Misplaced Pages

AACS encryption key controversy: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 16:49, 29 October 2008 editTheDJ (talk | contribs)Extended confirmed users, Template editors46,201 edits Tagging or fixing external links using checklinks tool← Previous edit Revision as of 12:36, 23 November 2008 edit undoLightmouse (talk | contribs)Pending changes reviewers148,333 edits Date audit per mosnum/overlink/Other using AWBNext edit →
Line 34: Line 34:
== Timeline of AACS cracking == == Timeline of AACS cracking ==
=== 2006 === === 2006 ===
On ] ], a person using the alias ''muslix64'' published a utility named ] and its ] on the DVD decryption ] at the website '']''.<ref>{{ cite web | url = http://forum.doom9.org/showthread.php?t=119871 | title = BackupHDDVD, a tool to decrypt AACS protected movies | accessdate = 2007-04-09 | date = 26 December 2006 | author = Muslix64 | work = Doom9's Forum }}</ref> BackupHDDVD can be used to decrypt AACS protected content once one knows the encryption key.<ref>{{ cite web | url = http://www.aacsla.com/specifications/AACS_Spec_HD_DVD_Recordable_0.921_20060725.pdf | title = Advanced Access Content System (AACS) | accessdate = 2007-04-09 | date = 2006-07-25 | author = ] | coauthors = ], ], ], ], ], ], ] | format = PDF }}</ref> Muslix64 claimed to have found title and volume keys in main memory while playing HD DVD discs using a software player, and that finding them is not difficult.<ref>{{cite web | date=] | url=http://www.techamok.com/?pid=1849 | title=HD DVD Content Protection already hacked? | work=] | accessdate=2007-01-02 }}</ref> On 26 December 2006, a person using the alias ''muslix64'' published a utility named ] and its ] on the DVD decryption ] at the website '']''.<ref>{{ cite web | url = http://forum.doom9.org/showthread.php?t=119871 | title = BackupHDDVD, a tool to decrypt AACS protected movies | accessdate = 2007-04-09 | date = 26 December 2006 | author = Muslix64 | work = Doom9's Forum }}</ref> BackupHDDVD can be used to decrypt AACS protected content once one knows the encryption key.<ref>{{ cite web | url = http://www.aacsla.com/specifications/AACS_Spec_HD_DVD_Recordable_0.921_20060725.pdf | title = Advanced Access Content System (AACS) | accessdate = 2007-04-09 | date = 2006-07-25 | author = ] | coauthors = ], ], ], ], ], ], ] | format = PDF }}</ref> Muslix64 claimed to have found title and volume keys in main memory while playing HD DVD discs using a software player, and that finding them is not difficult.<ref>{{cite web | date=] | url=http://www.techamok.com/?pid=1849 | title=HD DVD Content Protection already hacked? | work=] | accessdate=2007-01-02 }}</ref>


=== 2007 === === 2007 ===
On ] ], muslix64 published a new version of the program, with volume key support.<ref>{{ cite web | url = http://forum.doom9.org/showpost.php?s=61e391f4db570e16e4f05a98ffa97f6d&p=924731&postcount=245 | title = BackupHDDVD, a tool to decrypt AACS protected movies | accessdate = 2007-04-09 | date = 2 January 2007 | author = Muslix64 }}</ref> On ] ], other forum members detailed how to find other title and volume keys, stating they had also found the keys of several movies in ] while running ]. On 2 January 2007, muslix64 published a new version of the program, with volume key support.<ref>{{ cite web | url = http://forum.doom9.org/showpost.php?s=61e391f4db570e16e4f05a98ffa97f6d&p=924731&postcount=245 | title = BackupHDDVD, a tool to decrypt AACS protected movies | accessdate = 2007-04-09 | date = 2 January 2007 | author = Muslix64 }}</ref> On 12 January 2007, other forum members detailed how to find other title and volume keys, stating they had also found the keys of several movies in ] while running ].


On or about ], a title key was posted on pastebin.com in form of a riddle, which was solved by entering terms into the ] search engine. By converting these results to hexadecimal, a correct key could be formed.<ref> {{cite web | url = http://it.slashdot.org/article.pl?sid=07/01/13/181222 | title = Decryption Keys For HD-DVD Found, Confirmed | accessdate = 2007-04-09 | date = 13 January 2007 | author = "kad77" | work = Slashdot }}</ref> Later that day, the first cracked HD DVD, '']'', was uploaded on a private torrent tracker.<ref>{{cite news| url=http://arstechnica.com/news.ars/post/20070115-8622.html| title=First pirated HD DVD movie hits BitTorrent| first=Jeremy | last=Reimer | date= 2007-01-15| publisher=Ars Technica}}</ref> The AACS LA confirmed on ] that the title keys on certain HD DVDs had been published without authorization.<ref>{{ cite web | date = 26 January 2007 | url = http://news.bbc.co.uk/1/hi/technology/6301301.stm | title = Hi-def DVD security is bypassed | publisher = BBC | accessdate = 2007-01-26 }}</ref> On or about 13 January, a title key was posted on pastebin.com in form of a riddle, which was solved by entering terms into the ] search engine. By converting these results to hexadecimal, a correct key could be formed.<ref> {{cite web | url = http://it.slashdot.org/article.pl?sid=07/01/13/181222 | title = Decryption Keys For HD-DVD Found, Confirmed | accessdate = 2007-04-09 | date = 13 January 2007 | author = "kad77" | work = Slashdot }}</ref> Later that day, the first cracked HD DVD, '']'', was uploaded on a private torrent tracker.<ref>{{cite news| url=http://arstechnica.com/news.ars/post/20070115-8622.html| title=First pirated HD DVD movie hits BitTorrent| first=Jeremy | last=Reimer | date= 2007-01-15| publisher=Ars Technica}}</ref> The AACS LA confirmed on January 26 that the title keys on certain HD DVDs had been published without authorization.<ref>{{ cite web | date = 26 January 2007 | url = http://news.bbc.co.uk/1/hi/technology/6301301.stm | title = Hi-def DVD security is bypassed | publisher = BBC | accessdate = 2007-01-26 }}</ref>


