Copyright (c) 2002 Toby A Inkster.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
If you have ever asked:
- What's all the fuss is over the DMCA/EUCD about?
- Who exactly is Dimitri Sklyarov?
- What's CPRM? PGP? DeCSS?
then this is the Beginner's Guide for you! I'll try not to get too technical. At the end of each chapter is a helpful links section.
1. The DMCA and Her Lovely Sister
A good place to start this essay is probably with America's recently passed (1998) law, the DMCA and the similar law proposed in the EU, the EUCD.
The DMCA was pushed through congress, backed by a powerful lobbying group of record labels, movie studios and software companies. It was basically aimed at updating existing copyright laws for the digital era, but also gave content producers powerful new rights to control what consumers did with their legally-purchased content.
The most contravesial part of the legislation was the clause that says that if some content (for instance, a film, piece of music or document) is crippled by some form of copy-prevention mechanism, it is illegal to circumvent it. It is also illegal to publish information that describes how to circumvent the copy-prevention mechanism.
This clause makes it illegal for some cryptographers (people who study the science of codes) to give lectures or publish their findings in the USA. It also makes it illegal for programmers to write a program that, for example, allows blind people to translate an eBook that they have legally bought into braille (a language that blind people can read), unless the programmer gets permission from the company that invented the eBook format.
1.1. Where in the World is Dimitri Sklyarov?
Dimitri Skylarov did just that. He is a Russian programmer, working for a company called Elcomsoft. As part of his work for the company, he developed software that would translate an eBook into a different format. His work would have allowed the eBooks to be printed in Braille or even read to blind people.
Dimitri came to the USA for a conference and was arrested. Adobe, whose eBook format he had circumvented, have asked for the charges to be dropped, but as the charge is a criminal one (as against a civil lawsuit), this has had no effect.
1.2. DeCSS?
DVD (Little known fact: the letters DVD don't actually stand for anything!) films are encoded using a system called the Content Scrambling System (CSS - not to be confused with Cascading Style Sheets, which also abbreviates to CSS). CSS is region-specific. In other words, a DVD released in America (Region 1) will not play in a DVD player bought in Europe (Region 2). This system lets the movie studios release a film in different regions at different times, so they can target advertising campaigns, etc... in short, to make more money.
An anonymous person wrote source code to strip CSS from video information. Using this code, it would be possible to write programs to play DVDs on any computer. Before this code was written, people had to get expensive licenses to write programs that decoded DVDs. No free software could ever be written to play DVDs. The new code, DeCSS, changed everything!
Oh yes, one last mention - while the movie companies would have you believe that DeCSS is a tool for pirates, the truth is that you don't need to strip CSS code from a DVD to copy it - you an copy it with the CSS code still on it and the copy will play in any DVD player.
1.3. 2597, 2598, 2599, ...
Hacker magazine 2600 was only too happy to publish the source code to DeCSS on their website. The movie companies ordered them to remove this information from the site under the authority of... you guessed it... the DMCA.
The case is ongoing, but the courts appear to be siding with the movie companies.
Update: The courts have sided with 2600 - posting source to DeCSS is now rightfully protected free speech.
Find Out More
The DMCA
National Security and Individual Freedoms: How the DMCA Threatens Both
First Amendment - Void Where Prohibited
FSF: The Right To Read
The EUCD
Campaign For Digital Rights - Beware the EUCD!
Dimitri Sklyarov
Free Skylarov
The Register: Free Skylarov Now!
The Register: Adobe Folds!
DeCSS
Gallery of CSS descramblers
42 ways to distribute DeCSS
The 2600 Case
2600's own documentation of the court case
EFF: Active Legal Cases
The Register: Boffins back 2600 over DeCSS ruling
The Register: Public interest cited in DVD descrambler appeal
The Register: DeCSS arguments invoke free speech
2. Digital Rights: Rest In Peace
In October 2000, the British government passed some highly flawed legislation called RIPA designed to give the police and goverment increased surveilance powers on the Internet. It was rushed through before the HRA came to force, because it was known that it would violate the HRA.
2.1. Pick a Warrant... Any Warrant...
For the police to get a warrant to search your house, they need to show a judge sufficient evidence. However, the warrant system under the RIP Act is a little more relaxed. Although the wording of the legislation is a little unspecific, it appears that practically anyone can issue a policeman with a warrant - including senior police officers and any such other personas the Secretary of State may by order designate
.
