Use a Program, Go to Jail
by Wendy McElroy

Go to DeCSS Central. Download the 60kb DeCSS program while the site still exists and while downloading is still legal.

The program is a utility that reads a DVD movie disc, strips the encryption and saves it to your hard disk. To play back, all you need is a DVD-ROM drive and tons of disc space. And, no, I am not promoting movie piracy. This is about freedom of speech. It is also about a business concern trying to maintain a monopoly -- not through trade secrets, copyright or patents, but by imposing criminal penalties on anyone who breaks its encryption whether or not the decrypting serves any illegal purpose. It is about monopoly sustained by criminal law.

The European programmers who created DeCSS aren't pirates, though they have wisely chosen anonymity. They wanted to develop DVD playback software for Linux so they could playback legally purchased movies on the machine of their choice, like Windows users can. The programmers didn't even steal the DVD encryption data. It was given to them by Xing Technologies, a licensee of DVD players who failed to encode the decryption key that preserved a monopoly on playback. The rest was a simple matter of 'reverse-engineering' -- a standard industry technique.

Decoding DVDs is nothing new. "DVD ripping tools" have floated around the Internet for months. Nevertheless, the "industry" was not amused by DeCSS when Wired News broke the story in late '99. DVD was supposed to be copy-proof -- though, clearly, it was not idiot-proof. Indeed, according to Jon Johansen, the encryption was lame. The 16-year-old founder of MoRE (Masters of Reverse Engineering) -- to which the programmers belong -- speculated, "I wonder how much they paid for someone to actually develop that weak algorithm."

"They" are the mega-powerful Motion Picture Association of America (MPAA). Having lost "trade secret" protection through sheer incompetence, MPAA wishes to use criminal law to ensure that no one else develops a system that plays back DVDs. The law in question is the Digital Millennium Copyright Act (DMCA of Oct. 28, 1998) that makes it a criminal act to create, sell or distribute any technology that could be used to break copyright-protection devices. The technology need not be connected to an illegal act of duplication for it to be prohibited and possession criminalized. Violators are liable to fines of $2,500 per act of "circumvention" and jail time.

Web sites offering DeCSS have been deluged with cease and desist letters that threaten legal action. Yet the section of the DMCA that addresses "copy-protection devices" has not yet gone into effect because exemptions for research, education and engineering need to spelled out. In short, the MPAA is telling operators that, although no one knows if the posted material is illegal, if you don't remove it they will take all legal actions possible. Many sites, such as CNET, have reacted by voluntarily ditching DeCSS despite its popularity. According to Tara Lemmey, Executive Director of the Electronic Frontier Foundation, "The motion picture industry is using its substantial resources to intimidate the technical community into surrendering rights of free expression and fair use of information."

Site operators should be alarmed. In at least two states, judges have already ruled that posting DeCSS software violates the DMCA. And the rulings agree: it is not necessary for DeCSS to ever be used in an illegal act in order to criminalize its possession and distribution. It is only necessary to show that DeCSS could be so used. Nor does it matter if any duplication constitutes 'fair use.' For example, it is considered fair use for a person who has bought a music CD to duplicate it onto cassette tape for playback in his car. The programmers who created DeCSS were pursuing a fair use purpose. They wished to playback a legally purchased DVD on the machine of their choice -- one that runs Linux.

Johansen argues that the MPAA's concern is not the protection of movie content, but the maintenance of its monopoly over DVD players. He explains, "The encryption is in fact only playback protection, which gives the movie industry a monopoly on who gets to make DVD players." The MPAA is trying to protect its monopoly through criminal sanctions that are so strong that they criminalize anyone who breaks the security system of a device (a DVD) that he himself owns.

In late January, Johansen became a cause celebre. According to Salon Magazine, "the MPAA reached its arms across the ocean and obtained the arrest and interrogation of Johansen and his father [whose company's Web site posted the program] in their Norwegian home." If convicted, they could receive two to three years in prison as well as fines. Yet no one claims that they have illegally duplicated a single movie.

The battle over DeCSS will be fought in the United States where Jack Valenti, the head of the MPAA, vows to sue every site offering the program. Valenti is smart. He refers to the programmers and posters by labels that identify America's newest public enemy: "hackers" and "cyberthieves." Janet Reno has already declared that Clinton's budget for 2001 gives government agencies the "capacity to trace and detect cyber criminals around the world." If MPAA is able to manipulate the growing fear of all things cyber -- if it is able to obscure the issues of freedom of speech and reverse engineering -- then it will win. And what a prize! It will win the type of monopoly that Microsoft only dreams of. A market position enforced by criminal law.