> The truly amazing thing about this case is that the > "crime" would not have occured if the studios had used > decently-strong crypto. It's ironic that in an age when > for cryptographers enjoy a historically-unprecedented > lopsided advantage over cryptanalysts, the industry > adopted a system that could be cracked by amateurs. > This probably wasn't simply due to stupidity in the > industry; it is more plausibly attributed to stupidity > in the US export regulations which induced the industry > to use 40-bit keys.
Actually, the scheme was invented in Japan, and the "predecessor-in-interest to the DVD-CCA", Matsushita, designed it to be weak because Japanese export laws prevented the export of more than 40-bit encryption. The US had pressured Japan to impose 40-bit crypto export controls. The Japanese laws didn't change, even after EFF's Bernstein lawsuit and commercial firms' political pressure forced US policy to become sensible. Last I heard, crypto export is still a morass in Japan. > US law is not the same as Norwegian law. You should > not imagine that this case sets a precedent for US > courts. Correct, but. One of the basic prongs of the entire DVDCCA "trade secret" series of cases was that the reverse-engineering had been illegal in Norway. If it wasn't illegal to do it, it wasn't illegal to reproduce the results of it. Since Norwegian courts have determined that it wasn't illegal to reverse-engineer it, there is no case against any of the defendants. Like Matt Pavlovich, Andrew Bunner, and many dozens of other people who DVDCCA have been trying to drag into California courts. You may not have noticed, but EFF and its pro-bono partners have been spending major time on winning these cases. The Norwegian decision will make it much easier. > For "normal" products, market segmentation is neither > forbidden by law nor protected by law. ... The law is silent on > the issue. This is false. Market segmentation by country is deliberately outlawed by "free trade" laws and treaties, which exist to benefit consumers by letting them import whatever products they want from other countries. For example, in New Zealand, the DVD region-code system was found to violate their free-trade laws, and therefore New Zealand never permitted one-region players to be sold there. The Coors brewery tried to limit distribution of their beer to certain Western states. They failed. My local liquor store in Washington, DC made a ton of money bringing in semi-loads of Coors, in violation of Coors company policy, and selling them to thirsty expatriate Rocky Mountainers. Similarly, the US Supreme Court recently struck down laws in many US states that prohibited the interstate purchase of wine and other products. These laws were all designed to benefit local producers, at the expense of local consumers. Most of these laws were wrapped up in a cloak of "consumer protection against shoddy products" or "protection of minors" but it was easy to pierce that veil to see the monopoly interest. (This is not to say that market segmentation is dead in the US! Many continue. The federally supported "Milk Compact" deliberately segments the New England market and costs consumers of milk many billions of dollars per year. The federal DMCA has nothing to do with protecting copyrights and everything to do with protecting monopolies, as the judge agreed in the 2600 case. Many state and local laws continue to restrict entry into fields such as lawyering, surveying, haircutting, and even carpentry ("union shop" laws). Producers are always looking for political opportunities to outlaw their competition, and there are always corrupt people inside governments, who are happy to oblige.) > We should try to avoid overwrought arguments about the > "morality" of market segmentation and/or arbitrage. Unfortunately you set the wrong tone by starting as apologist for it. > In fact it is easy to demonstrate that _some_ market > segmentation is good for society as a whole. The kind of segmentation your graphs rely on can easily be created by *time* segmentation. Producers start off charging high prices for their goods, and then gradually reduce the prices as they ramp up volumes, pay off their startup costs, learn the desires of their market better, etc. This gets the social benefit you desire, without propping up any artificial forms of segmentation. Of course, there are always people who will claim that people aren't free to change their prices up or down over time. (After the earthquake, according to those folks, bottled water should sell for the same price as before, even if at that price the entire supply has sold in two hours, to the people who value the water least.) > The closest they could come was to make it slightly hard > to get a _multi-region_ player. The manufacturers of > player hardware had to do the studios' bidding because of > the the controversial (to say the least) "anti-circumvention" > provisions of the 1998 "DMCA" law. That's not actually true. Several years before the DMCA passed, the legal control structure