of CSS, October 1999 - Present?
The best source of this kind of information is from the horses mouth - the LiViD mailing list archives.
http://livid.on.openprojects.net/pipermail/livid-dev/
A DeCSS Chronology is also being prepared, to be posted soon.
4.1.2) Was there really a source code distribution contest?
Yes, there was. It was called the "Great International DVD Source Code Distribution Contest", and contrary to what some believe it was not done by computer criminals, but by respected members of the Linux communities. One of the judges of this contest was Eric Raymond, author of "The Cathedral and the Bazaar".
The contest concluded on January 18, 2000. You can find out more information about this contest, including the results, at http://dvd.zgp.org/.
Incidentally, another contest is currently being organized, based around the most obfuscated DeCSS source code method. More info at http://nttg.net/index.html.
4.1.3) Did someone really print T-shirts with source code on the back?
Yes, they did. This was done by the good folks over at copyleft.net, and they've recently added a second source code shirt to their selection. The shirts cost $15 USD each, with four dollars from each going to the EFF defense fund for purposes of defending these cases.
Each shirt has a logo on the front, and source code on the back. Go over to copyleft.net and take a look; pictures are posted.
4.2.1) Where can I get a copy of DeCSS or the source code?
You can find the source code at www.opendvd.org. You can find a copy of DeCSS just about anywhere; since December 1999 a massive mirroring campaign has been underway to distribute it as widely as possible. Try a search engine and search for "decss"; you should be able to find it easily.
The Openlaw website currently has links to several major lists of these mirror sites.
There are currently anywhere between hundreds and tens of thousands of copies of DeCSS currently posted to Internet web sites worldwide. No one knows exactly what the true numbers are.
4.2.2) Where can I get a copy of LiViD, the Linux Video Player?
The latest release of the LiViD source code can be found on the LiViD web site, at http://www.linuxvideo.org.
4.3.1) Where can I find technical information on CSS and DVD video?
You can find the CSS algorithm whitepaper by Frank A. Stevenson just about anywhere, in different formats:
HTML - http://cyber.law.harvard.edu/openlaw/DVD/resources/crypto.gq.nu.html
Postscript - http://www.derfrosch.de/decss/
RTF - http://www.solcities.co.uk/pc/findcss/crypto.html
An excellent general DVD reference is the DVD FAQ, at www.dvddemystified.com, maintained by Jim Taylor.
4.3.2) Where can I find more information about cryptographic systems?
There are a number of decent online sources for information on cryptography and cryptographic systems: many of them can be located at http://www.canis.uiuc.edu/~bgross/crypto.html.
However, it is generally agreed that the best publicly-available source of this sort of information comes in the book "Applied Cryptography", by Bruce Schneier. Without trying to sound like an advertisement, this really is a book that everyone should have on their bookshelves.
If you're interested in the history of cryptography, "The Codebreakers" by David Kahn is an excellent source.
Between these two books, you will know just about everything you need to know about the subject. Both books can be found at major booksellers.
4.3.3) Where can I find information about how DeCSS works?
The best sources of information are probably the livid-dev archives and the CSS whitepaper by Frank Stevenson. (Questions 4.3.1, 4.1.1)
4.4.1) Where can I find an online copy of Title 17, the U.S. Copyright Act?
The best possible online source is probably the search engine for the U.S. House of Representatives Office of the Law Revision Counsel, at http://uscode.house.gov/. >From here you can search the entire current United States Code.
It can also be looked up at the Legal Information Institute's web site, at http://www4.law.cornell.edu/uscode/17/index.html.
4.4.2) Where can I find an online copy of the DMCA as it was signed?
ftp://ftp.loc.gov/pub/thomas/cp105/hr796.txt
http://thomas.loc.gov/cgi-bin/cpquery/z?cp105:hr796:4.4.3) Where can I find the court documents of these cases to date?
John Young has been diligently archiving vast amounts of court documentation on this issue. You can find them at cryptome.org.