Doom9.org forum user ''arnezami'' found and published the "09 F9" AACS processing key on ]:<ref>{{ cite web | url = http://forum.doom9.org/showthread.php?p=952954#post952954 | title = Processing Key, Media Key and Volume ID found!!! | accessdate = 2007-05-04 | date = 11 February 2007 | author = arnezami | work = Doom9's Forum}}</ref> {{cquote|Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed.}} This key is not specific to any playback device or DVD title. Doom9.org forum user ''jx6bpm'' claimed on ] to have revealed ]'s ]'s key, and that it was the key in use by ].<ref>{{cite web | url = http://forum.doom9.org/showthread.php?p=965425#post965425 | title = PowerDVD private key | accessdate = 2007-04-09 | date = 3 March 2007 | author = jx6bpm | work = Doom9's Forums }}</ref> Doom9.org forum user ''arnezami'' found and published the "09 F9" AACS processing key on February 11:<ref>{{ cite web | url = http://forum.doom9.org/showthread.php?p=952954#post952954 | title = Processing Key, Media Key and Volume ID found!!! | accessdate = 2007-05-04 | date = 11 February 2007 | author = arnezami | work = Doom9's Forum}}</ref> {{cquote|Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed.}} This key is not specific to any playback device or DVD title. Doom9.org forum user ''jx6bpm'' claimed on March 4 to have revealed ]'s ]'s key, and that it was the key in use by ].<ref>{{cite web | url = http://forum.doom9.org/showthread.php?p=965425#post965425 | title = PowerDVD private key | accessdate = 2007-04-09 | date = 3 March 2007 | author = jx6bpm | work = Doom9's Forums }}</ref>


The AACS LA announced on ] that it had revoked the decryption keys associated with certain software high-definition DVD players, which will not be able to decrypt AACS encrypted disks mastered after ], without an update of the software.<ref>{{ cite web | date = 16 April 2007 | url = http://tech.yahoo.com/news/infoworld/20070416/tc_infoworld/87720 | title = HD DVD, Blu-ray protection in question after attacks | publisher = ] | accessdate = 2007-05-01 }}</ref><ref>{{cite web | date= 2007-05-03 | author = Rick Merritt | publisher = EETimes | title = The real casualty in high def DVD revolt | accessdate = 2007-05-05 | url = http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=199203754}}</ref> The AACS LA announced on April 16 that it had revoked the decryption keys associated with certain software high-definition DVD players, which will not be able to decrypt AACS encrypted disks mastered after 23 April, without an update of the software.<ref>{{ cite web | date = 16 April 2007 | url = http://tech.yahoo.com/news/infoworld/20070416/tc_infoworld/87720 | title = HD DVD, Blu-ray protection in question after attacks | publisher = ] | accessdate = 2007-05-01 }}</ref><ref>{{cite web | date= 2007-05-03 | author = Rick Merritt | publisher = EETimes | title = The real casualty in high def DVD revolt | accessdate = 2007-05-05 | url = http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=199203754}}</ref>


On ], one week before any discs with the updated processing key had reached retail, claims were reported of the new keys having been retrieved from a preview disc of '']''.<ref>{{cite web | date= 2007-05-17 | author = Ryan Paul| publisher = Arstechnica | title = Latest AACS revision defeated a week before release | accessdate = 2007-05-17 | url = http://arstechnica.com/news.ars/post/20070517-latest-aacs-revision-defeated-a-week-before-release.html}}</ref> On ], the key 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 was posted on ]'s ''Freedom to Tinker Blog''<ref>{{cite web | url = http://freedom-to-tinker.com/node/1155#comment-367359 | date = 2007-05-23 | author = BtCB | publisher = Freedom to Tinker | title = You Can Own An Integer Too | accessdate = 2007-05-30 }}</ref> and confirmed a week later by ''arnezami'' on Doom9 as the new processing key.<ref>{{cite web| url = http://forum.doom9.org/showthread.php?p=1008940 | date = 2007-05-30 | author = arnezami | title = New Processing Key found!! (MKB v3 is now open) | work = Doom9's Forum | accessdate = 2007-05-30 }}</ref> On May 17, one week before any discs with the updated processing key had reached retail, claims were reported of the new keys having been retrieved from a preview disc of '']''.<ref>{{cite web | date= 2007-05-17 | author = Ryan Paul| publisher = Arstechnica | title = Latest AACS revision defeated a week before release | accessdate = 2007-05-17 | url = http://arstechnica.com/news.ars/post/20070517-latest-aacs-revision-defeated-a-week-before-release.html}}</ref> On May 23, the key 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 was posted on ]'s ''Freedom to Tinker Blog''<ref>{{cite web | url = http://freedom-to-tinker.com/node/1155#comment-367359 | date = 2007-05-23 | author = BtCB | publisher = Freedom to Tinker | title = You Can Own An Integer Too | accessdate = 2007-05-30 }}</ref> and confirmed a week later by ''arnezami'' on Doom9 as the new processing key.<ref>{{cite web| url = http://forum.doom9.org/showthread.php?p=1008940 | date = 2007-05-30 | author = arnezami | title = New Processing Key found!! (MKB v3 is now open) | work = Doom9's Forum | accessdate = 2007-05-30 }}</ref>


====2008==== ====2008====


In ], 7A 5F 8A 09 F8 33 F7 22 1B D4 1F A6 4C 9C 79 33 --- MKB v7 decryption key was posted In August, 7A 5F 8A 09 F8 33 F7 22 1B D4 1F A6 4C 9C 79 33 --- MKB v7 decryption key was posted


