DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, open source operating systems (such as BSD and Linux) could not play encrypted video DVDs.
DeCSS's development was done without a license from the DVD Copy Control Association (CCA), the organization responsible for DVD copy protection—namely, the Content Scramble System (CSS) used by commercial DVD publishers. The release of DeCSS resulted in a Norwegian criminal trial and subsequent acquittal of one of the authors of DeCSS. The DVD CCA launched numerous lawsuits in the United States in an effort to stop the distribution of the software.
Origins and history
DeCSS was devised by three people, two of whom remain anonymous. It was on the Internet mailing list LiViD in October 1999. The one known author of the trio is Norwegian programmer Jon Lech Johansen, whose home was raided in 2000 by Norwegian police. Still a teenager at the time, he was put on trial in a Norwegian court for violating Norwegian Criminal Code section 145,[1] and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. On 5 March 2003, a Norwegian appeals court ruled that Johansen would have to be retried. The court said that arguments filed by the prosecutor and additional evidence merited another trial. On 22 December 2003, the appeals court agreed with the acquittal, and on 5 January 2004, Norway's Økokrim (Economic Crime Unit) decided not to pursue the case further.
The program was first released on 6 October 1999 when Johansen posted an announcement of DeCSS 1.1b, a closed source Windows-only application for DVD ripping, on the livid-dev mailing list. The source code was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper[2] from a group called DrinkOrDie (who also faced later raids, piracy prosecutions and jail, one member even extradited from Australia to the US for prosecution despite never having set foot there), which didn't i
DeCSS is one of the first free computer programs capable of decrypting content on a commercially produced DVD video disc. Before the release of DeCSS, open source operating systems (such as BSD and Linux) could not play encrypted video DVDs.
DeCSS's development was done without a license from the DVD Copy Control Association (CCA), the organization responsible for DVD copy protection—namely, the Content Scramble System (CSS) used by commercial DVD publishers. The release of DeCSS resulted in a Norwegian criminal trial and subsequent acquittal of one of the authors of DeCSS. The DVD CCA launched numerous lawsuits in the United States in an effort to stop the distribution of the software.
DeCSS was devised by three people, two of whom remain anonymous. It was on the Internet mailing list LiViD in October 1999. The one known author of the trio is Norwegian programmer Jon Lech Johansen, whose home was raided in 2000 by Norwegian police. Still a teenager at the time, he was put on trial in a Norwegian court for violating Norwegian Criminal Code section 145,[1] and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. On 5 March 2003, a Norwegian appeals court ruled that Johansen would have to be retried. The court said that arguments filed by the prosecutor and additional evidence merited another trial. On 22 December 2003, the appeals court agreed with the acquittal, and on 5 January 2004, Norway's Økokrim (Economic Crime Unit) decided not to pursue the case further.
The program was first released on 6 October 1999 when Johansen posted an announcement of DeCSS 1.1b, a closed source Windows-only application for DVD ripping, on the livid-dev mailing list. The source code was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper[2] from a group called DrinkOrDie (who also faced later raids, piracy prosecutions and jail, one member even extradited from Australia to the US for prosecution despite never having set foot there), which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.[2]
The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this,
The program was first released on 6 October 1999 when Johansen posted an announcement of DeCSS 1.1b, a closed source Windows-only application for DVD ripping, on the livid-dev mailing list. The source code was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper[2] from a group called DrinkOrDie (who also faced later raids, piracy prosecutions and jail, one member even extradited from Australia to the US for prosecution despite never having set foot there), which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.[2]
The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms.[3]
On 22 January 2004, the DVD CCA dropped the case against Jon Johansen.[4]
The DeCSS program was a collaborative project, in which Johansen wrote the graphical user interface. The transcripts from the Borgarting Court of Appeal, published in the Norwegian newspaper Verdens Gang, contain the following description of the process which led to the release of DeCSS:[5]
Through Internet Relay Chat (henceforth IRC), [Jon Lech Johansen] made contact with like-minded [people seeking to develop a DVD-player under the Linux operating system]. 11 September 1999, he had a conversation with "mdx" about how the encryption algorithm in CSS could be found, by using a poorly secured software-based DVD-player. In a conversation [between Jon L
Through Internet Relay Chat (henceforth IRC), [Jon Lech Johansen] made contact with like-minded [people seeking to develop a DVD-player under the Linux operating system]. 11 September 1999, he had a conversation with "mdx" about how the encryption algorithm in CSS could be found, by using a poorly secured software-based DVD-player. In a conversation [between Jon Lech Johansen and "mdx"] 22 September, "mdx" informs that "the nomad" had found the code for CSS decryption, and that "mdx" now would send this [code] to Jon Lech Johansen. "The nomad" allegedly found this decryption algorithm through so-called reverse engineering of a Xing DVD-player, where the [decryption] keys were more or less openly accessible. Through this, information that made it possible [for "mdx"] to create the code CSS_scramble.cpp was retrieved. From chat logs dated 4 November 1999 and 25 November 1999, it appears that "the nomad" carried through the reverse engineering process on a Xing player, which he characterized as illegal. As the case is presented for the High Court, this was not known by Jon Lech Johansen before 4 November [1999].
