The MPAA's 16-Byte Headache

If you don't get 99.9% of your news from the web and don't read a lot of tech news sites, you might not be aware of an interesting story involving copyright, hollywood, and tech-news sites that has become something of an internet-wide revolt.

Around February 10th, 2007, a hacker on the web forum doom9.com posted that he had discovered the "Processing Key" used to encrypt HD-DVD video discs. This key is used by all current HD-DVD discs to encrypt the content, and with it, a nimble hacker could decrypt the content of a HD-DVD and be able to extract the video from the disc, much like the DeCSS code released for decrypting DVD discs. This key is a 32-digit number when listed in base-16 (or "hex"), equivalent to 16 bytes of data.

To movie pirates online this is a boon because it means they could now easily pirate the higher-quality HD-DVD movies for transfer across the internet. To users of the Linux operating system, (much like in the case of DeCSS and DVD discs) this key can be used to let them watch movies they have purchased legally on their Linux computers, which do not have any officially licensed software to allow them to do so. To the MPAA this is a violation of the DMCA, which prohibits people from telling someone how to bypass a security mechanism designed to protect a copyrighted work.

This is exactly why the DMCA was pushed into law by the RIAA/MPAA, to protect their copyright and also to prevent people from breaking their encryption schemes. Unfortunately for them, apparently it only takes 16 bytes of data to do so.

(Note: I'm not certain about the exact wording of the DMCA, but I thought that it made it illegal to post any method of circumventing a protection mechanism. This 16 byte key is not a "method" in any sense: it certainly doesn't give me or anyone else the ability to decrypt HD-DVDs without further software. However, I Am Not A Rabid MPAA Lawyer, so don't take my word for it.)

It has apparently taken the MPAA and its copyright lawyers until just recently to start sending out takedown notices under the DMCA to websites that publish the key. Under the DMCA, if you are sent a request to remove something that a copyright-holder says violates the DMCA, you have to do so immediately, even if that content doesn't actually violate it.

The DMCA has been widely decried as limiting the free-speech rights of people. When DeCSS was released, allowing people to decrypt a DVD disc, the MPAA attempted to block its spread by issuing the same kind of DMCA takedown notices. However, spreading the DeCSS code was like telling someone how to make a lockpick set: it in itself did not violate copyright laws. Seeing this as an attempt to censor online communication, people took to very creative ways to publish the code, such as on t-shirts, in poetry form, in song, and as very long prime numbers, to point out the ridiculousness of the law.

The latest round of the MPAA's takedown notices under the DMCA are now even more offensive to people. The "offending" information in question is such a small amount of data, and users of slashdot.org, digg.com and other places have posted the 32-digits en-masse as a way of protest. They have also posted it in forms other than 32 hex digits which is the most common way to exchange it among computer programmers: as decimal numbers, in binary ones-and-zeros, "encoded" in simple encoding schemes, in english-words ("..., eight, eight, oh, cee"), etc, etc, ad naseum.

Many people, it seems, are posting it as a "Fuck you" to the MPAA, and others are getting angered that sites like digg.com are removing stories and comments that include the content. In reaction, many Digg users are posting the key as much as possible, and many say they are leaving the site forever.

Jay Adelson, the CEO of Digg.com recently posted that:

Whether you agree or disagree with the policies of the intellectual property holders and consortiums, in order for Digg to survive, it must abide by the law.
- Jay Adelson, Digg the Blog

Digg.com users see this as flying in the face of Digg-founder Kevin Rose's former hacker ethos. (See The Broken.)

This bites right down to the bone on the question "can information be owned?" U.S. copyright law is designed to protect creators, and yet it seems ridiculous to claim to own a 32-digit number.

Slashdot user sabre86 wrote [sic]:

For what it's worth, this is utter crap, but it shows a severe weakness in copyright law. Anything that can be represented with data, anything at all, can be encoded/encrpyted on anything else, given an arbitrary coding mechanism. For instance, let us create "sabre86's stanard coding scheme": add 1 to any number. After encoding we have 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C1. Look, it's a different number! I guess it isn't a circumvention. Or is it?

Later, user Mr_Icon wrote:

Everything digital is as a number (hence the name "digital").

Circumvention software? A long number. PDFs with classified military information? Long numbers. Child porn? Long numbers. Having those illegal numbers on your hard drive will get you convicted.

The information that the MPAA wishes to protect is now out there on the Internet, and virtually ineradicable. Not to mention that some people are reporting that the MPAA is including the key itself in the DMCA takedown notice, inadvertently publishing the information they wish to keep secure.

Whether or not the MPAA succeeds in taking down the offending 32-digits from some websites, the cat is apparently out of the bag.

Are they going to send a takedown notice to someone for posting a song on youtube?

See:

• Digg - DIGG: What's Happening with HD-DVD Stories?
• Slashdot: Censoring a Number
• Processing Key, Media Key, and Volume ID found!!!
• HD-DVD key fiasco is an example of 21st-century digital revolt
• Rudd-O: Spread This Number
  

Update:

digg.com has apparently been overwhelmed by stories linking to and including the key in question. And now (11pm pst) is offline:


Update 2 (12:30AMpst):

Digg.com is back up, and Kevin Rose has apparently reversed the digg.com stance on the MPAA's DMCA takedown notice:

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

- Kevin Rose, Digg.com