There's some bad blood brewing between the hacker community and Hollywood. But the DeCSS issue is only the opening salvo in a much bigger war.
It wasn’t exactly the midnight ride of Paul Revere, but when 16-year- old Norwegian hacker Jon Johansen sent a 2 a.m. message to Slashdot.org on January 24, you could almost hear the hoofbeats echoing across the Internet.
“The National Authority for Investigation and Prosecution of Economic and Environmental Crime in Norway raided my home today and seized my Linux box,” wrote Johansen, who then itemized other highlights of the encounter: Police seizure of his Windows NT box, FreeBSD machines, and cell phone, and six hours of interrogation. Despite the ordeal, Johansen ended his message on a defiant note: “Someone’s definitely going to pay for this.”
For many Internet observers, Johansen’s arrest was the long-awaited other shoe dropping. As a member of an international hacking group known as Masters of Reverse Engineering, or MoRE, Johansen had been one of the individuals responsible for DeCSS, a software cracking tool designed to decrypt scrambled DVD content.
|“Someone’s definitely going to pay for this.” Jon Johansen|
In publishing the DeCSS code, Johansen and the MoRE team had set in motion what many legal observers now see as the first great battle of 21st-century intellectual-property law. The key issue at stake: In an age in which all content can be endlessly modified through the miracles of digital technology, who decides proper usage, content producers or content consumers?
For Linux users, the issue cuts to the core of the free or open source software movement. After all, the primary motivation behind the MoRE DeCSS hack was to give Linux, FreeBSD, and other open source software users the ability to play their lawfully purchased DVDs without resorting to a Windows-powered machine. In the great tradition of projects such as Samba and WINE, MoRE developers had simply deciphered and reverse-engineered the specs of the DVD-player technology in order to make this happen.
When the MoRE guys cracked CSS, the Motion Picture Association of America went ballistic. They claimed that the hackers had effectively destroyed the MPAA’s ability to protect its content from unauthorized copying. Together with the DVD Copy Control Association, a consortium representing 400-plus DVD device manufacturers, the MPAA launched a trio of U.S. lawsuits charging DeCSS source code distributors with copyright infringement and misappropriation of trade secrets.
In January of this year, a New York judge granted an injunction against three sites publishing or linking to the DeCSS code. Two weeks later, a Santa Clara, CA judge, after initial misgivings, granted an injunction against another 91.
Such legal proceedings had little effect on the developers responsible for DeCSS, however — until Norwegian police showed at the Johansen family’s Larvik, Norway residence. What had been a local skirmish within the U.S. judicial system had jumped the international fence and, with Johansen’s interrogation, became much more frightening. His 2 a.m. message to Linux developers around the world was implicit: You could be next.
The escalating tension between hackers and Hollywood can be traced to the inability of current intellectual-property law to deal effectively with exploding information technologies. Hackers base their arguments on the vital free speech protections guaranteed by the U.S. Constitution and case law, while content creators like the MPAA appeal to the strong tradition of legal protection for intellectual property. But traditional ideas about intellectual property and the kinds of protection it needs — ideas that once seemed unquestionable — have been thrown into radical doubt by the success of the open source software movement. DeCSS is an early battle in the war to decide who will be favored in the new and evolving information-age intellectual property law — powerful proprietary content producers? Or everybody else…?
The roots of the controversy
It’s no secret that intellectual property is becoming the cornerstone of the so-called “new economy.” From software to entertainment content, a tremendous amount of wealth in both the United States and other developed nations has been built upon the notion of controlling information. Traditionally, this control has been enforced by a legal system of patents, copyrights, and trademarks. One of the most amazing things about the Linux OS is that it is taking the traditional notion that wealth creation must be tied to controlling intellectual property and turning it upside-down.
The software license that protects Linux was designed to prevent any single person or entity from controlling Linux’s intellectual property (see sidebar on GPL). A worldwide network of developers creates the software in a collaborative fashion. Linux has substituted community-based ownership for individual or corporate ownership.
Linux is protected by a license called the GPL (General Public License), which was originally designed to protect the software published by the Free Software Foundation. The GPL basically states that anyone is free to take GPLed software and repackage the source code as their own product. But there’s a catch — if you modify the original source code, you must make all of your modifications open to the public under the same terms as the original source code was made available to you (the terms of the GPL). For this reason the GPL is sometimes referred to as a “copyleft,” i.e., a reversal of traditional notions about copyright protection and content ownership.
