DeCSS
Created | Updated Jan 28, 2002
DeCSS is a fairly simple computer program which allows a user to access the contents of DVDs encrypted using the movie industry standard 'Content Scrambling System'. This content-protection controls access to DVD content, allowing constraints such as region-coding (see below), mandatory warnings1, and can make it a little harder to copy DVDs. Perhaps most importantly, however, it means that in order to produce a DVD-player, the algorithm for decoding DVDs must be licensed from the DVD-CCA (the DVD Copy Control Association).
Region-Coding
Any DVD is encoded with one of seven region codes, according to where they can be played:
Region 0 | Can be viewed anywhere |
Region 1 | USA and Canada |
Region 2 | Europe and Japan |
Region 3 | The rest of the Far East |
Region 4 | Australia and New Zealand |
Region 5 | Asia and Africa |
Region 6 | China |
Licensed DVD-players are also supposed to be region-coded, so they check the region code of the DVD against their own, and if the two do not match the DVD will not play. A few region-free players are available, that will play DVDs with any region code, and some region-specific players can be adapted to do so. A less tech-savvy buyer, however, will probably fall into the trap of buying a player that will only play DVDs from their region, unaware that the expensive hardware they are about to buy is probably programmed to work against them. The DVD-CCA is also trying to clamp down on region-free players, which clearly work against their intentions, including the addition of measures to prevent certain DVDs playing in region-free players.
In practical terms, this means that if you own a region-specific DVD player, you cannot order a DVD from a different zone and play it on DVD player at home that you paid for, nor can you play the DVDs you bought on holiday - not even if they haven't released the DVD in a separate version for your region, making an import your only hope of having those episodes of My So-Called Life on video to own.
So Why Do The Film Industry Want To Restrict By Region?
The film industry argues that in order to comply with variations between rating systems in different areas, they must restrict DVDs by geographical region. The industry also argues that it would spell collapse if it were possible to obtain videos from another country whilst a film was still in the cinema (or even before it had reached cinemas in that country). Strange, then, that VHS tapes are allowed to exist despite their mobile nature, and also that ratings systems vary widely from country to country within regions (The Netherlands, for example, being slightly less uptight than Britain).
A more realistic suggestion notes that DVDs are a good deal cheaper in the USA than in Europe, and cheaper still in Africa, and argues that the industry simply wants to maintain its ability to overcharge those in more affluent areas, whilst offering films cheaper to those who would not buy them at such high prices. Regardless of your political opinion of such price fixing, deviousness and control-freakery tend to win no fans.
The History of DeCSS
In late 1999, a 15 year-old Norweigian hacker called Jon Johansen published DeCSS on the internet, which he and the other members of MoRE (Masters of Reverse Engineering) had created as the first step towards producing a free software solution for playing DVDs on the GNU/Linux operating system. The program ran on Windows, since at that time support for the DVD filesystem (UDF) on Linux was not complete, so testing of the program on this platform would be impossible (as Jon Johansen states in his interview on Slashdot, a news site popular with the free software and open source communities).
Reports that Jon Johansen had 'cracked the DVD encryption' were, however, mistaken. In fact, CSS had been cracked a few weeks before by an anonymous German hacker, and it was upon the foundation of this previous work that DeCSS was built. In fact, the encryption used in CSS is very poor, and relatively easy to crack simply through brute force - though in the end this wasn't even needed since one of the licensees has forgotten to encrypt their key in their software, and with this available in plain text it became relatively easy to extract the keys for each individual licensee.
DVDs and Copying
If someone were to copy a DVD, bit-for-bit, and the original could be played in a licensed player, then of course (having exactly the same information) the copy could be played in a licensed player, and therefore, many have asserted, CSS cannot be considered copy-protection, but simply content-protection. Whilst this is true, it should be noted that DVDs have a small master section that cannot be written to with consumer DVD-writers, and so long as this section contains vital information (such as that involved with decryption of the rest of the content) without access to this section it becomes impossible to simply copy a DVD bit-for-bit. If the content is decrypted using DeCSS first, however, the content could be copied from DVD to hard disk, and then onto the main part of a blank DVD, bypassing the need to write to the master section.
So DeCSS really will make DVD copying rife? In short, no, at least not in the short term. Regardless of whether consumer DVD-writers are able to produce a watchable DVD, they still do it far too slowly to be viable for piracy - to do it faster you really need an industrial DVD burning solution, where a master copy can be used to press several child copies, so that they don't have to be produced in series one at a time. If a pirate were going to fork out for the expensive equipment needed to make multiple copies, they might as well get a machine capable of writing to the master section of the disks! Add to this the fact that blank DVDs are very expensive, usually more expensive than legal copies of films on DVD (at least in certain regions), and DVD piracy doesn't really look like a terribly economically attractive prospect. It should, however, be noted that since DVDs do not degrade every time they are played, they would make an excellent master copy for pirate videos - which are not prevalent in part because of their bad quality, due to degradation every time a copy is made.
