AACS encryption key controversy
This article documents a current event. Information may change rapidly as the event progresses, and initial news reports may be unreliable. The latest updates to this article may not reflect the most current information. (April 2007) |
The AACS encryption key controversy arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC (AACS LA) began issuing DMCA violation notices [1] to websites publishing a 16-byte hexadecimal number, beginning with 09 F9, which is one of the cryptographic keys for HD DVDs and Blu-ray Discs. The controversy escalated in early May 2007, when technology news site Digg received a notice and then removed numerous articles on the matter and banned users reposting the information.
Because the encryption key may be used as part of circumvention technology forbidden by the DMCA, its posession and distribution has been viewed by the AACS, as well as some law professors, as illegal.[2][1] Since it is a 128-bit value, it was dubbed an "illegal number" (compare with illegal prime).[3][4][5] Opponents to the expansion of intellectual property rights criticize the idea of making a particular number illegal, which they feel should not and cannot be controlled by a single person or group. [6]
Timeline of AACS cracking
Commercial HD DVDs and Blu-ray Discs integrate copy protection technology specified by the AACS LA. There are several interlocking encryption mechanisms, such that cracking one part of the system does not necessarily crack other parts. Thus, the famous "09 F9" key is only one of many parts that would be needed to play a disc on an unlicensed player.
The AACS system can be used to revoke a specific key after it is known to have been compromised, and this has been invoked for the WinDVD software media player.[7] The compromised players can still be used to view old discs, but not newer releases without encryption keys for the compromised players. If other players are then cracked, further revocation would lead to legitimate users of compromised players being forced to upgrade or replace their player software or firmware in order to view new discs.
2006
On 26 December 2006, a person using the alias muslix64 published a utility named BackupHDDVD and its source code on the DVD decryption forum at the website Doom9.org.[8] BackupHDDVD can be used to decrypt AACS protected content once one knows the encryption key.[9] Muslix64 claimed to have found title and volume keys in main memory while playing HD DVD discs using a software player, and that finding them is not difficult.[10]
2007
On 2 January 2007, muslix64 published a new version of the program, with volume key support.[11] On 12 January 2007, other forum members detailed how to find other title and volume keys, stating they had also found the keys of several movies in RAM while running WinDVD.
On or about 13 January, a title key was posted on pastebin.com in form of a riddle, which was solved by entering terms into the Google search engine. By converting these results to hexadecimal, a correct key could be formed.[12] Later that day, the first cracked HD DVD, Serenity, was uploaded on a private torrent tracker.[13] The AACS LA confirmed on January 26 that the title keys on certain HD DVDs had been published without authorization.[14]
Doom9.org forum user arnezami on doom9.org's forums found and published the "09 F9" AACS processing key on February 11:[15]
Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed.
This key is not specific to any playback device or DVD title. Doom9.org forum user jx6bpm claimed on March 4 to reveal CyberLink's PowerDVD's key, and that it was the key in use by AnyDVD.[16]
The AACS LA announced on April 16 that it had revoked the decryption keys associated with certain software high-definition DVD players, which will not be able to decrypt AACS encrypted disks mastered after 23 April, without an update of the software.[17][18]
DMCA notices and Digg
As early as 17 April 2007, AACS LA was issuing DMCA violation notices, sent by Charles S. Sims of Proskauer Rose,[19] in an apparent attempt to suppress the encryption key.[20] Following this, dozens of notices were sent to various websites hosted in the United States.[21]
(Note that this was not a DMCA section 512 OCILLA notice, as used when alleging copyright infringement, but a DMCA section 1201 notice, naming the key as being a circumvention device.)
On 1 May 2007, in response to a DMCA violation notice, technology news site Digg began removing posts containing or alluding to the key and, in some cases, closing accounts which created those posts. The Digg community reacted by creating a flood of posts containing the key, many using creative ways of semi-directly or indirectly inserting the number, such as in song or images (either representing the digits pictorially or directly representing bytes from the key as colors) or on merchandise.[22] At one point, Digg.com's "entire homepage was covered with links to the HD-DVD code or anti-Digg references."[23] Eventually the Digg administrators reversed their position on such submissions, stating:
But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.[24][25][26]
Lawyers and other representatives of the entertainment industry, including Michael Avery, an attorney for Toshiba Corporation, expressed surprise at Digg's decision, but suggested that a suit aimed at Digg might merely spread the information more widely.