was in place. The studios got a couple of manufacturers (including Matsushita) to design an encryption system (CSS). The companies & studios set up a licensing entity that would issue CSS licenses to manufacturers of DVD players, makers and operators of DVD pressing equipment, and copyright holders. These licenses were relatively cheap to buy, but imposed most of a hundred pages of restrictions on what the licensees could do. One thing that they could NOT do is to build multi-region players. Manufacturers were free to build DVD players that would play UNencrypted disks, without signing any license with Matsushita or the DVDCCA. But since Hollywood was only releasing encrypted disks, any manufacturer who didn't play along would have useless products (at least until DVD Recorders came along a few years later, allowing consumers to record things of their own making on unencrypted disks). Thus, the control was via a contract that manufacturers, studios, and pressing plants had to sign in order to get access to the trade secrets required to interoperate. That contract contained many specific provisions that prohibited unencrypted digital outputs, required the no-fast-fowarding crap and region codes, and had many other anti-consumer features. The licensing entity was a subsidiary of Matsushita. The licensing authority was only transferred to the DVDCCA a few weeks before the lawsuits started. Apparently Matsushita didn't want to be known as the heavy who was suing everybody (they succeeded in keeping their name out of EVERY ONE of the cases and out of the press). And it probably looked better for the licensing organization to be a "California nonprofit" rather than a "Japanese megacorp", particularly when trying to sue competitors under California law, claiming damage in California. Such a license would only survive until the trade secret was reverse engineered, which is legal to do in almost all jurisdictions. But most of the parties likely to benefit from that reverse engineering had already agreed to the license. And anyone with no money, but who had not yet published the secret, could be tied in knots for years by overpaid studio lawyers. It took the free spirit of honest technologists who refused to sign restrictive licenses, and who believe in open publication of scientific and technological ideas, to do the hard work of reverse engineering that benefited all DVD consumers. And on them has fallen the punishment of years of harassment and uncertainty by the studio mafia. (You'll note that even after CSS was broken, the industry didn't stop pressing DVDs, and continues to make increasing billions of dollars from making and selling them. While the breaking of CSS benefited consumers, it did not harm producers. As usual, the producers' fears were overblown ghosts, just as in the Betamax VCR situation.) Just in case somebody came along to cater to the market of consumers who wanted restrictionless players, the studios and their buddies in other monopolies paid off politicians to pass the DMCA. But they were releasing DVDs and players long before it passed. It was a belt-and-suspenders strategy. > I repeat, the practical issue in this case was never about > cheating the studios out of their per-disk royalties on > DVDs. This is probably also false. The reason is that today you can't get consumer DVD recorders that will let you record encrypted DVDs. Their firmware refuses to write in the key area of the disk, and the blank disks are shipped with the key area obliterated. (And, DVD readers will only let you read out the keys from a disk after you've reverse engineered some simple bits that the industry wouldn't reveal.) So you can't do any bit-for-bit copying of DVDs unless you have a very expensive (and restrictively licensed) DVD mastering press. How this lack of bit-copying ability came to be, we haven't unearthed yet. No other major computer storage technology has lacked it (though every medium invented since then has tried to shoehorn it in -- even hard disk drives!). The patents on DVD recording technologies are owned by another consortium, and they were probably pressured by Hollywood into putting this condition into their licenses. Apple, the first major computer company to release a DVD recorder, was notoriously silent on the whole subject, while their monster "Rip. Mix. Burn" billboards tried to create the opposite impression among consumers. Since the keys would get lost in the transfer, consumers wouldn't be able to make copies of DVDs for backup or for their friends, the way they can back up CDs, mix songs from different CDs, transfer them into their preferred formats like MP3 on hard drives, etc. The cracking of CSS has made all of those applications possible. For this we must thank the always innocent Mr. Jon Johansen, and also particularly Frank Andrew Stevenson, who cryptanalyzed CSS and made player keys unnecessary, and the LiViD project, which turned their early prototypes into point-and-click free software for Linux. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]