== DMCA notices and Digg == == DMCA notices and Digg ==
{{Wikinews|Digg.com suffers user revolt}} {{Wikinews|Digg.com suffers user revolt}}
] ]
As early as ] ], AACS LA had issued ] violation notices, sent by Charles S. Sims of ].<ref name="The Aftermath of the Digg Revolt: What now?">{{ cite web | url = http://www.the-trukstop.com/articles/2007/aftermath_of_digg_revolt.html | author= Davies, Greg | publisher = TheTrukstoP.com | title = The Aftermath of the Digg Revolt: What now? | accessdate = 2007-05-03 | date = 3 May 2007 }}</ref><ref name="DMCATakedown">{{ cite web | url = http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=7180 | title = DMCA Takedown Notice | accessdate = 2007-05-02 | date = 17 April 2007 }}</ref> Following this, dozens of notices were sent to various websites hosted in the United States.<ref name="AACS Takedowns Backfire">{{ cite web | url = http://www.tgdaily.com/content/view/31859/97/ | title = AACS Takedowns Backfire | accessdate = 2007-05-02 | date = 1 May 2007 }}</ref> As early as 17 April 2007, AACS LA had issued ] violation notices, sent by Charles S. Sims of ].<ref name="The Aftermath of the Digg Revolt: What now?">{{ cite web | url = http://www.the-trukstop.com/articles/2007/aftermath_of_digg_revolt.html | author= Davies, Greg | publisher = TheTrukstoP.com | title = The Aftermath of the Digg Revolt: What now? | accessdate = 2007-05-03 | date = 3 May 2007 }}</ref><ref name="DMCATakedown">{{ cite web | url = http://www.chillingeffects.org/anticircumvention/notice.cgi?NoticeID=7180 | title = DMCA Takedown Notice | accessdate = 2007-05-02 | date = 17 April 2007 }}</ref> Following this, dozens of notices were sent to various websites hosted in the United States.<ref name="AACS Takedowns Backfire">{{ cite web | url = http://www.tgdaily.com/content/view/31859/97/ | title = AACS Takedowns Backfire | accessdate = 2007-05-02 | date = 1 May 2007 }}</ref>


On ] ], in response to a DMCA demand letter, technology news site ] began closing accounts and removing posts containing or alluding to the key. The Digg community reacted by creating a flood of posts containing the key, many using creative ways of semi-directly or indirectly inserting the number, such as in song or images (either representing the digits pictorially or directly representing bytes from the key as colors) or on merchandise.<ref name="Digg Revolt">{{ cite web | url = http://yro.slashdot.org/article.pl?sid=07/05/02/0235228 | title = Digg.com Attempts To Suppress HD-DVD Revolt | accessdate = 2007-05-02 | date = 1 May 2007 | work=]}}</ref> At one point, Digg's "entire homepage was covered with links to the HD-DVD code or anti-Digg references."<ref>{{citation|title=Digg's DRM Revolt|author=Andy Greenberg|date=May 02, 2007|publisher=]|url=http://www.forbes.com/technology/2007/05/02/digital-rights-management-tech-cx_ag_0502digg.html}}</ref> Eventually the Digg administrators reversed their position, stating: {{cquote|But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.<ref>{{cite web| url =http://blog.digg.com/?p=74 | title =Digg This: 09 F9 <nowiki></nowiki> | accessdate =2007-05-02 | author =Kevin Rose | authorlink =Kevin Rose | date =2007-05-01 | work =Digg the Blog | publisher =Digg Inc }}</ref><ref>{{cite web |url=http://news.bbc.co.uk/2/hi/technology/6615047.stm |title=DVD DRM row sparks user rebellion | accessdate = 2007-05-02 |date = 2 May 2007 |publisher=]}}</ref><ref name="Yam">{{citation|title=AACS Key Censorship Leads to First Internet Riot|author=Marcus Yam |date= May 2, 2007 |url=http://www.dailytech.com/aacs+key+censorship+leads+to+first+internet+riot/article7129.htm}}</ref>}} On 1 May 2007, in response to a DMCA demand letter, technology news site ] began closing accounts and removing posts containing or alluding to the key. The Digg community reacted by creating a flood of posts containing the key, many using creative ways of semi-directly or indirectly inserting the number, such as in song or images (either representing the digits pictorially or directly representing bytes from the key as colors) or on merchandise.<ref name="Digg Revolt">{{ cite web | url = http://yro.slashdot.org/article.pl?sid=07/05/02/0235228 | title = Digg.com Attempts To Suppress HD-DVD Revolt | accessdate = 2007-05-02 | date = 1 May 2007 | work=]}}</ref> At one point, Digg's "entire homepage was covered with links to the HD-DVD code or anti-Digg references."<ref>{{citation|title=Digg's DRM Revolt|author=Andy Greenberg|date=May 02, 2007|publisher=]|url=http://www.forbes.com/technology/2007/05/02/digital-rights-management-tech-cx_ag_0502digg.html}}</ref> Eventually the Digg administrators reversed their position, stating: {{cquote|But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.<ref>{{cite web| url =http://blog.digg.com/?p=74 | title =Digg This: 09 F9 <nowiki></nowiki> | accessdate =2007-05-02 | author =Kevin Rose | authorlink =Kevin Rose | date =2007-05-01 | work =Digg the Blog | publisher =Digg Inc }}</ref><ref>{{cite web |url=http://news.bbc.co.uk/2/hi/technology/6615047.stm |title=DVD DRM row sparks user rebellion | accessdate = 2007-05-02 |date = 2 May 2007 |publisher=]}}</ref><ref name="Yam">{{citation|title=AACS Key Censorship Leads to First Internet Riot|author=Marcus Yam |date= May 2, 2007 |url=http://www.dailytech.com/aacs+key+censorship+leads+to+first+internet+riot/article7129.htm}}</ref>}}


=== Legal opinions === === Legal opinions ===
Line 73: Line 73:
}}</ref> and comic strips.<ref name="dieselsweeties">{{cite web |url=http://www.dieselsweeties.com/archive.php?s=1744 |work=] |date=] |last=Stevens |first=R. |accessdate=2007-05-10 |title=Kill Me Three Times, Shame On Rasputin}}</ref> }}</ref> and comic strips.<ref name="dieselsweeties">{{cite web |url=http://www.dieselsweeties.com/archive.php?s=1744 |work=] |date=] |last=Stevens |first=R. |accessdate=2007-05-10 |title=Kill Me Three Times, Shame On Rasputin}}</ref>


