DeCSS
|
DeCSS is a computer program capable of decrypting content on a DVD video disc encrypted using the Content Scrambling System (CSS).
Contents |
Origins and history
DeCSS.PNG
DeCSS was devised by persons unknown and released anonymously on the Internet mailing list LiViD in October 1999. Allegedly, one of the authors was Norwegian teenager Jon Johansen, whose home was raided in 2000 by Norwegian police. He was put on trial in a Norwegian court and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. However, on March 5, 2003, a Norwegian appeals court ruled that Johansen would have to be retried on charges that he violated Norwegian Criminal Code section 145 (the hacker law). The court said that arguments filed by the prosecutor and additional evidence merited another trial. On December 22, 2003, the appeals court agreed with the acquittal, and on January 5, 2004 Norway's Økokrim decided not to pursue the case further.
The program was first released on October 6, 1999 when Johansen posted an announcement of DeCSS 1.1b on the livid-dev mailing list. Initially, the source code was not available, but it was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper from a group called Drink or Die, which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.
The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms.
Johansen was involved in a flamewar with another member on livid-dev over the GPL violation issue. Johansen was a FreeBSD supporter and criticized Linux. The main point of the dispute was that Johansen claimed that he had been granted a non-GPL license by Fawcus for the css-auth code, while the other party claimed that he was lying. The flamewar ended when Fawcus confirmed Johansen's side of the story.
At the end of 2000, a document written by an anonymous author surfaced on the Internet [1] (http://www.chscene.ch/ccc/decss/decsstruth.txt). It accuses Johansen of being a liar, slandering Linux and violating the GPL. The accuracy of the document is in dispute: Johansen's lawyer was a public defender paid by the Norwegian state and Matthew Pavlovich, LiViD project leader, testified in MPAA v. 2600 that UDF under Linux was an issue [2] (http://www.eff.org/IP/Video/MPAA_DVD_cases/20000721_ny_trial_transcript.html).
On January 23, 2004, the DVD CCA dropped the case against Jon Johansen. [3] (http://www.eff.org/IP/Video/DVDCCA_case/20040122_eff_pr.php)
Technology and derived works
The release of the DeCSS source code was the first time the algorithm of CSS was available for public scrutiny, and it was soon found to be susceptible to a brute force attack quite different from DeCSS. The encryption is only 40 bit, and does not use all keys; a high-end home computer running optimized code is able to brute-force it in 24 hours quite easily.
DeCSS was used as a guide by programmers around the world to create hundreds of equivalent programs, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to implement an open source DVD player (the licensing restrictions on CSS makes it impossible to create an open source implementation through official channels). Since no commercial DVD drivers have been made available for some open source operating systems, users of those operating systems require an open source implementation in order to play legally purchased DVDs on legally purchased hardware and software. However, once the unencrypted source video is available in digital form, it can be copied without degradation; thus it is also possible to use DeCSS as part of a scheme to copy DVD videos to another medium with no loss of quality, a facility that may encourage mass copyright infringement. Critics point out that commercial-scale pirating of CSS encrypted DVDs was widespread in east Asia and elsewhere, and that this was done without use of DeCSS by individuals or by any similar techniques, since it is believed that these discs were simply bit-for-bit copies of the original DVD, with no need for any decryption of the CSS-encrypted content. Note that this type of copying is not possible using standard DVD-R or DVD-RW blanks, since the section of the DVD that contains the CSS keys is unwritable.
Legal response
In protest against legislation that prohibits publication of DeCSS code in countries that implement the WIPO Copyright Treaty (such as the United States' Digital Millennium Copyright Act), some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through steganography, through various Internet protocols, as a series of haiku poems[4] (http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/decss-haiku.txt), and even as a so-called illegal prime number. However, the CSS algorithm seems to require more characters to describe in a computer programming language than the RSA algorithm; one of the shortest implementations of the cipher (called "efdtt") is 434 bytes. Because of this, it has not been distributed by some of the more "inventive" methods used to distribute the RSA algorithm during the days of ITAR — it is not suitable for tattoos, email sigs, etc.
As of 2005, DeCSS (and several copycat programs which have not been specifically brought to court) can be readily obtained over the Internet. Some Linux distributions are able to install a DVD player incorporating a CSS implementation with a single command.
The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in about early November 1999 (Universal v. Reimerdes). As a response to these threats a program also called DeCSS but with an unrelated function was developed [5] (http://www.pigdog.org/decss/). This program can be used for stripping Cascading Style Sheets tags from an HTML page. In one case, a school removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention.
External links and references
- Gallery of CSS Descramblers (http://www.cs.cmu.edu/~dst/DeCSS/Gallery) (David S. Touretzky)
- DeCSS Central (http://www.lemuria.org/DeCSS/) - Information about DVD, CSS, DeCSS, LiVid, the DVD CCA and MPAA and the various lawsuits surrounding DeCSS.
- 2600 News: DVD Industry Takes 2600 to Court (http://www.2600.com/news/view/article/19)
- Aftenposten: Prosecutors let DVD-Jon's victory stand (http://www.aftenposten.no/english/local/article702236.ece)
- The Openlaw DVD/DeCSS Forum Frequently Asked Questions (FAQ) List (http://cyber.law.harvard.edu/openlaw/DVD/dvd-discuss-faq.html)
- DeCSS Haiku (http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/decss-haiku.txt) - How to decrypt a DVD - in Haiku form - by Seth Schoen
- The history of the DeCSS Haiku, by Seth Schoen (http://www.loyalty.org/~schoen/haiku.html)
- 42 ways to distribute DeCSS (http://decss.zoy.org/)
- CSS Explained (http://crypto.gq.nu/dvd_css_decryption.html) - A technical overview of the CSS decryption algorithm.de:DeCSS