While such an arrangement might seem to devalue Linux, in reality the opposite has been true. In less than a decade, the Linux operating system has become a valuable infrastructure tool for Internet service providers and network system administrators. It has also attracted the attention of commercial developers in the embedded-systems, consumer-desktop, and high-end-supercomputing markets. In late 1999, as the first Linux-oriented companies issued public shares, Linux proved capable of creating billions of dollars in market capitalization.
|“The owners of a software project are those who have the exclusive right, recognized by the community at large, to redistribute modified versions.”Eric Raymond|
Indeed, many Linux proponents have noted the value of the free-software model lies not so much in the rejection of the traditional notions of software ownership as in the adaptation of software ownership to the frictionless Internet medium. “What does ‘ownership’ mean when property is infinitely reduplicable, highly malleable, and the surrounding culture has neither coercive power relationships nor material scarcity economics?” asks Eric Raymond in “Homesteading the Noosphere,” an online essay examining the way community-based software projects such as Linux accrue value for their creators. “Actually, in the case of the open-source culture this is an easy question to answer. The owner(s) of a software project are those who have the exclusive right, recognized by the community at large, to re-distribute modified versions.” Such exclusivity, Raymond notes, is a function of expertise and reputation.
The Internet has forced traditional software companies to come to terms with this notion. When all a person needs to do is click on a mouse button to download a program, it is very easy for consumers to switch from one company’s products to another. This has led many software vendors to accept the paradoxical idea that the best way to build software value is to give it away. Using Raymond’s logic, offering superior service and support for free software is the best way to establish one’s expertise and reputation, and is therefore the clearest path to “owning” a software project. Since most software companies derive the bulk of their revenues from services and support, and not software sales, this is an idea they are comfortable with.
Outside the software industry, however, such marketing philosophies have been slow to catch on. If anything, traditional IP industries — recorded music, television, motion pictures, book publishing — have become even fiercer defenders of the proprietary model. Not surprisingly, many of these same companies have come to view the Internet — a medium where Microsoft Word, Gone With the Wind, and War and Peace all boil down to indistinguishable collections of ones and zeroes — with trepidation.
Before CSS, the best example of the Internet’s ability to circumvent proprietary restrictions came via the MP3 audio compression standard. Developed in 1997 as an open platform, MP3 offered Internet users a chance to download and ship music files over the Internet. Because they had no built-in encryption mechanism, MP3 files were also easily duplicated. To the music industry, an industry with a long track record of fighting technology formats that make it easier for listeners to make high-quality duplications, MP3 amounted to a direct challenge. In 1998 the Recording Industry Association of America filed suit against device makers supporting the MP3 format. When that suit failed, the industry countered with the Secure Digital Music Initiative, or SDMI, an attempt to develop an encryption-protected musical file format. To date, SDMI has proved unsuccessful, primarily because MP3 has already established itself as the standard.
Unlike the recording industry, the motion picture industry has taken a proactive approach to preventing unauthorized use of its intellectual property. This approach has been three-pronged. The industry has lobbied Congress to beef up current copyright law — the Digital Millennium Copyright Act and the Sonny Bono Copyright Term Extension Act, another 1998 law that lengthens the copyright term for corporate-owned works from 75 to 95 years after first publication. The industry has also strengthened its international presence, building contacts with foreign governments and lobbying for stricter international copyright enforcement via treaties such as the General Agreement on Trade and Tariffs, or GATT.
Finally, the motion picture industry has imposed its own encryption standard on DVDs — the Content Scrambling System, or CSS. “Our members decided that before their product would be released [in digital form] it would have to be encrypted,” says Mark Litvack, vice president of legal affairs for the MPAA. Earlier non-encrypted DVDs had been available on the market. However, Litvack says, the growth of broadband access, in which multi-gigabyte-sized DVD files can be piped across the Internet as easily as the largest MP3 files, made encryption a priority.
“With digital files, there’s always the concern that every copy is as good as the original and that the speed at which one can produce copies is much higher,” Litvack says. “As a result, the need for security was also much higher.”
DeCSS came about because open source developers were upset by the absence of a licensed DVD-player in the Linux market. So the MoRE hackers cracked the CSS code, an easy task because one CSS-licensee (Xing, a subsidiary) failed to encrypt its public key. Rather than honor the copyright-protection system, MoRE hackers chose to teach both the DVDCCA and the MPAA a lesson in the hazards of the closed-source security model.
