Jump to content

AACS encryption key controversy

This is a good article. Click here for more information.
From Wikipedia, the free encyclopedia
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Internet users began circulating versions of this image, calling it the Free Speech Flag, in blog posts on dozens of websites and as user avatars on forums such as Digg. The first fifteen bytes of the 09 F9 key are contained in the RGB encoding of the five colors, with each color providing three bytes of the key. The byte "C0" is appended in the lower right corner (due to 16 not being divisible by 3).[1][2][3][4][5][6]

A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC (AACS LA) began issuing cease and desist letters[7] to websites publishing a 128-bit (16-byte) number, represented in hexadecimal as 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0[8][9] (commonly referred to as 09 F9),[10][11] a cryptographic key for HD DVDs and Blu-ray Discs. The letters demanded the immediate removal of the key and any links to it, citing the anti-circumvention provisions of the United States Digital Millennium Copyright Act (DMCA).

In response to widespread Internet postings of the key, the AACS LA issued various press statements, praising those websites that complied with their requests for acting in a "responsible manner" and warning that "legal and technical tools" were adapting to the situation.

The controversy was further escalated in early May 2007, when aggregate news site Digg received a DMCA cease and desist notice and then removed numerous articles on the matter and banned users reposting the information.[12] This sparked what some describe as a digital revolt[13] or "cyber-riot",[14] in which users posted and spread the key on Digg, and throughout the Internet en masse, thereby leading to a Streisand effect. The AACS LA described this situation as an "interesting new twist".[15]

Background

Because the encryption key may be used as part of circumvention technology forbidden by the DMCA, its possession and distribution has been viewed as illegal by the AACS, as well as by some legal professionals.[7][16] Since it is a 128-bit numerical value, it was dubbed an illegal number.[17][18][19] Opponents to the expansion of the scope of copyright criticize the idea of making a particular number illegal.[20]

Commercial HD DVDs and Blu-ray discs integrate copy protection technology specified by the AACS LA. There are several interlocking encryption mechanisms, such that cracking one part of the system does not necessarily crack other parts. Therefore, the "09 F9" key is only one of many parts that are needed to play a disc on an unlicensed player.

AACS can be used to revoke a key of a specific playback device, after it is known to have been compromised, as it has for WinDVD.[21] The compromised players can still be used to view old discs, but not newer releases without encryption keys for the compromised players. If other players are then cracked, further revocation would lead to legitimate users of compromised players being forced to upgrade or replace their player software or firmware in order to view new discs. Each playback device comes with a binary tree of secret device and processing keys. The processing key in this tree, a requirement to play the AACS encrypted discs, is selected based on the device key and the information on the disc to be played. As such, a processing key such as the "09 F9" key is not revoked, but newly produced discs cause the playback devices to select a different valid processing key to decrypt the discs.[22]

Timeline of AACS cracking

2006

On December 26, 2006, a person using the alias muslix64 published a utility named BackupHDDVD and its source code on the DVD decryption forum at the website Doom9.[23] BackupHDDVD can be used to decrypt AACS protected content once one knows the encryption key.[24] muslix64 claimed to have found title and volume keys in main memory while playing HD DVDs using a software player, and that finding them is not difficult.[25]

2007

On January 1, 2007, muslix64 published a new version of the program, with volume key support.[26] On January 12, 2007, other forum members detailed how to find other title and volume keys, stating they had also found the keys of several movies in RAM while running WinDVD.

On or about January 13, a title key was posted on pastebin.com in the form of a riddle, which was solved by entering terms into the Google search engine. By converting these results to hexadecimal, a correct key could be formed.[27] Later that day, the first cracked HD DVD, Serenity, was uploaded on a private torrent tracker.[28] The AACS LA confirmed on January 26 that the title keys on certain HD DVDs had been published without authorization.[29]

Doom9.org forum user arnezami found and published the "09 F9" AACS processing key on February 11:

Nothing was hacked, cracked or even reverse-engineered btw: I only had to watch the "show" in my own memory. No debugger was used, no binaries changed.

