Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

DVD CCA Applies for Restraining Order 895

Robert Jones writes "I have just received an email which I think will be of interest to many Slashdotters. Apparently, the DVD CCA [Copyright Control Association] has applied for a restraining order against myself and approximately 70 others to keep us from distributing 'any proprietary property or trade secrets relating to the CSS technology'. The hearing will be at 'the Superior Court of Santa Clara County, State of California, on December 29, 1999, at 8:30 a.m.' This will probably result in the bastards silencing us, but what can you do? If this goes through, I will never purchase a DVD player using current technology." Yes, the e-mail is real. Many people sent copies. We'll post an in-depth story within a day or two.
This discussion has been archived. No new comments can be posted.

DVD CCA Applies for Restraining Order

Comments Filter:
  • by HalfFlat ( 121672 ) on Monday December 27, 1999 @02:15PM (#1440222)

    Is something still a trade secret if it has been reverse engineered? I thought this was the trade off between patenting and keeping something a trade secret. Surely they can't have it both ways?

  • overseas mirrors.

    Make the code ubiquitous, and it simply won't matter any more. :)

    --
    blue
  • by ~spot ( 5023 ) on Monday December 27, 1999 @02:17PM (#1440226)
    slashdot is also mentioned in the email, which is mirrored here: http://douglas.min.net/~drw/css-auth/legal-info/ ~spot
  • by Signal 11 ( 7608 ) on Monday December 27, 1999 @02:17PM (#1440228)
    They didn't serve me, Who wants some DeCSS? I got source, I got source!!!!

    Anybody ever play "whack the mole"? Watching these lawyers try to stop the flood of information is like playing the game - every time you smack one down with your mallet two more pop up.

    If anyone wants the source, contact me [mailto]. Oh yes, and I'm making a dare to any of the lawyers out there - whack this mole.

  • about the legal merits of the case.

    For someting to be a trade secret, you need to take steps to keep it a secret. If the technology is reverse engineered without reference to protected material, I don't think that they have a case.

    I guess they realized that they would be really up a creek if they tried copyright law on this one.
  • by dieman ( 4814 ) on Monday December 27, 1999 @02:24PM (#1440236) Homepage
    The DVD algorithms that were found through some clever hacking were not found by rummaging through propretary documents or other blackops means, but through working with software. The software that they aquired the "method of decryption" from was not found illegally in the country it was found. That technology then was legally exported into the united states. These methods are pretty boring and were quickly incorprated into some nice pieces of software. Wheres the lawsuit, oh yeah, the DVD people DONT WANT YOU TO beable to use the technology yourself. That would give the consumer some rights to a product that could the copied and *gasp* pirated.

    Sorry DSS guys, it was too late when you released the format.
  • by small_dick ( 127697 ) on Monday December 27, 1999 @02:25PM (#1440237)
    remember the machine-breakers of england?

    those were the good old days. if a company tried something like this, their buildings would be burned and the owner tarred and feathered in front of his house. sure it's dangerous, but how dangerous is it to let someone step on your freedom? is it really better to die on your feet than live on your knees?

    are these companies paying me to allow their software and data run though MY computer and MY cables in MY house? do I have the right to put a logic analyzer or debugger on my system and look at the registers, memory and I/O or the various hardware and programs? can i use than information in turn for whatever purpose i choose? when will this become a "fair use" issue? reselling someone's app as your own is one issue, but using their protocols and command set should be quite another.

    sometimes i think that the only reason corporations get away with this stuff is that we've become so acclimated to greed and selfishness that we have forgotten how to stand together and fight when we see it.

    c'mon everyone, join me in a rousing chorus of "BAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

    they will lose in the long run. make it sexy, make it warez.
  • by Hobbex ( 41473 ) on Monday December 27, 1999 @02:25PM (#1440238)

    With only a couple of days to go, I think that this, more than anything else, personifies and highlights the fight we have ahead of us. Nothing is such a danger to the values that ANYONE who loves the Internet and the Information age holds highly then this fight of stupidity (armed with guns) against the progress of the mind.

    I'm pretty much at a lack for words right now, so I will just send my moral support to anyone targeted by this outrage. However, this is a battle we can fight on our turf and they can fight on their's. The courtroom is definitely theirs.

    There was never a revolution without somebody going under wheel, and there was never a meme to go under without a fight. And there has never been a fighter like corporate society.

    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • by chuckw ( 15728 ) on Monday December 27, 1999 @02:26PM (#1440241) Homepage Journal
    Look folks, the only way to combat this is for everyone to distribute copies of this software and associated documentation. Go here [free-dvd.org.lu] and download all of the local files and host them in as many locations as you can. If possible mirror the actual page rather than downloading. Just get them in as many public locations as possible any way you can. Lets make 'em play whack-a-mole.

    Remember, one ant won't make a bit of difference, nor will two or three, but millions can overcome any obstacle.

    Another issue I am reminded of here is that this is a great experiment by the powers that be. It has long been held that you cannot regulate the internet because it is so distributed and decentralized. If they win, it will be proven that it is easier to control the content of the internet than was previously thought...

    Good Luck!

    -Chuck
    --
  • by drwiii ( 434 ) on Monday December 27, 1999 @02:26PM (#1440242) Homepage
    Here's the nastygram [min.net] (was sent in MS-Word format, HTMLized [more-or-less] for your pleasure) that I got via email this afternoon. Expect my css-auth mirror [min.net] to close by midnight tonight. On the advice of legal counsel, I'm not at liberty to discuss matters further.

    Douglas R. Winslow

  • OK, let me see if I have this straight, so far we are to boycott eToys, Amazon, Google, and now DVDs?

    Is everyone evil?

    --Alain

  • Item 29 points out that slashdot linked to a site that had the DeCSS, and notes other sites that linked to sites with DeCSS. Is this a threat?

    Oh, and get item 32. They're saying that because of DeCSS, the whole DVD industry is going to dry up. What a horrible joke.
  • by Signal 11 ( 7608 ) on Monday December 27, 1999 @02:29PM (#1440250)
    Download this [mediaone.net].

    Let them try to call a few hundred thousand people into court... I'd like to see that. =)

  • by fishbowl ( 7759 ) on Monday December 27, 1999 @02:29PM (#1440251)
    I cannot be in Santa Clara on that day, but if there are as many activists within reach of this article as one is led to believe, and if they believe so fully in their views, go be heard in the courtroom venue.

    If I read on Dec. 29th that the hearing came and went without a standing-room-only courtroom, with all sides of the issue having been clearly heard, I will stop caring about the intellectual property debate.

    It's not as if the article was "they applied for AND RECEIVED a restraining order." There is still an opportunity to influence the court. If nothing else, a judge could be made to realize that this matter is not something that should be decided off the cuff, but rather has very significant implications. Simply having a few thousand people on the courthouse steps that day would probably be enough to effect change.

    Do I think it will happen? No. Will I be there? No. When the rubber meets the road on these issues, the bottom line is we really don't care. We Email our congress people, but do we snail mail them? Are these issues even worth $.33 to us? Maybe not. History will tell.
  • by elixir ( 21353 ) on Monday December 27, 1999 @02:29PM (#1440253) Homepage
    47. On information and belief, this proprietary information was obtained by willfully "hacking" and/or improperly reverse engineering
    software created by CSS licensee Xing Technology Corporation ("Xing"). Xing's software is and was licensed to users under a license agreement which
    specifically prohibits reverse engineering.
  • by MrLizard ( 95131 ) on Monday December 27, 1999 @02:31PM (#1440256)
    Heh. In case you missed it, there are no more such tradeoffs. A combination of techno-illiterate judges, brain-dead patent officials, and good old fashioned corruption has basically reduced the court system for IP issues to a modern form of 'trial by combat'. In Ye Olden Dayse, you see, issues could be settled by hiring a champion to fight for you. The richest man, obviously, could hire the best champion -- thus assuring himself victory, unless the person he was in disagreement with was named 'Volagr, Destroyer Of Towns' or some such.

    Today, the situation is similair, though less physical blood is shed. A court system that inflicts almost no penalty on those who file baseless lawsuits encourages such filings, and the victim often has no resources to challenge it.

    The recent 'extension' to the 'limited copyright' granted in the Constitution is a prime example of this.

    I tend to be in favor of IP rights as social convention -- they should be honored because it is the right thing to do. The last few years have seen so many attacks on basic rights in the name of protecting IP that I can no longer in good conscience claim that the current system is workable.

  • The main reason this code (DeCCS) is important is it helps for writing DVD software for linux. And to the person who said blame the people who wrote the standards for allowing it to be cracked, as long as there are software players for any standard it will be crackable, without a doubt. For more information see http://www.counterpane.com/crypto-gram-9911.html#D VDEncryptionBroken , on why you will never have secure software.
  • With all of this crap going on about the Linux DVD project getting shut down, I've been really pissed at these guys. Really. Not only are they calling a project with the pupose of watching movies piracy, they're attempting to take the DeCSS code off of the Internet.

    Trying to get something off the Internet is like trying to get pee out of a swimming pool. Once it's in there, it's in there. The fact that they're trying to proves that they're not evil like I've come to believe, but merely idiots. They think any form of copy is illegal, the only purpose of decrypting a DVD is piracy, and that we apparantly shouldn't be allowed to watch DVD's in the operating system of our choice. (An obvious infringment of fair use)

    Will someone ever come along with the money/time to take on these morons? Or will be doomed to be bullied by them? I'm really getting sick of hearing how they're taking away my rights.

  • Oh so it's okay to create XXX that will cause widespread piracy?

    Better ban the photocopier then... those damn copies of books are overflowing my bookcases I tell you...

    Those damn pirates! They hijacked my ship, pillaged my treasure, and raped the women! Someone must make a restraining order against them!

  • cvs -d :pserver:anonymous@cvs.on.openprojects.net:/cvs/li vid -z3 co css-auth


    That's the command to download from the anonymous CVS repository.

    Now of course, the code is out, this is just the mechanical yapping of lawyers. What would really make sense is for these industry organizations to come forth and admit that there's no holding DVD back, and open up the doors. They could release open source DVD code and their sales would rise slightly (as opposed to the doom that they predict). How can I know this? Bacause the pirates already have the code so we know pirating will not be increased.

    And the DVD organizations would not slack off on prosecuting pirates just because there's an open source reader. Do book companies fail to sell because I could photo-copy the book and sell it? Of course not (books fail to sell because no one reads, but that's a separate issue).

    Will they ever learn?
  • You have missed the whole point. This has nothing to do with piracy. The whole purpose of the DeCSS code is to give people a way to play the DVDs that they've bought. If you want the technology to prosper, then you should support peoples' right to read and play their DVDs.


    ---
  • DeCSS can be used to -copy- a DVD. Not all copying is piracy. DVDs can get scratched pretty easily, but if you have a "color corrector box" you can record you DVD onto a high-quality VHS tape, and watch that until it wears out, keeping your DVDs safely in a safe deposit box or something. They're acting as if there's no legitimate reason to even copy a DVD, let alone that DeCSS has applications other than copying them.
  • Yes, exactly. You have hit the nail on the head. It explicitly falls under fair use to reverse engineer/modify software for the purpose of making it work with your system. This was decided years ago in some of the early computer software copyright lawsuits.
  • by orangesquid ( 79734 ) <orangesquid AT yahoo DOT com> on Monday December 27, 1999 @02:43PM (#1440282) Homepage Journal
    Yes, of course they/we/whomever has an understanding of the real world.

    In the real world, there's this new type of media called DVD, and this format in which it is stored, called CSS. CSS is an encryption format; it's not proprietary, really, as they (the creators) have published papers explaining how it works. What they haven't published, however, are the list of keys that can be used with CSS to decrypt DVD movies.

    It is a perfectly feasible option to buy a product which will decrypt DVD movies (so they can be played) without having to know any of the keys.
    Such products come in two forms: (a) hardware, or actual physical VCR-like devices that connect to a TV, and (b) software, which decodes the DVD format with the aid of a computer.

    Although both schemes require a key to operate, the key is embedded - the end user does not need to know what the key is in order to use the product.

    This would work well for any standardized environment; from the hardware point of view, as long as you had a standard 60-hz NTSC television, you could use a NTSC DVD decoder; if you had a 50-hz PAL television, like in Europe, you could use a PAL DVD decoder. Here, there are only two major standards that companies need to produce products for.