As of Tuesday afternoon, ], ], a ] search for the key returned 9,410 results,<ref>{{cite web|url=http://www.darkreading.com/document.asp?doc_id=123127&WT.svl=cmpnews1_1|title=HD DVD Blu-Ray Decryption Key Widely Posted Online|accessdate=2007-05-03|date=2 May 2007|author=Thomas Claburn|publisher=Dark Reading|work=Information Week}}{{dead link|date=October 2008}}</ref> while the same search the next morning returned nearly 300,000 results.<ref name="inquire" /> On Friday, the ] reported that a search on Google shows almost 700,000 pages have published the key,<ref name="BBC-AACS-response">{{cite web|url=http://news.bbc.co.uk/2/hi/technology/6623331.stm|title=DRM group vows to fight bloggers |accessdate=2007-05-04|date=4 May 2007|author=Darren Waters |publisher=]}}</ref><!-- Please don't add the current number of Google search results without attributing it to a reliable source. --> despite the fact that on ], the AACS LA sent a DMCA notice to Google, demanding that Google stop returning any results for searches for the key.<ref>{{cite news | last = Mann | first = Justin | title = AACS LA tells Google to stop indexing hack - or else | publisher = TechSpot | date = 2007-05-01 | url = http://www.techspot.com/news/25130-aacs-la-tells-google-to-stop-indexing-hack--or-else.html | accessdate = 2007-05-05}}</ref><ref>{{cite web|url=http://www.chillingeffects.org/notice.cgi?sID=03218|title=AACS licensor complains of posted key|publisher=]|accessdate=2007-05-05|date=2007-04-17}}</ref> As of Tuesday afternoon, May 1, 2007, a ] search for the key returned 9,410 results,<ref>{{cite web|url=http://www.darkreading.com/document.asp?doc_id=123127&WT.svl=cmpnews1_1|title=HD DVD Blu-Ray Decryption Key Widely Posted Online|accessdate=2007-05-03|date=2 May 2007|author=Thomas Claburn|publisher=Dark Reading|work=Information Week}}{{dead link|date=October 2008}}</ref> while the same search the next morning returned nearly 300,000 results.<ref name="inquire" /> On Friday, the ] reported that a search on Google shows almost 700,000 pages have published the key,<ref name="BBC-AACS-response">{{cite web|url=http://news.bbc.co.uk/2/hi/technology/6623331.stm|title=DRM group vows to fight bloggers |accessdate=2007-05-04|date=4 May 2007|author=Darren Waters |publisher=]}}</ref><!-- Please don't add the current number of Google search results without attributing it to a reliable source. --> despite the fact that on April 17, the AACS LA sent a DMCA notice to Google, demanding that Google stop returning any results for searches for the key.<ref>{{cite news | last = Mann | first = Justin | title = AACS LA tells Google to stop indexing hack - or else | publisher = TechSpot | date = 2007-05-01 | url = http://www.techspot.com/news/25130-aacs-la-tells-google-to-stop-indexing-hack--or-else.html | accessdate = 2007-05-05}}</ref><ref>{{cite web|url=http://www.chillingeffects.org/notice.cgi?sID=03218|title=AACS licensor complains of posted key|publisher=]|accessdate=2007-05-05|date=2007-04-17}}</ref>


Widespread news coverage<ref>, , , , {{dead link|date=October 2008}}</ref> included speculation on the development of user-driven websites,<ref>{{cite web|url=http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2007/05/03/MNG4RPK18J1.DTL|title=User revolt at Digg.com shows risks of Web 2.0|author=Verne Kopytoff|accessdate=2007-05-03}}</ref> the legal liability of running a user-driven website,<ref>{{cite web|url=http://blogs.pcworld.com/staffblog/archives/004292.html|title=Mob's Win is Digg's Loss|author=Tom Spring|accessdate=2007-05-03}}</ref> the perception of acceptance of ],<ref>{{cite web|url=http://blogs.zdnet.com/carroll/?p=1685|title=A Digg riot and AACS|author=John Carroll|accessdate=2007-05-03}}</ref> the failure as a business model of "secrecy based businesses ... in every aspect" in the Internet era,<ref>{{dead link|date=October 2008}}</ref> and the harm an industry can cause itself with harshly-perceived legal action.<ref>{{cite news| last = Dvorak | first = John C. | title= Digg's DVD-decoder fiasco: Lawyers' efforts can be counterproductive | publisher = ] ] | date = 2007-05-03 | accessdate = 2007-05-10 }}</ref> Widespread news coverage<ref>, , , , {{dead link|date=October 2008}}</ref> included speculation on the development of user-driven websites,<ref>{{cite web|url=http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2007/05/03/MNG4RPK18J1.DTL|title=User revolt at Digg.com shows risks of Web 2.0|author=Verne Kopytoff|accessdate=2007-05-03}}</ref> the legal liability of running a user-driven website,<ref>{{cite web|url=http://blogs.pcworld.com/staffblog/archives/004292.html|title=Mob's Win is Digg's Loss|author=Tom Spring|accessdate=2007-05-03}}</ref> the perception of acceptance of ],<ref>{{cite web|url=http://blogs.zdnet.com/carroll/?p=1685|title=A Digg riot and AACS|author=John Carroll|accessdate=2007-05-03}}</ref> the failure as a business model of "secrecy based businesses ... in every aspect" in the Internet era,<ref>{{dead link|date=October 2008}}</ref> and the harm an industry can cause itself with harshly-perceived legal action.<ref>{{cite news| last = Dvorak | first = John C. | title= Digg's DVD-decoder fiasco: Lawyers' efforts can be counterproductive | publisher = ] ] | date = 2007-05-03 | accessdate = 2007-05-10 }}</ref>
Line 80: Line 80:


