On Digg and 0F...

May 02, 2007 17:56

< Xerol> holy shit the internet's going to be gone by morning

I wrote this up last night, but I wanted to let it stew for a bit before I posted.

If you have checked Digg any time in the past 24 hours, you have probably seen some part of the HD DVD encryption key firestorm. If not, I'll just give an overview of what this whole thing is all about.

High definition DVD (HD DVD) is one of two optical disc formats competing to be the successor to DVD, along with Blu-ray Disc. Compared with standard DVD's 4.7 GB capacity per layer, HD DVD can store 15 GB of data per layer. In order to play HD DVD discs, you cannot use a standard DVD player; because an HD DVD laser uses light with a 405 nm wavelength instead of DVD's 650 nm, you need a special player that can actually access the HD DVD content.

Another reason is the integration of a copy protection system called Advanced Access Content System (AACS). Content on HD DVD discs is encrypted, and each HD DVD player has a unique set of decryption keys that it uses in order to decrypt the data. If at any time the AACS Licensing Administrator, LLC (AACS LA) determines that a player's keys are compromised, the AACS LA can revoke those keys, so that they cannot be used by other players to access content. As a result, the original player is hosed.

What appeared on Digg yesterday was the 128-bit "processing key," the first byte of which appears in the title of this entry. Based on how the different types of keys are calculated and used in AACS for encryption, it is possible to use this key to copy the content from just about any currently released disc using the publicly specified algorithms in the AACS Introduction and Common Cryptographic Elements book. And unlike leaked device keys, there's absolutely nothing the AACS LA can do about this. Of course, they could change the key to another value to protect future disks, but discs that have been already pressed will remain vulnerable. Further, the exact same exploit used to find the current processing key could again be used to find the new one unless the entire encryption scheme is changed.

Basically, AACS is broken.

Now, since the rest of this post will probably make it appear otherwise, let me be clear: I do not support AACS, and would certainly love to live in a DRM-free world. If I can find a decent-looking shirt with the processing key on it that's made by an online store that makes quality products, I might even buy one. (My older brother had this amazing-looking shirt that had part of the DeCSS source code on it.)

On February 11, arnezami at Doom9's Forum found the processing key using a DVD of King Kong. Yesterday, this key was posted on Digg, where it was dugg to the front page. The story was then deleted, and the user who submitted it was banned. In a furor, Digg users submitted stories containing the key en masse, upvoting those stories and downvoting other ones so that only AACS stories would appear on the front page. A user named Dinosaur Lightning even created a song titled "Oh Nine, Eff Nine."

Common to these new stories were cries of censorship, as, like the original story, these too where deleted and their submitters were banned.

"DiggNation is sponsored by the HD DVD Promotion Group! THEY'RE PART OF THE ESTABLISHMENT"

"What do you mean that you were served a cease and desist letter? FIGHT THE POWER"

"The Terms of Use forbid us to submit these stories? YOU MUST BE COMMUNISTS"

But right there, in the Terms of Use, Digg not only says that users should not use Digg to do anything illegal, but also that Digg can remove any stories and accounts for any reason, including but not limited to cease and desist letters:

USER CONDUCT

As a condition of use, you promise not to use the Services for any purpose that is unlawful or prohibited by these Terms of Use, or any other purpose not reasonably intended by Digg.

By way of example, and not as a limitation, you agree not to use the Services:

. . .

3. for any illegal or unauthorized purpose. If you are an international user, you agree to comply with all local laws regarding online conduct and acceptable content;

. . .

6. to violate any laws in your jurisdiction (including but not limited to copyright laws);

. . .

Digg may remove any Content and Digg accounts at any time for any reason (including, but not limited to, upon receipt of claims or allegations from third parties or authorities relating to such Content), or for no reason at all.

Be honest for a minute: when was the last time you actually read, read the terms of service of a piece of software or website before agreeing to them? I'm sure there are conscientious folks out there who always completely understand what they are getting themselves into with these legal agreements, but I would wager that most of us, myself included, breeze through them without a second glance, simply clicking the "I agree" radio button and proceeding:



Whether or not you read it, by "checking a fucking box," you agreed to it. If you don't agree with Digg's policies, by all means change your account password to a random string that you don't write down or memorize, log out, and never return. But when you're surfing in Digg's intertubes, you have to follow their surfing guidelines.

More pernicious are the users who threatened virtual walkouts. "It's the users who make the site what it is," they cried, "so if you don't let us post what we want, we'll all leave and your site will become useless." I unfortunately didn't have the presence of mind to record any of these comments, which have since been deleted, but suffice it to say that comments of this ilk, with varying levels of proper spelling and grammar, were commonplace. Elijah Horton expresses the viewpoint rather well:

Was it worth it? Respect is an intangible thing, for sure, certainly not as real and solid as a lot of that venture capital money that you’ve been lusting over, but it was all that your community was built on. Was it worth losing the respect of hundreds of your most passionate members, just to keep a mindlessly idiotic organization off your back? I think you’ll discover rather quickly that it wasn’t, and if this post ends up going MIA from your site, than you can kiss this former member goodbye forever.

NOTE

This has very little to do with a silly hack, it’s the fact that digg has placed the nonexistent rights of a shill organization over the hard-earned respect of their members. That’s what all the outrage is about!

In his eyes, the legal rights of the AACS LA are less important than respect. From a morality standpoint, perhaps, but it's not he to whom the legal threats were addressed. Legal bullying or not, the fact remains that the processing key was posted intentionally, with the express purpose of circumventing AACS. From §1201 of the Digital Millennium Copyright Act:

"(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-

"(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

The extent to which this applies to a 128-bit key is debatable and would certainly be argued in court if this matter reaches that far. But people arguing "it's just a number" are dead wrong: after all, books are just a bunch of letters, but these are copyrighted all the time.

So, we have people who are loud and obnoxious, cannot read, and feel personal preference and convenience supersede legal rights. If you were one of the Digg staff members, are these really the types of users you'd want? Digg might be better off without members who think that "for the users" means "for those of us who feel we are entitled to publicly thumb our noses at copyright law."

However, Kevin Rose acceded to his users:

But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be.

If we lose, then what the hell, at least we died trying.

Am I the only person who sees an ironic twist in his words? Digg users rejoiced with such comments as "It is now safe to praise Kevin Rose again" and "There is a God... and it's Kevin Rose." To me, however, he said, "Okay, fine. We'll do it your way. But if we lose and Digg goes down, this is on your heads, not mine."

Even if this is not what Kevin Rose was implying, it is certainly true anyway. If this fiasco results in Digg being shut down, Digg users have no one but themselves to blame.
Previous post
Up