Legal Threats
Having failed to assert control over DVDs technologically, the movie industry went to court to try to get DeCSS rendered illegal. Luckily enough for them - or rather, with their lobbying millions paying off - a new bill, the (controversial) Digital Millenium Copyright Act included provisions for just this instance. One particularly controversial section of the DMCA makes it illegal to create a computer programme with the purpose of disabling copy-protection mechanisms.
Jon Johansen was arrested (in Norway!) at the American film industry's behest, though later released, apologised to, and even presented with an award for his programming skills. Various American groups and individuals however, were not so lucky. The Motion Picture Association of America successfully sued a large number of individual defendants who had published versions of DeCSS on their websites (though another group were saved from the proceeding due to the small matter of foreigners not being under American jurisdiction), and an injunction was upheld against them, preventing their circulation of this code. An injunction was also upheld against online hacker magazine, 2600, who had merely linked to the code.
But if they own the content, they can do what they want with it, right?
On the surface, the sentiment of the DMCA's provisions might seem perfectly reasonable - why shouldn't the movie industry protect its intellectual property? Leaving aside the debate about whether intellectual property should exist or be respected at all, the devil, as they say, is in the details. It is generally the sweeping nature of the act that is so damning, though it is hard to see how such legislation could ever work without stamping across consumers' rights.
Fair use - First off, whilst copying a work wholesale is illegal, copyright law (certainly, at least, in the UK and US) give very specific rights to people other than the copyright owner about how they can use it. Known as 'Fair-use doctrine' in the US, anyone is allowed to use parts of other artists' work for a number of purposes, including criticism, parody and in education. Allowing, and legally enforcing, technological barriers as to how a work can be used, inevitably crushes fair-use provisions. For example, someone wishing to include a still from a DVD in a review would be unable to do so, or could do so only as the industry allowed them (creating dangerous possiblities for abuse in an industry famous for seriously discriminating against critics who write bad reviews), nor could an educator use a scene to highlight a cinematic technique or an interpretation of a text.
Liability With Perpetrators, Not Tool-Makers - Defenders of DeCSS believe there is a very clear precedent with photocopiers. Photocopies sole purpose is for creating copies of two-dimensional works, and are indiscriminate about what they copy. Whilst some percentage of their use might be by the author himself copying works, a significant proportion of a photocopiers use is copying other people's work. Whilst there are strict guidelines about how much you may photocopy of someone else's creation, photocopiers are legal - and the crime lies with the person who makes illegal copies if some does so, not with the company that produces the photocopier. Defenders argue that whilst DeCSS could be put to illegal use, that is not the responsibility of those who provide the tool to do so, especially since they did so to allow perfectly legitimate use of legally purchased media. In fact, it looks like the film industry agrees on this point, considering the pains they have gone to to paint DeCSS as solely a tool for piracy.
Copyright Expiry - Another important point to realise is that copyright never was, as the content providers would like you believe, invented with the intention of protecting the rights of artists. In fact, the legislation was passed to benefit society as a whole, by encouraging artists and writers to create work, by allowing them the exclusive potential to benefit financially from them, for a limited amount of time. This limited lifespan of copyright is very important, since it is the underlies the whole original purpose of the legislation - that people should be able to spend time on literary or artistic work, able to earn money to live, but that ultimately the work will become public domain, and all will benefit from its existence.
Technological provisions such as CSS, however, entirely subvert the original intention of copyright, since even after the copyright period has expired, access to the work will still only happen according to the creator's wishes, or rather only according to the wishes of those that currently control the keys. If the trend with outlawing DeCSS continues, it is a very real possibility that works will never truly enter the public domain, or at least without the tools to access them it will make no difference if they do.
CSS's Crippling Effect - A more philosophical problem with CSS is a question of how we want technology to work for us. Many dislike (at least the implementation of) CSS because it requires computers to work against their owners. Rather than empowering the user, authorised DVD software actively works against them, not simply allowing the viewing of the contents, but regulating and delimiting how it can be used. As much as we might dislike hate speech, few would support a requirement word processors should actually prevent the user from writing such things, not simply because there are legitimate uses as mentioned above, but also because technological controls of a user's actions always seem to ring alarm bells.
