The Ethics of Releasing the DeCSS Codes

by Larry Estrada and Steven Stegman

Abstract

This document contains the following sections:

  1. Argument for banning DeCSS.
  2. Argument against banning DeCSS.
  3. References


Arguments for Banning the Distribution of DeCSS

DeCSS is a tool that will undoubtedly be used to violate reasonable copyright laws.

By unleashing the DeCSS algorithm, the hackers have given the public a tool with which to break not only the laws of the United States but what society holds as reasonable rights of the author. The primary purpose (de facto intent) of the DeCSS algorithm is to allow for unauthorized use of DVDs, and as a result, it should be banned, because it is designed to allow illegal activity. Like Napster, lock picks, virus-creation software, or any other tool that is generally used in an unethical manner, its release into the public domain opens the door to crime and tempting people to break the law by making it significantly easier. This argument, almost one of potential for entrapment of the average citizen, is similar to the one of Napster, where, by enabling the public to do something, they encourage them to act unethically.

If you cannot control how people use something that you own (protect it), then it has no value to you.

The movie producers own the copyrights to the DVDs, and therefore, the rights to control how the movies are distributed. If someone does not agree to their terms, he can choose not to buy a DVD; however, choosing to defeat their distribution system is clearly unethical.

Any company with a legitimate need to decrypt DVDs could license the needed technology for free.

DVDCCA (http://www.dvdcca.org), the consortium responsible for the standard, is more than willing to license the technology for any legitimate use, including a DVD player for Linux. In fact, Sigma Designs (http://www.sigmadesigns.com) and Intervideo (www.intervideo.com) each already has a license for this purpose÷creating a legal linux DVD player The claim that "DeCSS was necessary to create a linux DVD player" is completely invalid÷the first DeCSS program was for Microsoft Windows, an operating system with ample DVD players, albeit ones with region codes.

It is to the advantage of the DVDCCA to have as many licensed DVD software writers as possible, since they create the systems that the consumers must have in order to have a use for their DVDs and therefore buy them.

Just because the encryption was breakable does not mean that DVDCCA is responsible.

Any encryption scheme will eventually be breakable. The CSS system was limited by export restrictions on encryption technology by both the United States and Japan. However, even if the system were easily breakable, that is no excuse as to why it should be. This is equivalent to considering a hacker who broke into a poorly protected server and steals credit card numbers totally free of any responsibility. In a perfect world filled with totally ethical people, there would be no need for CSS encryption and weak encryption would be all that would be required. Although the DVDCCA perhaps pragmatically should have made CSS stronger, that does not in any wa

Just because there are other methods to copy DVDs does not make DeCSS ethical.

This is completely faulty logic. Although there are other DVD duplication methods, such as bit-by-bit direct copying and stamping, this in no way makes creating another, significantly more convenient and potentially more often used method ethical. In any case, DeCSS does significantly more than merely allow copying. It defeats the regional coding system, which is also unethical.

DeCSS releases a trade secret to the public.

By putting the algorithm into the public domain, the hackers took the consortiumās trade secret, which they were using to protect their data, and made it ineffective. This is illegal and analogous to posting someoneās credit card number on the wall; by doing so, one releases private information to the public, which encourages unethical behavior. If, for example, the code was not "cracked", but instead "leaked" by an unethical employee, it would clearly be immorally gained. There is no reason why the same logic should not apply to the DeCSS case, since it was found as a result of a mistake in the encryption of a specific DVD player, Xing.

Posting a link to DeCSS, encoding DeCSS into a picture or performing it to music are not acceptable.

If this were true, it would be ethical to hyperlink to child-pornography sites, etc. Clearly, providing a link to the information (or the information in another, easily convertible format) is functionally equivalent to providing the information itself and is just as unethical.

Even though it currently costs about twice as much to illegally copy a DVD as it does to buy a legal copy, it is still unethical.

As typical in the computer industry, prices of media and media duplication equipment will drop dramatically. For example, the first CD-R disks cost about as much as the commercially produced CDs did, and the writable drives cost thousands of dollars. Today, only a few years later, blank CDs now can be bought for less than a quarter each and CD-R drives cost under $150. Cost is not an excuse/justification, especially when the technology is evolving at such a fast pace.

Regional Playback Codes are necessary.

The movie industry releases movies into different theatres at different times. By adding regional playback codes, the consortium is able to release a movie to DVD while it is still playing in the theatres of other regions. Acceptance of DeCSS will cause DVD producers to wait until the movies have finished playing around the world before they release them on DVD.

Acceptance of DeCSS is bad even for the consumer who doesnāt use it

By increasing the amount of DVD piracy and causing the consortium to lose control, the hackers will increase the price of legitimate DVDs. In addition, the next generation of DVD players will have to have a more complex and therefore more costly encryption system, which will also raise prices for consumers. Beyond that, by releasing and using the algorithm, the hackers have cost the industry thousands in litigation costs.

By far the biggest cost to the consumer of releasing DeCSS will be the delays in releasing movies to DVD for fear that they will be copied.

Acceptance of DeCSS is bad for the consumers who use it.

DeCSS encourages these people to commit unethical deeds; being an accomplice or accessory is bad in and of itself. Beyond that, use of DeCSS could encourage consumers to commit acts that are even more immoral, acting as a gateway into other activities, including types of theft.

The Digital Millenium Copyright Act forbids the manufacture or trafficking of devices that circumvent technical protection measures. Since creating DeCSS is illegal, and disobeying laws without just cause is immoral, therefore, creating DeCSS is immoral.

Arguments Against Banning the Distribution of DeCSS

There are a number of arguments that can be promulgated in opposition to banning decryption efforts. The ambiguity of the situation lends itself to many interpretations and, in turn, regulatory practices can be scrutinized from many different angles. Listed are the most salient reasons offered:

References

http://www.cs.cmu.edu/~dst/DeCSS/index.html

Excellent site with good general info

http://www.counterpane.com/crypto-gram-9911.html#DVDEncryptionBroken

Cyptographic details

http://www.2600.com/news/1999/1227-mot.pdf

Legal injunction

http://slashdot.org/interviews/00/02/04/1133241.shtml

Interview with Jon Johansen

http://www.infoworld.com/articles/op/xml/00/09/11/000911oppetreley.xml

Infoworld editorial

http://www2.linuxjournal.com/articles/currents/016.html

DMCA and DeCSS

http://www.linuxnews.com/stories.php?story=99

DeCSS and Napster

http://www.cs.cmu.edu/~dst/DeCSS/object-code.txt

Actual object code

http://www.dvddemystified.com/dvdfaq.html#4.8

General DVD FAQ