— arnezami, February 11, 2007[30]

This key is not specific to any playback device or DVD title. Doom9.org forum user jx6bpm claimed on March 4 to have revealed CyberLink's PowerDVD's key, and that it was the key in use by AnyDVD.[31]

The AACS LA announced on April 16 that it had revoked the decryption keys associated with certain software high-definition DVD players, which will not be able to decrypt AACS encrypted disks mastered after April 23, without an update of the software.[32][33]

On May 17, one week before any discs with the updated processing key had reached retail, claims were reported of the new keys having been retrieved from a preview disc of The Matrix Trilogy.[34] On May 23, the key 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 was posted on Edward Felten's Freedom to Tinker Blog[35] and confirmed a week later by arnezami on Doom9 as the new processing key (MKB v3).[36]

DMCA notices and Digg

Screenshot of the Digg front page during the user revolt; almost all of the stories are related to the HD-DVD key.

As early as April 17, 2007, AACS LA had issued DMCA violation notices, sent by Charles S. Sims of Proskauer Rose.[37][38] Following this, dozens of notices were sent to various websites hosted in the United States.[39]

On May 1, 2007, in response to a DMCA demand letter, technology news site Digg began closing accounts and removing posts containing or alluding to the key. The Digg community reacted by creating a flood of posts containing the key, many using creative ways of disguising the key,[40][failed verification] by semi-directly or indirectly inserting the number, such as in song or images (either representing the digits pictorially or directly representing bytes from the key as colors) or on merchandise.[41] At one point, Digg's "entire homepage was covered with links to the HD-DVD code or anti-Digg references."[42] Eventually the Digg administrators reversed their position, with founder Kevin Rose stating:

But now, after seeing hundreds of stories and reading thousands of comments, you've made it clear. You'd rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won't delete stories or comments containing the code and will deal with whatever the consequences might be.[43][44][45]

Lawyers and other representatives of the entertainment industry, including Michael Avery, an attorney for Toshiba Corporation, expressed surprise at Digg's decision, but suggested that a suit aimed at Digg might merely spread the information more widely.

If you try to stick up for what you have a legal right to do, and you're somewhat worse off because of it, that's an interesting concept.

— Michael Avery, Toshiba Corp, May 3, 2007[46]

The American Bar Association's eReport published a discussion of the controversy,[47] in which Eric Goldman at Santa Clara University's High Tech Law Institute noted that the illegality of putting the code up is questionable (that Section 230 of the Communications Decency Act may protect the provider when the material itself is not copyrighted), although continuing to allow posting of the key may be "risky", and entertainment lawyer Carole Handler noted that even if the material is illegal, laws such as the DMCA may prove ineffective in a practical sense.

Impact

In a response to the events occurring on Digg and the call to "Spread this number", the key was rapidly posted to thousands of pages, blogs and wikis across the Internet.[48][49] The reaction was an example of the Streisand effect.[50]

Intellectual property lawyer Douglas J. Sorocco noted, "People are getting creative. It shows the futility of trying to stop this. Once the information is out there, cease-and-desist letters are going to infuriate this community more."[47] Outside the Internet and the mass media, the key has appeared in or on T-shirts, poetry, songs and music videos, illustrations and other graphic artworks,[51] tattoos and body art,[52] and comic strips.[53] The Linux kernel also incorporated a copy of the key for 17.5 years, originally added in 2007 by David Woodhouse as part of the red zone logic[54] and subsequently removed as a routine cleanup in 2024.[55]

On Tuesday afternoon, May 1, 2007, a Google search for the key returned 9,410 results,[56] while the same search the next morning returned nearly 300,000 results.[9] On Friday, the BBC reported that a search on Google shows almost 700,000 pages have published the key,[15] despite the fact that on April 17, the AACS LA sent a DMCA notice to Google, demanding that Google stop returning any results for searches for the key.[57][58]

Widespread news coverage[42][59][44][60][61] included speculation on the development of user-driven websites,[62] the legal liability of running a user-driven website,[63] the perception of acceptance of DRM,[64] the failure as a business model of "secrecy based businesses ... in every aspect" in the Internet era,[65] and the harm an industry can cause itself with harshly-perceived legal action.[66]

In an opposing move, Carter Wood of the National Association of Manufacturers said they had removed the "Digg It"-link from their weblog.[67]

Until the Digg community shows as much fervor in attacking intellectual piracy as attacking the companies that are legitimately defending their property, well, we do not want to be promoting the site by using the "Digg It" feature.