In short, the Home Secretary can - for any reason - issue a warrant against anyone, and anyone with the Home Secretary's permission can do likewise. But you'd never know that...
2.2. Squealers
Under the RIP Act, it is illegal to tell someone that they have had a warrant issued to them under the act. There is no time limit on this - you can never be told.
2.3. Innocent Until Proven Guilty???
The RIP Act means that the police can force you to hand over decryption keys (the information that will decode an encrypted document). A sensible move to help prosecute drug dealers, child pornographers, etc... right? True, but...
As it stands, the burden of proof is reversed. If you've lost or forgotten your decryption key, then you could be liable for up to two years in gaol. You are considered guilty until proven innocent!
Also, if say a terrorist is being asked to decrypt a document, he could refuse and then be gaoled for just 2 years when he really deserves longer.
All in all, a thoroughly silly clause!
2.4. eCommerce
The UK's RIP bill of course threatens the status of all encryption in the UK - encryption that is vital to online credit card transactions and online banking. If UK law doesn't protect encryption, then eCommerce will go offshore.
2.5. Practicalities
By law, all ISPs are required to have facilities to monitor and log the activities of their members. This is potentially a big financial burden for some small ISPs.
Find Out More
The RIP Act
The Foundation For Information Policy Research: RIP Act Archives
Full text of the act itself
RIPA Countermeasures
The Register: UK gov't reveals Big Brother bill
The Register: What the hell is... the UK's RIP Bill?
3. Hacker == Terrorist?
Recent UK legislation (The Terrorism Act 2000) has extended the usual definition of terrorism to include anyone who seriously disrupts an electronic system
to advance a political, religious or ideological cause
. It also includes anyone who damages property for similar reasons.
On a non-techie note, the act also has other chilling powers - for instance, if someone belongs to an organisation that has been proscribed
(that is, put on a list of "banned groups" by the Home Office), it is illegal to organise a meeting supporting the group, or where a member of the group made a speech. So, for example, if the local golf club was proscribed for some reason, it would be illegal to organise a protest - you would be liable for up to 6 months imprisonment and an unlimited fine. It is even illegal to wear clothing that could suggest that you were a member of the organisation! (No more baggy checked trousers, Mr Faldo)
Anyone who the police suspect of terrorism (remember the broad definition of terrorism) can be arrested without a warrant. The police would not have to tell the person on what grounds they were being arrested. Instead of the usual period, the suspected terrorist can be held without being allowed to see a lawyer for up to 48 hours. The suspect can then be held for up to 7 days (as opposed to the usual 4) before being formally charged. When the police apply to a judge for the suspect to be further detained they are allowed to exclude the suspect and his lawyer from the courtroom. Lastly, if the suspect is not convicted, the police have the right to keep their fingerprints and DNA samples.
Another remark, about the a political, religious or ideological cause
bit. Does it matter what the cause is? Surely the damage is the same, no matter what the motivation is behind it?
3.1 The American Legal System is Just the British Kernel With a Shorter Uptime and a Few Clumsy Security Patches Slapped In
This is Need To Know's way of explaining that the USA isn't very far behind in anti-Hacker legislation with their new "USA Act". As well as most of the bad legislation found in the UK version, there are plenty of other flaws in the US version.
For example, there are plans for warrants for the police to secretly search someone's premises without letting them see the warrant. This means they wouldn't be able to point out mistakes, like the authorities searching the wrong home, or searching outside the scope of the warrant.
This is hardly surprising, as the act was a knee-jerk reaction to the terrorist activities of September 11, 2001, and knee-jerk legislation has an awful habit of being terribly bad.
3.2 The RIAA Clause
The RIAA drafted an amendment to the USA Act that would allow copyright holders to hack into computer systems in order to impede or prevent
electronic piracy. Yes, that's right - even if you hadn't actually pirated anything, they could hack into your computer system to try to prevent you doing it in the future! They would not be liable for any damage caused in the process.
Luckily, they changed their mind.
However, there are now moves going on my the RIAA, MPAA and SPA to get a bill with similar measures pushed through congress.
Find Out More
The Prevention of Terrorism Act
Oppose the Terrorism Act
The Register: Hackers are Terrorists, say UK law
Full text of the act
The USA Act
Declan McCullagh's Politech: Sen. Russ Feingold's lonely privacy fight
Proposed RIAA Amendment
Wired: RIAA Wants to Hack Your PC
The Register: Recording industry exploits WTC tragedy to hack you
The Register: Recording industry 'copyright DoS attack' rumoured
4. CPRM? No, I don't see PRM!
Just before Christmas 2000, tech tabloid The Register broke the news of a stealth plan to [put] copy protection into every hard drive
.