Media coverage initially avoided quoting the key itself. However, several US-based news sources have run stories containing the key, quoting its use on Digg,<ref name="gizmodo">{{cite news | last = Buchanan | first = Matt | title = Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story | publisher = Gizmodo | date = 2007-05-02 | url = http://gizmodo.com/gadgets/geeks-will-not-be-silenced/breaking-digg-riot-in-full-effect-over-pulled-hd+dvd-key-story-256982.php | accessdate = 2007-05-04}}</ref><ref name="gadgetell">{{cite news | last = Berger | first = Adam | title = HD-DVD cracked, Digg users causes an uproar | publisher = Gadgetell | date = 2007-05-02 | url = http://www.gadgetell.com/tech/comment/hd-dvd-cracked-digg-users-causes-an-uproar/ | accessdate = 2007-05-04}}</ref><ref name="webpronews">{{cite news | last = Beal | first = Andy | title = Rose Hands Over Digg Control | publisher = WebProNews | date = 2007-05-02 | url = http://www.webpronews.com/blogtalk/2007/05/02/rose-hands-over-digg-control | accessdate = 2007-05-04}}</ref><ref name="newsfactor">{{cite news | last = Lane | first = Frederick | title = Digg This: Web 2.0, Censorship 0 | publisher = Newsfactor.com | date = 2007-05-02 | url = http://www.newsfactor.com/news/Digg-This--Web-2-0--Censorship-0/story.xhtml?story_id=0020006M7M5U | accessdate = 2007-05-04}}</ref><ref name="wired">{{cite news | last = Singel | first = Ryan | title = HD DVD Battle Stakes Digg Against Futility of DRM | publisher = ] | date = 2007-05-03 | url = http://www.wired.com/entertainment/hollywood/news/2007/05/digglegal | accessdate = 2007-05-03}}</ref><ref name="worldchanging">{{cite news | last = Zuckerman | first = Ethan | title = Does The Number have a lesson for human rights activists? | publisher = ] | date = 2007-05-03 | url=http://www.worldchanging.com/archives/006626.html | accessdate = 2007-05-05 }}</ref> Media coverage initially avoided quoting the key itself. However, several US-based news sources have run stories containing the key, quoting its use on Digg,<ref name="gizmodo">{{cite news | last = Buchanan | first = Matt | title = Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story | publisher = Gizmodo | date = 2007-05-02 | url = http://gizmodo.com/gadgets/geeks-will-not-be-silenced/breaking-digg-riot-in-full-effect-over-pulled-hd+dvd-key-story-256982.php | accessdate = 2007-05-04}}</ref><ref name="gadgetell">{{cite news | last = Berger | first = Adam | title = HD-DVD cracked, Digg users causes an uproar | publisher = Gadgetell | date = 2007-05-02 | url = http://www.gadgetell.com/tech/comment/hd-dvd-cracked-digg-users-causes-an-uproar/ | accessdate = 2007-05-04}}</ref><ref name="webpronews">{{cite news | last = Beal | first = Andy | title = Rose Hands Over Digg Control | publisher = WebProNews | date = 2007-05-02 | url = http://www.webpronews.com/blogtalk/2007/05/02/rose-hands-over-digg-control | accessdate = 2007-05-04}}</ref><ref name="newsfactor">{{cite news | last = Lane | first = Frederick | title = Digg This: Web 2.0, Censorship 0 | publisher = Newsfactor.com | date = 2007-05-02 | url = http://www.newsfactor.com/news/Digg-This--Web-2-0--Censorship-0/story.xhtml?story_id=0020006M7M5U | accessdate = 2007-05-04}}</ref><ref name="wired">{{cite news | last = Singel | first = Ryan | title = HD DVD Battle Stakes Digg Against Futility of DRM | publisher = ] | date = 2007-05-03 | url = http://www.wired.com/entertainment/hollywood/news/2007/05/digglegal | accessdate = 2007-05-03}}</ref><ref name="worldchanging">{{cite news | last = Zuckerman | first = Ethan | title = Does The Number have a lesson for human rights activists? | publisher = ] | date = 2007-05-03 | url=http://www.worldchanging.com/archives/006626.html | accessdate = 2007-05-05 }}</ref>
though none are known to have received DMCA notices as a result. Later reports have discussed this, quoting the key.<ref>{{cite news | last = Newitz | first = Annalee | title = Number game | publisher = Metroactive | date = 23-29 May 2007 | url = http://www.metroactive.com/metro/05.23.07/work-0721.html | accessdate = 2007-05-24 }}</ref> ] broadcast the key during a ''Google Current'' story on the Digg incident on ], displaying it in full on screen for several seconds and placing the story on the station website.<ref>{{cite web | url=http://www.current.tv/google/GC03104 | title=Can You Digg It? | author=] |date = 2007-05-03 <!--15:00 -->|accessdate=2007-05-05}}{{dead link|date=October 2008}}</ref> though none are known to have received DMCA notices as a result. Later reports have discussed this, quoting the key.<ref>{{cite news | last = Newitz | first = Annalee | title = Number game | publisher = Metroactive | date = 23-29 May 2007 | url = http://www.metroactive.com/metro/05.23.07/work-0721.html | accessdate = 2007-05-24 }}</ref> ] broadcast the key during a ''Google Current'' story on the Digg incident on May 3, displaying it in full on screen for several seconds and placing the story on the station website.<ref>{{cite web | url=http://www.current.tv/google/GC03104 | title=Can You Digg It? | author=] |date = 2007-05-03 <!--15:00 -->|accessdate=2007-05-05}}{{dead link|date=October 2008}}</ref>


=== AACS LA reaction === === AACS LA reaction ===

Revision as of 12:36, 23 November 2008

The AACS encryption key controversy, also known as the AACS cryptographic key controversy and the HD DVD encryption key controversy, arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC (AACS LA) began issuing demand letters to websites publishing a 128-bit number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 (commonly referred to as 09 F9), which is one of the cryptographic keys for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the U.S. Digital Millennium Copyright Act (DMCA).

