GET THE SOFTWARE.
Download and distribute.• css-auth.tar.gz ~20K - The code form an open source DVD project.
• DeCSS Linux version ~80K - Complete source code, including css-auth.
• DeCSS.zip ~60K - A Win32 binary for decrypting DVD data streams.
• livid.tar.gz ~5.8M - A complete LiViD CVS snapshot, updates daily. Hosted off-site.
FIND OUT MORE.
• OpenDVD
• "Cryptanalysis of Contents Scrambling System" by Frank A. Stevenson. A technical article on the inherent weakness of the DVD encryption scheme. To quote Stevenson's abstract, "...even if the keys can be securely stored in hardware, the data will not be protected from unauthorized copying."
• Slashdot.org - The lastest news.
MIRRORS.
A large number of sites are attempting the mirror the CSS technology information, and a small fraction of these are listed below. Several will no doubt be down.
www.devzero.org/freecss.html
www.angelfire.com/mt/popefelix/
www.rhythm.cx/dvd/
caspian.twu.net/dvd
www.homestead.com/avoiderman/files/index.html
www.angelfire.com/jazz/avoiderman/
freeweb.digiweb.com/business/avoiderman/
www.intelcities.com/Main_Street/Avoiderman/
members.theglobe.com/avoiderman/dvd.htm
www.geocities.com/SiliconValley/Software/6003/index.html
www.members.home.net/seeleyc/decss.htm
members.brabant.chello.nl/~j.vreeken/
www.free-dvd.org.lu/
GET THE FACTS.
IN BRIEF: DVD decryption isn't about piracy, but about consumer and individual rights.
The scheme used to encrypt DVDs is very poor. So poor, in fact, that pirates can and do make copies of DVDs without decrypting them. Paradoxically, it is impossible to make a copy of a DVD to back it up, for one's personal use.
A group of Linux programmers wanted to play DVDs on their systems, and legally reverse-engineered the technology in order to create a Linux DVD player. What they developed has little practical use for pirating DVDs, as such files are more than 4 gigs, and it is more expensive to decrypt and then copy a DVD then it is to purchase it at a retail store.
Regardless, our cultural industry doesn't like it. Instead of recognizing that DVD encryption has failed, they are attempting to paint DeCSS and the open-source DVD project as piracy. They are using "bigfoot" tactics to intimidate people.
The bullies of the movie industry have already lost their case; they just don't know it yet.
"I am really surprised that they made it that easy to break into," said Kevin Hause, senior analyst with International Data Corp. "One of the key concerns about DVD was security."
THE DETAILS:
DVD disks are encrypted with something called the Content Scrambling
System (CSS). The DVD player decrypts the data on the fly as it's reading
the disk. People who want to make a DVD player have to get an expensive
license to this secret encryption algorithm from the DVD Copy Control
Authority (hereforth, simply "Copy Control"). Each applicant gets their
own secret key with which to unscramble the DVD so it can be played. And
if one of those keys were to fall into the "wrong hands," then future
DVD disks could be made so that key wouldn't work on them anymore.
When DVD players started appearing in computers, no company was willing
to spend thousands of dollars to get a license to write a DVD player for
Linux. So the Linux people wrote their own CSS descrambling program (deCSS),
and posted the source code on the Internet. They reverse engineered the
encryption algorithm, and then spent the rest of the afternoon finding
(and posting) every possible decryption key that would play existing DVD
disks.
Copy Control freaked and called for their lawyers. They sent "cease and
desist" letters to everyone they could find who had the source code on
their websites, or who provided links to those websites, or who provided
links to people who linked to. I don't know if Yahoo!
got a letter on general principles or not.
When the
majority of the Internet failed to pay any attention whatsoever, Copy
Control started suing people. Lots of people. Hundreds of people. They
even arrested the 16-year-old Norwegian programmer who had originally
posted the code, on the grounds that since he was one of the few people
who had taken the code down in response to the original letter from the
lawyers, he was obviously easily intimidated and they had to take their
frustrations out on SOMEBODY. (How they got the Norwegian government to
go along with this, I have no idea.)
All the while, the DVD Copy Control people have been screaming "piracy!" But the Linux deCSS program is not a case of piracy at all. Fact is, you don't need to decrypt DVD disks to copy them. The DVD disk is supposed to contain encrypted data in order for a standard DVD player to play it. A DVD player can't tell a verbatim copy of the encrypted information from the original. Pirated DVDs have been coming out of Hong Kong for a year, long before the deCSS program was written.
Ignoring
this first point, pirating DVDs is uneconomic anyway. Blank home-burnable
DVD disks cost $50 apiece, whereas a brand new mass-produced DVD costs
in the $20-$30 range at retail. In a few years, Blockbuster Video will
probably start selling "previously viewed" DVDs for about $10 each, the
same way they unload their old videotapes. DVD piracy with a home DVD
burner simply doesn't make economic sense, and the home-burnable DVDs
have an extra precaution: The track where the encryption keys go is pre-burned
with zeroes.
From another viewpoint, copying a DVD that you own is perfectly legal.
Giving that copy to somebody else would be illegal, but making a backup
copy for your own use wouldn't. Owners of software are allowed to make
a backup copy for archival purposes. Owners of CDs are allowed to copy
them to audiotape to play them in the car. This is well-established case
law.
Let me repeat all this: The deCSS program is neither designed nor necessary
for copying DVD movies, which isn't economically feasible anyway and not
technically possible with the partially prewritten blank disks being sold
today. In any case, a tool to copy DVDs would be legal for personal use.
Johnny
Dark
[email protected]