Media coverage initially avoided quoting the key itself. However, several US-based news sources have run stories containing the key, quoting its use on Digg,[68][69][70][71][72][73] though none are known to have received DMCA notices as a result. Later reports have discussed this, quoting the key.[74] Current TV broadcast the key during a Google Current story on the Digg incident on May 3, 2007, displaying it in full on screen for several seconds and placing the story on the station website.[75]

Wikipedia, on May 1, 2007, locked out the page named for the number "to prevent the former secret from being posted again. The page on HD DVD was locked, too, to keep out The Number."[76] This action was later reversed.[77][78] No one has been arrested or charged for finding or publishing the original key.[40][unreliable source?]

AACS LA reaction

On May 7, 2007, the AACS LA announced on its website that it had "requested the removal solely of illegal circumvention tools, including encryption keys, from a number of web sites", and that it had "not requested the removal or deletion of any ... discussion or commentary". The statement continued, "AACS LA is encouraged by the cooperation it has received thus far from the numerous web sites that have chosen to address their legal obligations in a responsible manner."[79] BBC News had earlier quoted an AACS executive saying that bloggers "crossed the line", that AACS was looking at "legal and technical tools" to confront those who published the key, and that the events involving Digg were an "interesting new twist".[15]

See also

References

  1. ^ Marcotte, John (May 1, 2007). "Free Speech Flag". Badmouth.net. Archived from the original on May 4, 2007. Retrieved May 3, 2007.
  2. ^ Bushell-Embling, Dylan (May 15, 2007). "Digg finds the key is safety in numbers". Brisbane Times. Archived from the original on October 9, 2007. Retrieved September 24, 2015.
  3. ^ S, Ben (March 1, 2011). "46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2". Yale Law & Technology. Archived from the original on March 10, 2011. Retrieved September 24, 2015. A 'PS3 Flag', an homage to its predecessor, the 'Free Speech Flag'
  4. ^ Thompson, Jeff (August 13, 2011). "AACS encryption key". Jeff Thompson. Archived from the original on September 24, 2015. Retrieved September 24, 2015. An example of this is the so-called 'Free Speech Flag', seen above.
  5. ^ Crofton, Isaak (2015). Crypto Anarchy. Lulu Enterprises Incorporated. p. 160. ISBN 978-1329059801.
  6. ^ Kiyuna, A.; L. Conyers (2015). Cyberwarfare Sourcebook. Lulu.com. p. 291. ISBN 978-1329063945.
  7. ^ a b "AACS licensor complains of posted key". Chilling Effects. Archived from the original on May 5, 2007. Retrieved May 4, 2007.
  8. ^ Rupert Goodwins (May 11, 2007). "An interesting sales tactic". ZDNet UK. Archived from the original on June 12, 2007. Retrieved May 18, 2007.
  9. ^ a b Nick Farrell (May 2, 2007). "09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c0 is the number they tried to ban". The Inquirer. Archived from the original on October 29, 2009. Retrieved May 3, 2007.{{cite web}}: CS1 maint: unfit URL (link)
  10. ^ Fred von Lohmann (May 2, 2007). "09 f9: A Legal Primer". EFF. Archived from the original on February 18, 2015. Retrieved May 18, 2007.
  11. ^ Frederick Lane (May 5, 2007). "09 F9: An Unlikely Star Is Born Thanks to Digg.com". Sci-Tech Today. Archived from the original on September 28, 2007. Retrieved May 18, 2007.