In response to widespread Internet postings of the key, the AACS LA issued various press statements, praising those websites that complied with their requests as acting in a "responsible manner", warning that "legal and technical tools" were adapting to the situation.

The controversy was further escalated in early May 2007, when aggregate news site Digg received a DMCA cease and desist notice and then removed numerous articles on the matter and banned users reposting the information. This sparked what some describe as a digital revolt, or "cyber-riot", in which users posted and spread the key on Digg, and throughout the Internet en masse. The AACS LA described this situation as an "interesting new twist".

Background

Hexadecimal is a base-16 numeral system used in the fields of computer programming and mathematics. The key is an ordinary number most widely known by its hexadecimal representation; in decimal notation, it is 13,256,278,887,989,457,651,018,865,901,401,704,640.

Because the encryption key may be used as part of circumvention technology forbidden by the DMCA, its possession and distribution has been viewed by the AACS, as well as some law professors, as illegal. Since it is a 128-bit numerical value, it was dubbed an illegal number. Opponents to the expansion of the scope of copyright criticize the idea of making a particular number illegal.

Commercial HD DVDs and Blu-ray Discs integrate copy protection technology specified by the AACS LA. There are several interlocking encryption mechanisms, such that cracking one part of the system does not necessarily crack other parts. Therefore, the "09 F9" key is only one of many parts that is needed to play a disc on an unlicensed player.

The AACS system can be used to revoke a key of a specific playback device, after it is known to have been compromised, as it has for WinDVD. The compromised players can still be used to view old discs, but not newer releases without encryption keys for the compromised players. If other players are then cracked, further revocation would lead to legitimate users of compromised players being forced to upgrade or replace their player software or firmware in order to view new discs. Each playback device comes with a binary tree of secret device and processing keys. The processing key in this tree, a requirement to play the AACS encrypted discs, is selected based on the device key and the information on the disc to be played. As such, a processing key such as the "09 F9" key is not revoked, but newly produced discs cause the playback devices to select a different valid processing key to decrypt the discs.

Timeline of AACS cracking

2006

On 26 December 2006, a person using the alias muslix64 published a utility named BackupHDDVD and its source code on the DVD decryption forum at the website Doom9. BackupHDDVD can be used to decrypt AACS protected content once one knows the encryption key. Muslix64 claimed to have found title and volume keys in main memory while playing HD DVD discs using a software player, and that finding them is not difficult.

2007

On 2 January 2007, muslix64 published a new version of the program, with volume key support. On 12 January 2007, other forum members detailed how to find other title and volume keys, stating they had also found the keys of several movies in RAM while running WinDVD.

On or about 13 January, a title key was posted on pastebin.com in form of a riddle, which was solved by entering terms into the Google search engine. By converting these results to hexadecimal, a correct key could be formed. Later that day, the first cracked HD DVD, Serenity, was uploaded on a private torrent tracker. The AACS LA confirmed on January 26 that the title keys on certain HD DVDs had been published without authorization.

Doom9.org forum user arnezami found and published the "09 F9" AACS processing key on February 11:

Nothing was hacked, cracked or even reverse engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed.

This key is not specific to any playback device or DVD title. Doom9.org forum user jx6bpm claimed on March 4 to have revealed CyberLink's PowerDVD's key, and that it was the key in use by AnyDVD.

The AACS LA announced on April 16 that it had revoked the decryption keys associated with certain software high-definition DVD players, which will not be able to decrypt AACS encrypted disks mastered after 23 April, without an update of the software.

On May 17, one week before any discs with the updated processing key had reached retail, claims were reported of the new keys having been retrieved from a preview disc of The Matrix Trilogy. On May 23, the key 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 was posted on Edward Felten's Freedom to Tinker Blog and confirmed a week later by arnezami on Doom9 as the new processing key.

2008

In August, 7A 5F 8A 09 F8 33 F7 22 1B D4 1F A6 4C 9C 79 33 --- MKB v7 decryption key was posted

DMCA notices and Digg

Screenshot of the Digg front page during the user revolt; every story is related to the HD DVD key.

As early as 17 April 2007, AACS LA had issued DMCA violation notices, sent by Charles S. Sims of Proskauer Rose. Following this, dozens of notices were sent to various websites hosted in the United States.

On 1 May 2007, in response to a DMCA demand letter, technology news site Digg began closing accounts and removing posts containing or alluding to the key. The Digg community reacted by creating a flood of posts containing the key, many using creative ways of semi-directly or indirectly inserting the number, such as in song or images (either representing the digits pictorially or directly representing bytes from the key as colors) or on merchandise. At one point, Digg's "entire homepage was covered with links to the HD-DVD code or anti-Digg references." Eventually the Digg administrators reversed their position, stating:

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

Legal opinions

Lawyers and other representatives of the entertainment industry, including Michael Avery, an attorney for Toshiba Corporation, expressed surprise at Digg's decision, but suggested that a suit aimed at Digg might merely spread the information more widely.

If you try to stick up for what you have a legal right to do, and you're somewhat worse off because of it, that's an interesting concept.

The American Bar Association's eReport published a discussion of the controversy, in which Eric Goldman at Santa Clara University's High Tech Law Institute noted that the illegality of putting the code up is questionable (that Section 230 of the Communications Decency Act may protect the provider when the material itself is not copyrighted), although continuing to allow posting of the key may be "risky", and entertainment lawyer Carole Handler noted that even if the material is illegal, laws such as the DMCA may prove ineffective in a practical sense.

Impact

In a response to the events occurring on Digg and the call to "Spread this number", the key was rapidly posted to thousands of pages, blogs and wikis across the Internet. The reaction has been likened to the Streisand effect; when attempts to censor the key were made by Digg management in response to DMCA notices, people reacted by posting the encryption key en masse.

