Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools

Скачать 150.39 Kb.
НазваниеTrouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools
Размер150.39 Kb.
  1   2   3   4   5   6

Journal of Information, Law and Technology

Trouble with Prime Numbers: DeCSS, DVD and the Protection of Proprietary Encryption Tools

Andrés Guadamuz González

Law Lecturer
University of Edinburgh

This is a refereed article published on: 6 December 2002

Citation: Guadamuz A, ‘Trouble with Prime Numbers: DeCSS, DVD and the Protection of Proprietary Encryption Tools’, The Journal of Information, Law and Technology (JILT) 2002 (3)


The DVD video format has become one of the most important developments in the home entertainment market since the popularisation of the magnetic video recording. The film industry delivered this format with a built in security system which was supposed to avoid illegal copying of the discs, much as what is taking place with the music CD and the almost indiscriminate copying of music into MP3 format over the Internet. This was achieved by means of encryption technology.

This essay deals with the cracking of DVD encryption and its further diffusion as a computer programme named DeCSS, which has been made available over the Internet in various formats, including t-shirts and a numerical representation of the code. There are three court cases based on the online posting of this programme, two in the United States and one in Norway. The article starts by describing the technology involved, as it is felt by the author that some of these technical issues are of importance to the legal implications of the case and should be understood properly. The article then deals with the developments in all of the three cases up to this date. The essay then finishes with a look at the legal issues involved, including hyper-linking, trade secrets, freedom of speech and the translation of DeCSS into numerical format.


1. Introduction

In 1999, an interesting case started to develop in the uncharted fringes of the World Wide Web. A computer programmer from Norway managed to crack the encryption technology used to protect the innovative and increasingly popular Digital Versatile Disk (DVD) video technology. Soon after, the instructions to override the inbuilt protection of DVD discs were being distributed through countless web sites around the world. The legal battle is probably one of the most underreported decisions on the growing caseload that is shaping the picture of copyright protection on a digital environment, but this case is important because it has the potential to define many interesting subjects in different areas of the Internet, such as hyper-linking, freedom of speech and copyright.

The case would seem to be very straightforward at first glance; the movie industry claims that the hackers have wilfully misappropriated trade secrets by means of reverse engineering, and have applied for injunction orders against the sites that provide explanations on how to circumvent the existing technology.

However, this case is not a normal copyright infringement one, what makes it important for the legal profession is the nature of the encryption technology at the heart of the debate. This case also deals with the ingenuity of programmers in finding new ways of making public information which some courts have been found to infringe copyright. An example of this can be found in a series of long prime numbers1. These are prime numbers that can be decoded to represent DeCSS; the program that can decrypt the information contained in any DVD disc, and therefore copy it. This poses some interesting questions. Could the courts forbid sites from posting these numbers? What about the many other forms of representation of DeCSS code?

This case has been overshadowed by other high profile intellectual property cases in cyberspace, such as the Napster copyright saga, software patents and cyber squatting, and the reporting of this in this case has been surprisingly scarce in legal journals. Nevertheless, its importance cannot be underestimated because the definitions that may come from this case may be felt in other areas of intellectual property.

The present paper examines some of the legal issues involved in this case, but some of the technical aspects surrounding the cracking of DVD protection deserve a considerable amount of coverage as well, as it is it is felt by the author that these there is a misunderstanding of the technical aspects of the protection involved.

2. DVD and Encryption Technology

2.1 DVD Explained

The Digital Versatile Disk (DVD) video format is undoubtedly the most important development in video technology since the adoption of VHS format as the standard for manufacture and retail of home entertainment. The industry is abuzz with the possibilities that the new format provides, and the sale of home videos has been boosted by the introduction of discs that provide the highest digital quality and richness of content.

In general, the DVD format is an optical reading medium that allows for massive storage capacity in a two-sided disc the size of normal audio or computer Compact Disc (CD). The highest possible storage of a DVD is seventeen gigabytes, as compared to 600-700 megabytes of the traditional CD format2.