CPRM was invented by the 4C Entity - a group consisting of IBM, Intel, Toshiba and Matsushita, but is essentially the brain-child of the entertainment industry. It would stop you copying any files on your computer without third-party "permission" - even routine tasks like backing up your own data or backing up programs or data that you'd legally purchased would require this permission. If you decided to compress a file or defragment your hard disk - both of which are routine tasks in disk maintainance - you'd need permission.
It would turn your home computer - an open, highly configurable and programmable machine into the closed black-box device that you couldn't easily tinker with - like a CD player or MiniDisc recorder - exactly what Hollywood wants so that they can tightly control your use of your CDs, DVDs and digital content.
It would be the death knell for alternative, open-source operating systems such as GNU/Linux, BSD and AtheOS.
4.1. Retreat!
Not surprisingly, as the news started to break, the protests started and IBM and Intel both claimed that CPRM was only designed for removable media - Zip disks and such. However, it was clear from the specifications, that far more was planned.
The 4C Entity has since withdrawn the proposal and not much more has been heard about it.
4.2. The Killer DMCA
Broadening the topic a little, US Senators Fritz Hollings (Democrat, South Carolina) and Ted Stevens (Republican, Alaska) have proposed a bill called the SSSCA, which would make it compulsorary for manufacturers to include DRM into every electronic gizmo they produce - for example CPRM on hard discs and similar "protection" on CD players, DVD players, televisions, radios, etc...
The only exception to this would be the right to make copies of something for time-shifting purposes (eg: recording a television program while you are out and watching it when you get back). No other fair use rights are even mentioned in the bill - not even the right to make backups.
It also allows manufacturers to be able to make CD players that will play only the new DRM-enabled CDs, but not play regular CDs.
This draft is still being debated.
Find Out More
CPRM Details
The Register: Stealth plan puts copy protection into every hard drive
The Register: Everything you ever wanted to know about CPRM, but ZDNet wouldn't tell you...
The Register: CPRM on ATA - Full Coverage
Scientific American: To Protect and Self-Serve
The SSSCA
Wired: New Copyright Bill Heading to DC
The Register: 'Killer DMCA' to mandate digital-rights compliant hardware
The Register: Copy-control Senator sleeps while fair-use rights burn
The text of the draft
5. Copy-Protected To Destruction
In recent years, MP3 has become the music industry's number one enemy. To combat this, they've been looking for ways to make CDs unplayable on computers, but still playable on stereos.
Of course, this won't stop people making MP3s - it's not too difficult to connect your computer to your stereo to do this, but it's not quite as easy as with non-copy-protected CDs.
The main problem with this, is that the CD format isn't designed to let the makers specify which CD players the CD can and cannot be played on - CDs were designed to play perfectly on every player. So to make a CD that won't play in computers, they had to break a few of the rules of the CD format. This can of course have unfortunate side-effects.
Some predicted side-effects (and these are only predictions, because very little research has been done in the area) are that the sound quality of the CD might suffer, it might not play back in some regular CD players and that it might not last as long (all CDs wear out eventually because they get minor scratches). They might even damage your hi-fi!
Worse still, the music companies have been releasing small batches of these CDs to the public without telling them - virtual guinea-pigs. In one such case, people found that when they put a CD like this into their computer they were automatically taken to the company's website and told to download the tracks in ASF format to listen to them. The company demanded that the people hand over contact details -- e-mail address, postal address, etc - in order to get the tracks. This of course, took about 3 hours on a modem connection, so with phone bills that would have added about GBP1.50 onto the cost of the CD!
Universal has said that it wants to issue all its CDs in this format within 6 months.
Find Out More
Copy-Protected CDs
Campaign for Digital Rights: Copy-protected CDs
The Register: Anti-rip CD system bypassed
The Register: CD anti-piracy system can nuke hi-fi kit
Conclusion
This is probably not the best written essay - I don't claim to be a brilliant writer. It doesn't give you the whole story - just selected snippets - otherwise it would be much longer. I encourage you to follow some of the links on this page and read more detailed reports by better writers than I. I particularly recommend reading the politechbot.com newsletter (run by one of the Wired.com political journalists), The Register, the Electronic Frontier Foundation and the Foundation for Information Policy Research.