Both new high-def video disc formats, HD-DVD and Blu-ray, use AACS encryption, a much stronger encryption than the CSS system used on DVDs. CSS was cracked years ago and it’s a simple matter to find software to circumvent it. After less than six months on the market, the volume key used to encrypt HD-DVD discs was discovered when a poorly written software player left it unencrypted in RAM. This showed a weakness in the AACS encryption used on HD-DVD and Blu-ray discs, but it wasn’t a wholesale cracking of the system.
A more severe cracking had to wait until February 2007 when the means to find the processing key was discovered. Each title has a different volume key, but all discs use the same processing key. Given how much money was spent developing these new disc formats, and how vulnerable the studios feel with the highest quality images ever released hanging in the balance, it doesn’t take much for them to let slip the lawyers. As a result, there’s no simple to use software you can buy or download to copy your high-def discs.
The Internet being what it is, there has been discussion about the processing key, and AACS LA decided enough was enough. They had their lawyers send out a large number of cease and desist orders early Tuesday. I’m not sure anyone knows exactly how many were delivered, but I’ve seen dozens of “hey, I got one too!” posts. The speculation there were at least 150 letters sent. The movie studios seem to have taken their cues from the record industry and are trying to put the toothpaste back into the tube using lawyers. How’s that for an image?
You’d think they’d know better, based on what’s been happening to the music industry because of their tactics. You’d also think they’d have seen what happens when a company tries to sue a large number of bloggers and web sites into submission. Of course the story, and the processing key, has spread like wild-fire. As of early Monday, Google reported fewer than 200,000 pages containing the processing key. As of now, there are over 2,100,000.
Even more amusing, is that Google (owner of blogger.com) posts a copy of every cease-and-desist notice they receive on chillingeffects.org, a site run by Electronic Frontier Foundation and Harvard, Stanford, Berkeley, University of San Francisco, University of Maine, George Washington School of Law, and Santa Clara University School of Law clinics. Some unscrupulous companies have used the DMCA to as a tool to frighten people into removing material from their sites and chillingeffects.org documents how companies and individuals use the DMCA. The amusing part is the particular blogger I read about used the code in the blog entry file name so the code is being spread further afield by posting the cease-and-desist notice itself. Beautiful, isn’t it?
Taking it a step further, one quick thinker even put up a site about the processor code’s spread. The URL is http://09-f9-11 – 02-9d-74-e3-5b-d8-41 – 56-c5-63.com/. There’s not much information yet posted, but I like the site for the big “fuck you” sentiment expressed by using the processor key itself for the domain name.
There’s little doubt in my mind that the entertainment industry is indeed wielding a blunt object by trying to remove the processing key from the Internet as quickly as possible. I can certainly understand why the movie folks wouldn’t want the processor key splashed all over the Internet. I wouldn’t want my locker combination or my bank account number published on the internet, much less on a million sites! Still, I’m not comfortable with the storm of legal action because it’s all about a thirteen digit hexadecimal number. No software was disassembled and no hardware was hacked. If you knew where to look, the key is plain to see.
Their situation is not hopeless, however. The processor key can be revoked. New discs can be encoded with another key. In addition, the discs can revoke the old key. The problem with this is some players may stop playing discs! I’m not sure if it’s just the old discs or all discs, but if any significant number of customers can’t play their movies, there’s going to be trouble.
A story published by the BBC on Friday reports that an AACS executive is examining both legal and technical options of confronting those who have published the key. I’d suggest they’d better get on it because the number of pages containing the key has increased by a magnitude in the last six days. I’m not sure they can possibly send out take-down notices as fast as new pages go up. Michael Ayers, chair of the AACS business group, called the tracking down of these sites a “resource intensive exercise” as if it were somehow over.
The thing is, there’s no fixing this problem. The studios can keep revoking keys, but with the way they’ve set things up, the keys have to be on each disc, and they will be discovered. Is this what they call a solution? When will they finally get it?