4.4.4) Where can I find online legal information regarding fair use?
An excellent source of fair use information is the Stanford University Libraries at http://fairuse.stanford.edu/primary/. (Steven Barker)
4.4.5) Where can I find an online copy of the U.S. Constitution?
The United States Constitution, in addition to a number of analyses and historical documents, can be found at:
http://www.access.gpo.gov/congress/senate/constitution/toc.html
http://lcweb2.loc.gov/const/const.html4.4.6) Where can I find information on the legislative history of 17 U.S.C. 1201?
http://www.hrrc.org/DMCA-leg-hist.html http://cyber.law.harvard.edu/openlaw/DVD/dmca/index.html
4.4.7) Where can I find an online copy of the Code of Federal Regulations?
The CFR lists all Federal regulations by which the United States Government operates.
4.4.8) Where can I find an online copy of the Federal Rules for Civil Procedures?
The FRCP defines the rules and regulations by which the Federal Civil Court system operates. This is an important read - it's good to know what the limits on civil jurisprudence in the United States are.
4.4.9) Where can I find general information concerning U.S. copyright law?
Terry Carroll maintains the Copyright Law FAQ; the FAQ has not been updated since 1994, but his website contains an "updates" page that covers changes made since 1994.
http://www.aimnet.com/~carroll/copyright/faq-home.html
Another good source is BitLaw's website:
4.4.10) Where can I look up general court cases that might be related?
A good general online source of information on court precedents is at Jurisline. They are at www.jurisline.com.
4.4.11) Where can I find some historical context to U.S. Civil Procedures?
4.4.12) Where can I find information concerning First Sale doctrine?
http://www4.law.cornell.edu/uscode/17/109.text.html
David Nimmer, Elliot Brown, Gary N. Frischling, The Metamorphosis of Contract into Expand, 87 Calif. L. Rev. 17 (Jan. 1999) http://cyber.law.harvard.edu/property/alternatives/nimmer.html (can copyright holders kill first sale with click-wrap licenses?)
4.4.13) Where can I find more information about trade secret and patent law?
4.4.14) What is "Nimmer on Copyright"?
This set of books is considered by many to be the "Bible of Copyright". It is quoted quite often in court decisions regarding copyright law. It is also a fairly expensive set of books - list price, approximately $1100 USD.
4.4.15) Where can I purchase legal books?
4.4.16) Where can I look up patents on record?
IBM maintains a reference to United States patents for general reference on the web. You can look up any standing U.S. patent at http://www.patents.ibm.com/.
4.4.17) Where can I find basic information on how to properly conduct legal research?
A good primer for legal research that can be found online is the Legal Research FAQ, maintained by Mark Eckenwiler. This is strongly recommended reading before hitting the law library, if you haven't completed a first year in law school.
http://www.faqs.org/faqs/law/research/part1/ http://www.faqs.org/faqs/law/research/part2/
5.1.1) DVD-Discuss
This is the Openlaw DVD forum, hosted at the Berkman Center for Internet & Society at Harvard Law School (http://cyber.law.harvard.edu/) and moderated by Wendy Seltzer. It is freely open to anyone who wishes to participate. It's purpose is to facilitate new discussions and ideas in the current DeCSS/DVD cases.
It is highly recommended that anyone participating in DVD-Discuss, however, read this FAQ and the list archives in order to know what has already been discussed. Nothing is gained by arguing topics that have already been easily settled and documented, except wasted bandwidth.
Mailing list archives are available at http://cyber.law.harvard.edu/archive/dvd-discuss/
5.1.2) DVD-Announce
This is a much smaller volume list sponsored by Openlaw, intended primarily for periodic announcements relating to the Openlaw DVD forum.
5.1.3) How can I sign up?
Subscribing to the DVD-Discuss majordomo mailing list is simple: go to the Openlaw DVD website at http://cyber.law.harvard.edu/openlaw/dvd/ and follow the instructions. You will be notified by email that you are subscribed. At that point, find a place in the discussion and start posting.
