Category: DRM


The De-Pressing Truth About DVDs

Yesterday, I told a simplistic story about DeCSS—indeed, the self-same simplistic story about DeCSS that I told my classes this year, and that I suspect a lot of other professors tell their classes—and asked what was wrong with it. The way I put it, if DeCSS really is about preventing only decryption of DVDs, what’s to stop pirates from simply making copies of discs in their encrypted forms? The story simply doesn’t make sense without some additional fact.

Sarah L. (“[T]he CSS disk’s descrambling keys are in sectors that aren’t copied when you make a copy of the disk using a noncompliant player.”) and Bruce Boyden (“[T]he whole scheme depends on licensed drives, which must play by the licensing rules.”) both had important parts of the answer, but what I was looking for is that it is physically impossible to produce CSS-encoded DVDs using home equipment. Sarah’s and Bruce’s points are both true, but even taken together, they wouldn’t explain why DVD Jon or someone else similarly disinclined to care about licensing doesn’t just write a program that writes the descrambling keys to the special sectors. They don’t because they can’t.

To decrypt a CSS-encrypted DVD, you actually need two kinds of keys. One is universal but nominally secret; it’s baked into every DVD player. This is the one that DVD Jon found. The other is different for every disc. But this second key isn’t really secret; it’s written out on the disc, plain as day for anyone to see, in a special “lead-in” sector. Ordinarily, your DVD player reads the public disc key, combines it with its own secret player key, and uses the two together to decrypt the disc contents.

Here’s the twist. There are two ways to make readable DVDs, and they use completely different technology. The large-scale industrial method is to “press” the DVD: that involves encoding the data as a series of tiny three-dimensional bumps on a mold used to stamp a corresponding pattern of pits into metal blanks, which are then encased in a layer of lacquer to make DVDs. This process, as you might imagine, has high fixed costs; the equipment alone will run you upwards of a million dollars. In contrast, the home method is to “burn” the DVD. Here, the blank disc comes from the factory prelacquered and containing an optically sensitive dye on the surface of the metal. Focus the right kind of laser on the dye and its transparency changes. From the perspective of the DVD player that will later read the disc’s patterns of opaque and transparent regions, the results are much the same as if the disc had pits and non-pits. Some areas reflect; others don’t. Ones and zeroes, more or less.

The trick that makes CSS “work” is that you can’t burn lead-in sectors. DVD-Rs (and DVD+Rs) come from the factory with the lead-in sectors zeroed out. Thus, a would-be pirate can easily read an entire encrypted disc, disc key and all, but can only burn back the data portion of the disc, without the disc key. The resulting disc is useless in a standard DVD player; there’s no disc key to be read, which means the player is at a loss in trying to decrypt it. While one could manufacture and distribute home-copied DVDs without having to bust CSS, those DVDs are only going to work on specially-coded software DVD players, not on the mass-produced home players most people have.

That’s why everything does in fact depend on CSS, and why DeCSS really is a big deal. It goes back to the control that the DVD cartel has over their hardware platform, specifically over the manufacturing format of blank media. And that control, in turn, is backed up by patent pools. Yes, you could in theory press (not burn) exact-copies of encrypted discs, or mass-produce your own non-standard blank DVD-Rs with writable lead-in areas, but to do either, you’d need some significant (and hard-to-move) capital, which makes you vulnerable if the cartel comes after you. It’s an ingenious technologico-legal trap.

Tomorrow: Some thoughts on the implications (including responses to comments).


The DRMperor’s New Clothes?

Like a good many law professors, I teach and write about digial rights management: the technological “locks” copyright owners use to keep people from getting at digital media without authorization. Exhibit A in any discussion of DRM is the DeCSS saga. CSS, the “Content Scramble System,” is the encryption system that keeps you, the home user, from watching DVDs without permission. The way it works is that some DVDs (the ones Hollywood cares about) come encrypted. The decryption key is stored in each and every DVD player, but manufacturers can’t get a license to make DVD players (and thereby get authorized access to the key) unless they sign an extensive license agreement with the DVD Copy Control Association. By obvious linguistic principles, DeCSS is the thing that makes CSS not do its thing. In particular, a Norwegian teen (fun fact: seven of the first ten Google hits for “Norwegian teen” are about him), frustrated at the lack of software DVD players that run on the open-source operating system Linux, wrote a program that decrypts CSS-protected DVDs. The idea is that one could then take the unencrypted version from your computer, burn it to a blank DVD, and then view the DVD on a Linux computer.

As normally told, this story illustrates all sorts of useful points. It shows how a classic DRM-based business model works: sell individual copies with DRM that keeps them from turning into lots of copies. It shows how painfully insecure such business models can be: DVD Jon was easily able to find the super-seekrit CSS decryption key in the code of a Windows DVD player (every DVD player in existence, after all, must contain a copy of the key). And it shows the might of the law descending with fury and malice in response: lawsuits under the Digital Millenium Copyright Act soon followed.

