DeCSS is one of the first free

computer programs A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...

capable of decrypting content on a commercially produced

DVD The DVD (common abbreviation for digital video disc or digital versatile disc) is a digital optical disc data storage format. It was invented and developed in 1995 and first released on November 1, 1996, in Japan. The medium can store any ki ...

video disc. Before the release of DeCSS, free and

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

operating systems (such as

BSD The Berkeley Software Distribution (BSD), also known as Berkeley Unix or BSD Unix, is a discontinued Unix operating system developed and distributed by the Computer Systems Research Group (CSRG) at the University of California, Berkeley, beginni ...

and

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

) could not play encrypted video DVDs. DeCSS's development was done without a license from the DVD Copy Control Association (CCA), the organization responsible for DVD

copy protection Copy protection, also known as content protection, copy prevention and copy restriction, is any measure to enforce copyright by preventing the reproduction of software, films, music, and other media. Copy protection is most commonly found on vid ...

—namely, the

Content Scramble System The Content Scramble System (CSS) is a digital rights management (DRM) and encryption system employed on many commercially produced DVD-Video discs. CSS utilizes a proprietary 40-bit stream cipher algorithm. The system was introduced around ...

(CSS) used by commercial DVD publishers. The release of DeCSS resulted in a Norwegian criminal trial and subsequent

acquittal In common law jurisdictions, an acquittal means that the criminal prosecution has failed to prove that the accused is guilty beyond a reasonable doubt of the charge presented. It certifies that the accused is free from the charge of an of ...

of one of the authors of DeCSS. The DVD CCA launched numerous lawsuits in the United States in an effort to stop the distribution of the software.

Origins and history

DeCSS was devised by three people, two of whom remain anonymous. It was on the

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

mailing list LiViD in October 1999. The one known author of the trio is Norwegian programmer Jon Lech Johansen, whose home was raided in 2000 by Norwegian police. Still a teenager at the time, he was put on trial in a Norwegian court for violating Norwegian Criminal Code section 145, and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. On 5 March 2003, a Norwegian appeals court ruled that Johansen would have to be retried. The court said that arguments filed by the prosecutor and additional evidence merited another trial. On 22 December 2003, the appeals court agreed with the acquittal, and on 5 January 2004, Norway's Økokrim (Economic Crime Unit) decided not to pursue the case further. The program was first released on 6 October 1999 when Johansen posted an announcement of DeCSS 1.1b, a

closed source Proprietary software is software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modi ...

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

-only application for DVD

ripping Ripping is the extraction of digital content from a container, such as a CD, onto a new digital location. Originally, the term meant to rip music from Commodore 64 games. Later, the term was applied to ripping WAV or MP3 files from digital audio ...

, on the livid-dev mailing list. The

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper from a group called DrinkOrDie, which didn't include source code and which apparently did not work with all DVDs. DrinkOrDie reportedly disassembled the

object code In computing, object code or object module is the product of an assembler or compiler In computing, a compiler is a computer program that Translator (computing), translates computer code written in one programming language (the ''source'' ...

of the

Xing Xing may refer to: * an abbreviation for crossing such as Pedestrian crossing, Pedestrian Xing or Wildlife crossing, Wildlife Xing, primarily used in North America * Chinese surname (姓, ''xing'') * Xing (surname) (邢), a Chinese surname * Xing ...

DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from DrinkOrDie. The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the

GNU GPL The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...

. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms. On 22 January 2004, the DVD CCA dropped the case against Jon Johansen.

Jon Lech Johansen's involvement

The DeCSS program was a collaborative project, in which Johansen wrote the

graphical user interface A graphical user interface, or GUI, is a form of user interface that allows user (computing), users to human–computer interaction, interact with electronic devices through Graphics, graphical icon (computing), icons and visual indicators such ...

. The transcripts from the Borgarting Court of Appeal, published in the Norwegian newspaper ''

Verdens Gang (), generally known under the abbreviation ''VG'', is a Norway, Norwegian Tabloid (newspaper format), tabloid newspaper. In 2016, circulation numbers stood at 93,883, declining from a peak circulation of 390,510 in 2002. Nevertheless, ''VG'' is ...

'', contain the following description of the process which led to the release of DeCSS:

Through Internet Relay Chat (henceforth IRC), on Lech Johansenmade contact with like-minded [people seeking to develop a DVD-player under the
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
operating system]. 11 September 1999, he had a conversation with "mdx" about how the encryption algorithm in CSS could be found, by using a poorly secured software-based DVD-player. In a conversation [between Jon Lech Johansen and "mdx"] 22 September, "mdx" informs that "the nomad" had found the code for CSS decryption, and that "mdx" now would send this
ode An ode (from ) is a type of lyric poetry, with its origins in Ancient Greece. Odes are elaborately structured poems praising or glorifying an event or individual, describing nature intellectually as well as emotionally. A classic ode is structu ...
to Jon Lech Johansen. "The nomad" allegedly found this decryption algorithm through so-called
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...
of a Xing DVD-player, where the ecryptionkeys were more or less openly accessible. Through this, information that made it possible or "mdx"to create the code CSS_scramble.cpp was retrieved. From chat logs dated 4 November 1999 and 25 November 1999, it appears that "the nomad" carried through the reverse engineering process on a Xing player, which he characterized as illegal. As the case is presented for the High Court, this was not known by Jon Lech Johansen before 4 November
999 999 or triple nine most often refers to: * 999 (emergency telephone number), a telephone number for the emergency services in several countries * 999 (number), an integer * AD 999, a year * 999 BC, a year Media Books * 999 (anthology), ''99 ...