The Legal Outcome
Whilst those supposedly representing content owners appear to have won the earliest rounds of the legal battles, this is an issue that is unlikely to go away. DeCSS is already widespread 'in the wide', and one of the judges ruling against it has already accepted that the industry is trying to close the stable door once the horse has long fled. Some argue that unpopular legislation rarely survives, and with indications that the tide is turning against the DMCA, DeCSS, which isn't going to just go away, may just get a reprieve yet.
Renditions of DeCSS
In an attempt both to protect DeCSS from the MPAA's attempts to sweep it under the carpet, and to prove the wider claim that code is speech, and thus should be protected in America under the First Amendment, a very large a varied collection of renditions of DeCSS in a huge number of formats have been created. Make no mistake, this does not simply constitute the program written in different programming languages, but actually expressed through a large number of different mediums. There is a large gallery of DeCSS renditions maintained by Dr. David S. Touretzky as a scholarly publication of the Computer Science Department of Carnegie Mellon University.
On a T-Shirt
[url removed by moderator]
As the DVD logo
Certainly the winner of the 'bare-faced cheek' award for the rendition which most directly pokes fun at the industry, is DeCSS rendered as the DVD logo.
MP3
We've all been told that MP3 is a pirate's dream, but they probably weren't envisaging this - a sung rendition of the DeCSS source code, lasting seven minutes and 28 seconds!
As a Prime Number
Probably my favourite in terms of sheer elegance,
4856507896573978293098418946942861377074420873513579240196520736
6869851340104723744696879743992611751097377770102744752804905883
1384037549709987909653955227011712157025974666993240226834596619
6060348517424977358468518855674570257125474999648219418465571008
4119086259716947970799152004866709975923596061320725973797993618
8606316914473588300245336972781813914797955513399949394882899846
9178361001825978901031601961835034344895687053845208538045842415
6548248893338047475871128339598968522325446084089711197712769412
0795862440547161321005006459820176961771809478113622002723448272
2493232595472346880029277764979061481298404283457201463489685471
6908235473783566197218622496943162271666393905543024156473292485
5248991225739466548627140482117138124388217717602984125524464744
5055834628144883356319027253195904392838737640739168912579240550
1562088978716337599910788708490815909754801928576845198859630532
3823490558092032999603234471140776019847163531161713078576084862
2363702835701049612595681846785965333100770179916146744725492728
3348691600064758591746278121269007351830924153010630289329566584
3662000800476778967984382090797619859493646309380586336721469695
9750279687712057249966669805614533820741203159337703099491527469
1835659376210222006812679827344576093802030447912277498091795593
8387121000588766689258448700470772552497060444652127130404321182
610103591186476662963858495087448497373476861420880529443
is possibly the first illegal prime number - simply write it in hexadecimal, and gunzip2 and you'll find you have source code ready to be compiled and used to decrypt DVDs.
In Six Lines
If you still don't believe that CSS is ridiculously easy to crack, take a look at this, the six line rendition in Perl (note the lines beginning with hashes, except the first, are comments, explaining how the program is to be used, and need not be included for it to function):
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <[email protected]>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I
<k1>:<k2>:<k3>:<k4>:<k5> qrpff
# where k1..k5 are the title key bytes in least to most-significant order
s''$/=\2048;while(<>){G=29;R=142;if((@a=unqT="C*",_)[20]&48){D=89;_=unqb24,qT,@
b=map{ord
qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]<<9
|256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q))<<17,O=O>>8^(E&(F=(S=O>>14&7^O)
^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=110&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E
^=(72,@z=(64,72,G^=12*(U-2?0:S&17)),H^=_%64?12:0,@z)[_%8]}(16..271))[_]^((D>>=8
)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D-HO-U_]/\$$&/g;s/q/pack+/g;eval
In 434 Bytes
If the Perl script is simply too long, or you are (quite reasonably) worried about how slow it is (though you could use the 59 byte longer optimised Perl version, if speed is all you're worried about, since this should be fast enough to decode a DVD to be watched in real-time), you might like to check out the 434 byte C version - currently the shortest rendition available. This version apparently decrypts DVDs faster than the speed the DVD specification demands a DVD must be readable at, so should be limited only by how quickly the DVD drive can read in the programs input! Again, comments (this time included between '/*' and '*/') can be ignored, as they are when a computer processes the code.
/* efdtt.c Author: Charles M. Hannum <[email protected]> */
/* Thanks to Phil Carmody <[email protected]> for additional tweaks. */
/* Length: 434 bytes (excluding unnecessary newlines) */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k
*2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++j<n
;c=c>y)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s
[j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34)
*6^c+~y;}}