Internet users began circulating versions of this image, calling it a Free Speech Flag, in blog posts on dozens of websites and as user avatars on forums such as Digg. The RGB encoding of each of the five colors provides three bytes of the 09 F9 key, with the sixteenth byte "C0" appended in the lower right corner.

Intellectual property lawyer Douglas J. Sorocco noted, "People are getting creative. It shows the futility of trying to stop this. Once the information is out there, cease-and-desist letters are going to infuriate this community more." Outside of the Internet and the mass media, the key has appeared in or on T-shirts, poetry, songs and music videos, a movie, illustrations and other graphic artworks, tattoos and body art, and comic strips.

As of Tuesday afternoon, May 1, 2007, a Google search for the key returned 9,410 results, while the same search the next morning returned nearly 300,000 results. On Friday, the BBC reported that a search on Google shows almost 700,000 pages have published the key, despite the fact that on April 17, the AACS LA sent a DMCA notice to Google, demanding that Google stop returning any results for searches for the key.

Widespread news coverage included speculation on the development of user-driven websites, the legal liability of running a user-driven website, the perception of acceptance of DRM, the failure as a business model of "secrecy based businesses ... in every aspect" in the Internet era, and the harm an industry can cause itself with harshly-perceived legal action.

In an opposing move, Carter Wood of the National Association of Manufacturers said they had removed the "Digg It"-link from their weblog.

Until the Digg community shows as much fervor in attacking intellectual piracy as attacking the companies that are legitimately defending their property, well, we do not want to be promoting the site by using the "Digg It" feature.

Media coverage initially avoided quoting the key itself. However, several US-based news sources have run stories containing the key, quoting its use on Digg, though none are known to have received DMCA notices as a result. Later reports have discussed this, quoting the key. Current TV broadcast the key during a Google Current story on the Digg incident on May 3, displaying it in full on screen for several seconds and placing the story on the station website.

AACS LA reaction

On May 7th of 2007, the AACS LA posted on its website, stating that it had "requested the removal solely of illegal circumvention tools, including encryption keys, from a number of web sites", and that it had "not requested the removal or deletion of any... discussion or commentary". The statement continued, "AACS LA is encouraged by the cooperation it has received thus far from the numerous web sites that have chosen to address their legal obligations in a responsible manner." BBC News earlier quoted an AACS executive saying: Bloggers "crossed the line" and it was looking at "legal and technical tools" to confront those who published the key and that the events involving Digg were an "interesting new twist".