Regarding the authentication code, the High Court takes for its basis that "the nomad" obtained this code through the electronic mailing list LiVid (Linux Video) on the Internet, and that it was created by Derek Fawcus. It appears through a LiVid posting dated 6 October 1999 that Derek Fawcus on this date read through the DeCSS source code and compared it with his own. Further, it appears that "the creators f DeCSShave taken erek Fawcus' codealmost verbatim - the only alteration was the removal of erek Fawcus'copyright header and a paragraph containing commentaries, and a change of the function names." The name f the codewas CSS_auth.cpp. The High Court takes for its basis that the program Jon Lech Johansen later programmed, the graphical user interface, consisted of "the nomad's" decryption algorithm and Derek Fawcus' authentication package. The creation of a graphical user interface made the program accessible, also for users without special knowledge in programming. The program was published on the Internet for the first time 6 October 1999, after Jon Lech Johansen had tested it on the movie "The Matrix." In this, he downloaded approximately 2.5%. 200 megabytes, of the movie to the hard drive on his computer. This file is the only film fragment Jon Lech Johansen has saved on his computer.

Technology and derived works

When the release of the DeCSS source code made the CSS algorithm available for public scrutiny, it was soon found to be susceptible to a

brute-force attack In cryptography, a brute-force attack or exhaustive key search is a cryptanalytic attack that consists of an attacker submitting many possible keys or passwords with the hope of eventually guessing correctly. This strategy can theoretically be ...

quite different from DeCSS. The encryption is only 40-bit, and does not use all keys; a high-end home computer in 1999 running optimized code could brute-force it within 24 hours, and modern computers can brute-force it in a few seconds or less. Programmers around the world created hundreds of programs equivalent to DeCSS, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to add DVD support to

movie players. The licensing restrictions on CSS make it impossible to create an open source implementation through official channels, and closed source drivers are unavailable for some operating systems, so some users need DeCSS or a similar tool to watch even legally obtained movies.

Legal response

The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in early November 1999 ('' Universal v. Reimerdes''). The preliminary injunction in '' DVD Copy Control Association, Inc. v. Bunner'' followed soon after, in January 2000. As a response to these threats a program also called DeCSS but with an unrelated function was developed. This program can be used to strip Cascading Style Sheets tags from

HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...

pages. In one case, a school removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention. The CSS stripping program had been specifically created to bait the

MPAA The Motion Picture Association (MPA) is an American trade association representing the five major film studios of the United States, the mini-major Amazon MGM Studios, as well as the video streaming services Netflix and Amazon Prime Video. F ...

in this manner. In protest against legislation that prohibits publication of copy protection circumvention code in countries that implement the

WIPO Copyright Treaty The World Intellectual Property Organization Copyright Treaty (WIPO Copyright Treaty or WCT) is an international treaty on copyright law adopted by the member states of the World Intellectual Property Organization (WIPO) in 1996. It provides ...

(such as the

United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...

Digital Millennium Copyright Act The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or ...

), some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through

steganography Steganography ( ) is the practice of representing information within another message or physical object, in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination. In computing/ ...

, through various Internet protocols, on T-shirts and in dramatic readings, as

MIDI Musical Instrument Digital Interface (; MIDI) is an American-Japanese technical standard that describes a communication protocol, digital interface, and electrical connectors that connect a wide variety of electronic musical instruments, ...

files, as a

haiku is a type of short form poetry that originated in Japan. Traditional Japanese haiku consist of three phrases composed of 17 Mora (linguistics), morae (called ''On (Japanese prosody), on'' in Japanese) in a 5, 7, 5 pattern; that include a ''kire ...

poem ( DeCSS haiku), and even as a so-called illegal prime number.

References

External links

DeCSS Central
- Information about DVD, CSS, DeCSS, LiVid, the DVD CCA and MPAA and the various lawsuits surrounding DeCSS.
EFF archive of information on the Bunner and Pavlovich DVD-CAA lawsuits

''2600'' News: DVD Industry Takes ''2600'' to Court

Aftenposten: Prosecutors let DVD-Jon's victory stand

* ttp://decss.zoy.org/ 42 ways to distribute DeCSS
DeCSS Explained
- A technical overview of the CSS decryption algorithm.
DeCSS.c
The DeCSS source code {{DEFAULTSORT:Decss 1999 software Cryptanalytic software Cryptography law Digital rights management circumvention software Compact Disc and DVD copy protection