Regarding
Regarding the authentication code, the High Court takes for its basis that "the nomad" obtained this code through the electronic mailing list LiVid (Linux Video) on the Internet, and that it was created by Derek Fawcus. It appears through a LiVid posting dated 6 October 1999 that Derek Fawcus on this date read through the DeCSS source code and compared it with his own. Further, it appears that "the creators [of DeCSS] have taken [Derek Fawcus' code] almost verbatim - the only alteration was the removal of [Derek Fawcus'] copyright header and a paragraph containing commentaries, and a change of the function names." The name [of the code] was CSS_auth.cpp.
The High Court takes for its basis that the program Jon Lech Johansen later programmed, the graphical user interface, consisted of "the nomad's" decryption algorithm and Derek Fawcus' authentication package. The creation of a graphical user interface made the program accessible, also for users without special knowledge in programming. The program was published on the Internet for the first time 6 October 1999, after Jon Lech Johansen had tested it on the movie "The Matrix." In this, he downloaded approximately 2.5%. 200 megabytes, of the movie to the hard drive on his computer. This file is the only film fragment Jon Lech Johansen has saved on his computer.
When the release of the DeCSS source code made the CSS algorithm available for public scrutiny, it was soon found to be susceptible to a brute force attack quite different from DeCSS. The encryption is only 40-bit, and does not use all keys; a high-end home computer in 1999 running optimized code could brute-force it within 24 hours, and modern computers can now[when?] brute-force it in a few seconds or less.[6]
Programmers around the world created hundreds of programs equivalent to DeCSS, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to add DVD support to open source movie players. The licensing restrictions on CSS make it impossible to create an open source implementation through official channels, and closed source drivers are unavailable for some operating systems, so some users nee
Programmers around the world created hundreds of programs equivalent to DeCSS, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to add DVD support to open source movie players. The licensing restrictions on CSS make it impossible to create an open source implementation through official channels, and closed source drivers are unavailable for some operating systems, so some users need DeCSS to watch even legally obtained movies.
The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in early November 1999 (Universal v. Reimerdes). The preliminary injunction in DVD Copy Control Association, Inc. v. Bunner followed soon after, in January 2000. As a response to these threats a program also called DeCSS but with an unrelated function was developed. This program can be used to strip Cascading Style Sheets tags from HTML pages. In one case, a school removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention. The CSS stripping program had been specifically created to bait the MPAA in this manner.[7]
In protest against legislation that prohibits publication of copy protection circumvention code in countries that implement the WIPO Copyright Treaty (such as the United States' In protest against legislation that prohibits publication of copy protection circumvention code in countries that implement the WIPO Copyright Treaty (such as the United States' Digital Millennium Copyright Act), some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through steganography, through various Internet protocols, on T-shirts and in dramatic readings, as MIDI files, as a haiku poem (DeCSS haiku),[8][9] and even as a so-called illegal prime number.[10]
Lawrence Lessig, The Future of Ideas, 2001, pp. 187–190, freely available here.
External links
- DeCSS Central - Information about DVD, CSS, DeCSS, LiVid, the DVD CCA and MPAA and the various lawsuits surrounding DeCSS.
- EFF archive of information on the Bunner and Pavlovich DVD-CAA lawsuits
- 2600 News: DVD Industry Takes 2600 to Court
- Aftenposten: Prosecutors let DVD-Jon's victory stand
- The Openlaw DVD/DeCSS Forum Frequently Asked Questions (FAQ) List
- 42 ways to distribute DeCSS
- DeCSS Explained - A technical overview of the CSS decryption algorithm.
- DeCSS.c, The DeCSS source code