28 December 1999

See also Slashdot's massive thread: http://slashdot.org/articles/99/12/27/194216.shtml


[Thanks to anonymous.]

Date: Tue, 28 Dec 1999 10:41:46 -0500
To: John Young <jya@pipeline.com>
Subject: CSS Petard

I note that the lawsuits from the motion picture industry are going after web sites where only LINKS to the CSS information is located.

I am curious about the lawyer's attack on reverse engineering per the new digital copyright law. For example, if you posted the links but protected them using ROT-13, wouldn't the lawyers be unable to decrypt them without "reverse engineering" your copyrighted web page, thereby providing evidence of their own violation the law they seek to enforce on others?

Secondly, one of the CSS decryption keys was provided by the manufacturer in a totally unencrypted form, requiring no "decryption hacking" whatsoever. Are we to understand that reading literal, non-motion picture data directly from a DVD and telling others those few bytes, or using them to decode copyrighted content, is now illegal or a tort?

If so, then a copyrighted web page with encrypted links to CSS information could provide the unencrypted decryption key on the copyrighted web page itself, couldn't it? And if the lawyers use that unencrypted key to read the data you have there, they would be providing evidence of their own reverse engineering and copyright violation, wouldn't they?

If you provide the unencrypted key thusly:

"LAWYERSBCDFGHIJKMNOPQTUVXZ"

and then you have:

"CQQL://VVV.XPPDJSK.XKI"

they wouldn't violate your copyright and reverse engineer that, discovering that your algorithm of "monoalphabetic substitution using ordered English alphabet with key=LAWYERS; minus one position", discovering that the plaintext is "http://www.cssinfo.com", would they? [non-existent URL, as far as I know.]

Of course, providing a link to their legal filing, which lists the URLs of those they allege to be posting the URLs of the CSS information, would be legitimate, wouldn't it?

If not, since their public legal filing lists the URLs that are links to the CSS information, or to the CSS information directly, aren't they violating the law and equity themselves for which they seek legal remedy?

"For 'tis the sport to have the engineer
Hoisted with his own petard."

Hamlet, Act 3, Scene 4.


Date: Tue, 28 Dec 1999 11:05:39 -0500
From: "Peter D. Junger" <junger@SAMSARA.LAW.CWRU.EDU>
Subject: The DVD litigation
To: CYBERIA-L@LISTSERV.AOL.COM

I sent the following message to Chris DiBona <http://www.dibona.com/social/dvd/index.shtml>, following Michael Sims's suggestion.

It seems to me that, if plaintiff does not abandon its claims, this could become an extremely important precedent.  Has EFF taken any action so far?  Is there any chance of getting the ACLU interested?

--

Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
EMAIL: junger@samsara.law.cwru.edu    URL:  http://samsara.law.cwru.edu
     NOTE: junger@pdj2-ra.f-remote.cwru.edu no longer exists

------- Forwarded Message

Date: Tue, 28 Dec 1999 10:34:14 -0500
To: chris@dibona.com
From: junger@samsara.law.cwru.edu
Subject: DVD litigation

Just a couple of quick points.

First, a problem.  Those who posted the source (or other) code of the encryption program may---at least in theory---have violated the Export Administration Regulations forbidding the export of encryption software without a license, if the posters were in the United States.  On the other hand posting links to a foreign site that has the code is not a violation according to a ruling that my lawyers obtained for me that is on my web site.  (The web site is <http://samsara.law.cwru.edu/>; the materials relating to my case challenging the export regulations are at <http://samsara.law.cwru.edu/jvd/>.  The web pages are not up to date, but there should be enough information there to get you started.)

Because of the Bernstein case which is now pending in the 9th Circuit the status those export regulations, at least in your circuit, would seem to be in limbo.  I doubt that the Department of Commerce or the Justice Department would want to challenge anyone who posted the DVD code right now, especially when they are revising the regulations so as, or so they seem to claim, to make the posting of open source code OK.  Still I, because I am the plaintiff in a case challenging those export regulations, that is now pending before the 6th Circuit, don't feel that I should post the code, though I will post a link to some foreign site where the code is available.

Second, an argument.  For the court to enjoin the publication of the source code of the DVD program would be a violation of the First Amendment.  Although the 9th Circuit has withdrawn its opinion in Bernstein, there is still the District Court's holding that source code is speech protected by the First Amendment.  There is also quite a bit of discussion of this point in the archives of a list that I maintain---now gone inactive---at <http://samsara.law.cwru.edu>.

Third, another argument.  The plaintiffs rely on their licensing agreement's ``no reverse engineering'' clause to claim that their no longer secret algorithm should be protected as a secret.  The claim that such a clause is enforceable is extremely dubious under U.S. law, especially as it conflicts with the federal copyright act, and especially when it is applied to third parties, as appears to be the case here.  Since the original disclosure of the former secret took place in Denmark or Norway or wherever, it would seem that the plaintiff will have to prove that the disclosure was not ``legal'' under the laws of that foreign jurisdiction.

This is pretty much off the top of my head, but I wanted to get my thoughts to you promptly.  If you have any questions about them, please let me know.

Thank you for stepping in and helping with this matter.  If the plaintiff really continues to push the issues it could turn into an extremely important case on the free speech and intellectual property status of open software, in particular, and of any publication in general.  And the idea that they can get an injunction against links to other sites is all by itself an extremely important issue.

Ciao,

Peter

- --

Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
EMAIL: junger@samsara.law.cwru.edu    URL:  http://samsara.law.cwru.edu
     NOTE: junger@pdj2-ra.f-remote.cwru.edu no longer exists

------- End of Forwarded Message


Date: Tue, 28 Dec 1999 09:02:36 -0800
From: "Carl M. Kadie" <kadie@EFF.ORG>
Subject: Re: DVD encryption
To: CYBERIA-L@LISTSERV.AOL.COM

So, according the complaint,

      The information should be banned.
      Links to the information should be banned.

Does the complaint say if

      Links to links to the information should be banned?

If so, then the complaint itself should be banned

    (as should this note and any injunction the judge issues that mentions the URLs).

>           Doe
>           Defendant [...]
>                           quintessenzs.at/q/mirrors.html [...]
>                           www.ceraton.com/decss/ [...]
>                           slashdot.org/articles/99/11/09/1342207.shtml
[...]
>                           cryptome.org/dvd-css.htm [...]
>                           ftp://dvd:dvd@206.98.63.136/ [...]
>                           www.deja.com/getdoc.xp?AN=547600297 [...]

- Carl