Tangled Webs

    Lawyers, Hackers and DVDs
Issue 5.1
Jan 22, 2000

The Next Big Thing

DVD has been the next big thing for the past three years. Basically, DVD is the next generation of CD ROM, and is capable of holding 5.2 Gigabytes of data -- enough for a full-length movie. Until recently however, competing standards and movie industry reluctance kept DVDs from mainstream acceptance.

The DVD Forum changed that early last year when they announced a standard that would scramble DVD data using unbreakable encryption. The DVD Forum then created the DVD CCA to license un-encryption keys to the makers of DVD drives. The industry finally had a green light, and the DVD marketing fanfare began in earnest.

A few months later, the unbreakable encryption was cracked, not by software pirates, but by a group of teens in Norway calling themselves Masters of Reverse Engineering. MORE's goal was to create a way to view DVD movies on Linux, since there were no commercial applications available. When MORE examined XingDVD (a Windows DVD player made by RealNetwork) they discovered the software contained an unencoded DVD encryption key. This information gave MORE the clues they needed to quickly break the DVD encryption algorithm. They then wrote a program called DeCSS that allowed Linux users to watch DVD movies.

In a matter of days the news, the DeCSS software and the details of the DVD encryption were all over the Internet. Not only were Linux users able to watch their DVD movies, but since the information on the DVD encryption had entered the public domain, there was no longer any legal reason for new DVD manufacturers to pay DVD CCA for a license to use that information.

Faced with such a substantial loss of revenue and face, DVD CCA did what American companies do best. They sued.

The Same Old Thing

Deciding to sue was simple enough, but deciding who to sue was quite complicated. The DVD encryption method was not patented -- which would have required the information to be made public. Instead, the DVD CCA decided to protect their algorithm as a trade secret, disclosing it only to licensees. Owners of trade secrets, however, don't have exclusive rights to them, and the law provides no protection for trade secrets that are discovered via legal means.

It seemed that no laws had actually been broken. Granted, the license agreement distributed with the XingDVD software prohibited reverse engineering, but Norwegian courts apparently don't consider shrink wrap agreements to be legally binding. In any event, the boy who discovered the trade secret was 16 years old; a minor unable to enter into a binding contract. Perhaps the DVD CCA has a case against RealNetwork, through whose negligence the encryption code was reveled, but suing your customers is generally considered to be bad business.

Faced with this dilemma, the DVD CCA decided to sue everyone else within legal reach. They filed a suit against 72 named and anonymous individuals who ran websites that were either distributing DeCSS, explaining details of how the algorithm worked or had links to such sites. Their case is an odd one. None of the listed defendants were involved in the creation of DeCSS and many were not even involved in its distribution. The DVD CCA, however, maintained that the information was not yet public and demanded that all files, discussion and links be removed to protect their "secret."

On December 29, the day of the court hearing for the preliminary injunction, members of Slashdot gathered in front of the Santa Clara County courthouse and handed out bound, printed copies of the DeCSS program. Continuing the ruse, one of the plaintiff's attorneys submitted his copy into evidence and asked the court to have the "trade secret" sealed.

In the end, the judge rejected the movie industry's request for a temporary restraining order. The second hearing is later this month, but it seems unlikely that the judge will find in favor of the plaintiffs.

Things That Matter

The DVD CCA has been framing this case as a matter of intellectual property theft, software piracy and copyright violation. That's simply not what this case is about. DeCSS is not being used to pirate movies. In fact, it is far more expensive to pirate a DVD movie than it is to buy one. DeCSS is being used to allow people who legally purchased a DVD-movie to view it on Linux.

This case is about the DVD CCA's loss of control. When their trade secret was still a secret, they could use license agreements to force DVD manufacturers to implement whatever standards and features they saw fit. They have lost the ability to decide which companies can and cannot make DVD software. And perhaps most important, they have lost their potential revenue stream. Companies used to have to pay a substantial fee to access to the technical specifications needed to make software to play DVD movies. That information is now freely available.

In short, by relying on trade secrets rather than patents and copyrights, the DVD CCA lost the opportunity to become the Microsoft of the DVD world. Since their secret is now so widely known, it seems they have little chance of putting the genie back in the bottle through legal harassment of web site owners. Nor can the DVD Forum change the encryption method since that would render all current DVD players unable to play new movies.

It seems that DVDs have arrived and really will be the next big thing.

[ Home Page] [ Back to Index ] [ Previous Issue ] [ Next Issue ]

© Copyright 2000, Tim Romero, t3@t3.org
This article fist appeared in the January 2000 edition of Computing Japan.
Tangled Webs may be distributed freely provided this copyright notice is included.
The Tangled Webs Archive is located at http://www.t3.org/tangledwebs/index.shtml