DeCSS

Last updated

A fragment of the DeCSS code, which can be used by a computer to circumvent a DVD's copy protection. DeCSS.svg
A fragment of the DeCSS code, which can be used by a computer to circumvent a DVD's copy protection.

DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS free and open source operating systems (such as BSD and Linux) could not play encrypted video DVDs.

Contents

DeCSS's development was done without a license from the DVD Copy Control Association (CCA), the organization responsible for DVD copy protection—namely, the Content Scramble System (CSS) used by commercial DVD publishers. The release of DeCSS resulted in a Norwegian criminal trial and subsequent acquittal of one of the authors of DeCSS. The DVD CCA launched numerous lawsuits in the United States in an effort to stop the distribution of the software.

Origins and history

DeCSS was devised by three people, two of whom remain anonymous. It was on the Internet mailing list LiViD in October 1999. The one known author of the trio is Norwegian programmer Jon Lech Johansen, whose home was raided in 2000 by Norwegian police. Still a teenager at the time, he was put on trial in a Norwegian court for violating Norwegian Criminal Code section 145, [1] and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. On 5 March 2003, a Norwegian appeals court ruled that Johansen would have to be retried. The court said that arguments filed by the prosecutor and additional evidence merited another trial. On 22 December 2003, the appeals court agreed with the acquittal, and on 5 January 2004, Norway's Økokrim (Economic Crime Unit) decided not to pursue the case further.

The program was first released on 6 October 1999 when Johansen posted an announcement of DeCSS 1.1b, a closed source Windows-only application for DVD ripping, on the livid-dev mailing list. The source code was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper [2] from a group called DrinkOrDie, which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die. [2]

The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms. [3]

On 22 January 2004, the DVD CCA dropped the case against Jon Johansen. [4]

Jon Lech Johansen's involvement

The DeCSS program was a collaborative project, in which Johansen wrote the graphical user interface. The transcripts from the Borgarting Court of Appeal, published in the Norwegian newspaper Verdens Gang , contain the following description of the process which led to the release of DeCSS: [5]

Through Internet Relay Chat (henceforth IRC), [Jon Lech Johansen] made contact with like-minded [people seeking to develop a DVD-player under the Linux operating system]. 11 September 1999, he had a conversation with "mdx" about how the encryption algorithm in CSS could be found, by using a poorly secured software-based DVD-player. In a conversation [between Jon Lech Johansen and "mdx"] 22 September, "mdx" informs that "the nomad" had found the code for CSS decryption, and that "mdx" now would send this [code] to Jon Lech Johansen. "The nomad" allegedly found this decryption algorithm through so-called reverse engineering of a Xing DVD-player, where the [decryption] keys were more or less openly accessible. Through this, information that made it possible [for "mdx"] to create the code CSS_scramble.cpp was retrieved. From chat logs dated 4 November 1999 and 25 November 1999, it appears that "the nomad" carried through the reverse engineering process on a Xing player, which he characterized as illegal. As the case is presented for the High Court, this was not known by Jon Lech Johansen before 4 November [1999].

Regarding the authentication code, the High Court takes for its basis that "the nomad" obtained this code through the electronic mailing list LiVid (Linux Video) on the Internet, and that it was created by Derek Fawcus. It appears through a LiVid posting dated 6 October 1999 that Derek Fawcus on this date read through the DeCSS source code and compared it with his own. Further, it appears that "the creators [of DeCSS] have taken [Derek Fawcus' code] almost verbatim - the only alteration was the removal of [Derek Fawcus'] copyright header and a paragraph containing commentaries, and a change of the function names." The name [of the code] was CSS_auth.cpp.

The High Court takes for its basis that the program Jon Lech Johansen later programmed, the graphical user interface, consisted of "the nomad's" decryption algorithm and Derek Fawcus' authentication package. The creation of a graphical user interface made the program accessible, also for users without special knowledge in programming. The program was published on the Internet for the first time 6 October 1999, after Jon Lech Johansen had tested it on the movie "The Matrix." In this, he downloaded approximately 2.5%. 200 megabytes, of the movie to the hard drive on his computer. This file is the only film fragment Jon Lech Johansen has saved on his computer.

Technology and derived works

When the release of the DeCSS source code made the CSS algorithm available for public scrutiny, it was soon found to be susceptible to a brute-force attack quite different from DeCSS. The encryption is only 40-bit, and does not use all keys; a high-end home computer in 1999 running optimized code could brute-force it within 24 hours, and modern computers can brute-force it in a few seconds or less. [6]

Programmers around the world created hundreds of programs equivalent to DeCSS, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to add DVD support to open source movie players. The licensing restrictions on CSS make it impossible to create an open source implementation through official channels, and closed source drivers are unavailable for some operating systems, so some users need DeCSS to watch even legally obtained movies.