If you try to stick up for what you have a legal right to do, and you're somewhat worse off because of it, that's an interesting concept[27]
Other websites
In a response to the events occurring on Digg and the call to "Spread this number," the key was rapidly posted to thousands of pages, blogs and wikis across the Internet,[28] including Wikipedia.[29] As in the case of the DeCSS controversy, the key has been widely distributed in various forms, including YouTube music videos, doctored photographs, and T-shirts.[2][30] As of Tuesday afternoon, May 1, 2007, a Google search for the key returned 9,410 results,[31] while the same search the next morning returned nearly 300,000 results.[32] On Friday, the BBC reported that a search on Google shows almost 700,000 pages have published the key.[33] This was despite AACS LA having sent a DMCA notice to Google on April 17 demanding that Google stop returning searches for the key at all. [34][35][36]
Impact
These events have been likened to the Streisand effect, in that when attempts at censorship were made both by the Digg website through article removal and through the internet as a whole through the use of DMCA violation notices, people responded through civil disobedience and posted the encryption key.[38] Widespread news coverage[39] included speculation on the development of user-driven websites,[40] the perception of acceptance of DRM,[41] and the legal liability of running a user-driven website.[42]
In an opposing move, Carter Wood of the National Association of Manufacturers said they had removed the "Digg It"-link from their weblog.[43]
Until the Digg community shows as much fervor in attacking intellectual piracy as attacking the companies that are legitimately defending their property, well, we do not want to be promoting the site by using the "Digg It" feature.
Media coverage initially avoided quoting the key itself. However, several US-based news sources have run stories containing the key, quoting its use on Digg,[44][45][46][47][48][49] though none are known to have received DMCA notices as a result. Current TV broadcast the key during a Google Current story on the Digg incident at 3:00pm on May 3, displaying it in full on screen for several seconds and placing the story on the station website.[50]
AACS LA reaction
The AACS LA has so far not officially responded on their website regarding the controversy. BBC News however has quoted an AACS executive saying: Bloggers "crossed the line" and it was looking at "legal and technical tools" to confront those who published the key and that the events involving Digg were an "interesting new twist."[33]
Impact on popular culture
In addition to the blogosphere and the mass media, the key has appeared in or on:
- T-Shirts[2]
- Poetry, songs and music videos[2]
- a movie[2]
- Illustrations and other graphic artworks[30]
- Tattoos and body art[51]
References
- ^ a b "AACS licensor complains of posted key". Chilling Effects. Retrieved 2007-05-04.
- ^ a b c d e Stone, Brad (2007-05-02). "In Web Uproar, Antipiracy Code Spreads Wildly". The New York Times. Retrieved 2007-05-03.
{{cite news}}
: Check date values in:|date=
(help) - ^ http://www.bloggernews.net/16450
- ^ http://ecyrd.com/ButtUgly/wiki/Main_blogentry_010507_1
- ^ http://bearnz.wordpress.com/2007/05/04/an-illegal-number/
- ^ Edward Felten (May 3, 2007). "Why the 09ers Are So Upset". Freedom to Tinker. Retrieved 2007-01-08.
{{cite web}}
: Check date values in:|date=
(help) - ^ "AACS key revoked". 26 January 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ Muslix64 (26 December 2006). "BackupHDDVD, a tool to decrypt AACS protected movies". Doom9's Forum. Retrieved 2007-04-09.
{{cite web}}
: Check date values in:|date=
(help)CS1 maint: numeric names: authors list (link) - ^ Intel Corporation (2006-07-25). "Advanced Access Content System (AACS)" (PDF). Retrieved 2007-04-09.
{{cite web}}
: Unknown parameter|coauthors=
ignored (|author=
suggested) (help) - ^ "HD DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ Muslix64 (2 January 2007). "BackupHDDVD, a tool to decrypt AACS protected movies". Retrieved 2007-04-09.
{{cite web}}
: Check date values in:|date=
(help)CS1 maint: numeric names: authors list (link) - ^ "kad77" (13 January 2007). "Decryption Keys For HD-DVD Found, Confirmed". Slashdot. Retrieved 2007-04-09.
{{cite web}}
: Check date values in:|date=
(help)CS1 maint: numeric names: authors list (link) - ^ Reimer, Jeremy (January 15, 2007). "First pirated HD DVD movie hits BitTorrent". Ars Technica.
- ^ "Hi-def DVD security is bypassed". BBC. 26 January 2007. Retrieved 2007-01-26.
{{cite web}}
: Check date values in:|date=
(help) - ^ arnezami (11 February 2007). "Processing Key, Media Key and Volume ID found!!!". Doom9's Forums. Retrieved 2007-05-04.
{{cite web}}
: Check date values in:|date=
(help) - ^ jx6bpm (3 March 2007). "PowerDVD private key". Doom9's Forums. Retrieved 2007-04-09.
{{cite web}}
: Check date values in:|date=
(help)CS1 maint: numeric names: authors list (link) - ^ "HD DVD, Blu-ray protection in question after attacks". Yahoo. 16 April 2007. Retrieved 2007-05-01.
{{cite web}}
: Check date values in:|date=
(help) - ^ Rick Merritt (2007-05-03). "The real casualty in high def DVD revolt". EETimes. Retrieved 2007-05-05.
- ^ Davies, Greg (3 May 2007). "The Aftermath of the Digg Revolt: What now?". TheTrukstoP.com. Retrieved 2007-05-03.