But there’s a gaping technological hole in this story. You see, CSS as I’ve described it above, tries to block one specific attack vector: copying an encrypted DVD onto a computer and decrypting it, then using the computer’s DVD burner to make a new, unencrypted DVD version. DeCSS opens up this attack again. But why would anyone bother with this slow, clumsy way of making copies? Why not just read the encrypted contents of the DVD onto the computer, keep the bits encrypted, and burn them back onto a new DVD in exactly the same form? You wind up with a new DVD, exactly identical to the old. And, of course, thanks to the convenient fact that every DVD player in existence has a copy of the decryption key, that new DVD is playable on any DVD player in existence.

In other words, CSS sounds like a gigantic dust-up over nothing. Would-be pirates already have a perfectly good way of making any number of perfect copies. Worrying about DeCSS, it would seem, is like worrying about the barn’s windows when the wide-open door is just gaping at you. Hasn’t the legal system—and by extension, the legal academy—just spent who knows how many hours on a massive intellectual boondoggle?

Thus, a question for the readership. What crucial fact is missing from the story above? I’ll post the answer tomorrow, along with some pointed observations about the implications.

Computers, Freedom, and Privacy Conference

As a member of the Program Committee, I just wanted to post this announcement for CFP. This has been a great conference and I’m sure this year’s will be a terrific event. Note that the deadline for Panel, Tutorial, and Speaker proposals is March 21, 2008.


18th Annual CFP conference

May 20-23, 2008

Omni Hotel

New Haven, CT


This election year will be the first to address US technology policy in the information age as part of our national debate. Candidates have put forth positions about technology policy and have recognized that it has its own set of economic, political, and social concerns. In the areas of privacy, intellectual property, cybersecurity, telecommunications, and freedom of speech, an increasing number of issues once confined to experts now penetrate public conversation. Our decisions about technology policy are being made at a time when the architectures of our information and communication technologies are still being built. Debate about these issues needs to be better-informed in order for us to make policy choices in the public interest.

Open participation is invited for proposals on panels, tutorials, speaker suggestions, and birds of a feather sessions through the CFP: Technology Policy ’08 submission page. More details below.

Read More


Radiohead Rules The Charts (But It and Niggy Tardust Rule in a Different Way)

In Rainbows.jpg

So Radiohead’s album In Rainbows debuted at number one on the U.S. charts (somehow I still hear Casey Kasem saying “And now for our number one”). The album sold 122,000 copies. Some point out that this number “falls well short of Radiohead’s 2003 album Hail To The Thief, which made its debut in the US album chart at number three with first week sales of 300,000 – a career best for the band.” AH but wait, don’t order yet! There’s more to the story. As Wired reports (note IE seems to crash with the link; use Firefox as perhaps that is better anyway) the band has earned $3 million from the download sales and Radiohead owns the master which means it can and did license the sales on CD. (Most interesting is that the album is no longer available for download from the In Rainbows site yet is available at Amazon for a download price that equals the CD price. The label probably required that change).

NiggyStardust.jpgIn contrast Trent Reznor and Saul Williams tried a similar download approach and Reznor was not pleased with the results (only 20 percent paid for the downloads; 40 percent paid for Radiohead). Still, Williams was happy. He took the view that unlike a film, music can have a long shelf life and that time to market through the Web and concert dates are still to come. Williams sees touring as his main income. He makes an interesting point that Reznor’s era was sued to having a few dominant bands sell 10 million or more copies. That seems to no longer be the case. BUT Williams who is in his words “an artist not everyone has heard of and not everyone is going to necessarily try if they have to pay for it” sees the upside of exposure. In addition, Williams notes that this approach allowed him to overcome some race barriers.

Apparently, labels told him “Your album isn’t hip-hop.” Williams saw this move as “an opportunity for once as an artist that I didn’t have to compromise in the face of people who have limited ideas and conceptions about what it is to be black and make music.” So rather than being told that the urban department was where he belonged, he has taken the music to the Internet and can let people decide whether they like it or not. Nonetheless, he is not sure whether he will do it again from an economic standpoint. (in fact, the site now only offers a $5 version but one receives a “high quality download” and “33 page PDF of original album artwork and lyrics”)

Which raises another issue: what is the business model for music? Is there just one? What does one gain or lose from choosing a specific model? Not surprisingly Byrne has thoughts on that too.

Read More

Paradoxes of the Pirate Party

pirate.jpgLast month Stanford hosted Rick Falkvinge, the head of the Swedish Pirate Party, which advocates fundamental changes to patent and copyright laws. Falkvinge’s “personal candidacy came in at rank #15 out of over 5,000 candidates for the 349 parliamentary seats,” but “he didn’t win a seat due to threshold rules.” I listened to his talk on iTunes University, and was surprised by the comprehensiveness of his case against excess copyright and for more open competition.