The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in early November 1999 ( Universal v. Reimerdes ). The preliminary injunction in DVD Copy Control Association, Inc. v. Bunner followed soon after, in January 2000. As a response to these threats a program also called DeCSS but with an unrelated function was developed. This program can be used to strip Cascading Style Sheets tags from HTML pages. In one case, a school[ which? ] removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention. The CSS stripping program had been specifically created to bait the MPAA in this manner. [7]

In protest against legislation that prohibits publication of copy protection circumvention code in countries that implement the WIPO Copyright Treaty (such as the United States' Digital Millennium Copyright Act), some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through steganography, through various Internet protocols, on T-shirts and in dramatic readings, as MIDI files, as a haiku poem (DeCSS haiku), [8] [9] and even as a so-called illegal prime number. [10]

See also

Related Research Articles

<span class="mw-page-title-main">Jon Lech Johansen</span> Norwegian programmer (born 1983)

Jon Lech Johansen, also known as DVD Jon, is a Norwegian programmer who has worked on reverse engineering data formats. He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement. Johansen is a self-trained software engineer, who quit high school during his first year to spend more time with the DeCSS case. He moved to the United States and worked as a software engineer from October 2005 until November 2006. He then moved to Norway but moved back to the United States in June 2007.

<span class="mw-page-title-main">National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway</span>

The National Authority for Investigation and Prosecution of Economic and Environmental Crime is Norway's central unit for fighting economic and environmental crimes. The unit, created in 1989, has its main office in Oslo.

Frank A. Stevenson is a Norwegian software developer, and part-time cryptanalyst. He is primarily known for his exposition of weaknesses in the DVD Forum's Content Scramble System (CSS). Although the cryptoanalysis was done independently, he is known for his relations to DeCSS, and appeared before the courts as a witness in the Jon Johansen court trial. He also gave a deposition for the DVD CCA v. McLaughlin, Bunner, et al. case.

The DVD Copy Control Association is an organization primarily responsible for the copy protection of DVDs. The Content Scramble System (CSS) was devised for this purpose to make copyright infringement difficult, but also presents obstacles to some legitimate uses of the media. The association is also responsible for the controversial Regional Playback Control (RPC), the region encoding scheme which gives movie studios geographic control over DVD distribution.

<span class="mw-page-title-main">VLC media player</span> Free and open-source media-player and streaming-media-server

VLC media player is a free and open-source, portable, cross-platform media player software and streaming media server developed by the VideoLAN project. VLC is available for desktop operating systems and mobile platforms, such as Android, iOS and iPadOS. VLC is also available on digital distribution platforms such as Apple's App Store, Google Play, and Microsoft Store.

<span class="mw-page-title-main">DVD Shrink</span> Optical disc authoring software

DVD Shrink is a freeware DVD transcoder program for Microsoft Windows that uses a DVD ripper to back up DVD video. The final versions are 3.2.0.15 (English) and 3.2.0.16 (German); all other versions, such as DVD Shrink 2010, are illegitimate. DVD Shrink's purpose is, as its name implies, to reduce the amount of data stored on a DVD with minimal loss of quality, although some loss of quality is inevitable. It creates a copy of a DVD, during which the coding only allowing the DVD to be played in certain geographical areas is removed, and copy protection may also be circumvented. A stamped DVD may require more space than is available on a writeable DVD, unless shrunk. Many commercially released video DVDs are dual layer ; DVD Shrink can make a shrunk copy which will fit on a single-layer writeable DVD, processing the video with some loss of quality and allowing the user to discard unwanted content such as foreign-language soundtracks.

<i>Universal City Studios, Inc. v. Corley</i> American legal case

Universal City Studios, Inc. v. Corley, 273 F.3d 429, was a court ruling at the United States Court of Appeals for the Second Circuit. The ruling was the first significant test of the anti-circumvention provisions of the Digital Millennium Copyright Act.

VOB is the container format in DVD-Video media. VOB can contain digital video, digital audio, subtitles, DVD menus and navigation contents multiplexed together into a stream form. Files in VOB format may be encrypted.

<span class="mw-page-title-main">Cryptomeria cipher</span> Block cipher used by the 4C Entity

The Cryptomeria cipher, also called C2, is a proprietary block cipher defined and licensed by the 4C Entity. It is the successor to CSS algorithm and was designed for the CPRM/CPPM digital rights management scheme which are used by DRM-restricted Secure Digital cards and DVD-Audio discs.

MacTheRipper is a Mac OS X application that enables users to create a playable copy of the contents of a Video DVD by defeating the Content Scramble System. During this process it may optionally modify or disable the DVD region code or the User operation prohibition features of the copied data. The previous lack of an OS X equivalent to the PC software DVDShrink gave this standalone DVD ripper widespread popularity among Macintosh users.

