Call it the Internets version of a bloodless coup. A revolt by users of Digg.com led the administrators of the Web site to reverse a decision to remove stories containing code used to circumvent digital rights management for HD-DVDs.
But the change of course by Digg.com has not settled anything; instead the latest flare up regarding the now-infamous code highlights both legal and security issues facing HD-DVD technology and the Internet itself.
Digg.coms initial decision to take down the stories was spurred by a cease and desist letter earlier this week from the AACS LA (Advanced Access Content System Licensing Administrator).
The AACS LA licenses the encryption technology meant to protect HD-DVDs from illegal copying. The move by Digg.com angered many of its users, who quickly mounted a campaign to get the information back up on the site. Faced with the overwhelming opposition, the company caved and users who opposed the takedowns won out.
But the decision by the company could open it up to legal action by the AACS LA for a possible violation of the Digital Millennium Copyright Act, a series of provisions that prohibit the production or distribution of technology that circumvents DRM.
Intellectual property attorney Ian C. Ballon said case law on the issue is clear.
“Were not talking about a work of great literature…we are talking about a small segment of code thats only used to crack copyright protection,” said Ballon, who works at the law firm Greenberg Traurig LLP in Silicon Valley.
Ballon cited Universal City Studios Inc. v. Corley, where the defendant, Eric Corley, posted the code for DeCSS—a program that decrypts DVDs— to his Web site. A federal court ruled his actions were not protected under the First Amendment.
Ben Riley, an attorney for Howrey LLP in San Francisco, said the situation centers on a number of important questions. For example, he said, the question of how much responsibility Digg.com has regarding such content needs to be resolved, particularly since the company tried repeatedly to remove the posts about the code and was overwhelmed.
Also, its questionable whether simply posting the code is enough to constitute a violation because the hack requires additional software and technical know-how, he said.
“If someone gives me the code, I dont know what to do with it,” Riley said.
Ballon said that part of the problem is there are certain urban myths about what the law provides.
Many people in the libertarian community believe certain actions are protected just because they think they should be, Ballon said. Instead of throwing up their hands and yielding, Digg.com owners should have taken this opportunity to educate their user-base, he added.
Digg.com CEO Jay Adelson said the company had not received any further communication from the AACS LA and was not worried.
“There is a risk, [but] I wouldnt say it keeps us awake right now,” he said.
Adelson said the incident is not about copyright infringement, and added the key code in question had been in the public domain since it was first discovered a few months ago.
But that, Ballon countered, is not the point.
“The fact that it is available on multiple places on the Internet doesnt make it legal,” he said.
AACS LA officials would not comment on whether they were planning any further action.
Given the difficulty of the hack, it is unlikely many people will use it, Forrester Research analyst James McQuivey noted. However, from a piracy perspective, it only takes one clean copy on a file-sharing network to do the damage the content owners are afraid of, he added.
Alec Main, chief technology officer of security vendor Cloakware of Vienna, Va., said that when it comes to thwarting hackers manufacturers of HD-DVDs are simply going to have to do more.
“They need to make sure that their products dont allow for hacks where keys are grabbed in memory, or the keys are extracted from their device, or their firmware is patched,” Main said.
“This is a license requirement they sign up to. If they dont follow the rules—and we expect some of them not to do it right at the beginning, or not have the expertise to do it right—then these devices can be revoked so they dont work anymore on new HD discs.”
“This,” Main contended, “should be pretty powerful incentive for the manufacturers or software developers to do it right if they hope to build a good business and want to protect their brand.”
In the end though, every content protection scheme is hackable, McQuivey said.
“The hope on the film studios part is that high-definition video will save them from watching the DVD market dry up as digital downloads erode traditional in-store DVD purchases and even rentals,” McQuivey said.
“But if high definition disc formats are cracked this quickly, it will make studios less confident in putting their content on HD, which ultimately will slow down legitimate HD distribution, thus giving piracy a chance to flourish.”
McQuivey said that the only long-term antidote to this kind of hacking is to make your content available widely in any format consumers are interested in using.
“If content were available on PSP, on disc, online, via x-box, on VOD, in short, anywhere, the desire to steal content would leave the minds of all but the most dedicated pirates,” he said.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.