  12. ^ David Utter (May 2, 2007). "Digg Embroiled In HD DVD Controversy". WebProNews. Archived from the original on May 6, 2007. Retrieved May 18, 2007.
  13. ^ "Digg revolt over HD DVD codes". news.com.au. May 2, 2007. Archived from the original on July 3, 2007. Retrieved May 20, 2007.
  14. ^ Michael S. Malone (May 3, 2007). "The First Amendment vs. Patents in Web 2.0". 6abc. Archived from the original on May 5, 2009. Retrieved May 20, 2007.
  15. ^ a b c Darren Waters (May 4, 2007). "DRM group vows to fight bloggers". BBC. Archived from the original on May 7, 2007. Retrieved May 4, 2007.
  16. ^ Stone, Brad (May 2, 2007). "In Web Uproar, Antipiracy Code Spreads Wildly". The New York Times. ISSN 0362-4331. Archived from the original on December 11, 2008. Retrieved May 3, 2007.
  17. ^ "Blogger News Network / 'Illegal Number' Triggers Flood of MPAA Cease-and Desist Letters". Archived from the original on August 8, 2009. Retrieved May 8, 2007.
  18. ^ "ButtUgly: Main_blogentry_010507_1". Archived from the original on July 1, 2024. Retrieved May 20, 2009.
  19. ^ "Protected Blog Login « WordPress.com". Archived from the original on May 19, 2007. Retrieved May 8, 2007.
  20. ^ Edward Felten (May 3, 2007). "Why the 09ers Are So Upset". Freedom to Tinker. Archived from the original on September 23, 2008. Retrieved January 8, 2007.
  21. ^ Ken Fisher (January 26, 2007). "AACS key revoked". Ars Technica. Archived from the original on May 10, 2007. Retrieved May 2, 2007.
  22. ^ Hal Finney (May 3, 2007). "Hal Finney on 'AACS and Processing Key'". Archived from the original on September 28, 2007. Retrieved May 18, 2007.
  23. ^ Muslix64 (December 26, 2006). "BackupHDDVD, a tool to decrypt AACS protected movies". Doom9's Forum. Archived from the original on March 22, 2007. Retrieved April 9, 2007.{{cite web}}: CS1 maint: numeric names: authors list (link)
  24. ^ Intel Corporation; International Business Machines Corporation; Matsushita Electric Industrial Co., Ltd.; Microsoft Corporation; Sony Corporation; Toshiba Corporation; The Walt Disney Company; Warner Bros. (July 25, 2006). "Advanced Access Content System (AACS)" (PDF). Archived from the original (PDF) on February 9, 2007. Retrieved April 9, 2007.
  25. ^ "HD DVD Content Protection already hacked?". TechAmok. December 28, 2006. Archived from the original on September 10, 2023. Retrieved January 2, 2007.
  26. ^ Muslix64 (January 2, 2007). "BackupHDDVD, a tool to decrypt AACS protected movies". Archived from the original on September 29, 2007. Retrieved April 9, 2007.{{cite web}}: CS1 maint: numeric names: authors list (link)
  27. ^ kad77 (January 13, 2007). "Decryption Keys For HD-DVD Found, Confirmed". Slashdot. Archived from the original on July 1, 2024. Retrieved April 9, 2007.{{cite web}}: CS1 maint: numeric names: authors list (link)
  28. ^ Reimer, Jeremy (January 15, 2007). "First pirated HD DVD movie hits BitTorrent". Ars Technica. Archived from the original on January 22, 2009. Retrieved June 14, 2017.
  29. ^ "Hi-def DVD security is bypassed". BBC. January 26, 2007. Archived from the original on February 3, 2007. Retrieved January 26, 2007.
  30. ^ arnezami (February 11, 2007). "Processing Key, Media Key and Volume ID found". Doom9's Forum. Archived from the original on May 4, 2007. Retrieved May 4, 2007.
  31. ^ jx6bpm (March 3, 2007). "PowerDVD private key". Doom9's Forums. Archived from the original on September 29, 2007. Retrieved April 9, 2007.{{cite web}}: CS1 maint: numeric names: authors list (link)