    In the software world, things are much more complicated. Not only are there different standards for how a software product talks to the operating system, but there are different graphical standards, different standards for talking to the DVD drive, etc.

    Software companies so far have fulfilled very few niches in terms of all the standards in use. This means that there is still a demand that is unfulfilled, and in the _real world_, demand and supply go together hand-in-hand.

    In other words, in the "real world", by not providing enough supply to make everybody happy, you invite competing products.

    The only illegal thing done here is to have reverse-engineered a poorly-written software decoder to extract a key. However, it would also have been possible to brute-force test keys until one was found, although it would have taken a while.

    So, here (as I see it) are all the things going on here:
    In the case of the company with the poorly-written software, negligence.
    In the case of the program crackers, reverse engineering. (but is it really illegal to know what the processor knows? I mean, you *own* the damn processor after all!)

    Just my $0.02.


    --TheOrangeSquid


    The fellow sat down at a bar, ordered a drink and asked the bartender if he
    wanted to hear a dumb-jock joke.
    "Hey, buddy," the bartender replied, "you see those two guys next to
    you? They used to be with the Chicago Bears. The two dudes behind you made
    the U.S. Olympic wrestling team. And for you information, I used to play
    center at Notre Dame."
    "Forget it," the customer said. "I don't want to explain it five
    times."
  • I don't *think* so, it should now be public domain, but I by no means understand the nonsense known as law.

    But my bet is that regardless of whether or not it is, these 70-odd people pissed off many very large companies that have vested interestes and lots of money. So they'll be browbeaten into submission. True, they won't have thugs marching up to their door to beat them up like the unionizers had 100 years ago, but is it really all that different to have 100 lawyers march up to your door and give lawsuits, restraining orders, police raids, and such?

    Look at eToy/eToys, www.veronica.org, Scientology, or the DVD consortium 2 months ago.

    Since my thoughts are shallow today, would someone else wonder about the historical precident of this. Is this deeply similar to the labor leaders from 100 years ago who risked being beaten up, sometimes even killed, for fighting corporations?

    I await replies.
  • by fishbowl ( 7759 ) on Monday December 27, 1999 @02:45PM (#1440285)
    "because there was no
    DVD support for *n?x operating systems"

    When I mentioned that, I got flamed by people saying that there was in fact DVD support for Linux. What I have yet to see, however, is "enough" DVD support to justify it being a bullet point for what's supported by the OS. At best,
    playing a DVD on linux seems to require:

    1. Willingness to take a risk in a hardware purchase, for equipment that may not be usable on your OS.
    2. Technical savvy enough to run a very experimental system (far beyond the usual requirement for the OS).
    3. Willingness to be considered part of a criminal conspiracy by the DVD industry (if this court order goes through and follows to its logical conclusion).

    That makes Linux a laughable alternative to Windows9x for the application of playing DVD.

    Unless you can give me a cookbook solution (what DVD drive to buy, what software to run it on, works with all titles, totally legal to obtain and use in the USA), don't you dare flame me for saying this. Linux remains an unacceptable solution for the DVD player application.

  • Do these letters usually have a "Prayer for relief" at the end? What's up with that. I don't get it, when did God come in to the legal system.

    That is the general form. The use of prayer here is somewhat archaic but correct. Prayer does not have to be to god, in this case, it is to the court. It is simply a request for intercession from a higher authority.

  • Although I'm sure 99% of Slashdot readers understand this point intuitively, I'm going out of my way to make it extra clear to those who don't know much about the subject or who haven't put much though into it:

    The breaking of CSS encryption has absolutely nothing to do with piracy. Think about it for a second: how feasible is it to move around 5- and 6- gigabyte DVDs? How do you store them? Not on your hard drive, that's for sure! How many people do you think can afford a DVD burner capable creating true dual-layer DVDs (and not DVD-RAM discs, which are something completetly different?) And when DVDs can be bought online by a judicious shopper for as little as $5 per title, do you really think anyone's going to go out of his way to pirate them? It's far easier to hook a VCR to the video output of your DVD decoder card and videotape the damned things! The loss of quality is far less than if one were to recompress an MPEG2 stream using a lossier but higher-compression encoding.

    No, the issue at hand here is that of free access to information--an issue that has traditionally been very important to the open-source community and very unimportant to the corporations that write your software and, to an increasing degree, control your life.

    You see, when the DVD manufacturers came up with CSS, their goal was not to protect the intellectual property contained on DVDs; rather, they were establishing an ironclad grip on the entire DVD market. They control who gets to view DVDs, how, and with what hardware and software. They have accomplished this end through the use of a proprietary encryption scheme (CSS) about which they have released no information. Of course, if they'd bothered to consult with any security professional, they would have been told that security through obscurity simply doesn't work, as has been proven endlessly, usually at the expensive of the implementor of said obscure security.

    Now, someone has broken their cute little encryption scheme, which they never patented and never published. In what is basically a panic response, they are wasting millions of dollars and contemplating turning the entire DVD market on its side just so they can maintain total control of the market.

    As if this wasn't bad enough, they are threatening legal action against the people who cracked CSS, an activity that never was and still isn't illegal, and they are trying to block them from publishing anything else they find out about the non-patented CSS encryption algorithm. This is a violation of the CSS crackers' right to free speech which, if you'll recall, if a constitutional right.

    This is an old story, of course. Those of you who have been around long enough can remember countless other occasions where some company's naive encryption scheme was broken and the corporate response was to attempt a legal assassination of the cracker in order to maintain security.

    So, instead of whining irrelevantly about piracy, why don't you boycott DVDs yourself in order to protest the violation of someone's first amendement rights? Somebody might someday do the same thing for you when you find yourself against the wall.

  • The whole situation reminds me of how companies see emulation. Reverse engineering to the point that you no longer need to use genuine hardware. While this is not piracy, it's seen as a promotor of it.

    While I feel this should be legal, if someone could explain just why this should be and lock-picking isn't. its still illegal if you reverse engineer how to make a key that fits, right?

  • by Anonymous Coward
    Print the CSS algorithm pseudo-code, and css-auth's code on a series of t-shirts. It's HOPEFULLY covered under the 1st Amendment here in the not so good USA. Anybody willing to do this? Thinkgeek? Copyleft? Anybody with a silk screen...
  • by Money__ ( 87045 ) on Monday December 27, 1999 @02:47PM (#1440293)
    The Defendants:(are you one of them?

    (apologies for the length of post)

    1. www.free-dvd.org.lu
    2.josefine.ben.tuwien.ac.at/~david/dvd
    3.rockme.virtualave.net/
    4.amor.rz.hu-berlin.de/~h0444t2v
    5.www.homestead.com/_ksi0701961562917005/avoid.../ index.htm
    6.www.anglefire.com/jazz/avoiderman/
    7.www.intelcities.com/Main_Street/Avoiderman/
    8.www.members.theglobe.com/avoiderman/dvd.htm
    9.members.zoom.com/_XMCM/lkjhgfdsa2/index.html
    10.www.vexed.net/CSS/
    11.www.unitycode.org/
    12.batman.jytol.fi/~vuori/dvd/
    13.www.zpok.demon.co.uk/
    14.www.dvdlinks.co.uk/css/
    15.www.twistedlogic.com/archive/dvd
    16.www.capital.net/~wooly/
    17.geocities.com/ResearchTriangle/Campus/8877/inde x.htmlgeocities.com/ResearchTriangle/Cam pus/8877/index.html
    18.www.angelfire.com/mt/popefelix/
    19.members.tripod.lycos.nl/jvz/
    20.tv.acmecity.com/parody/356/index.html
    21.cryptome.org/dvd-free.htm
    22.altern.org/bettina/0a0a.html
    23.www.crosswinds.net/~valo/DeCSS/
    24.info.astercity.net/~nicodem/
    25.134.100.185.221/decss/
    26.www.dvdripper.videopage.de/
    27.Crypto.gq.nu
    28.www.humpin.org/decss
    29.209.132.25.138/~inkk/DVD/
    30.members.brabant.chello.nl/~j.vreeken/main.html
    31.dirtass.beyatch.net/
    32.therapy.endorphin.org/DVD/
    33.www.angelfire.com/in2/mirror/
    34.sent.freeserve.co.uk/DeCSS
    35.members.tripod.co.uk/bap/css/css.html
    36.angelfire.com/myband/decss/top.htmlangelfire.co m/myband/decss/top.html
    37.www.fortunecity.com/tinpan/tylerbridge/679/dvd. htmlfortunecity.com/tinpan/tylerbridge/6 79/dvdcss.html
    38.munitions.vipul.net/software/algorithms/streamc iphers/decss.tar.gz
    39.munitions.polkaroo.net/software/algorithms/stre amciphers/decss.tar.gz
    40.munitions.dyn.org/software/algorithms/streamcip hers/decss.tar.gz
    41.munitions.cifs.org/software/algorithms/streamci phers/decss.tar.gz
    42.uk1.munitions.net/software/algorithms/streamcip hers/decss.tar.gz
    43.munitions.firenze.linux.it/algorithms/streamcip hers/decss.tar.gz
    44.perso.libertysurf.fr/ortal98/dvd_rip/decss_12b. zip
    45.users.drak.net/bemann/software/css/
    46.www.geocities.com/SiliconValley/Port/3224/
    47.ftp://alma.dhs.org/pub/DVD/
    48.decss.tripod.com/index.html
    49.discordia.de/decss/DeCss.zip
    50.www.dvd-copy.com/
    51.dvdtidbits.com/dvd.shtml
    52.www.neophile.net/
    53.perso.club-internet.fr/ches/dl/rippers/
    54.plato.nebulanet.net:88/css/
    55.quintessenzs.at/q/mirrors.html
    56.www.ceraton.com/decss/
    57.slashdot.org/articles/99/11/09/1342207.shtml
    58.cryptome.org/dvd-css.htm
    59.ftp://dvd:dvd@206.98.63.136/
    60.www.deja.com/getdoc.xp?AN=547600297
    61.www.brakton.freeservers.com/#downloads
    62.www.remco.xgov.net/dvd/
    63.www.dvdcracked.tvheaven.com/index.html
    64.dvdsite.homepage.com/
    65.www.geocities.com/Hollywood/Derby/2659
    66.get.to/dvdsite
    67.home.worldonline.dk/~andersa/download/index.htm
    68.www.ooze.org/dvd.html
    69.start.at/dvdsoft
    70.mmadb.no/hwplus/DeCSS/decss.html
    71.home.sol.no/~espen-b/dvd/css/decss.html
    72.o2.uio.no/dvd
    _________________________

  • Was I not the only one to notice that the email gave a list of 30-odd URL's with CSS stuff? Lets everybody with a good connection start mirroring all the sites they convienently indexed and cataloged for us! :)

    Your one stop shop for CSS information: Their court filing. :)



  • Several people have already taken on some aspects of this issue. The EFF indicated interest. Hopefully they will have the guts to follow up that interest with action. 2600 magazine are also mirroring all the DVD material and waiting for first amendmant fireworks.

    But then the USA is the country that grew copyright laws 20 years because nice Disney asked and one that allowed home video taping by a single vote in the supreme court... thats how close it came to being the only place you couldnt do home taping....

    Alan
  • apparently the lawyers aren't bright enough to figure out who runs /.

    Doe 57 is listed as whoever is responsible for this /. article [slashdot.org], so it's either Hemos or Rob... or maybe the legal guns of Andover.net are going to have to be brought to bear on this one.
  • Thanks for the link, one part I found humerous was:

    32. Without the motion picture companies? copyrighted content for DVD video, there would be no viable market for computer DVD drives and DVD players, as well as the related computer chips and software necessary to run these devices and, thus, there would be no DVD video industry.

    So I guess without CSS we'd just pop DVD's in our existing CD-ROM drives and they'd work huh? I suppose you'd pop a DVD in your laserdisc player or VHS player and it'd work?

    The storage capacity of DVD drives ALONE would MORE then make them a sought after product by computer owners, not to mention that you kindof need a DVD player to play DVD's on a TV....

    Is it just me or are the IQ's of lawyers a direct inverse proportion to their price tag?

    -- iCEBaLM
  • So, nothing that can be used for a bad purpose should be done at all for any purpose? There goes nearly everything including fire, the wheel, and spears.