{{cite web}}
: Check date values in:|date=
(help) - ^ "DMCA Takedown Notice". 17 April 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ "AACS Takedowns Backfire". 1 May 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ "Digg.com Attempts To Suppress HD-DVD Revolt". Slashdot. 1 May 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ Andy Greenberg (May 02, 2007), Digg's DRM Revolt, Forbes
{{citation}}
: Check date values in:|date=
(help) - ^ Kevin Rose (2007-05-01). "Digg This: 09 F9 [...]". Digg the Blog. Digg Inc. Retrieved 2007-05-02.
- ^ "DVD DRM row sparks user rebellion". BBC. 2 May 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ Marcus Yam (May 2, 2007), AACS Key Censorship Leads to First Internet Riot
- ^ Alex Pham (3 May 2007). "User rebellion at Digg.com unearths a can of worms". Los Angeles Times (latimes.com). Retrieved 2007-05-04.
{{cite web}}
: Check date values in:|date=
(help); Unknown parameter|coauthors=
ignored (|author=
suggested) (help) - ^ "Spread this number". 30 April 2007. Retrieved 2007-05-02.
{{cite web}}
: Check date values in:|date=
(help) - ^ Tim Starling (2 May 2007). "HD DVD key and the spam blacklist". WikiEN-L mailing list. Retrieved 2007-05-04.
{{cite web}}
: Check date values in:|date=
(help); External link in
(help)|publisher=
- ^ a b "Photoshop Rebels Rip Great HD DVD Clampdown". Wired News. 2007-05-03. Retrieved 2007-05-03.
{{cite web}}
: Check date values in:|date=
(help) - ^ Thomas Claburn (2 May 2007). "HD DVD Blu-Ray Decryption Key Widely Posted Online". Information Week. Dark Reading. Retrieved 2007-05-03.
{{cite web}}
: Check date values in:|date=
(help) - ^ Nick Farrell (2 May 2007). "09 f9 [...] is the number they tried to ban". The Inquirer. Retrieved 2007-05-03.
{{cite web}}
: Check date values in:|date=
(help) - ^ a b Darren Waters (4 May 2007). "DRM group vows to fight bloggers". BBC. Retrieved 2007-05-04.
{{cite web}}
: Check date values in:|date=
(help) - ^ Mann, Justin (2007-05-01). "AACS LA tells Google to stop indexing hack - or else". TechSpot. Retrieved 2007-05-05.
- ^ "AACS licensor complains of posted key". Chilling Effects. 2007-04-17. Retrieved 2007-05-05.
- ^ Buchanan, Matt (2007-05-02). "Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story". Gizmodo. Retrieved 2007-05-04.
- ^ John Marcotte (1 May 2007). "Free Speech Flag". Badmouth.net. Retrieved 2007-05-03.
{{cite web}}
: Check date values in:|date=
(help) - ^ Mike Masnick. "AACS Discovers The Streisand Effect: The More You Try To Suppress Something, The More Attention It Gets". Retrieved 2007-05-03.
- ^ Forbes, CNet, BBC, Financial Times, Associated Press
- ^ Verne Kopytoff. "User revolt at Digg.com shows risks of Web 2.0". Retrieved 2007-05-03.
- ^ John Carroll. "A Digg riot and AACS". Retrieved 2007-05-03.
- ^ Tom Spring. "Mob's Win is Digg's Loss". Retrieved 2007-05-03.
- ^ Carter Wood (2007-05-03). "Intellectual Property Dust-Up: Digg". Retrieved 2007-05-05.
- ^ Buchanan, Matt (2007-05-02). "Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story". Gizmodo. Retrieved 2007-05-04.
- ^ Berger, Adam (2007-05-02). "HD-DVD cracked, Digg users causes an uproar". Gadgetell. Retrieved 2007-05-04.
- ^ Beal, Andy (2007-05-02). "Rose Hands Over Digg Control". WebProNews. Retrieved 2007-05-04.
- ^ Lane, Frederick (2007-05-02). "Digg This: Web 2.0, Censorship 0". Newsfactor.com. Retrieved 2007-05-04.
- ^ Singel, Ryan (2007-05-03). "HD DVD Battle Stakes Digg Against Futility of DRM". Wired News. Retrieved 2007-05-03.
- ^ Zuckerman, Ethan (2007-05-03). "Does The Number have a lesson for human rights activists?". Worldchanging. Retrieved 2007-05-05.
- ^ Conor Knighton (2007-05-03 15:00). "Can You Digg It?". Retrieved 2007-05-05.
{{cite web}}
: Check date values in:|date=
(help) - ^ "AACS LA: Internet "revolt" be damned, this fight is not over". Ars Technica. 2007-05-04. Retrieved 2007-05-04.
{{cite web}}
: Check date values in:|date=
(help)
External links
- Doom9 forums, original focus of the controversy
- 09 f9: A Legal Primer — Electronic Frontier Foundation (EFF)