  32. ^ "HD DVD, Blu-ray protection in question after attacks". InfoWorld. April 16, 2007. Archived from the original on July 1, 2024. Retrieved November 11, 2012.
  33. ^ Rick Merritt (May 3, 2007). "The real casualty in high def DVD revolt". EETimes. Archived from the original on July 1, 2024. Retrieved November 11, 2012.
  34. ^ Ryan Paul (May 17, 2007). "Latest AACS revision defeated a week before release". Arstechnica. Archived from the original on May 19, 2007. Retrieved May 17, 2007.
  35. ^ BtCB (May 23, 2007). "You Can Own An Integer Too". Freedom to Tinker. Archived from the original on January 31, 2013. Retrieved December 12, 2012.
  36. ^ arnezami (May 30, 2007). "New Processing Key found!! (MKB v3 is now open)". Doom9's Forum. Archived from the original on June 1, 2007. Retrieved May 30, 2007.
  37. ^ Davies, Greg (May 3, 2007). "The Aftermath of the Digg Revolt: What now?". TheTrukstoP.com. Archived from the original on October 11, 2007. Retrieved May 3, 2007.
  38. ^ "DMCA Takedown Notice". April 17, 2007. Archived from the original on May 1, 2007. Retrieved May 2, 2007.
  39. ^ "AACS Takedowns Backfire". May 1, 2007. Archived from the original on May 4, 2007. Retrieved May 2, 2007.
  40. ^ a b Rhysider, Jack. "Ep 16: Elijah". Darknet Diaries. Jack Rhysider. Archived from the original on May 12, 2018. Retrieved May 11, 2018.
  41. ^ "Digg.com Attempts To Suppress HD-DVD Revolt". Slashdot. May 1, 2007. Archived from the original on July 1, 2024. Retrieved May 2, 2007.
  42. ^ a b Andy Greenberg (May 2, 2007). "Digg's DRM Revolt". Forbes. Archived from the original on May 4, 2007.
  43. ^ Kevin Rose (May 1, 2007). "Digg This: 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0". Digg the Blog. Digg Inc. Archived from the original on May 4, 2007. Retrieved May 2, 2007.
  44. ^ a b "DVD DRM row sparks user rebellion". BBC. May 2, 2007. Archived from the original on May 16, 2007. Retrieved May 2, 2007.
  45. ^ Marcus Yam (May 2, 2007). "AACS Key Censorship Leads to First Internet Riot". Archived from the original on October 6, 2008. Retrieved October 29, 2008.
  46. ^ Alex Pham; Joseph Menn (May 3, 2007). "User rebellion at Digg.com unearths a can of worms". Los Angeles Times (latimes.com). Retrieved May 4, 2007.
  47. ^ a b Stephanie Francis Ward (May 11, 2007). "It's No Secret: Code Stirs Up a Web Storm: Lawyers question whether Web site can be forced to remove posts". ABA Journal. Archived from the original on June 23, 2007. Retrieved May 11, 2007.
  48. ^ "Spread this number". April 30, 2007. Archived from the original on May 2, 2007. Retrieved May 2, 2007.
  49. ^ Tim Starling (May 2, 2007). "HD DVD key and the spam blacklist". WikiEN-L mailing list. Archived from the original on June 19, 2014. Retrieved May 4, 2007.
  50. ^ Mike Masnick (May 2, 2007). "AACS Discovers The Streisand Effect: The More You Try To Suppress Something, The More Attention It Gets". Archived from the original on May 4, 2007. Retrieved May 3, 2007.
  51. ^ "Photoshop Rebels Rip Great HD DVD Clampdown". Wired News. May 3, 2007. Retrieved May 3, 2007.
  52. ^ "AACS LA: Internet "revolt" be damned, this fight is not over". Ars Technica. May 4, 2007. Archived from the original on May 8, 2007. Retrieved May 4, 2007.
  53. ^ Stevens, R. (May 10, 2007). "Kill Me Three Times, Shame On Rasputin". Diesel Sweeties. Archived from the original on May 13, 2007. Retrieved May 10, 2007.
  54. ^ David Woodhouse. "Increase slab redzone to 64bits". kernel.org.
  55. ^ Chengming Zhou. "slab: delete useless RED_INACTIVE and RED_ACTIVE". kernel.org.