  • I wonder how hard it would be to run these guys out of money or energy by making them continuely use their lawyers to attack us.

    It would probably be hard to coordinate but if we just keep putting up web sites every time they sue one of us eventually they'll get tired of it or they'll go broke. Sure it will take awhile but it may be fun to watch.

  • by Royster ( 16042 ) on Monday December 27, 1999 @02:56PM (#1440306) Homepage

    CmdrTaco

    Hemos

    Andover

    John

    DVD Consortium sux

  • by Oates ( 18921 ) on Monday December 27, 1999 @02:56PM (#1440309) Homepage
    How does a State Superior Court have any impact or bearing on a citizen of Denmark, Australia, or whatnot?

    It's not a US federal court case. As far as I know, the state of California does NOT have any extradition treaty with Denmark or Australia, for example.

    What do non-US nationals have to fear? Also, what about US residents who have given up their US citizenship and live only as citizens of another US state? (Yes, I've seen a few--it's a good way to get out of Social Security and the IRS.)

    Chris
  • by emmons ( 94632 ) on Monday December 27, 1999 @02:57PM (#1440311) Homepage
    Yeah, I recieved one of those lovely letters also... you can read it here [frozenlinux.com]. Contrary to what was written in the email, it's perfectly legal to distribute the notice.

    I promptly called my lawyer (actually a close friend) after recieving the email and he said I have nothing to worry about. Firstly, such a notice must be mailed to me, not emailed. And even by post is not legally binding. Secondly, if they do get their little restraining order, it must be delivered to me in person... hehe, I'm in germany right now. Based on what I told him he said (gasp) that they're just trying scare tactics. I forwarded the email to him, he will review it and give me more advice tomorrow morning.

    This sure is a fun, isn't it?

    -----
  • by grot ( 57003 ) on Monday December 27, 1999 @02:59PM (#1440313)
    I'll be there. Unfortunately, I don't have a "Team Slashdot" t-shirt, but maybe we could get Andover to fed-ex a box of 'em to distribute to anybody who shows up and finds the Official Slashdot T-Shirt Distributor? I'd even be willing to pay for mine, but I think it'd be a good idea for as many people as possible to be both present and recognizable.
  • by 1010011010 ( 53039 ) on Monday December 27, 1999 @03:00PM (#1440315) Homepage
    We've heard a lot about CSS, its being cracked, and various vult^h^h^h^hlawyers getting involved. DVD is turing out to be a real mess. So, at the risk of getting sued for talking about another way in which DVD is screwed, here goes...

    I got a DVD player for Christmas today. It's the regular console-type thing with composite, digital audio and s-video outputs. I have a somewhat older 27" TV that takes only RF input. So, I hooked the DVD player to my VCR, which takes composite in and emits RF out. Problem solved, I thought... but no. The video goes through a cycle of great->flickery color->crap in color->crap in monochrome->great, repeat. Funny enough, in the troubleshooting section of the manual, under "I can't record DVD video to VHS tape," it pretty much says, "that's right." It seems that they have screwed around with the hsync signal coming out of the box, such that any intermediate device, like a VCR, degrades the video. Short of buying a new TV with s-video or composite inputs, or a timebase corrector (which would probably cost more than a new TV), what can I do? This seems to be a common problem with DVD players. I've got a perfectly legal TV, perfectly legal HiFi VCR, perfectly legal DVD player, and a perfectly legal copy of the Matrix ("DVD killer app"), which I can't use together because of a very stupid, artificial problem. Little help here?
  • How can some of the people named in the suite answer the call to court if they aren't even in the State of California? I hope someone in California can show up and represent their interested....
  • by Morgaine ( 4316 ) on Monday December 27, 1999 @03:05PM (#1440325)
    The hearing will be at 'the Superior Court of Santa Clara County, State of California, on December 29, 1999, at 8:30 a.m.'

    It is impossible for the hearing to go ahead with fair consideration and representation on this date, on account of all the defendents being fully occupied getting ready to prevent the collapse of western civilization through the millennium bug. And no geeks ever get up before midday anyway.
  • Microsoft managed to gain enough financial resources to become a monopoly, even with virtually no copy protection on any of its products--Even with charging obscene fees for its software (providing an excellent motive to try and pirate their stuff) people still kept paying.

    I was reading through the manual to one of loki's games, and in the end, the authors asked for people to boycott copy-protected software. Their argument was that people had a fixed budget to spend on software, and if no one else was doing copy protection, then the users would pay for the software they liked the best. However if stuff was copy protected, the copy protected stuff would get paid for first.

    However one key point is from this is even without copy protection, a good chunk of the population still pays for the digital media that they like.

    I suspect that most people would willingly cooperate with a company that shows that it respects and trusts its customers far more than a company who forces everyone to conform through heavy handed power trips.

    I guess these corporate types haven't read "The evolution of cooperation" by Robert Axelrod which does a good job of proving that (as long as there's a good chance of a future interaction) the best strategy is to respond in the way that they treated you. On the whole people do tend to respond in the way they're treated... so as the megacorporations continue to try and amass power and exploit the population, eventually the people will get fed up and react. (Think seattle and the WTO)

    The only remaining question is how long untill we've been stepped on long enough that we finally act?

  • by QuMa ( 19440 ) on Monday December 27, 1999 @03:13PM (#1440345)
    And I'm highly offended they ignored me!

    http://www.chello.nl/~f.vanwaveren [chello.nl].
  • by Majestix ( 41486 ) on Monday December 27, 1999 @03:13PM (#1440346)
    I've read the thread so far regarding this legal action and the consequences will probably shock the lawyers that brought on this action.

    The one thing they are trying to prevent (distribution of the DeCSS source code) is going to happen anyway, probably to a wider range of people than it would've orginally.

    Another trend in this thread that i find amussing is the whining of some that the DeCSS folks are pirates. Does this mean that the Linux community is supposed to sit on its hands and wait for someone to decide that its time to support Linux with in their DVD products? I'm not a big time Linux Guru but I know that that isn't how Linux got where it is today. Furthermore, the software market is alive and well despite piracy, the Video Cassette market is alive and well, the Compact disk market is alive and well. So much for the rumors that DeCSS is going to kill the DVD market.

    A suggestion to the DeCSS authors. While I know it doesn't sit well with the OpenSource philosopy, why not incorporate. Yeah, you'll have to distribute binaries for awhile but hey, at some point declare the source open and let the code go free.

    My 2 cents...

  • Would someone please answer this damn question!

    Really. I've seen a couple of people ask if it is okay for people outside the US to post the source on their website. I myself live in an island in the mediterranean -- Cyprus. Can these courts do anything to me?
  • by bons ( 119581 ) on Monday December 27, 1999 @03:16PM (#1440354) Homepage Journal
    This stuff was never publicly released, correct?

    So why don't we patent it? After all, it is possible to get a patent on a procedure, such as windowing, that has been in existance long before you claim to have invented it.

    Since we are not suppossed to know how this is done we can claim that there is no legitmate way we could have found this as an example of prior art.

    Then, one we have the patent we can sue them!

    I love America.

  • by Greyfox ( 87712 ) on Monday December 27, 1999 @03:17PM (#1440355) Homepage Journal
    We need to start filing counter suits (Harassment, misuse of the legal system, etc) and actually start demanding damages that would actually hurt some of these companies filing these frivolous. As long as we keep rolling over and taking it up the ass, they're going to be happy to keep giving it to us up the ass.

    I'm sure we could make a legal argument to a jury that this big corporation is out to screw over the little guy and that the only way to keep this from happening more and more often would be to award substantial damages (Say, $500 Million or more) for the misuse of the legal system.

  • by BOredAtWork ( 36 ) on Monday December 27, 1999 @03:17PM (#1440358)
    Taken from The Letter [min.net]:

    On information and belief, this proprietary information was obtained by willfully

    "hacking" and/or improperly reverse engineering software created by CSS licensee Xing Technology Corporation ("Xing"). Xing's software is and was licensed to users under a license agreement which specifically prohibits reverse engineering.


    Taken from The Online Ethics Center for Engineering and Science [onlineethics.org]:


    Article Number 142
    Reverse engineering and patent infringement

    In most instances, "reverse engineering" is an acceptable option for creating new products. However, there are legal and ethical limitations that must be considered.

    Reverse engineering is a common procedure that typically involves the disassembly, examination, and analysis of a product to reveal its design and function. Normally, this is done for competitive analysis, and sometimes for the purpose of building and selling a similar product. It is legally and ethically acceptable for a company to purchase a commercially available product, to analyze it thoroughly, to design and develop a similar product and a method for its manufacture; provided the new product and method do not violate the patent rights of another company.


    Seems to me (and I'm NOT a lawyer, nor do I play one on TV) that the programmers were completely within their rights here. What really jumps out at this letter at me is that NOWHERE do they reference an actual patent number that I could look up. If they did, I'd be able to pick it apart a bit more; I can only assume that they intentionally left this out of the document because they're hoping a judge isn't smart enough to ask for it. I would think that if the patent helps their cause, they'd certainly quote it or reference it. My understanding of their letter is that they have their panties in a knot over illegal copying and distribution. The fact is, none of these defendants has been accused of either copying or distributing DVD movies. To quote the letter again:


    49. Defendants knew or should have known when they posted or provided "links" to the DeCSS program on their web sites that it was being made available by virtue of the unauthorized use of proprietary information and that they were misusing proprietary confidential information gained through improper means. This is because the DeCSS program has the capability to defeat DVD encryption software and, as a result, the DeCSS program allows users to illegally pirate the copyrighted motion pictures contained on DVD videos - - activity which is fatal to the DVD video format and the hundreds of computer and consumer electronics companies whose businesses rely on the viability of this digital format.


    Two things about this scare the living hell out of me. First, this business about "the DeCSS program allows users to illegally pirate the copyrighted motion pictures contained on DVD videos": Sure, it makes such things possible. At the same time, one can mix fertilizer, black powder and some other goodies together such that one could blow a building to hell. A camera makes it possible for one to observe you in the shower. A photocopy machine makes it possible for one to distribute damn near any document. But nobody's sueing Miracle Grow. Nobody's sueing Kodak. Nobody's sueing Xerox. See, the fact that Product X enables one to achieve a nasty objective DOES NOT make Company X liable. This has been established time and time again in the court system. And it holds, so long as Product X's primary purpose is NOT to assist in achieving the nasty objective. The software in question IS NOT written to aid in copying DVDs. It's NOT written to aid distributing illegal copys. It's primary objective was to make DVD's playable on Linux. Quite legal, if ya ask me.

    Now, the second thing that really worries me here is that they're going after people who were NOT distributing the software. There are sites on that list who just LINK to the software, or a site that distributes it. Hasn't at least one prior ruling already said that this is a legal activity? If it's not, God help Google, and any other search engine out there. Or anyone who links to anyone who links to the software. And so on.

    I'm also completely unsure if this program is anywhere near the stuff used by the licensed friends of the DVD CCA. If they're totally different, and don't make use of the same proprietary algorithms, etc, the case has just grown exponentially weaker. Me thinks that if these guys get shot down, someone oughta rewrite the program such that it doesn't use anything from Xing except the key - and whoops, that can be brute forced in a matter of weeks once a non-proprietary algorithm implementation is in place (see distributed.net efforts w/weak encryption cracking).

    Anyways, I highly encourage these defendants to pull together and find a decent defense attorney (anyone out there who is one, and reads slashdot...?), and make sure that DVD CCA doesn't force them to bend over and take this...

    --

  • by kevin805 ( 84623 ) on Monday December 27, 1999 @03:19PM (#1440361) Homepage
    which they either obtained by improper means or knew or should have known was obtained by others by improper means

    I'm definitely not a lawyer, but the above quote from the letter is very likely the key to their case. Even those IP cases are now pretty much wars of attrition, where whoever can afford to keep fighting wins, Trade Secrets aren't protected unless you can show that they were obtained from the original company. If I independently discover a method of, e.g., organizing a database, another company can't force me to stop using it unless they can show that I got the idea from them. (Well, unless they patent it).

    --Kevin
  • Heh. I think you forgot:

    127.0.0.1/dvd
  • If need be I will upload as well, so tell them to take my name down as well.