The DVD format makes use of multimedia compression technology, which allows a user to store large amounts of information in a smaller space than it would normally take, making it possible to develop smaller and more efficient media storage and playback mediums. In general, higher compression rates translate into lower quality, and vice versa3. The Moving Picture Experts Group (MPEG) developed in 1990 two different levels of compression, the MPEG level 1 for video and level 2 for digital television4; DVD uses the second level, called MPEG-25.

MPEG-2 is also used in other types of information-rich digital content, such as digital cable television, high-definition television (HDTV) and small dish television (DSS). The difference between these formats and DVD is that it allows for a variable bit-rate compression scheme, which allows the person making the decision of how much space to use to change from high resolution/low compression to the opposite as required by the different types of video. These variations of detail allow the producers of a DVD disc to use higher compressions for less important scenes, and lower ones for high-detail action scenes, allowing for larger amounts of content on the DVD6. At the same time as the compression of video, the format allows to store various sorts of audio tracks with the highest quality.

This versatility is what is making the DVD format so attractive for use on the home entertainment market. Most commercial DVDs come with various extra features that make them very appealing for the average consumer. Such features include various audio formats, the possibility of using multiple languages in the audio, inclusion of full movie commentary by the actors, director or producers, behind the scenes footage, movie trailers and multimedia-heavy presentations on the filmography of those involved in the production. Other advantages of the format include durability of the discs in comparison to videotapes.

DVD can be incorporated to a personal computer, with the advantage that it is set to replace the normal CD-ROM drives in the near future, most new computers now ship with a DVD-ROM instead of the old CD-ROM set. This allows computer users can watch movies in their systems, as well as use DVD-ROM multimedia CDs, which allow for larger content. Another feature is backward compatibility, as DVD-ROMs can read old CD-ROMs7.

There is no doubt that DVD is experiencing increasing popularity, and is gaining a larger share of the market. In 1997, DVD player sales in the United States amounted to 700 thousand (including players and DVD-ROM). In 2000, the amount of players sold was of 8.5 million, and worldwide the amount of DVD-ROM drives was of 46 million. In 1998, there were only 2,200 DVD titles available; in 2000, the amount of titles was of over 10,0008. In the UK alone, it is calculated that the sales of DVD titles in December 2000 exceeded all those of the previous year9. In January of last year, DVD sales topped VHS sales for the first time in the United States, and the figures are likely to continue going up.10

2.2 Encryption

One of the features that made DVD so appealing to the movie industry was its security when compared to other video formats, such as videotapes, which are easy to copy.11 DVD has an inbuilt security system called the Content Scrambling System (CSS), which uses encryption as a means of making sure people cannot copy the contents of the disc.

What exactly is encryption? In short, encryption is:

the use of secret codes and ciphers to scramble information so that it is worthless to anybody but the intended recipients’12.

In computing, encryption makes use of mathematical formulae or algorithms to scramble the original data, this information can only be unscrambled by the use of a key, which is the set of mathematical instructions used to encrypt the information13. Digital information, such as the one stored in a DVD disc, can be easily encrypted because the data is stored in numerical format by means of binary code (1s and 0s), so the key simply scrambles the existing numbers by applying the formula. A person who does not have the right key to unlock the data will only obtain a set of useless numbers14.

Generally, two major types of encryption exist, by private key (also known as asymmetric or asynchronous) or by public key (also known as symmetric or synchronous).15 The simplest way is using asymmetric key encryption, where a formula is used to scramble the information in the origin, and the same key is used to unscramble it. In public key encryption, both parts are given a pair of keys, a public one and a private one. The person scrambling the information looks up the recipient’s key from a public directory, and then scrambles it using that key, but only the intended recipient can look at the data by decrypting it using his private key.16 The larger the keys, the better the encryption, this is because a person would have to go through a larger set of mathematical operations to try to guess what the key is. Keys are composed of bits of information17, which describe the operation that is being performed on the original data. The amount of possibilities is exponential, an 8-bit key has 256 possible values18, but a 20-bit key has 1,048,576 possible values. Most commercial encryption (such as the one found in web-browsers) uses 128-bit encryption19.

The CSS method used by DVD manufacturers uses an even stronger variation of public key encryption to scramble the original video data, known as authentication. This means that to have access to the keys themselves you need to be authorised to do so by means of another key, called the authentication key. This is a 40-bit key that is unique to each DVD player manufacturer, be it software or hardware. Every single DVD disc contains a set of at least 400 such keys, and each player has a built-in one. The player uses its key to unlock the information inside the disc and allow playback20.

By encrypting the information inside a DVD, manufacturers had a way to ensure that users could not copy their product. The encrypted information could in fact be copied onto a recordable CD or a computer, but the new CD would lack the keys to be unlocked (because the keys themselves are encrypted), so the user would not be able to see any information from the recorded source, rendering the copy useless21.

2.3 Cracking DVD Protection

By 1999, the movie industry seemed content enough with CSS technology applied to DVD to continue to encourage the growth of the new video format, but other applications for the format were not being exploited yet, such as DVD music or DVD-ROM software22.

However, the faith of the industry in the security of CSS was misplaced. In hindsight, it seems naïve that a 40-bit encryption, although relatively secure, would stop determined hackers and crackers from trying to attack it, as it can be easily circumvented23.

However, the breaking of DVD encryption did not result from an attack by crackers; it came to be inspired by more innocent reasons. For various commercial motives, and due to the unique nature of the software, the Linux operating system did not have a DVD player, which meant that thousands of users of this system had to migrate to another operating system if they wanted to watch their DVDs with their computers. For anybody who is familiar with the cultist nature of Linux users and their almost mythical despise for Microsoft’s products, it was obvious that this would not take place24. The absence of DVD support for Linux prompted several programmers to attempt to create a DVD player for the open source operating system25.

The events leading to the final cracking of the DVD encryption are still not completely clear. What is obvious is that by November of 1999 there were already several applications available on the Internet that allowed people to copy a DVD by ‘ripping’26 the contents of the disc. This was usually achieved by using a licensed player and providing it with false information about the output, instead of going to the video card drivers it would go directly to a file27. All of the information available seems to indicate that by the end of 1999 an anonymous German hacker had managed to crack CSS encryption28, others claim that it was an English hacker going by the unlikely name of Derek Fawcus29. What is evident is that these efforts were noticed by a group of Norwegian programmers called Masters of Reverse Engineering (MoRE), headed by a 16-year-old called Jon Johansen, who has been credited by the media as the first to crack CSS. MoRE started by reverse engineering a popular DVD software player called XingDVD30. To their surprise, the licensed key contained in the Xing player was not encrypted, and it allowed them to decrypt the content of any DVD. The members of the group went on to decrypt more than 170 keys by using the same encryption algorithm required to create the Xing key31, this also allowed them to create a small software program called DeCSS, which could copy the contents of the disc and transfer it into a file32. At the time of writing this paper, DeCSS is still widely available on the Internet33.

DeCSS is not the only tool available to decrypt DVDs. Qrpff is a new program created by MIT students Keith Winstein and Marc Horowitz for a seminar on the subject. They created a small program consisting of seven lines of PERL code that is able to decrypt and play any disc by using one of the many available keys, cracked by the members of MoRE34. There are other DVD rippers that are being offered via unsolicited email, with the ironic twist that you have to buy them from the pirates, but these rippers are mostly based on DeCSS technology35.

DeCSS was made immediately available through various Internet locations, but as soon as those websites started receiving legal threats from the DVD manufacturers, some programmers came up with novel ways of sharing the software online. T-shirts and coffee mugs with the DeCSS code printed on them started being sold by some hacker communities. There are so many ways of encoding and hiding the code as there is imagination in the hacker as programming communities, and it can be certainly said that there is no shortage of those. Different types of hiding the code include image files, movie files, haikus, hidden text, gif files of the code, Yahoo greeting cards, etc. The possibilities are endless36.