Falkvinge explained the unfortunate historical origins of copyright-type restrictions, as a tool first for censorship and later for the preservation of monopolistic practices of the stationers’ guild in England. He argued that many current copyright laws resulted from the undue influence of “crumbling monopolies” trying to protect their business models against new forms of competition. But he made an interesting concession: he admitted that certain works that cost a huge sum wouldn’t be produced if their makers had no hope of financial return, so he favored some copyright protection for commercial uses of those works. However, Falkvinge said the threat to privacy posed by modern copyright enforcement techniques was too great to allow any legal monitoring of personal use of works.

Two thoughts after the break…

Read More


Microsoft, Google, and Copyright Scofflaws

I saw in Michael Geist’s BNA newsletter that Tom Rubin, Microsoft’s Associate General Counsel, will accuse Google of having a “cavalier” attitude towards copyright in a speech to the Association of American Publishers. has a preview of the speech, and WSJ online has the text available to subscribers. I’ve only the read the preview (I don’t subscribe to, but I’m curious how far Mr. Rubin’s speech will go to address the problem of online piracy.

Rubin describes Google as a copyright scofflaw, saying ““companies that create no content of their own, and make money solely on the back of other people’s content, are raking in billions through advertising and initial public offerings”. Rubin will apparently try to distinguish Microsoft from Google by offering to cooperate with content producers to eliminate piracy.

I wonder how far Microsoft is prepared to go in eliminating piracy from the online sites like YouTube. I went to Microsoft’s YouTube competitor Soapbox, and put in searches for “Mariah Carey” and “Ice Age.” Both searches turned up what I presume content providers consider infringement. If Microsoft is offering to police its site for infringement (presumably the behavior most respectful of copyright), they’ve obviously done a poor job. If they’re not prepared to go that far, then they must think that there is some less aggressive behavior that is a reasonable, appropriate response to the problem of user piracy. I hope and would very much like to see what Mr. Rubin’s company thinks is the right thing for sites like Soapbox to do. If Microsoft is not prepared to do everything content creators demand, it has to articulate a theory of what their obligation is. Otherwise, it looks like Microsoft is simply criticizing its more commercially successful rival.


Best and Worst Internet Laws

[Preface: I’ve already overstayed my guest visit, but before I go, I want to say thanks to the Concurring Opinions team for the opportunity to blog here, and thanks to all of you for the great comments and stimulating dialogue. A complete index of my guest blog posts. Meanwhile, I’ll keep blogging on technology and marketing law at my main blog and on all other topics at my personal blog. Hope to see you there!]

Over the past dozen years, the lure of regulating the Internet has proven irresistible to legislators. For example, in the 109th Congress, almost 1,100 introduced bills referenced the word “Internet.” This legislative activity doesn’t always come to fruition. Still, in total, hundreds of Internet laws have been passed by Congress and the states. This body of work is now large enough that we can identify some winners and losers. So in the spirit of good fun, I offer an opinionated list of my personal votes for the best and worst Internet statutes in the United States.

[Keep reading for the list]

Read More

The Limits of Law & Econ in IP: The Case of Digital Music

Once again, the folks at Truth on the Market have celebrated the recording industry’s efforts to assure perfect control over copyrighted content via Digital Rights Management. Free marketeers like Tyler Cowen are beginning to question DRM as a tax on consumers, and even one of the big four record companies is considering abandoning it. Untroubled by such doubts, Josh Wright and Geoff Manne push for ever more latitude for the dominant platform (iTunes) and dominant content providers (the big four recording companies).

Their posts provide classic examples of what Reza Dibadj has called the key shortcomings of conventional law & economics (L&E) reasoning. As Dibadj summarizes,

[T]hree of the most basic assumptions to the popular L&E enterprise–that people are rational, that ability to pay determines value, and that the common law is efficient–while couched in the metaphors of science, remain unsubstantiated.

Let’s take a look at how each of these assumptions drives the TOTM approach to digital music markets.

Read More


And now, from the Department of Ironic Advertising

Boing Boing

This weekend, Cory Doctorow at Boing Boing ran a story about DRM problems with Apple’s new iPhone; this follows up on prior Boing Boing posts criticizing Apple’s DRM, such as Apple’s iTunes/iPod tying.

And who is sponsoring these posts? Take a look at the page: One of the sponsors is Nike+.

Now, Nike+ is a pretty really cool idea (as Cory himself pointed out earlier). You put a chip in your running shoes, and a little doohickey on your iPod, and your iPod suddenly tells you your pace, distance, and so on. That’s really cool. (It’s actually one major reason I’m considering buying an iPod nano; I may actually get one if I can finesse a way to buy it with Amex rewards points). But Nike+ is also, frustratingly, tied to a single type of MP3 player — the iPod nano. Which kinda-sorta makes it a really strange sponsor for a series of posts blasting Apple’s business model for “lock-in” and calling the iPod line “a roach-motel: customers check in, but they can’t check out.”