See also

References

  1. ^ "AACS licensor complains of posted key". Chilling Effects. Retrieved 2007-05-04.
  2. Rupert Goodwins (11 May 2007). "An interesting sales tactic". ZDNet UK. Retrieved 2007-05-18.
  3. ^ Nick Farrell (2 May 2007). "09 f9 is the number they tried to ban". The Inquirer. Retrieved 2007-05-03.
  4. Fred von Lohmann (2 May 2007). "09 f9: A Legal Primer". EFF. Retrieved 2007-05-18.
  5. Frederick Lane (5 May 2007). "09 F9: An Unlikely Star Is Born Thanks to Digg.com". Sci-Tech Today. Retrieved 2007-05-18.
  6. David Utter (2 May 2007). "Digg Embroiled In HD DVD Controversy". WebProNews. Retrieved 2007-05-18.
  7. "Digg revolt over HD DVD codes". news.com.au. 2 May 2007. Retrieved 2007-05-20.
  8. Michael S. Malone (3 May 2007). "The First Amendment vs. Patents in Web 2.0". 6abc. Retrieved 2007-05-20.
  9. ^ Darren Waters (4 May 2007). "DRM group vows to fight bloggers". BBC. Retrieved 2007-05-04. Cite error: The named reference "BBC-AACS-response" was defined multiple times with different content (see the help page).
  10. ^ Stone, Brad (2007-05-02). "In Web Uproar, Antipiracy Code Spreads Wildly". The New York Times. Retrieved 2007-05-03. {{cite news}}: Check date values in: |date= (help)
  11. Blogger News Network / ‘Illegal Number’ Triggers Flood of MPAA Cease-and Desist Letters
  12. ButtUgly: Main_blogentry_010507_1
  13. Protected Blog Login « WordPress.com
  14. Edward Felten (May 3, 2007). "Why the 09ers Are So Upset". Freedom to Tinker. Retrieved 2007-01-08.
  15. Ken Fisher (26 January 2007). "AACS key revoked". Ars Technica. Retrieved 2007-05-02.
  16. Hal Finney (03 May 2007). "Hal Finney on 'AACS and Processing Key'". Retrieved 2007-05-18. {{cite web}}: Check date values in: |date= (help)
  17. Muslix64 (26 December 2006). "BackupHDDVD, a tool to decrypt AACS protected movies". Doom9's Forum. Retrieved 2007-04-09.{{cite web}}: CS1 maint: numeric names: authors list (link)
  18. Intel Corporation (2006-07-25). "Advanced Access Content System (AACS)" (PDF). Retrieved 2007-04-09. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  19. "HD DVD Content Protection already hacked?". TechAmok. 2006-12-28. Retrieved 2007-01-02. {{cite web}}: Check date values in: |date= (help)
  20. Muslix64 (2 January 2007). "BackupHDDVD, a tool to decrypt AACS protected movies". Retrieved 2007-04-09.{{cite web}}: CS1 maint: numeric names: authors list (link)
  21. "kad77" (13 January 2007). "Decryption Keys For HD-DVD Found, Confirmed". Slashdot. Retrieved 2007-04-09.{{cite web}}: CS1 maint: numeric names: authors list (link)
  22. Reimer, Jeremy (2007-01-15). "First pirated HD DVD movie hits BitTorrent". Ars Technica.
  23. "Hi-def DVD security is bypassed". BBC. 26 January 2007. Retrieved 2007-01-26.
  24. arnezami (11 February 2007). "Processing Key, Media Key and Volume ID found!!!". Doom9's Forum. Retrieved 2007-05-04.
  25. jx6bpm (3 March 2007). "PowerDVD private key". Doom9's Forums. Retrieved 2007-04-09.{{cite web}}: CS1 maint: numeric names: authors list (link)
  26. "HD DVD, Blu-ray protection in question after attacks". Yahoo. 16 April 2007. Retrieved 2007-05-01.
  27. Rick Merritt (2007-05-03). "The real casualty in high def DVD revolt". EETimes. Retrieved 2007-05-05.
  28. Ryan Paul (2007-05-17). "Latest AACS revision defeated a week before release". Arstechnica. Retrieved 2007-05-17.
  29. BtCB (2007-05-23). "You Can Own An Integer Too". Freedom to Tinker. Retrieved 2007-05-30.
  30. arnezami (2007-05-30). "New Processing Key found!! (MKB v3 is now open)". Doom9's Forum. Retrieved 2007-05-30.
  31. Davies, Greg (3 May 2007). "The Aftermath of the Digg Revolt: What now?". TheTrukstoP.com. Retrieved 2007-05-03.
  32. "DMCA Takedown Notice". 17 April 2007. Retrieved 2007-05-02.
  33. "AACS Takedowns Backfire". 1 May 2007. Retrieved 2007-05-02.
  34. "Digg.com Attempts To Suppress HD-DVD Revolt". Slashdot. 1 May 2007. Retrieved 2007-05-02.
  35. Andy Greenberg (May 02, 2007), Digg's DRM Revolt, Forbes {{citation}}: Check date values in: |date= (help)
  36. Kevin Rose (2007-05-01). "Digg This: 09 F9 ". Digg the Blog. Digg Inc. Retrieved 2007-05-02.
  37. "DVD DRM row sparks user rebellion". BBC. 2 May 2007. Retrieved 2007-05-02.
  38. Marcus Yam (May 2, 2007), AACS Key Censorship Leads to First Internet Riot
  39. Alex Pham (3 May 2007). "User rebellion at Digg.com unearths a can of worms". Los Angeles Times (latimes.com). Retrieved 2007-05-04. {{cite web}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  40. ^ Stephanie Francis Ward (May 11, 2007). "It's No Secret: Code Stirs Up a Web Storm: Lawyers question whether Web site can be forced to remove posts". ABA eReport. Retrieved 2007-05-11.
  41. "Spread this number". 30 April 2007. Retrieved 2007-05-02.
  42. Tim Starling (2 May 2007). "HD DVD key and the spam blacklist". WikiEN-L mailing list. Retrieved 2007-05-04. {{cite web}}: External link in |publisher= (help)
  43. Mike Masnick. "AACS Discovers The Streisand Effect: The More You Try To Suppress Something, The More Attention It Gets". Retrieved 2007-05-03.
  44. John Marcotte (1 May 2007). "Free Speech Flag". Badmouth.net. Retrieved 2007-05-03.
  45. "Photoshop Rebels Rip Great HD DVD Clampdown". Wired News. 2007-05-03. Retrieved 2007-05-03. {{cite web}}: Check date values in: |date= (help)
  46. "AACS LA: Internet "revolt" be damned, this fight is not over". Ars Technica. 2007-05-04. Retrieved 2007-05-04. {{cite web}}: Check date values in: |date= (help)
  47. Stevens, R. (2007-05-10). "Kill Me Three Times, Shame On Rasputin". Diesel Sweeties. Retrieved 2007-05-10. {{cite web}}: Check date values in: |date= (help)
  48. Thomas Claburn (2 May 2007). "HD DVD Blu-Ray Decryption Key Widely Posted Online". Information Week. Dark Reading. Retrieved 2007-05-03.
  49. Mann, Justin (2007-05-01). "AACS LA tells Google to stop indexing hack - or else". TechSpot. Retrieved 2007-05-05.
  50. "AACS licensor complains of posted key". Chilling Effects. 2007-04-17. Retrieved 2007-05-05.
  51. Forbes, CNet, BBC, Financial Times, Associated Press
  52. Verne Kopytoff. "User revolt at Digg.com shows risks of Web 2.0". Retrieved 2007-05-03.
  53. Tom Spring. "Mob's Win is Digg's Loss". Retrieved 2007-05-03.
  54. John Carroll. "A Digg riot and AACS". Retrieved 2007-05-03.
  55. It’s No Secret: Code Stirs Up a Web Storm
  56. Dvorak, John C. (2007-05-03). "Digg's DVD-decoder fiasco: Lawyers' efforts can be counterproductive". Dow Jones MarketWatch. {{cite news}}: |access-date= requires |url= (help)
  57. Carter Wood (2007-05-03). "Intellectual Property Dust-Up: Digg". Retrieved 2008-08-07.
  58. Buchanan, Matt (2007-05-02). "Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story". Gizmodo. Retrieved 2007-05-04.
  59. Berger, Adam (2007-05-02). "HD-DVD cracked, Digg users causes an uproar". Gadgetell. Retrieved 2007-05-04.
  60. Beal, Andy (2007-05-02). "Rose Hands Over Digg Control". WebProNews. Retrieved 2007-05-04.
  61. Lane, Frederick (2007-05-02). "Digg This: Web 2.0, Censorship 0". Newsfactor.com. Retrieved 2007-05-04.
  62. Singel, Ryan (2007-05-03). "HD DVD Battle Stakes Digg Against Futility of DRM". Wired News. Retrieved 2007-05-03.
  63. Zuckerman, Ethan (2007-05-03). "Does The Number have a lesson for human rights activists?". Worldchanging. Retrieved 2007-05-05.
  64. Newitz, Annalee (23–29 May 2007). "Number game". Metroactive. Retrieved 2007-05-24.{{cite news}}: CS1 maint: date format (link)
  65. Conor Knighton (2007-05-03). "Can You Digg It?". Retrieved 2007-05-05.
  66. "Home : AACS - Advanced Access Content System<". AACS LA. Retrieved 2007-05-10.

External links

Categories: