The system used to protect DVD-formatted movies from being copied--a feature that took years for the entertainment industry to agree on before it would green-light this popular technology--has been cracked.
A group of programmers has duplicated the software equivalent of a skeleton key and placed it on the Internet for anyone to download. Using this tiny program, anyone owning a personal computer with a DVD-ROM drive--an increasingly common feature--can unlock a DVD movie and record a perfect digital copy of it onto his hard drive.
DVD (digital video disc) is easily the biggest change in watching movies at home since since videotape. It projects a crisper, clearer image on the screen than tape, improving the picture much as the compact disc improved sound over that of traditional records. Almost 4 million DVD players have been shipped in the United States to date.
The news comes as a bad surprise to movie studios, which were relying on the technology's built-in encoding scheme to protect its DVD releases from piracy. This skeleton key software, called DeCSS, can work remarkably quickly; a Washington Post freelancer used it to duplicate a DVD of "Monty Python and the Holy Grail" within minutes.
This is not the first time DVD's security has been compromised; DVD's "regional protection" software, which was supposed to keep DVD players that are sold on one continent from playing digital video discs sold on another, has already been cracked repeatedly. But this exploit could be much more damaging.
The way the encryption system--referred to as "Content Scrambling System," or "CSS"--works is that each digital video disc carries a set of keys to unlock its data, while each DVD player comes with a key of its own and a CSS program to match the keys and unscramble the movie.
That CSS software is supposed to be encrypted itself, so that outsiders can't examine its workings. But XingDVD Player, a program from Xing Technologies, a subsidiary of RealNetworks Inc., reportedly left this CSS software unscrambled--somewhat like leaving an extra set of car keys on the passenger seat. A small team of computer programmers in Norway used this vulnerability to design the DeCSS software. A spokesman for RealNetworks did not have a comment at press time.
Phil Zimmerman, an encryption expert and the creator of the widely used encryption program PGP (short for "Pretty Good Privacy"), was not surprised to hear of the code-breaking. He said it was inevitable, both because DVD's encryption is relatively weak and because many companies in the industry have access to it. "It's a widely held secret. Many people would have to have the key. . . . which is like having no key at all."
Having the key carries no small measure of legal responsibility, however. A source in the DVD industry, who spoke on condition of anonymity, said that under the terms of a contract that hardware and software manufacturers are required to sign to use the CSS encryption technology, any company found to be at fault for security holes may be fined $1 million per infraction.
While the issue of piracy and "cracking" security programs is of great interest to the computing industry, it is not a concern to the average home user. Although recordable DVD drives are supposed to appear on the market next year, getting a pirated copy off of a computer today is difficult. And sending a copy around the Internet, in the way that songs are traded as MP3 files, is impractical, owing to the huge size of the resulting file--as much as 17 billion bytes of data.
Corey Wade, research director at Alexander & Associates, downplayed the impact of the DeCSS hack on the entertainment industry. "Despite the hype, I don't think a lot of people want to watch a movie on their computer," he said. "When they hear about this sort of stuff, people think it's going to change everything in five minutes, but your average person who goes to Blockbuster isn't going to be doing this."
But Jeff McNeal, editor of TheBigPictureDVD.com, a Web site that follows DVD news, sees the development as being of concern even to DVD fans who have no interest in pirating. "It was like pulling teeth to get major studios to commit to DVD in the first place," he said, noting that many hit movies have yet to be released on the medium. As he sees it, however, "studios have a lot of control over how much power they give pirates" by keeping the price of DVD releases down.
Marshall Goldberg, marketing director of Sigma Designs, a company that makes DVD cards and software used by companies such as Sony and Panasonic, agrees that the Norwegian team's coup may cause a great deal of hand-wringing in the movie industry: "We support copy protection for two reasons: one, we're required to, and two, because if studios don't feel comfortable releasing their movies on DVD, they're not going to do it. Nobody wants that. Not the consumer. Nobody."
Dave Migdal, a spokesman for Sony, said the issue of protecting the company's products against piracy is "critically important" and that the company is currently investigating the security problem. Sony is one of the founding members of the DVD Forum, which is the part of the group of hardware and software companies that originally approved the industry's standards for DVD technology. A spokesman for the Motion Picture Association of America declined to comment.