  56. ^ Thomas Claburn (May 2, 2007). "HD DVD Blu-Ray Decryption Key Widely Posted Online". Information Week. Dark Reading. Archived from the original on June 10, 2007. Retrieved May 3, 2007.
  57. ^ Mann, Justin (May 1, 2007). "AACS LA tells Google to stop indexing hack - or else". TechSpot. Archived from the original on May 3, 2007. Retrieved May 5, 2007.
  58. ^ "AACS licensor complains of posted key". Chilling Effects. April 17, 2007. Archived from the original on May 5, 2007. Retrieved May 5, 2007.
  59. ^ Musil, Steven (May 2, 2007). "Unhappy Digg users bury site in protest". CNET. Archived from the original on June 16, 2011.
  60. ^ "Digg reluctantly bows to user demands". NBC News. May 2, 2007. Archived from the original on July 1, 2024. Retrieved April 17, 2020.
  61. ^ Jesdanun, Anick (May 9, 2007). "Users rebel at user-recommendation site". Fox News. Associated Press. Archived from the original on May 9, 2007.
  62. ^ Verne Kopytoff (May 3, 2007). "User revolt at Digg.com shows risks of Web 2.0". The San Francisco Chronicle. Archived from the original on May 5, 2007. Retrieved May 3, 2007.
  63. ^ Tom Spring. "Mob's Win is Digg's Loss". Archived from the original on May 4, 2007. Retrieved May 3, 2007.
  64. ^ John Carroll. "A Digg riot and AACS". Archived from the original on May 4, 2007. Retrieved May 3, 2007.
  65. ^ It’s No Secret: Code Stirs Up a Web Storm
  66. ^ Dvorak, John C. (May 3, 2007). "Digg's DVD-decoder fiasco: Lawyers' efforts can be counterproductive". Dow Jones MarketWatch.
  67. ^ Carter Wood (May 3, 2007). "Intellectual Property Dust-Up: Digg". Archived from the original on May 5, 2009. Retrieved August 7, 2008.
  68. ^ Buchanan, Matt (May 2, 2007). "Breaking: Digg Riot in Full Effect Over Pulled HD-DVD Key Story". Gizmodo. Archived from the original on May 4, 2007. Retrieved May 4, 2007.
  69. ^ Berger, Adam (May 2, 2007). "HD-DVD cracked, Digg users causes an uproar". Gadgetell. Archived from the original on January 6, 2008. Retrieved May 4, 2007.
  70. ^ Beal, Andy (May 2, 2007). "Rose Hands Over Digg Control". WebProNews. Archived from the original on May 4, 2007. Retrieved May 4, 2007.
  71. ^ Lane, Frederick (May 2, 2007). "Digg This: Web 2.0, Censorship 0". Newsfactor.com. Archived from the original on May 9, 2007. Retrieved May 4, 2007.
  72. ^ Singel, Ryan (May 3, 2007). "HD DVD Battle Stakes Digg Against Futility of DRM". Wired News. Archived from the original on October 1, 2008. Retrieved May 3, 2007.
  73. ^ Zuckerman, Ethan (May 3, 2007). "Does The Number have a lesson for human rights activists?". Worldchanging. Archived from the original on May 8, 2007. Retrieved May 5, 2007.
  74. ^ Newitz, Annalee (May 23–29, 2007). "Number game". Metroactive. Archived from the original on June 8, 2007. Retrieved May 24, 2007.
  75. ^ Conor Knighton (May 3, 2007). "Can You Digg It?". Archived from the original on May 7, 2007. Retrieved May 5, 2007.
  76. ^ Boutin, Paul (May 1, 2007). "Wikipedia Locks Out "The Number"". Wired. Archived from the original on July 24, 2010. Retrieved July 5, 2010.
  77. ^ "All Public Logs | Talk:HD DVD | Wikipedia". Archived from the original on January 8, 2024. Retrieved February 8, 2017.
  78. ^ "All Public Logs | 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 | Wikipedia". Archived from the original on November 25, 2023. Retrieved February 8, 2017.
  79. ^ "Home : AACS - Advanced Access Content System". AACS LA. Archived from the original on July 24, 2008. Retrieved May 10, 2007.