It is interesting to note that CSS has not been the only piece of DVD technology that has been cracked. There are six different DVD regions37. In theory a player from one region cannot play a DVD from another region, allowing movie studios to regulate their DVD release schedule according to the film release dates in different parts of the globe. This is because movies are usually released first in the United States and Canada, and they may take up to six months to be released elsewhere. Separating the regions helps the box office success of movies that may be already available in video in the United States38. As it is often the case, users did not like this arrangement, and the region protection was soon cracked39.

2.3.1 Encoding and Decoding Prime Numbers

Perhaps one of the most interesting ways of sharing the DeCSS code was found by computer programmer Phil Carmody. Any computer program is a string of bits (binary digits), so every program is in the end a number. Carmody found a number which, when written into hexadecimal format40, forms a gzip file41. This files contains the C language code for DeCSS. The encoding would take place like this: The original DeCSS C code is compressed into a gzip file (resulting in the file Decss.gz), which is a binary representation of the original code. This file can be then converted into hexadecimal. This hexadecimal string of data can easily be converted into a decimal integer42. This resulting number is a prime number. The process to decode this number would be the same, but in reverse. Take the number and input it into a hexadecimal converter (such as Hackman, or even emacs). Save the file as decss.gz, and use an uncompress utility which can read gzips. The result is the DeCSS C code, ready to be compiled. Carmody has also found a mathematical formulae that can convert this prime into an infinite number of primes43.

Not content with this operation, programmer Charles C. Hannum found a specific variant of the short C code which makes up DeCSS to make it directly into a prime number. The operation is to convert each of the characters in the code to their ASCII equivalent. If you view this string of digits as a single number, the result is yet another prime number44.

Since these first experiments, many other programmers and mathematicians have been working to produce different prime numbers which represent the original DeCSS code45. Carmody went one step further and through a long process created yet another prime number which is actually an executable representation of DeCSS, not even requiring the compilation process46. Any knowledgeable enough person can simply use that prime number, convert it to hexadecimal format, and the result is the executable DeCSS program, no compilation required.

There is yet another way of performing the translating operation in an easier form, which is by the use a small perl code which retrieves the number, packs it into binary, and feeds it to gunzip, the unzip application in Linux. This produces the code as well47.

The example of the encoding of DeCSS into prime numbers is just an example of the many methods available. It serves to illustrate that the determined technocratic elites that inhabit the Internet cannot be easily stopped.

  1   2   3   4   5   6


Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconBurning Studio Tools & Software Protection

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconPreparations (Numbers 2: 1 – 10: 10) Homeward Bound – at Last (Numbers 10: 11 – 13: 33)

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconПеречень образовательных ресурсов на cd, dvd в моу-сош №41 Начальное общее образование Русский язык cd, dvd по

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconBold followed by the year and then by inclusive page numbers. Notes are indicated by ‘n’ or ‘nn’ after the page number. Page numbers in italics refer to illustrations. Author Index

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconBold followed by the year and then by inclusive page numbers. Notes are indicated by ‘n’ or ‘nn’ after the page number. Page numbers in italics refer to illustrations. Author Index

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconDvd paket kompilasi belajar cisco ccna 640-802 (terbaru! Update agustus 08) + bonus dvd ccnp !

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconModeling & Tools: Information Systems Using the Knowledge Pyramid to Characterize Systems J. N. Martin, The Aerospace Corporation Modeling & Tools: Multiple Sectors

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconPort numbers (last updated 2009-02-18) The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconTrouble in River City: The Social Life of video games

Trouble with Prime Numbers: Decss, dvd and the Protection of Proprietary Encryption Tools iconЖивой мир Пандоры: экология и эволюция
Компьютер с мультимедийным проектором (большим монитором). Фильм “Avatar” на dvd, записанный на жестком диске, с закладками в программе-dvd-плеере...
Разместите кнопку на своём сайте:

База данных защищена авторским правом © 2014
обратиться к администрации
Главная страница