Software developers spend as much time probing their counterparts’ code as they do creating their own. Hacking away at “the other guy’s” encryption techniques has always been a respected (if quasi-legal) endeavor. Representatives of the motion picture industry, especially those who lobbied for anti-encryption cracking provisions in the 1998 Digital Millennium Copyright Act, however, called the DeCSS hack nothing more than an invitation to outright piracy.
“DeCSS is the key to the lock,” says the MPAA’s Litvack. “Congress has said providing the keys to any encryption designed to protect copyrighted material is impermissible.”
In order to defend its claim, the MPAA filed suits in New York and Connecticut, citing violation of the DMCA. The suits came on the heels of a DVDCCA-initiated suit in California court, charging Internet publishers of the DeCSS with misappropriation of trade secrets.
Even with the trials pending, however, Linux advocates chose to celebrate their fait accompli. When Santa Clara County Judge William Elfving initially refused to grant an injunction against sites carrying the DeCSS code, a collection of Linux activists organized a contest to reward the most creative distribution method for the DeCSS source code. “The point of the contest was to tell this large corporate organization that if you try to pull something like this, the result will be that the code gets even more widely distributed,” said Don Marti, the contest’s chief organizer.
To drive home their point, contest organizers eventually awarded the ultimate prize to the DVDCCA itself for turning DeCSS into a cause celebre and submitting the DeCSS source code as evidence, insuring public access.
With all three trials in court, Linux community members also stepped up their broadsides over the Internet. Hackers denied the MPAA’s claim that DeCSS facilitates unauthorized copying, pointing out the fact that CSS doesn’t prevent bit-by-bit copies of DVD disks. Instead, they charged, that the MPAA’s real aim with CSS is to limit the devices that may play DVDs and allow movie studios to enforce “region codes,” additional encryption mechanisms that ensure that titles released in the U.S. show scrambled content in markets where the motion picture industry prefers to delay movie releases.
Litvack dismisses both charges as being beside the point. “I can’t agree that it’s not about piracy. It’s about protecting what our members own,” he says. “There are many industries supported by Hollywood. If they aren’t going to get paid for the product, how long are they going to make it?”
Such comments speak to the fundamental disconnect that has emerged within the last decade between open source advocates and traditionalists, says Moglen. The traditional copyright view says that artists and creators need a limited-distribution monopoly as economic incentive to produce quality work. However, the free software development model has raised the notion that other incentives — reputation, peer approval, personal satisfaction, etc. — might be sufficient to spur significant creative efforts. Under the traditional interpretation, laws such as the anti-cracking provision of DMCA are valid. Under the open source interpretations, however, they are unnecessary and unjustifiable restrictions of free expression.
For Moglen, a participant in the California case and a close observer of the New York and Connecticut DMCA cases, the stakes are high for Linux both as a technology and as a free software movement.
“We think that the interpretation that the movie studios put on the statute is incorrect, but if the industry interpretation were to hold up, then the industry would have control over who can manufacture DVD players,” Moglen says. “If they had that power, that means that they can prevent free software from being a platform for playing DVDs.”
Everyone knows that applications are crucial to an operating system’s development. No OS can become a significant platform if it doesn’t have the latest features, like the ability to play DVDs.
So what does DVD mean to Linux?
DVD represents a challenge to the evolution of Linux. Granted, most Linux users have done just fine without DVD-compatibility, but if Linux and the open source development model are to succeed in new markets, the current DVD impasse must be resolved in a way that prevents future industry groups from boxing out the Linux platform.
Clearly, there is much work to be done in determining the proper balance between free speech and property rights in the information age, but community-developed programs such as Linux are quietly undermining the economic perspective courts have used to determine copyright law. Article I, Section 8 of the U.S. Constitution delegates to Congress the power to set copyright and patent law as a means “to promote the progress of science and useful arts by securing for a limited time to authors and inventors the exclusive right to their respective writings and discoveries.” For more than 200 years courts have interpreted this power to imply that intellectual property creators require economic incentives to produce quality work. Clearly, within the open source community, where most software developers contribute additions to the code base on a volunteer basis, such economic incentives are not the only motivations to quality work. In a beautiful twist of irony, the same open source community that cracked the MPAA’s copy protection has shown that copy protection may not be necessary.
Sam Williams is a freelance writer who writes Upside.com’s Open Season column. He can be reached at firstname.lastname@example.org.