    Regards,
    Ben [mailto]
  • Is this going to affect all implementations of MPEG2 and VOB file formats? Are MPEG2 and VOB decoders forever going to be the sole territory of private corporations? "any proprietary property or trade secrets relating to the CSS technology" is pretty vague.
  • by Anonymous Coward
    I posted the css-auth source - sorry. I suppose they better update their list :) css-auth.h ---------- typedef unsigned char byte; struct block { byte b[5]; }; extern void CryptKey1(int varient, byte const *challenge, struct block *key); extern void CryptKey2(int varient, byte const *challenge, struct block *key); extern void CryptBusKey(int varient, byte const *challenge, struct block *key); css-auth.c ---------- /* * Copyright (C) 1999 Derek Fawcus * * This code may be used under the terms of Version 2 of the GPL, * read the file COPYING for details. * */ /* * These routines do some reordering of the supplied data before * calling engine() to do the main work. * * The reordering seems similar to that done by the initial stages of * the DES algorithm, in that it looks like it's just been done to * try and make software decoding slower. I'm not sure that it * actually adds anything to the security. * * The nature of the shuffling is that the bits of the supplied * parameter 'varient' are reorganised (and some inverted), and * the bytes of the parameter 'challenge' are reorganised. * * The reorganisation in each routine is different, and the first * (CryptKey1) does not bother of play with the 'varient' parameter. * * Since this code is only run once per disk change, I've made the * code table driven in order to improve readability. * * Since these routines are so similar to each other, one could even * abstract them all to one routine supplied a parameter determining * the nature of the reordering it has to do. */ #include "css-auth.h" typedef unsigned long u32; static void engine(int varient, byte const *input, struct block *output); void CryptKey1(int varient, byte const *challenge, struct block *key) { static byte perm_challenge[] = {1,3,0,7,5, 2,9,6,4,8}; byte scratch[10]; int i; for (i = 9; i >= 0; --i) scratch[i] = challenge[perm_challenge[i]]; engine(varient, scratch, key); } /* This shuffles the bits in varient to make perm_varient such that * 4 -> !3 * 3 -> 4 * varient bits: 2 -> 0 perm_varient bits * 1 -> 2 * 0 -> !1 */ void CryptKey2(int varient, byte const *challenge, struct block *key) { static byte perm_challenge[] = {6,1,9,3,8, 5,7,4,0,2}; static byte perm_varient[] = { 0x0a, 0x08, 0x0e, 0x0c, 0x0b, 0x09, 0x0f, 0x0d, 0x1a, 0x18, 0x1e, 0x1c, 0x1b, 0x19, 0x1f, 0x1d, 0x02, 0x00, 0x06, 0x04, 0x03, 0x01, 0x07, 0x05, 0x12, 0x10, 0x16, 0x14, 0x13, 0x11, 0x17, 0x15}; byte scratch[10]; int i; for (i = 9; i >= 0; --i) scratch[i] = challenge[perm_challenge[i]]; engine(perm_varient[varient], scratch, key); } /* This shuffles the bits in varient to make perm_varient such that * 4 -> 0 * 3 -> !1 * varient bits: 2 -> !4 perm_varient bits * 1 -> 2 * 0 -> 3 */ void CryptBusKey(int varient, byte const *challenge, struct block *key) { static byte perm_challenge[] = {4,0,3,5,7, 2,8,6,1,9}; static byte perm_varient[] = { 0x12, 0x1a, 0x16, 0x1e, 0x02, 0x0a, 0x06, 0x0e, 0x10, 0x18, 0x14, 0x1c, 0x00, 0x08, 0x04, 0x0c, 0x13, 0x1b, 0x17, 0x1f, 0x03, 0x0b, 0x07, 0x0f, 0x11, 0x19, 0x15, 0x1d, 0x01, 0x09, 0x05, 0x0d}; byte scratch[10]; int i; for (i = 9; i >= 0; --i) scratch[i] = challenge[perm_challenge[i]]; engine(perm_varient[varient], scratch, key); } /* * We use two LFSR's (seeded from some of the input data bytes) to * generate two streams of pseudo-random bits. These two bit streams * are then combined by simply adding with carry to generate a final * sequence of pseudo-random bits which is stored in the buffer that * 'output' points to the end of - len is the size of this buffer. * * The first LFSR is of degree 25, and has a polynomial of: * x^13 + x^5 + x^4 + x^1 + 1 * * The second LSFR is of degree 17, and has a (primitive) polynomial of: * x^15 + x^1 + 1 * * I don't know if these polynomials are primitive modulo 2, and thus * represent maximal-period LFSR's. * * * Note that we take the output of each LFSR from the new shifted in * bit, not the old shifted out bit. Thus for ease of use the LFSR's * are implemented in bit reversed order. * */ static void generate_bits(byte *output, int len, struct block const *s) { u32 lfsr0, lfsr1; byte carry; /* In order to ensure that the LFSR works we need to ensure that the * initial values are non-zero. Thus when we initialise them from * the seed, we ensure that a bit is set. */ lfsr0 = (s->b[0] b[1] b[2] & ~7) b[2] & 7); lfsr1 = (s->b[3] b[4]; ++output; carry = 0; do { int bit; byte val; for (bit = 0, val = 0; bit > 24) ^ (lfsr0 >> 21) ^ (lfsr0 >> 20) ^ (lfsr0 >> 12)) & 1; lfsr0 = (lfsr0 > 16) ^ (lfsr1 >> 2)) & 1; lfsr1 = (lfsr1 > 1) & 1) combined = !o_lfsr1 + carry + !o_lfsr0; carry = BIT1(combined); val |= BIT0(combined) 0); } static byte Secret[]; static byte Varients[]; static byte Table0[]; static byte Table1[]; static byte Table2[]; static byte Table3[]; /* * This encryption engine implements one of 32 variations * one the same theme depending upon the choice in the * varient parameter (0 - 31). * * The algorithm itself manipulates a 40 bit input into * a 40 bit output. * The parameter 'input' is 80 bits. It consists of * the 40 bit input value that is to be encrypted followed * by a 40 bit seed value for the pseudo random number * generators. */ static void engine(int varient, byte const *input, struct block *output) { byte cse, term, index; struct block temp1; struct block temp2; byte bits[30]; int i; /* Feed the secret into the input values such that * we alter the seed to the LFSR's used above, then * generate the bits to play with. */ for (i = 5; --i >= 0; ) temp1.b[i] = input[5 + i] ^ Secret[i] ^ Table2[i]; generate_bits(&bits[29], sizeof bits, &temp1); /* This term is used throughout the following to * select one of 32 different variations on the * algorithm. */ cse = Varients[varient] ^ Table2[varient]; /* Now the actual blocks doing the encryption. Each * of these works on 40 bits at a time and are quite * similar. */ for (i = 5, term = 0; --i >= 0; term = input[i]) { index = bits[25 + i] ^ input[i]; index = Table1[index] ^ ~Table2[index] ^ cse; temp1.b[i] = Table2[index] ^ Table3[index] ^ term; } temp1.b[4] ^= temp1.b[0]; for (i = 5, term = 0; --i >= 0; term = temp1.b[i]) { index = bits[20 + i] ^ temp1.b[i]; index = Table1[index] ^ ~Table2[index] ^ cse; temp2.b[i] = Table2[index] ^ Table3[index] ^ term; } temp2.b[4] ^= temp2.b[0]; for (i = 5, term = 0; --i >= 0; term = temp2.b[i]) { index = bits[15 + i] ^ temp2.b[i]; index = Table1[index] ^ ~Table2[index] ^ cse; index = Table2[index] ^ Table3[index] ^ term; temp1.b[i] = Table0[index] ^ Table2[index]; } temp1.b[4] ^= temp1.b[0]; for (i = 5, term = 0; --i >= 0; term = temp1.b[i]) { index = bits[10 + i] ^ temp1.b[i]; index = Table1[index] ^ ~Table2[index] ^ cse; index = Table2[index] ^ Table3[index] ^ term; temp2.b[i] = Table0[index] ^ Table2[index]; } temp2.b[4] ^= temp2.b[0]; for (i = 5, term = 0; --i >= 0; term = temp2.b[i]) { index = bits[5 + i] ^ temp2.b[i]; index = Table1[index] ^ ~Table2[index] ^ cse; temp1.b[i] = Table2[index] ^ Table3[index] ^ term; } temp1.b[4] ^= temp1.b[0]; for (i = 5, term = 0; --i >= 0; term = temp1.b[i]) { index = bits[i] ^ temp1.b[i]; index = Table1[index] ^ ~Table2[index] ^ cse; output->b[i] = Table2[index] ^ Table3[index] ^ term; } } static byte Varients[] = { 0xB7, 0x74, 0x85, 0xD0, 0xCC, 0xDB, 0xCA, 0x73, 0x03, 0xFE, 0x31, 0x03, 0x52, 0xE0, 0xB7, 0x42, 0x63, 0x16, 0xF2, 0x2A, 0x79, 0x52, 0xFF, 0x1B, 0x7A, 0x11, 0xCA, 0x1A, 0x9B, 0x40, 0xAD, 0x01}; static byte Secret[] = {0x55, 0xD6, 0xC4, 0xC5, 0x28}; static byte Table0[] = { 0xB7, 0xF4, 0x82, 0x57, 0xDA, 0x4D, 0xDB, 0xE2, 0x2F, 0x52, 0x1A, 0xA8, 0x68, 0x5A, 0x8A, 0xFF, 0xFB, 0x0E, 0x6D, 0x35, 0xF7, 0x5C, 0x76, 0x12, 0xCE, 0x25, 0x79, 0x29, 0x39, 0x62, 0x08, 0x24, 0xA5, 0x85, 0x7B, 0x56, 0x01, 0x23, 0x68, 0xCF, 0x0A, 0xE2, 0x5A, 0xED, 0x3D, 0x59, 0xB0, 0xA9, 0xB0, 0x2C, 0xF2, 0xB8, 0xEF, 0x32, 0xA9, 0x40, 0x80, 0x71, 0xAF, 0x1E, 0xDE, 0x8F, 0x58, 0x88, 0xB8, 0x3A, 0xD0, 0xFC, 0xC4, 0x1E, 0xB5, 0xA0, 0xBB, 0x3B, 0x0F, 0x01, 0x7E, 0x1F, 0x9F, 0xD9, 0xAA, 0xB8, 0x3D, 0x9D, 0x74, 0x1E, 0x25, 0xDB, 0x37, 0x56, 0x8F, 0x16, 0xBA, 0x49, 0x2B, 0xAC, 0xD0, 0xBD, 0x95, 0x20, 0xBE, 0x7A, 0x28, 0xD0, 0x51, 0x64, 0x63, 0x1C, 0x7F, 0x66, 0x10, 0xBB, 0xC4, 0x56, 0x1A, 0x04, 0x6E, 0x0A, 0xEC, 0x9C, 0xD6, 0xE8, 0x9A, 0x7A, 0xCF, 0x8C, 0xDB, 0xB1, 0xEF, 0x71, 0xDE, 0x31, 0xFF, 0x54, 0x3E, 0x5E, 0x07, 0x69, 0x96, 0xB0, 0xCF, 0xDD, 0x9E, 0x47, 0xC7, 0x96, 0x8F, 0xE4, 0x2B, 0x59, 0xC6, 0xEE, 0xB9, 0x86, 0x9A, 0x64, 0x84, 0x72, 0xE2, 0x5B, 0xA2, 0x96, 0x58, 0x99, 0x50, 0x03, 0xF5, 0x38, 0x4D, 0x02, 0x7D, 0xE7, 0x7D, 0x75, 0xA7, 0xB8, 0x67, 0x87, 0x84, 0x3F, 0x1D, 0x11, 0xE5, 0xFC, 0x1E, 0xD3, 0x83, 0x16, 0xA5, 0x29, 0xF6, 0xC7, 0x15, 0x61, 0x29, 0x1A, 0x43, 0x4F, 0x9B, 0xAF, 0xC5, 0x87, 0x34, 0x6C, 0x0F, 0x3B, 0xA8, 0x1D, 0x45, 0x58, 0x25, 0xDC, 0xA8, 0xA3, 0x3B, 0xD1, 0x79, 0x1B, 0x48, 0xF2, 0xE9, 0x93, 0x1F, 0xFC, 0xDB, 0x2A, 0x90, 0xA9, 0x8A, 0x3D, 0x39, 0x18, 0xA3, 0x8E, 0x58, 0x6C, 0xE0, 0x12, 0xBB, 0x25, 0xCD, 0x71, 0x22, 0xA2, 0x64, 0xC6, 0xE7, 0xFB, 0xAD, 0x94, 0x77, 0x04, 0x9A, 0x39, 0xCF, 0x7C}; static byte Table1[] = { 0x8C, 0x47, 0xB0, 0xE1, 0xEB, 0xFC, 0xEB, 0x56, 0x10, 0xE5, 0x2C, 0x1A, 0x5D, 0xEF, 0xBE, 0x4F, 0x08, 0x75, 0x97, 0x4B, 0x0E, 0x25, 0x8E, 0x6E, 0x39, 0x5A, 0x87, 0x53, 0xC4, 0x1F, 0xF4, 0x5C, 0x4E, 0xE6, 0x99, 0x30, 0xE0, 0x42, 0x88, 0xAB, 0xE5, 0x85, 0xBC, 0x8F, 0xD8, 0x3C, 0x54, 0xC9, 0x53, 0x47, 0x18, 0xD6, 0x06, 0x5B, 0x41, 0x2C, 0x67, 0x1E, 0x41, 0x74, 0x33, 0xE2, 0xB4, 0xE0, 0x23, 0x29, 0x42, 0xEA, 0x55, 0x0F, 0x25, 0xB4, 0x24, 0x2C, 0x99, 0x13, 0xEB, 0x0A, 0x0B, 0xC9, 0xF9, 0x63, 0x67, 0x43, 0x2D, 0xC7, 0x7D, 0x07, 0x60, 0x89, 0xD1, 0xCC, 0xE7, 0x94, 0x77, 0x74, 0x9B, 0x7E, 0xD7, 0xE6, 0xFF, 0xBB, 0x68, 0x14, 0x1E, 0xA3, 0x25, 0xDE, 0x3A, 0xA3, 0x54, 0x7B, 0x87, 0x9D, 0x50, 0xCA, 0x27, 0xC3, 0xA4, 0x50, 0x91, 0x27, 0xD4, 0xB0, 0x82, 0x41, 0x97, 0x79, 0x94, 0x82, 0xAC, 0xC7, 0x8E, 0xA5, 0x4E, 0xAA, 0x78, 0x9E, 0xE0, 0x42, 0xBA, 0x28, 0xEA, 0xB7, 0x74, 0xAD, 0x35, 0xDA, 0x92, 0x60, 0x7E, 0xD2, 0x0E, 0xB9, 0x24, 0x5E, 0x39, 0x4F, 0x5E, 0x63, 0x09, 0xB5, 0xFA, 0xBF, 0xF1, 0x22, 0x55, 0x1C, 0xE2, 0x25, 0xDB, 0xC5, 0xD8, 0x50, 0x03, 0x98, 0xC4, 0xAC, 0x2E, 0x11, 0xB4, 0x38, 0x4D, 0xD0, 0xB9, 0xFC, 0x2D, 0x3C, 0x08, 0x04, 0x5A, 0xEF, 0xCE, 0x32, 0xFB, 0x4C, 0x92, 0x1E, 0x4B, 0xFB, 0x1A, 0xD0, 0xE2, 0x3E, 0xDA, 0x6E, 0x7C, 0x4D, 0x56, 0xC3, 0x3F, 0x42, 0xB1, 0x3A, 0x23, 0x4D, 0x6E, 0x84, 0x56, 0x68, 0xF4, 0x0E, 0x03, 0x64, 0xD0, 0xA9, 0x92, 0x2F, 0x8B, 0xBC, 0x39, 0x9C, 0xAC, 0x09, 0x5E, 0xEE, 0xE5, 0x97, 0xBF, 0xA5, 0xCE, 0xFA, 0x28, 0x2C, 0x6D, 0x4F, 0xEF, 0x77, 0xAA, 0x1B, 0x79, 0x8E, 0x97, 0xB4, 0xC3, 0xF4}; static byte Table2[] = { 0xB7, 0x75, 0x81, 0xD5, 0xDC, 0xCA, 0xDE, 0x66, 0x23, 0xDF, 0x15, 0x26, 0x62, 0xD1, 0x83, 0x77, 0xE3, 0x97, 0x76, 0xAF, 0xE9, 0xC3, 0x6B, 0x8E, 0xDA, 0xB0, 0x6E, 0xBF, 0x2B, 0xF1, 0x19, 0xB4, 0x95, 0x34, 0x48, 0xE4, 0x37, 0x94, 0x5D, 0x7B, 0x36, 0x5F, 0x65, 0x53, 0x07, 0xE2, 0x89, 0x11, 0x98, 0x85, 0xD9, 0x12, 0xC1, 0x9D, 0x84, 0xEC, 0xA4, 0xD4, 0x88, 0xB8, 0xFC, 0x2C, 0x79, 0x28, 0xD8, 0xDB, 0xB3, 0x1E, 0xA2, 0xF9, 0xD0, 0x44, 0xD7, 0xD6, 0x60, 0xEF, 0x14, 0xF4, 0xF6, 0x31, 0xD2, 0x41, 0x46, 0x67, 0x0A, 0xE1, 0x58, 0x27, 0x43, 0xA3, 0xF8, 0xE0, 0xC8, 0xBA, 0x5A, 0x5C, 0x80, 0x6C, 0xC6, 0xF2, 0xE8, 0xAD, 0x7D, 0x04, 0x0D, 0xB9, 0x3C, 0xC2, 0x25, 0xBD, 0x49, 0x63, 0x8C, 0x9F, 0x51, 0xCE, 0x20, 0xC5, 0xA1, 0x50, 0x92, 0x2D, 0xDD, 0xBC, 0x8D, 0x4F, 0x9A, 0x71, 0x2F, 0x30, 0x1D, 0x73, 0x39, 0x13, 0xFB, 0x1A, 0xCB, 0x24, 0x59, 0xFE, 0x05, 0x96, 0x57, 0x0F, 0x1F, 0xCF, 0x54, 0xBE, 0xF5, 0x06, 0x1B, 0xB2, 0x6D, 0xD3, 0x4D, 0x32, 0x56, 0x21, 0x33, 0x0B, 0x52, 0xE7, 0xAB, 0xEB, 0xA6, 0x74, 0x00, 0x4C, 0xB1, 0x7F, 0x82, 0x99, 0x87, 0x0E, 0x5E, 0xC0, 0x8F, 0xEE, 0x6F, 0x55, 0xF3, 0x7E, 0x08, 0x90, 0xFA, 0xB6, 0x64, 0x70, 0x47, 0x4A, 0x17, 0xA7, 0xB5, 0x40, 0x8A, 0x38, 0xE5, 0x68, 0x3E, 0x8B, 0x69, 0xAA, 0x9B, 0x42, 0xA5, 0x10, 0x01, 0x35, 0xFD, 0x61, 0x9E, 0xE6, 0x16, 0x9C, 0x86, 0xED, 0xCD, 0x2E, 0xFF, 0xC4, 0x5B, 0xA0, 0xAE, 0xCC, 0x4B, 0x3B, 0x03, 0xBB, 0x1C, 0x2A, 0xAC, 0x0C, 0x3F, 0x93, 0xC7, 0x72, 0x7A, 0x09, 0x22, 0x3D, 0x45, 0x78, 0xA9, 0xA8, 0xEA, 0xC9, 0x6A, 0xF7, 0x29, 0x91, 0xF0, 0x02, 0x18, 0x3A, 0x4E, 0x7C}; static byte Table3[] = { 0x73, 0x51, 0x95, 0xE1, 0x12, 0xE4, 0xC0, 0x58, 0xEE, 0xF2, 0x08, 0x1B, 0xA9, 0xFA, 0x98, 0x4C, 0xA7, 0x33, 0xE2, 0x1B, 0xA7, 0x6D, 0xF5, 0x30, 0x97, 0x1D, 0xF3, 0x02, 0x60, 0x5A, 0x82, 0x0F, 0x91, 0xD0, 0x9C, 0x10, 0x39, 0x7A, 0x83, 0x85, 0x3B, 0xB2, 0xB8, 0xAE, 0x0C, 0x09, 0x52, 0xEA, 0x1C, 0xE1, 0x8D, 0x66, 0x4F, 0xF3, 0xDA, 0x92, 0x29, 0xB9, 0xD5, 0xC5, 0x77, 0x47, 0x22, 0x53, 0x14, 0xF7, 0xAF, 0x22, 0x64, 0xDF, 0xC6, 0x72, 0x12, 0xF3, 0x75, 0xDA, 0xD7, 0xD7, 0xE5, 0x02, 0x9E, 0xED, 0xDA, 0xDB, 0x4C, 0x47, 0xCE, 0x91, 0x06, 0x06, 0x6D, 0x55, 0x8B, 0x19, 0xC9, 0xEF, 0x8C, 0x80, 0x1A, 0x0E, 0xEE, 0x4B, 0xAB, 0xF2, 0x08, 0x5C, 0xE9, 0x37, 0x26, 0x5E, 0x9A, 0x90, 0x00, 0xF3, 0x0D, 0xB2, 0xA6, 0xA3, 0xF7, 0x26, 0x17, 0x48, 0x88, 0xC9, 0x0E, 0x2C, 0xC9, 0x02, 0xE7, 0x18, 0x05, 0x4B, 0xF3, 0x39, 0xE1, 0x20, 0x02, 0x0D, 0x40, 0xC7, 0xCA, 0xB9, 0x48, 0x30, 0x57, 0x67, 0xCC, 0x06, 0xBF, 0xAC, 0x81, 0x08, 0x24, 0x7A, 0xD4, 0x8B, 0x19, 0x8E, 0xAC, 0xB4, 0x5A, 0x0F, 0x73, 0x13, 0xAC, 0x9E, 0xDA, 0xB6, 0xB8, 0x96, 0x5B, 0x60, 0x88, 0xE1, 0x81, 0x3F, 0x07, 0x86, 0x37, 0x2D, 0x79, 0x14, 0x52, 0xEA, 0x73, 0xDF, 0x3D, 0x09, 0xC8, 0x25, 0x48, 0xD8, 0x75, 0x60, 0x9A, 0x08, 0x27, 0x4A, 0x2C, 0xB9, 0xA8, 0x8B, 0x8A, 0x73, 0x62, 0x37, 0x16, 0x02, 0xBD, 0xC1, 0x0E, 0x56, 0x54, 0x3E, 0x14, 0x5F, 0x8C, 0x8F, 0x6E, 0x75, 0x1C, 0x07, 0x39, 0x7B, 0x4B, 0xDB, 0xD3, 0x4B, 0x1E, 0xC8, 0x7E, 0xFE, 0x3E, 0x72, 0x16, 0x83, 0x7D, 0xEE, 0xF5, 0xCA, 0xC5, 0x18, 0xF9, 0xD8, 0x68, 0xAB, 0x38, 0x85, 0xA8, 0xF0, 0xA1, 0x73, 0x9F, 0x5D, 0x19, 0x0B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x72, 0x39, 0x25, 0x67, 0x26, 0x6D, 0x71, 0x36, 0x77, 0x3C, 0x20, 0x62, 0x23, 0x68, 0x74, 0xC3, 0x82, 0xC9, 0x15, 0x57, 0x16, 0x5D, 0x81};
  • The DVD association did not create a Linux client and have no desire to do so. So Linux people set about trying to create a Linux client just like they try to for every other closed-source device out there. Step 1 is to break the encryption so you can read the bloody DVD.

