Beginning two weeks ago, attorneys for the licensing authority for the Advanced Access Copy System used in both Blu-ray and HD DVD issued letters to multiple Web sites and services, including search engines, demanding they remove direct references to a 32-hexadecimal digit code they claim is a processing key that could be used to circumvent DRM protection in HD DVD discs.
“It is our understanding that you are providing to the public the above-identified tools and services at the above referenced URL,” reads one letter sent by AACS LA’s attorneys to a representative of Google, “and are thereby providing and offering to the public a technology, product, service, device, component, or part thereof that is primarily designed, produced, or marketed for the purpose of circumventing the technological protection measures afforded by AACS (hereafter, the “circumvention offering”). Doing so constitutes a violation of the anti-circumvention provisions of the Digital Millennium Copyright Act.”
The letter goes on to demand the removal of references to four Web sites whose articles include the code, as well as to any other material where the code may appear, otherwise “failure to do so will subject you to legal liability.” In an extra bit of irony, the document filename in one of the four URLs the attorneys cite is actually the 32-bit code itself.
The key in question appears to be the same one discovered by the Doom9 Forum user whose screen handle is arnezami, back in February as reported then by BetaNews. What this user discovered, other forum members verified, was a media key that software could use to identify itself as a validly licensed media player of HD DVD discs. While Linux media players could theoretically read the code from HD DVDs, they cannot decrypt that code since AACS LA has thus far declined to issue licenses – and thus, licensed media keys as well – to creators of open-source software, who could theoretically share that code in the act of source code distribution.
Word does not travel as fast as those who repeat online what they read elsewhere online believe it to; and thus, the existence of the discovered media key was only widely reported after a Digg user posted a link to an article where that key happened to appear. That article, appearing Monday on the blog Rudd-O.com – almost two and a half months after the key’s discovery – begins with the key itself, explains its discovery on the Doom9 Forum, and links to a 17-page autobiographical feature of the fellows who found it on Doom9 (through Digg) and repeated it on Rudd-O.com, entitled, “Stickin’ It to the Man: The Illustrated Report of an Epic Event.”
That article which links to “Stickin’ It to the Man” was itself Dugg, by way of another blog post – this time entitled, “Spread This Number. Now.” – which the author then self-Dugg, and in so doing, generated by his count 15,492 Diggs (votes of approval from Digg.com users).
It is that article with the high Digg count which caught the attention of AACS LA’s attorneys, who immediately issued a takedown notice. At first, Digg complied, removing references to “Spread This Number” and other material. In an explanation on Digg’s corporate blog, CEO Jay Adelson wrote, “We’ve been notified by the owners of this intellectual property that they believe the posting of the encryption key infringes their intellectual property rights. In order to respect these rights and to comply with the law, we have removed postings of the key that have been brought to our attention.
“Our goal is always to maintain a purely democratic system for the submission and sharing of information,” Adelson continued, “and we want Digg to continue to be a great resource for finding the best content. However, in order for that to happen, we all need to work together to protect Digg from exposure to lawsuits that could very quickly shut us down.”
Digg also apparently suspended the accounts of individuals who provided the original Digg links, including the one to “Spread This Number,” as its author posted on his own blog last night. However, multiple Diggs to the original Digg, including comments generated there, apparently remained.
There was an immediate public outcry from Digg users – which, for a story that took two and a half months to germinate, is perhaps noteworthy. However, many of the thousands of comments posted to already long threads appear to consist of meaningless data, side discussions irrelevant to the topic, spam, and even cute little pictures drawn with ANSI characters.
Regardless of the substance of the protest, it was enough to provoke Digg’s executives to reverse their course. In a blog post late last night whose title actually includes the media key code, Digg founder Kevin Rose wrote, “Today was a difficult day for us. We had to decide whether to remove stories containing a single code based on a cease and desist declaration. We had to make a call, and in our desire to avoid a scenario where Digg would be interrupted or shut down, we decided to comply and remove the stories with the code. But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company.
“If we lose, then what the hell, at least we died trying,” Rose concluded. Exactly what action Digg takes from this point on was not stated.
Next: Much hexadecimal ado about &00H?
The entire uproar over whether the posting of a 32-hex digit code should be censored as copyright infringement or upheld like a banner of liberty, overlooks a fairly significant technical issue: specifically, whether the media key, discovered last February after all, still works.
Last month, AACS LA began its first wave of distribution of so-called revocation keys. Through Internet connections and through the distribution of new HD DVD discs, these keys are matches to media keys considered to have been compromised, and this list is believed to contain the now-celebrated 32-hex digit code.
Whether a site posting a software patch that contains revocation keys may, in so doing, be distributing the media keys that were compromised – and thus violating the terms of the DMCA, as maintained by AACS LA’s lawyers – remains to be seen.
Meanwhile, members of the Doom9 Forum, including arnezami, have been working since last month to apply a homebrew patch to Microsoft’s Xbox 360 HD DVD attachment drive, after having reverse-engineered the firmware from two drives to compare the differences in their code and determine the locations of secret keys. Their stated objective is to make it possible for software to decrypt the contents of a disc using its volume key only – which is more easily located.
If they are successful, then theoretically software could be permitted which enables Linux users to play HD DVD movies without a processing key at all, which would have made this whole two-and-a-half month discovery process another chronicle of wasted time.
In his Freedom to Tinker blog yesterday, engineer Ed Felten – who last year demonstrated the ease in which an unauthorized party could break into a Diebold voting machine – made a poignant comment about this whole affair.
“It’s hard to see the logic in AACS LA’s strategy here,” Felten wrote. “The key will inevitably remain available, and AACS LA are just making themselves look silly by trying to suppress it. We’ve seen this script before. The key will show up on T-shirts and in song lyrics. It will be chalked on the sidewalk outside the AACS LA office. And so on.”