DeCSS
DeCSS is a computer program capable of decrypting content on a DVD video disc encrypted using the Content Scrambling System (CSS).
DeCSS was devised by persons unknown and released to the internet by a number of people, allegedly including Norwegian teenager Jon Johansen, whose home was raided in 2000 by Norwegian police. He was put on trial in a Norwegian court and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. However, on March 5, 2003, a Norwegian appeals court ruled that Johansen would have to be retried on charges that he violated copyright and anti-hacking laws. The court said that arguments filed by the movie industry and additional evidence merited another trial. On December 22, 2003, the appeals court agreed with the acquittal, and on January 5, 2004 Norway's Okokrim decided not to pursue the case further.
The program was first released on October 6, 1999 when Johansen posted an announcement of DeCSS 1.1b on the livid-dev mailing list. Initially, the source code was not available, but it was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper from a group called Drink or Die, which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.
The release of the DeCSS source code was the first time the algorithm of CSS was available for public scrutiny, and it was soon found to be susceptible to a brute force attack quite different than DeCSS. The encryption is only 40 bit, and does not use all keys; a high-end home computer running optimized code is able to brute-force it in 24 hours quite easily.
DeCSS was used as a guide by programmers around the world to create hundreds of equivalent programs, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to implement an open source DVD player (the licensing restrictions on CSS would have made it impossible for an open source implementation through official channels). Since no commercial DVD drivers have been made available for some open source operating systems, users of those operating systems require an open source implementation simply in order to play a legally purchased DVD using their legally purchased hardware and software. But, once the unencrypted source video is available in digital form, it can be copied without degradation; thus it is also possible to use DeCSS as part of a scheme to copy DVD videos to another medium with no loss of quality, a facility that bodies such as the MPAA argue encourages mass copyright infringement. It should be pointed out that commercial-scale pirating of CSS encrypted DVDs was widespread in east Asia and elsewhere without use of DeCSS by individuals or by any similar techniques. It is believed that these discs were simply bit-for-bit copies of the original DVD, with no need for any decryption of the CSS-encrypted content. CSS does not and cannot protect against this copying, which is required to produce a good quality counterfeit of a legitimate CSS protected DVD.
To emphasize - it is impossible to encrypt digital information so that it cannot be copied precisely by any device capable of reading and writing the medium in question. Internet mail servers make exact copies of (but cannot comprehend the content in) encrypted messages many times a minute. One could post an encrypted message on Wikipedia, and Google, the Internet Archive and many others would make copies of it without any human intervention, and without even knowing which encryption scheme was used.
In protest against legislation that prohibits publication of DeCSS code in countries that implement the WIPO Copyright Treaty (such as the United States' Digital Millennium Copyright Act),
some have devised clever ways of distributing descriptions of the DeCSS algorithm, such as through steganography, through various Internet protocols, as a series of haiku poems, and even as a so-called illegal prime number. At this time, it is reasonable to assume that DeCSS (and dozens of copycat programs which have not been specifically brought to court) can be obtained by anyone who is willing to spend half an hour looking for a copy. Some Linux distributions are able to install a DVD player incorporating a CSS implementation with a single command.
The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in about early November 1999. As a response to these threats a program also called DeCSS but with an unrelated function was developed [1]. This program can be used for stripping Cascading Style Sheets tags from an HTML page. In one case, a school removed a student's webpage including a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention which even reached Slashdot.
Origins and history
Technology and derived works
Legal response
External links and references