    As mentioned by someone else, copying a DVD is not worthwhile at today's storage costs so piracy is hardly an issue (for now).

    Regards,
    Ben
  • Aside from what the legal filing actually says (mendacity from lawyers? Who'd a thunk it?), this deal is not about piracy. It's about control. The DVD dudes want to say who can watch what and where they can be when they watch it -- wanna watch the German edition of The Matrix in Des Moines? Nope. Gotta buy the US edition.

    Also, I'm guessing they want to collect a token licensing commission for each encoder/decoder. Thus no Linux decoder, as any commission on $0 is zero...

    -------------------------

    "If you try to own the web, like all things Internet, it will simply route around you."

  • by snack ( 71224 ) on Monday December 27, 1999 @03:31PM (#1440387) Journal
    I have that problem too. It turns out that the X10 DVD-Sender has a coax output, and it uses it beautifuly. I bought mine for the sole purpose of outputting it to an older tv. You also get a nifty RF Remote for controlling your computer from across the house (and freaking out relatives)

    -Tim

    .sig: Nobody but us .sigs in here
  • by choco ( 36913 ) on Monday December 27, 1999 @03:31PM (#1440389) Homepage
    After reading that list - I'm confused.

    Can someone explain to me exactly what right an organisation has trying to use a US court to tell non-US citizens what they can or cannot put on a web page which is not hosted within the USA or on a USA controlled domain name ?

    Perhaps someone needs to point out to these lawyers that some bits of the world which aren't the USA take a very different attitude to IPR generally (eg many places have many to avoid the lunacy of software patents altogether thus far - even if some bits of Uncle Sam are now exterting pressure on us to change our policies)

    I'll let the people in the US comment on the wrong and wrongs of this case under US law. But I hope those people named who are not in the US tell complainents exactly where they can stick their legal action.

    Important fact number one:

    Several countries named have decided both as a matter of principle and as a matter of law that reverse engineering of certain types similar to this are legal - whatever companies or other countries might wish.

    Important fact number two:

    Were the complainants to start legal proceedings in those countries they would have absolutely no hope of winning.

    Important fact number three:

    In the UK and in much of Europe - if someone launches a civil action against another person and they loose that civil action - then they are (almost always) made to pay ALL of the legal costs involved - *including* the costs incurred by the defendent. These costs in IPR cases are likely to be very high.

    Important fact number four:

    The UK civil courts have a very robust attitude to people trying to use their procedures in an oppresive manner. They have various powers to deal with organisations which cynically abuse legal process and have shown themselves (on occasion) to be willing to use them. These powers include forcing one side or the other to pay sufficient money into court to cover all the likely relevant costs if they loose, or declaring individuals "vexatious litigants" which means they cannot launch any civil actions without the prior permission of the court.

    Important fact number five.

    Some people in the UK, the EU and several other countries are already rather touchy on the issue of US courts attempting to exert their authority in other people's countries. Some such people are just waiting for an opportunity to show the US courts exactly where their jurisdiction ends. This looks like it might be a promising candidate.

  • It seems to me that their argument hinges on the following point:
    On information and belief, this proprietary information was obtained by willfully "hacking" and/or improperly reverse engineering software created by CSS licensee Xing Technology Corporation ("Xing"). Xing's software is and was licensed to users under a license agreement which specifically prohibits reverse engineering.
    Now, the authors DeCSS have openly stated that their crack was based on information found in Xing's binaries, right? So aren't they in the wrong here?

    I suspect the situation is more complicated than that, but IANAL, so I'd appreciate if someone would punch some holes in this particular part of the case.

    (It occurs to me as I write this that a violation of Xing's license agreement is Xing's business, not DVD CCA's, so they might not have standing. Is that how it works?)
  • That /. story [slashdot.org]has source
    here [slashdot.org], here [slashdot.org], here [slashdot.org], here [slashdot.org], here [slashdot.org],
    here [slashdot.org], here [slashdot.org], here [slashdot.org], here [slashdot.org], here [slashdot.org], here [slashdot.org](not source, just a readme), here [slashdot.org], here [slashdot.org], and here [slashdot.org], Not to mention the mirror lists here [slashdot.org], and here [slashdot.org]

    Now, am I breaking the law by pointing to them? ;)
    _________________________


  • 7. On information and belief, this proprietary information was obtained by willfully "hacking" and/or improperly reverse engineering
    software created by CSS licensee Xing Technology Corporation ("Xing"). Xing's software is and was licensed to users under a license agreement which
    specifically prohibits reverse engineering.

    The law does allow them to put such a clause in their lisencing agreement.

    The law also allows me to put in a lisencing agreement that the person using my software must do so standing on their head.

    Fortunately, such clauses are unenforceable (i.e. not legally binding).

    Reverse engineering is legal since it was a consumer product release for general distribution, not a special prototype board released specifically to an individual under an NDA.


    They'll scare you as much as they can, and will probably strong arm you in court, but the end result is that they technically have no legal ground to stand on.
    Whether or not you can convince some hick county judge who has never used a computer is another story. (and you can bet your arse they will try that)

    The legal system is not, and never was based upon justice; it is based upon power.
  • by dbsears ( 105175 ) on Monday December 27, 1999 @03:40PM (#1440399)

    Provided you reverse engineered it lawfully,
    it is no longer a trade secret. You can't
    burgle a factory, and there are issues with
    hiring trusted employees. But other than
    that they have to protect their trade secret.

    However, they can have trade secrets, patents,
    copyrights and trademarks all at the same time:

    Copyrights on the media
    Patents on the DVD CSS technology
    Trademark on DVD
    Trade Secret on stuff I don't know about (yet)

    • "...illegal product tying..."
    • "...interoperability purposes..."
    • "...disks that I spent all that money on are useless unless I can play them..."
    • "...fair use...."
    • "...Jar Jar must die...Hemos the hamster..."

    ---
  • If /. is already mentioned in the email, then why doesn't it go a step further and also mirror the source code? I'm sure that Andover.net is *much* better equipped to fight a legal battle than these individuals are :-)

    (Note: this is NOT meant in a negative way. If it wasn't for /. many people, myself included, wouldn't know what was going on re. this issue at all...)
  • Wow. Now where, oh where are all those web pages going to find lawyers. Especially the /. article at #57... Should I worry? I read it, am I an accomplice?

    Let's all make like the Navaho code talkers or the Homeric poets and memorize the source code. Come on everyone, grab a hald dozen lines and a sequence number.

    Seriously though, what on Earth will these poor lawyers do about all the over-seas defendants?
  • by snack ( 71224 ) on Monday December 27, 1999 @03:47PM (#1440412) Journal
    As i remember, Download.com had a copy of this software on their website. I wonder why they haven't been added to the list of "Defendants". Kind of makes you wonder what's going on here.

    -Tim

    .Sig: Bah, no .sig
  • This stuff was never publicly released, correct? So why don't we patent it?

    Because you are NOT the inventor, that's why. Duh.

    You can try claiming that you were the inventor, but if you are caught you could be proven guilty of patent fraud.

    People considering posting this code on their web site may want to examine this [execpc.com]. It includes the interesting news that by disseminating this bit of code you may have been violating a federal law that carries a maximum 10 year prison sentence and $500,000 fine.

  • There are technological solutions to these attempts at bullying. See http://www.cypherspace.org/~adam/eternit y/ [cypherspace.org], for example.
  • Chris Dibona and myself (and hopefully others!) are planning to meet at the courthouse at 8am. Chris' page for this is at: http://www.dibona.com/social/dvd/index.shtml ... Hope to see you there! D
  • by orcrist ( 16312 ) on Monday December 27, 1999 @03:51PM (#1440420)
    It would probably be hard to coordinate but if we just keep putting up web sites every time they sue one of us eventually they'll get tired of it or they'll go broke.

    Perfect! That gives me another idea too: I was thinking of taking up hunting of dangerous carnivores. My problem has been: I can't shoot so well, so if my quarry is running around quickly or attacking me I might not be able to hit them. So, what I need is some people to run around and make a lot of noise until the animals devour enough of them that they become slow and sluggish; Then they're are as good as dead! Any volunteers? ;-)

    Chris
  • Folks who got the letter might want to take a look at this [execpc.com]. It isn't pretty.
  • by chrisd ( 1457 ) <chrisd@dibona.com> on Monday December 27, 1999 @03:57PM (#1440426) Homepage
    Okay, we plan on meeting at the courthouse at 8am. See my site at http://www.dibona.com/social/dvd/ [dibona.com] for more details and ongoing planning.

    Chris DiBOna
    --
    Grant Chair, Linux Int.
    VP, SVLUG

  • by SEWilco ( 27983 ) on Monday December 27, 1999 @04:13PM (#1440446) Journal
    Let's try reading that with a slight change:

    32. Without the commercial music companies' copyrighted content for music recordings, there would be no viable market for computer CD drives and CD players, as well as the related computer chips and software necessary to run these devices and, thus, there would be no CD music industry.

    Gee, if music CDs ever could be copied then the music CD industry would just fall apart. Oh, wait. We're doing that. Companies are even selling consumer CD copiers. Did the music industry fall apart and I didn't notice?

    Well, based on what's on MTV right now I guess it did fall apart. :-)

  • by Tau Zero ( 75868 ) on Monday December 27, 1999 @04:17PM (#1440453) Journal
    I myself live in an island in the mediterranean -- Cyprus. Can these courts do anything to me?
    IANAL, but I went through a LOT of civil-procedure stuff when my girlfriend was in law school...

    To do anything to you, the court has to have three kinds of jurisdiction:

    1. Subject matter jurisdiction:the court has to be able to rule on the matter involved.
    2. Personal jurisdiction:the court has to be able to make rulings which pertain to you.
    3. Physical jurisdiction:the court has to be able to make rulings about the place where the activities took place.
    My non-lawyerly judgement is that the court in California has no physical jurisdiction in Cyprus, and no personal jurisdiction over you (unless you are a US national, and maybe not even then).To do anything to you, the DVD consortium's lawyers would have to get a court in Cyprus to do their bidding.
    --
  • by jesser ( 77961 ) on Monday December 27, 1999 @04:17PM (#1440454) Homepage Journal
    hmm,

    despite the fact that cease and desist letters were sent to their web sites

    GET ~drw/css-auth/legal-info/ HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
    Cease-And-Desist: Please remove the CSS crack from your site.

    --

  • by Anonymous Coward on Monday December 27, 1999 @04:22PM (#1440462)
    This is from: http://www.2600.com/news/1999/1112-files/crypto.gq .nu/ Even if the *can* get all the copies of the sourcecode (not bloody likely) off the net... below is the general crypto system used... Vengence. 0 General disclaimer. This information is provided as is, with no warranties on its accuracy or usability. It is based on a piece of source code claiming to be the css algorithms, and which have since been confirmed to interoperate with the CSS system. The author has not read any official CSS documentation, and any errors in the terminology is a result of this. This information has not to the knowledge of the author been made available through breaches of the DVD consortium Non Disclosure Agreement. 1 System overview. Every DVD player is equipped with a small set of player keys. When presented with a new disc, the player will attempt to decrypt the contents with the set of keys it possesses. Every disk has a disk key data block that is organized as follows: 5 bytes hash of decrypted disk key ( hash ) disk key encrypted with player key 1 (dk1 ) disk key encrypted with player key 2 (dk2 ) ... disk key encrypted with player key 409 (dk409) Suppose the player has a valid key for slot 213, it will calculate (1) Kd = DA( dk213 , Kp213 ) To verify that Kd is correct, the following check is done, if the check fails, it will try the next player key. (2) Kd = DA( hash , Kd ) An obvious weakness stems from this check, by trying all 240 possible Kd, disk key can be deduced without knowing any valid player key. As will be shown later, this attack can be carried out with a complexity of 225, making such an attack feasible in runtime applications. Another obvious attack is that by having 1 working player key, other player keys can be derived through a similar search. This can be done offline, also keys obtained from the former attack can be used as a starting point. To decrypt the contents an additional key tk - the title key is decrypted with the now decrypted and verified disk key. (3) Kt = DB( tk, Kd) Each sector of the data files is the optionally encrypted by a key that is derived from Kt by exclusive or of specified bytes from the unencrypted first 128 bytes of the 2048 bytes sector. The decryption is done with the CSS stream cipher primitive described in section II. 2 CSS streamcipher primitive: The CSS streamcipher is a very simplistic one, based on 2 LFSRs being added together to produce output bytes. There is no truncation, both LFSR are clocked 8 times for every byte output, and there are 4 ways of combining the output of the LFSRs to an output byte. These four modes are just settings on 2 inverter switches, and the modes operation are used for the following purposes. 1.Authentication to DVD drive ( not discussed ) 2.Decryption of Disk key (DA) 3.Decryption of Title key (DB) 4.Decryption of data blocks. LFSR1: 17 bits ? taps, and is initialized by the 2 first bytes of key, and setting the most significant bit to 1 to prevent null cycling. LFSR2: 25 bits 4 taps, is initialized with byte 3,4,5 of the key shifting all but the 3 least significant bits up 1 position, and setting bit 4 to prevent null cycling. As new bits are clocked into the LFSRs, the same bits are clocked in with reversed order to the two LFSRs output bytes. ( With optional inversion of bits. ) The output of LFSR1 is O1(1), O1(2), O1(3) ... Likewise LFSR2 produces O2(1), O2(2), O2(3) ... These two streams are combined through 8 bits addition with carry carried over to the next output. The carry bit is zero at start of stream. (4) O(i) = O1(i) + O2(i) + c where c is carry bit from O(i-1) This streamcipher is very weak, a trivial 216 attack is possible with output bytes known for i = {1,2,3,4,5,6}. Guess the initial state of LFSR1, and clock out 4 bytes. O2(1), O2(2), O2(3), O2(4) can then be uniquely determined, and from them the state at i=4 is fully known. The guess on LFSR1 can then be verified by clocking out 2 or more bytes of the cipher and comparing the result. Another important attack is the case when only O(i) for i = {1,2,3,4,5} is known. Guess the initial state of LFSR1, and clock out 3 bytes. Now O2(1), O2(2) and O2(3) can be found as in the above attack. This will reveal all but the most significant bit of LFSR2s state at i=3. If both possible settings for MSB is tried, and LFSR2 is clocked backwards 24 steps, a state where bit 4 is set at i=1 can always be found. ( This is stated without proof ). Select the setting of the most significant bit for LFSR2 such that LFSR2 is in a legal state at i=1, and clock out two more bytes to verify the guess of LFSR1. For some values of O( i = {1,2,3,4,5} ) multiple start states can be found, and for others none. Selecting the correct start state is not a problem, as this attack is used in situations where only the first five output bytes are of significance ( encryption of keys ). 3 CSS mangling step: When the CSS streamcipher is used to encrypt keys such as in DA(data,key) and DB(data,key), an additional mangling step is performed on the data. This cipher is best illustrated with the following block diagram: A(1,2,3,4,5) are the input bytes (data) C(1,2,3,4,5) are the output bytes (data) ki = O(i) where O(i={1,2,3,4,5}) is streamcipher output from key B(1,2,3,4,5) are temporary stages The cipher is evaluated top down, with exceptions indicated by an arrow.
  • by harlows_monkeys ( 106428 ) on Monday December 27, 1999 @04:34PM (#1440476) Homepage
    DeCSS came from the Windows community, not the Linux community. It was then ported to Linux.