<span class="mw-page-title-main">Illegal number</span> Number representing illegal information

An illegal number is a number that represents information which is illegal to possess, utter, propagate, or otherwise transmit in some legal jurisdiction. Any piece of digital information is representable as a number; consequently, if communicating a specific set of information is illegal in some way, then the number may be illegal as well.

<span class="mw-page-title-main">Advanced Access Content System</span> Standard for content distribution and digital rights management

The Advanced Access Content System (AACS) is a standard for content distribution and digital rights management, intended to restrict access to and copying of the post-DVD generation of optical discs. The specification was publicly released in April 2005. The standard has been adopted as the access restriction scheme for HD DVD and Blu-ray Disc (BD). It is developed by AACS Licensing Administrator, LLC, a consortium that includes Disney, Intel, Microsoft, Panasonic, Warner Bros., IBM, Toshiba and Sony. AACS has been operating under an "interim agreement" since the final specification has not yet been finalized.

<span class="mw-page-title-main">Security of Advanced Access Content System</span>

The security of Advanced Access Content System (AACS) has been a subject of discussion amongst security researchers, high definition video enthusiasts, and consumers at large since its inception. A successor to Content Scramble System (CSS), the digital rights management mechanism used by commercial DVDs, AACS was intended to improve upon the design of CSS by addressing flaws which had led to the total circumvention of CSS in 1999. The AACS system relies on a subset difference tree combined with a certificate revocation mechanism to ensure the security of high definition video content in the event of a compromise.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around 1996 and was first compromised in 1999.

The WIPO Copyright and Performances and Phonograms Treaties Implementation Act, is a part of the Digital Millennium Copyright Act (DMCA), a 1998 U.S. law. It has two major portions, Section 102, which implements the requirements of the WIPO Copyright Treaty, and Section 103, which arguably provides additional protection against the circumvention of copy prevention systems and prohibits the removal of copyright management information.

<i>DVD Copy Control Assn, Inc. v. Bunner</i>

DVD Copy Control Association, Inc. v. Bunner was a lawsuit that was filed by the DVD Copy Control Association in California, accusing Andrew Bunner and several others of misappropriation of trade secrets under California's implementation of the Uniform Trade Secrets Act. The case went through several rounds of appeals and was last heard and decided in February 2004 by the California Court of Appeal for the Sixth District.

<i>RealNetworks, Inc. v. DVD Copy Control Assn, Inc.</i> 2009 court case

RealNetworks, Inc. v. DVD Copy Control Association, Inc., 641 F. Supp. 2d 913 (2009), is a United States District Court case involving RealNetworks, the movie studios and DVD Copy Control Association regarding the Digital Millennium Copyright Act (DMCA) claims on the manufacturing and distribution of RealDVD, and a breach of license agreement. The district court concluded that RealNetworks violated the anti-circumvention and anti-trafficking provisions of the DMCA when the DVD copying software RealDVD bypasses the copy protection technologies of DVD.

Pavlovich v. Superior Court, 29 Cal. 4th 262, is a California Supreme Court case in which the court declined to find personal jurisdiction over a non-resident defendant who had no personal contacts with California. The Court found that the posting of a misappropriated trade secret on a Web site which could result in harm to California residents was not sufficient to show he had purposely availed himself of the forum state by expressly aiming his conduct at residents of California.

DeCSS haiku is a 465-stanza haiku poem written in 2001 by American hacker Seth Schoen as part of the protest action regarding the prosecution of Norwegian programmer Jon Lech Johansen for co-creating the DeCSS software. The poem, written in the spirit of civil disobedience against the DVD Copy Control Association, argues that "code is speech."

References

  1. "Norwegian Criminal Code section 135-147" . Retrieved 31 July 2008.
  2. 1 2 MoRE and [dEZZY/DoD] (4 November 1999). "The Truth about DVD CSS cracking". Archived from the original on 29 August 2013. Retrieved 4 January 2007.
  3. "Derek Fawcus ending livid-dev flamewar by confirming Johansen's side of the story". Archived from the original on 2 December 2000.
  4. "EFF: DVD Descrambling Code Not a Trade Secret". Electronic Frontier Foundation . 22 January 2004. Archived from the original on 14 October 2007. Retrieved 5 December 2005.
  5. "Hele DVD-dommen" [The entire DVD verdict]. Verdens Gang . 22 December 2003. Retrieved 25 February 2012.
  6. "Content Scrambling System (CSS): Introduction".
  7. "Pigdog Journal - DeCSS Distribution Center" . Retrieved 28 May 2007.
  8. Schoen, Seth. "How to decrypt a DVD - in Haiku form" . Retrieved 5 December 2005.
  9. Schoen, Seth. "The history of the DeCSS Haiku" . Retrieved 25 February 2012.
  10. Touretzky, David S. "Gallery of CSS Descramblers" . Retrieved 25 February 2012.

Further reading

Lawrence Lessig, The Future of Ideas , 2001, pp. 187–190, freely available here Archived 22 August 2010 at the Wayback Machine .

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.