CSS Demystified

Since DVDs are a digital medium, they are different from laser discs and videocassettes in that they can potentially be copied to an analog source such as a videocassette (which is what Macrovision prevents), or digitally to a file. Since a digital copy would preserve the Macrovision control codes, it could technically be copied any number of times with no loss in playback quality or playability. Without a digital copy protection scheme for DVDs, it would be easy to imagine a campus where every DVD-ROM has a DVD movie in it, all the drives are shared, and a library of several thousand movies is readily available for pirating among a student body. To combat such a dystopic vision, the DVD Copy Control Association created CSS (the Content Scrambling System) to make digitally copying DVDs impossible.

Technology

CSS is a relatively simple encryption technology: essentially, each disc is encrypted with a 40-bit key that is generated for each movie. At the front of the disc, this key is encrypted by many keys representing possible keys for your DVD player. When the disc is inserted, the DVD player will iterate through its internal keys, trying to match them to the 400+ keys on the disc. Once a suitable match is found, the disc key can be used to decrypt the contents of the disc. Rather than covering CSS mangling and hashing in detail, Frank Stevenson's Cryptanalysis of Contents Scrambling System provides an excellent description of the CSS algorithm.

Problems

The largest problem with the CSS algorithm is that player keys must be licensed from the DVD Copy Control Association before players can be made. This has been most directly felt by users of the Linux operating system - since no licensed software or hardware-based DVD players exist for Linux, it is impossible to play DVDs on it. Fans of the Linux operating system view this as a direct limitation of their right to access media that they have legally purchased, and many good arguments supporting this position can be read on an almost daily basis on Slashdot. Additionally, CSS is plagued by the technical fact that as an encryption algorithm, it is incredibly weak. As Mr. Stevenson describes on his web site, only 2²⁵ (33,554,432) comparisons are needed to locate a player key, allowing for real-time brute-force decryption hacks to actually be feasible for DVDs. The combination of users' desire for uninhibited access to their DVDs, and a crackable encryption system led to one of the biggest battlefields involving the DMCA and intellectual property ever created:

DeCSS

On November 12, 1999, Norwegian 16 year-old Jon Johansen released a program that accomplished what all Linux users had been hoping for since DVD's introduction: a program that would allow Linux users to finally play DVDs on their operating system of choice. However, rather than performing brute-force cracking of CSS, his program (DeCSS) made use of the XingDVD software DVD player key - Xing Corp. made the mistake of not encrypting the player keys for their Windows-based DVD player, allowing the entire world to use their keys to decrypt DVDs. DeCSS allowed users to copy the video and audio streams from a DVD to a hard disk or other high-capacity drive, defeating all digital copy protection and encryption. These files could then be played back in a standard MPEG2 video player under Linux, eliminating the need for the dual-boot setups that many Linux owners currently have.

Unfortunately, because DeCSS disables the CSS copy protection on DVDs, it allows for unauthorized accesses, making its very existence illegal. On January 25, Jon and his father were arrested during a raid and thrown into a Norwegian jail.

The DMCA's role in all this

It is unlikely that such a sad series of events would have happened had the DMCA not been created. Under section 1201(a), DeCSS' existence is indeed illegal; however, as Prof. Yochai Bankler at New York University Law School points out, if the judge involved in DeCSS lawsuits in the United States is correctly interpreting that portion of the DMCA, the DMCA effectively removes fair use. It used to be that a user would be able to do anything with a legitimately purchased movie, except copy it for other people. This could involve lighting it on fire, playing it in reverse, and yes, even copying it for archival or dubbing it to PAL. The DMCA's wording:

No person shall circumvent a technological measure that effectively controls access to a work protected under this title.

very clearly states that the MPAA is allowed to tell you how you can use the DVDs that you buy.