6.1.1) Contributor Biographies
The following individuals are instrumental in assembling the information contained in this FAQ and in keeping the material up-to-date:
Wendy Seltzer is a litigation associate with the law firm of Kramer Levin Naftalis & Frankel and a Fellow with the Berkman Center for Internet & Society at Harvard Law School. She is a lawyer, but can also be found hacking Perl for the Berkman Center's distance education endeavors.
Paul Fenimore is a physicist. He lives in Los Alamos, NM USA.
Sampo Syreeni is a student of mathematics and computer science at the University of Helsinki, Finland.
Dana Parker is a freelance writer, consultant, and co-author of four books on compact disc technologies. Dana has been involved in CD technology since 1989, and has covered the technical and market development of DVD since 1993. She is currently avoiding work on a book about DVD for Prentice Hall Professional Technical Reference. She writes the Standard Deviations column for Emedia magazine, is the chair of the DVD PRO Conference and Expo, and co-chair of DVD 2000 Europe.
Bryan Taylor, who lives in San Antonio, TX USA is a database consultant specializing in performance tuning of Oracle databases. His two hobbies are open source software and civil liberties. Bryan is not a lawyer, but his wife and uncle are, which makes him a little jealous.
Rares Marian, from Waterbury, CT USA, volunteers at #linuxhelp chat on irc.linux.com, F-CPU(64-bit openIP chip), LAMP(Linux audio), Dolphin (CORBA based OS), and is starting a high tech multimedia business.
Sham Gardner, is a software engineer for a Linux-based ISP in Karlsruhe, Germany.
Jason M. Felice is a consultant, Cleveland Linux Users' Group member, and Open Source software author from Cleveland, Ohio USA. Current free software projects include the Linux 5250 emulator, an RPG II/III compiler, and a VPN configuration and management package.
Rob Warren is a Unix client/server consultant in the Tampa, Florida USA area, as well as a Linux developer. His current projects include GXAnim (the GTK+ frontend for the XAnim video player) and the Canvas Project, hosted at Linuxpower.org. He is also a member of the Electronic Frontier Foundation, and has been a computer geek far longer than he cares to admit.
Ron Gustavson is a Medfield, Massachusetts-based (US) writer and consultant. His articles have appeared in CD-ROM Professional, EMedia Professional, A/V Video Multimedia Product, and Film & Video magazines.
Ian R. Hay is a Canadian law student with an interest in practicing in the area of technology law. Ian was actually an Arts student as an undergrad, but has slipped quietly and unnoticed into the ranks of the technically literate.
Steven Barker is currently an undergraduate majoring in math and computer science at the University of Illinois. He is a proud Linux user and a concerned U.S. citizen.
Benjamin Reeve is an attorney from Massachusetts, USA. He wrote his first piece of computer code in 1968 on an IBM 7094, and has learned - and mostly forgotten - instructions sets for a couple of dozen types of processors since then.
Russell Miller has been a UNIX administrator for five years, and before that he was a piano major in college. He is also proficient with the clarinet and a whole bunch of arcane computer languages. He has two spice finches named "Bill" and "Monica" (and is looking for a little blue dress to put on their cage), a fish, and a bunch of snails to keep him company. He doesn't particularly like the MPAA at this point in time. Russ lives in Beaverton, Oregon USA.
Eric Seppanen is a hardware and software developer, and has been a Linux user since 1993. He lives in Minneapolis, Minnesota USA.
Sam Tobin-Hochstadt is a first-year undergraduate at the University of Chicago. He doesn't own a DVD player, but he does have a copy of DeCSS. In addition to crusading against injustice, he works on the AbiWord word processor.
We don't know a whole lot about Sean Standish, otherwise known as Sparky. We think he may be a spy for the French government. Or possibly a superhero in disguise. At any rate, he's an all-purpose good guy and this FAQ would not have been possible without him. :)