    The DeCSS authors don't seem all that interested in open source. All the copies of the Windows version I've been able to find have been without source, and the Windows version checks for Soft-ICE and refuses to run if Soft-ICE is present, so it looks like the DeCSS authors don't want their code to be reverse engineered. Anyone else find that hilarious?

  • by fishbowl ( 7759 ) on Monday December 27, 1999 @04:43PM (#1440488)
    In California, you can have a full hearing on ANYTHING. Please don't encourage a defeatist attitude. Nothing will ever be won with that.

    They can file a TRO, certainly. But if the defendents actually show up, they must be heard. If even ONE of them insists on not giving up their right to a hearing, they must be heard.

    It does not cost a trillion dollars to do this, contrary to popular belief. And you are mistaken about this item of jurisprudence:

    "and the judge compares the size of their wallets"

    It probably looks that way. I've gone to court and won before, and it didn't drive me to bankruptcy.

    The simple fact that there are defendants named on a California suit who are not subject to California law would be enough to have the TRO suspended, if only it were to be mentioned properly according to the rules of civil procedure.

    It is my sincere hope that some wise person, hopefully one of the named defendants, is corresponding with the court on this very subject, and will be prepared on Friday's court date.
  • by SEWilco ( 27983 ) on Monday December 27, 1999 @04:44PM (#1440490) Journal
    I'm not aware of any recognition of a "legal notice" being able to be delivered by email. Has anyone verified that this is not a forgery?
  • by Froomkin ( 18607 ) <froomkin AT law DOT miami DOT edu> on Monday December 27, 1999 @04:55PM (#1440506) Homepage

    There is no obligation on plaintiffs to be "non-discriminatory" in who they sue. It suffices that they sue wrongdoers. If there are more who are left out who owed duties to the sued defendants, they can implead them (defendants turn around and force others in to the case). But if you are part of a gang that beats up Bob, and Bob sues just you, it's no defense to your liability to say that you were part of a gang.

    Of course, suing people who are not guilty is a big no-no: "If a claim of misappropriation is made in bad faith, a motion to terminate an injunction is made or resisted in bad faith, or willful and malicious misappropriation exists, the court may award reasonable attorneys' fees to the prevailing party." Cal. Civ.Code 3426.4.

    I'm not a California lawyer, and california law has all sorts of strange wrinkles. Plus, the complaint raises a claim for "misappropriation of trade secrets" which sounds like it may have some common law component as wall as a statutory aspect(??). But here, in any case, is an arguably relevant statute, Cal Civil Code sec. 3426.1:

    3426.1. Definitions

    As used in this title, unless the context requires otherwise:
    (a) "Improper means" includes theft, bribery, misrepresentation, breach or inducement of a breach of a duty to maintain secrecy, or espionage through electronic or other means. Reverse engineering or independent derivation alone shall not be considered improper means.
    (b) "Misappropriation" means:
    (1) Acquisition of a trade secret of another by a person who knows or has reason to know that the trade secret was acquired by improper means; or
    (2) Disclosure or use of a trade secret of another without express or implied consent by a person who:
    (A) Used improper means to acquire knowledge of the trade secret; or
    (B) At the time of disclosure or use, knew or had reason to know that his or her knowledge of the trade secret was:
    (i) Derived from or through a person who had utilized improper means to acquire it;
    (ii) Acquired under circumstances giving rise to a duty to maintain its secrecy or limit its use; or
    (iii) Derived from or through a person who owed a duty to the person seeking relief to maintain its secrecy or limit its use; or
    (C) Before a material change of his or her position, knew or had reason to know that it was a trade secret and that knowledge of it had been acquired by accident or mistake.
    (c) "Person" means a natural person, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity.
    (d) "Trade secret" means information, including a formula, pattern, compilation, program, device, method, technique, or process, that:
    (1) Derives independent economic value, actual or potential, from not being generally known to the public or to other persons who can obtain economic value from its disclosure or use; and
    (2) Is the subject of efforts that are reasonable under the circumstances to maintain its secrecy.
    If the above is the law that applies, and if the person who reverse engineered and disclosed had a contractual obligation NOT to, and if the named defendants knew or should have known these facts and if the court has jurisdiction over them, then and only then this statute suggests the judge may grant the injunction.

    Please don't get me wrong, I'm not advocating that outcome, just reporting. I should also note that sec. 3426.2(a) says that injunctions must be lifted if someone demonstrates that the "trade secret has ceased to exist" and that sec. 3426.2(b) says that "If the court determines that it would be unreasonable to prohibit future use, an injunction may condition future use upon payment of a reasonable royalty for no longer than the period of time the use could have been prohibited."

    All that aside, an injuction against "linkers" as opposed to posters would seem to me to be outrageous. But there is a little bit of (ugly) precedent floating around....

    Final point: while showing up in numbers can't hurt, it would be a lot better if one of the free software groups could get a lawyer down there and attempt to appear either as an intervenor or as a friend of the court. Much more likely to have some effect. Spectators are not allowed to talk in court.


    A. Michael Froomkin [mailto],
    U. Miami School of Law,POB 248087
    Coral Gables, FL 33124,USA
  • by Pratik Dave ( 119309 ) on Monday December 27, 1999 @04:58PM (#1440511) Homepage

    You're right, a good reading of the injunction makes clear that they're not defending the terrible copy protection in the dvd mechanism. However, this has a lot to do with recent changes in the U.S. copyright laws, I recommend that folks read H.R. 2281 [dfc.org] - The Digital Millenium Copyright Act. The Library of Congress has an easier to read summary [loc.gov] online.

    What it really comes down to is that the defendants were informed that they should have removed the offending materials and refused to do so (it's right at the top... of the injunction [min.net] right beneath the 69K of MS-XML.) They can't touch the guy who wrote DeCSS because he complied upon notification of transgression.

    If you haven't yet actually read anything about the DMCA, you'll find the WIPO/Title I sections useful in understanding what they new laws have to say about reverse engineering of the sort used in DeCSS. WIPO is the World Intellectual Property Organization, and Title I is the U.S. Congress ratifying general new international agreements about intellectual property. Read Educause's summary [educause.edu], particularly the section on: "Prohibitions on Circumvention of Technological Protection Measures ."

    Pratik Dave
    ps: Given the specific burden of proof placed upon service providers and their DMCA agents given by the DMCA, I'm especially shocked that some of the defending sites were .edu sites. Since we're (academic sites == service providers) monetarily culpable if we don't take "prompt" action upon notification, seems like someone at rpi dropped the ball.

    This part doesn't take effect for a few months, but see if you don't find it the slightest bit relevant (and frightening):
    ''(b) ADDITIONAL VIOLATIONS.--(1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that--
    ''(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
    ''(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
    ''(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.

  • by Alan Cox ( 27532 ) on Monday December 27, 1999 @05:09PM (#1440524) Homepage
    See http://www.hrrc.org/betamax.html

    That covers the entire decision. The rest of the
    site has a lot of related material to home recording, although not to fair use of DVD's you bought.
  • by jammer ( 4062 ) on Monday December 27, 1999 @05:47PM (#1440552) Homepage
    I am the original poster of this story; what I had originally done was to remove those files from my website pending the outcome of the hearing. Due to the mammoth support here, I have put them back and put a notice on the front page of my website informing all visitors of what is going on. I urge you to visit my site at http://www.devzero.org [devzero.org] now and get the software while you still can. Like someone said in a previous comment, it's like playing bop-a-mole. They may get me and 70 others, but hundreds more will be distributing by then.

    And yes, I am on the East coast, and will not be able to be at the hearing. Anyone and everyone who is within range, GO, please, and make your voice heard.

    This is about intellectual freedom, not "copyright infringement" or violation of trade secrets.
  • by Shaheen ( 313 ) on Monday December 27, 1999 @06:06PM (#1440569) Homepage
    With all the great information that may be gleaned from the pages of Slashdot, surely this is one way in which it can make a real difference. I personally will not be at the hearing (I didn't receive the e-mail either), but it would be really great if someone would print out the best posts to this story, and others about DVD encryption hacks, and submit them to the court at the hearing.

    I believe that the views expressed on Slashdot deserve more of a voice than the archives of a web site... here is their chance. The following are the articles which I have found on Slashdot which go along this theme:


  • by seanb ( 27295 ) on Monday December 27, 1999 @06:25PM (#1440582) Homepage Journal

    This is a REALLY cool idea that deserves more discussion. Show up with a duffle bag full of floppies with the DeCSS source code.

    Be prepared for some VERY pissed off lawyers.

    Unfortunately, I am nowhere near California. Otherwise, I would be cranking out floppies right now.

  • by SurfsUp ( 11523 ) on Monday December 27, 1999 @06:27PM (#1440583)
    You see, when the DVD manufacturers came up with CSS, their goal was not to protect the intellectual property contained on DVDs; rather, they were establishing an ironclad grip on the entire DVD market.

    This debate is rightly focused on issues of free speech and openess of hardware specifications, but there is another BIG issue that isn't getting much air time: how the heck did we get into a situation where our mass removable storage systems are being designed by the recording industry and movie industry? What is all that encryption hardware doing in there and why does it make my computer work better? To put this another way, why are we being served up hardware that was designed in the best interests of people who aren't us, and why do we accept that?

    This kind of market inversion is the same thing that has forced the spectaular rise of the open source movement. Owners of proprietray, closed source, defacto standard software systems ground us under their foot for so long that we had to react. Now what we need is a similar, open hardware movement. Sure, there are problems that are harder - designing hardware requires expensive equipment. Manufacturing it requires even more expensive equipment. But it's not like it used to be - prices are coming down. Money for open projects is abundant. So please, lets have a high-density ROM disk design that's designed according to our needs, not those of the RIA.

    I want it to be a smaller format - 5 1/4 should have gone out with 5 1/4 disks, sucks for laptops and won't fit in your pocket. I want it to have current densities - in other words, even higher than what DVD offers. I want it to be completely free of any hardware that isn't directly connected with making it work better and/or cost less.

