washingtonpost.com
Movie Keystroke Cops

By Rob Pegoraro
Thursday, May 10, 2007

Some of Hollywood's more aggressive lawyers are learning a painful lesson: The Web doesn't have a delete key.

That lesson was especially humiliating for them last week, when a key that could unlock copyright protections on some high-definition movie discs became Topic A on the Web -- precisely because a movie industry trade group tried to squelch any mention of it.

In this case, they've made that 32-character sequence so popular that it only takes a search for its first few characters -- "09 f9" -- to yield about a million and a half pages with the full text.

On its own, this key does nothing. You'd have to write a program around it to start copying high-def movie discs. The exposed key would only unlock the ones made before April, and furthermore, nobody's offering such a program yet. And hardly anybody would benefit, anyway: The two high-def formats, HD-DVD and Blu-ray, have been greeted with a yawn by the market, thanks to their high cost and a limited selection of movies.

But not everything that happens online has anything to do with economics or technology. Sometimes, people just don't like getting boxed in by The Man.

The Man, in this case, is a trade group of movie studios and electronics firms called the Advanced Access Content System Licensing Administrator, which controls who can use the copy-restriction system employed in both HD-DVD and Blu-ray.

The system this group developed, called AACS, was supposed to resist the hacks that have gutted the copy controls of regular DVDs, but attacks on the new code soon emerged online. One of the most basic parts of this system was compromised in early February -- that 32-character key -- and soon after, the trade group's lawyers started firing off cease-and-desist notices to Web sites that had posted this code.

Under U.S. law, those notices aren't merely requests that can be ignored; the Digital Millennium Copyright Act makes it a crime to distribute tools that circumvent copy-control systems.

The administrators at one site, the popular news forum Digg.com, initially felt compelled to honor these demands and began yanking posting mentioning the code.

Digg.com's users were not amused. Over a day or so last week, they sent up more posting and comments than could be deleted, almost filling Digg's home page. Digg.com founder Kevin Rose soon posted an entry saying he'd changed his mind, writing in his blog, "We hear you, and effective immediately we won't delete stories or comments containing the code and will deal with whatever the consequences might be."

(A Digg.com spokesman said the site hadn't heard anything from the trade group since Rose's posting.)

People elsewhere found their own forms of protest, finding novel ways to depict the 32-character key by incorporating it into graphics, embedding it in songs or stamping it on T-shirts. A similar thing happened in 2000, when the Motion Picture Association of America tried to suppress the distribution of a code used to unlock regular DVDs.

The AACS licensing group says it recognizes the difficulty of its position but won't back down. Spokesman Michael Ayers (also an attorney for Toshiba) said the cease-and-desist letters would continue and suggested that even pictorial depictions of the key might not be exempt.

Ayers then expressed hope that the key would fade from the public mind. "It is unfortunate that there has been this . . . temper tantrum," he said in an interview Tuesday. "Hopefully we'll see the public interest in this subside back to a normal and reasonable level."

Thing is, the AACS group has already done everything necessary to stop the damage caused by the hack of its system. In April, it changed the key used on new discs, which Ayers said would protect those movies from being copied using the exposed key.

If this group had merely yanked that key and then shut up about the entire issue, it might have accomplished something. Instead, its clumsy attempts to wipe it off the Web have shoved the key into the headlines-- ensuring that any interested programmer has now discovered this "secret."

Even the MPAA now seems to know better than to waste its time going after Web sites that distribute software, much less raw source code. "The battle is lost on that front," said MPAA Internet anti-piracy director Craig Winter.

Instead, Winter said the MPAA devotes the bulk of its efforts to targeting widespread commercial piracy -- most of which doesn't take place over the Internet, and an overwhelming amount of which happens outside the United States.

At some point, the hardheads behind AACS may realize that they're creating new enemies-- and making a joke out of themselves in the process.

In the meantime, the spectacle of this group flailing away with cease-and-desist letters may wind up entertaining more people than all of the high-definition discs sold so far.

Living with technology, or trying to? E-mail Rob Pegoraro atrobp@washpost.com.

View all comments that have been posted about this article.

© 2007 The Washington Post Company