    Who will design my dream ROM disk for me? Who will bankroll them? Who will manufacture it? How would we make it hit critical mass so laptop manufacturers will use it? (hint: make it cheap)

    DVD was a bad idea right from the start and still is. Take out the "V", all I want is the Digigital and Disk
  • On October 11, 1996, President Clinton signed "The Economic Espionage Act of 1996" into law. The theft of trade secrets is now a federal criminal offense. This is a major development in the law of trade secrets in the United States and internationally. The Department of Justice now has sweeping authority to prosecute trade secret theft whether it is in the United States, via the Internet, or outside the United States.

    Section 1832 of the Act makes it a federal criminal act for any person to convert a trade secret to his own benefit or the benefit of others intending or knowing that the offense will injure any owner of the trade secret. The conversion of a trade secret is defined broadly to cover every conceivable act of trade secret misappropriation including theft, appropriation without authorization, concealment, fraud artifice, deception, copying without authorization, duplication, sketches, drawings, photographs, downloads, uploads, alterations, destruction, photocopies, transmissions, deliveries, mail, communications, or other transfers or conveyances of such trade secrets without authorization.
    The Act also makes it a federal criminal offense to receive, buy or possess the trade secret information of another person knowing the same to have been stolen, appropriated, obtained or converted without the trade secret owner's authorization.The definition of a "trade secret" in the Act generally tracks the definition of a trade secret in the Uniform Trade Secrets Act but expands the definition of a trade secret to include the new technological ways that trade secrets are created and stored.
    The term "trade secret" means all forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processes, procedures, programs or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if (A) the owner thereof has taken reasonable measures to keep such information secret; and (B) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by the public.

    I am not a lawyer and have no plans to be one, but reading the above and doing some research seems to me that the DVD makers can screw the defendants that are in the US partially. Yes, DVD is wrong on this, but they can still kill the people that tried to make Linux support for DVD.

    IMO DVD is going to lose a lot of potential customers and hopefully get bad publicity. What should be done is someone that knows a columist/newsman at a major station is to give this case publicity. If CNN were to get the info for a story on this from us rather than the DVD people they might actually get thier story right (see etoy vs etoys fiasco)

    We also ought to patent the decrypter programs or GPL them if they are not already. DVD does not have a patent on its encryption algorithm as far as I am aware. Could some one reply with the feasibility of this option. As for me, I will be busy distributing the decoder via Hotline (www.bigredh.com - if its warez, its hotline) and uploading it to every webserver I find. (I have a far amount of spare time on my hands... so alot of people gonna get deCSS). While /. could orgranize a protest and some smart people are trying to do so, the date is far too late for anything major to be planned. I only can hope that they lose this case...

    Once I was a drone - Now I am an Engineer

  • Hey everybody, name your mirror directory structure such that when they summon you they have to put:

    ... and operates an Internet Web Site addressed as http://domain.com/lawyers-suck/and/this-is-harrasm ent/and/we-have-no-legal-grounds-to-do-t his-to-these-people/dvd-source.txt
  • by Jeff Licquia ( 2167 ) on Monday December 27, 1999 @08:07PM (#1440640) Homepage
    The DMCA is scary, sure, but I think the DeCSS people have more of a leg to stand on than you imply.

    The conditions you mention all contain the qualification that the code not have any significant commercial impact or legitimate use. The DeCSS code was designed for the sole purpose of writing a DVD player for Linux. This has commercial impact, as it will become essential for Linux to have an impact in the consumer market, and it is legitimate - at least as legitimate as playing DVDs on Windows is. I doubt that an argument could be made that playing DVDs on a computer is illegitimate unless you run monopolistic OSes.

    I don't believe that the DVD lawyers are using this tactic. Their angle is that the license for the Xing DVD player forbids reverse engineering, which was done to extract the initial keys, and they violated this license and revealed trade secret information. I can't see how they can win from a legal standpoint, but the whole "bleed them dry" legal strategy can't be counted out.

    Of course, neither can the "whack-a-mole heavy mirroring" and "foreign development" legal counter-strategies be dismissed easily, so I guess it's a fair fight.

    :-)
  • by karmatrip ( 114613 ) on Monday December 27, 1999 @10:29PM (#1440722) Homepage
    Another mirroring suggestion: buy a 50 pack of disks, put the files on, mail to 50 random adressess. if at least 10 people did that there would be another 500 copies floating around off-line. it would be interesting to see them try for that.
  • by drix ( 4602 ) on Monday December 27, 1999 @10:55PM (#1440734) Homepage
    Everything you say is true, but the exact same argument could be made for CDs seven or eight years ago. No one except the exceptionally rich could afford a five thousand dollar, single speed CD burner, and 600-700mb hard drives were the things dreams were made of. Not to mention the fact that we were all on that Concorde of internet connections, the venerable 9600 baud modem. Now look at the situation today, when (literally) my seven year old brother burns every Playstation game he rents and hasn't bought an audio CD ever in his life because he can copy or get on MP3 anything he wants over our 1.5+mpbs cable connection.
    For one thing, the size of hard drives seems to have already outpaced the maximum theoretical 17gb limit on DVD disks. Seagate et al have announced +50gb hard drives available in a matter of months. And it's only a matter of time before full-featured dual-layer DVD burners will fall under the thousand dollar mark, then under the five hundred, and to the point where every electronics boutique under the sun has them (just like their CD counterparts.) As for the bandwidth to share this all, both the government and private industry are virtually begging for more of it, and it's generally agreed that bandwidth will be so abundant in the near future so as to be a non-issue.
    The moral of the story is it has everything to do with piracy. It would take a complete idiot to see the asskicking that RIAA and the music industry in general are taking right now as a result of piracy and not foresee that happening in just a few more years for the entertainment industry too, and I submit to you that the major studios are not filled with idiotic people. If nothing else, think of why they instituited CSS in the first place - you argue that it's about control, which is partially right. But even more than that, they knew that DVD would become technologically piratable in a matter of years after it was released, and they sought to do the only thing they knew how to do: make it cryptographically impossible. With the crypto out of the picture, they've really been caught with their pants down, and they know it.

    --
  • by Ungrounded Lightning ( 62228 ) on Tuesday December 28, 1999 @12:18AM (#1440769) Journal
    The purpose of a trade secret [laws] is to provide a legal means of prosecuting when somebody "spills the beans" and discloses stuff they've seen

    ... provided they have agreed to keep the secret. If somebody who has NOT entered such a contract with the secret's owner figures out the secret (by himself, with no "guilty knowlege" obtained from someone else who violate such a contract), he is under no obligation to remain silent.

    Patents give a government-enforced limited-time monopoly in return for disclosure of the invention. (They exist to encourage the development and disclosure of such ideas.)

    Trade secrets can last longer, but they last only as long as the secret is kept. After that they pop like a bubble. The only thing left once the cat is out of the bag is a legal claim against the person who let it out - IF he obtained the secret in violation of an agreement or from an agreement violator.

    Caveat: I'm not a lawyer yadda yadda...

  • by Ånubis ( 126403 ) on Tuesday December 28, 1999 @02:51AM (#1440819) Homepage
    The gist of the DMCA seems to directly contradict current US trade secret laws.

    Once the knowledge protected by a trade secret becomes public (by legal or even illegal means) it is no longer a trade secret. This fact has been verified by a respected patent lawyer with a JD. Therefore, the only way that a trade secret remains intact is by it truly remaining secret. If by any means (including reverse engineering) it becomes public knowledge, then the trade secret ceases to exist.

    For a good primer on current US intellectual property laws, head over to my old EE professor's web site at:
    http://www.ece.utexas.edu/~kort um/ee302/lecture/IP/ [utexas.edu]

    The PDF version of the lecture is available at:
    http://www.ece.utexas.edu/~k ortum/ee302/lecture/IP.pdf [utexas.edu]

    This lecture was recently written by a patent lawyer, so I would definitely assume that it is timely and accurate.

  • by FreeUser ( 11483 ) on Tuesday December 28, 1999 @03:30AM (#1440832)
    If I recall correctly, the EFF is looking for a plaintiff specifically on the DVD reverse engineering issue. I suggest those involved get in touch with them and look into the possibility of coordinating a counter attack on the DVD Forum. I suspect if this ever went to trial with a reasonably well financed plaintiff, the DVD Forum would stand to lose allot of clout when their licensing terms become unenforcable.

    This is about intimidation -- the DVD Forum has allot more to lose in a trial than a plaintiff does.
  • by cohenge ( 130201 ) on Tuesday December 28, 1999 @04:31AM (#1440863)
    Disclaimer: I'm not a lawyer.

    And I also can't really speak to the merits of the charge of misappropriation of trade secrets. Note that trade secrets as an area of law is largely defined at the state level, so you'll need to look into California law.

    Having said that, there is some case law in the 9th circuit (which includes California) that may be positive.

    Although the charge is misappropriation of trade secrets, it seems that the underlying complaint is an enablement of violation of copyright. If this underlying complaint can be answered then the misappropriation is harmless.

    I argue that the defendants have a right to possession of the DeCSS software under section 117(a) of Title 17 of the US Code. Briefly, that section of law limits the exclusive right of copyright holders of software; owners have the explicit right to make backup copies for their own archival purposes.

    This was has been tested in case law, and unfortunately I don't have my law books handy, but a case in the mid-eighties concerned a maker of a disk-copying software sued by a maker of copy-protection software. The defendant successfully argued that since owners have a right to back up software, and they could not do so without his (or similar) product, his product was legal.

    This is the tricky step: DVDs contain software and data. I argue that the right to backup software extends to the entire disk, including data. As a broader claim, we can fall back on fair use; since DSS stops us from fair use of the movie, we have a right to employ software that gives us back those rights.

    This theory is discussed in Lessig's excellent book _Code and Other Laws of Cyberspace_. A legal theorist (not related) named Cohen says that we have the right to hack copy-protection schemes that violate fair use. This is known as the Cohen Doctine.
  • by David A. Madore ( 30444 ) on Tuesday December 28, 1999 @04:54AM (#1440876) Homepage

    So, let us summarize this:

    • There is no patent on CSS technology, because they wanted to keep it secret. Therefore, the DVD Copy Control Association cannot sue on patents ground.
    • The encryption was a trade secret, but none of the plaintiffs ever signed a non disclosure agreement over anything.
    • It is not true that the primary use of DeCSS is to copy DVD's. Even if it were, such a copy is not necessarily illegal; and it certainly doesn't make the code illegal. (After all, photocopy machines aren't illegal as far as I know.)
    • Reverse engineering for the sake of interoperability is permissible.
    • Some of the defendents live outside the Court's domain of jurisdiction and their sites also; some are even outside the US.
    • The defendents have only been notified by email.

    This is just too obviously bogus. Evidently they are only trying to spread FUD.

    They might have had a case against Derek Fawcus, although even that seems dubious. Now that he retracted, they have no case against anyone.

    E pur si muove!

  • by MattMann ( 102516 ) on Tuesday December 28, 1999 @05:10AM (#1440894)
    That was very good! Inspired by you, here is one that I think has a little more truth and therefore more punch:

    http://domain.com/any.lawyer.who/quotes.this.url/g ives.permission/for.his.residence.to.be. searched/any.bootleg.audio/video/tape.found/nullif ies.legal.and.moral.standing/dvd-source. txt

  • by G27 Radio ( 78394 ) on Tuesday December 28, 1999 @05:36AM (#1440913)
    Owners of proprietray, closed source, defacto standard software systems ground us under their foot for so long that we had to react. Now what we need is a similar, open hardware movement. Sure, there are problems that are harder - designing hardware requires expensive equipment.

    Hmm. I like the idea of an open hardware movement. Are there any current efforts being made yet to brand an "open standard compatible" logo?

    It seems to me hardware that has met some kind of open standard requirements would be preferable to most consumers. Obviously simply creating such a logo isn't going to make a difference on its own. In time however, it could end up being identified with products of superior quality and use to the end user.

    I don't think your typical end-user is going to be incredibly knowledgable about open standards and such. That's why a simple recognizable icon/logo is important.

    I have a feeling someone is going to pop up and say "hey, people are already working on this...here's the link..." Hope so. At any rate, I think more thought/effort should be put into an "open" branding scheme of some sort.

    numb

The major difference between bonds and bond traders is that the bonds will eventually mature.

Working...