Season 3 / Episode 44
Twenty years ago, a 15-years old Norwegian kid was put on trial for breaking the DVD Copy Prevention system. His case spawned a whole new "artistic" movement...
- Episode 22
- Episode 23
- Episode 24
- Episode 25
- Episode 26
- Episode 27
- Episode 28
- Episode 29
- Episode 30
- Episode 31
- Episode 32
- Episode 33
- Episode 34
- Episode 35
- Episode 36
- Episode 37
- Episode 38
- Episode 40
- Episode 42
- Episode 43
- Episode 44
- Episode 45
- Episode 46
- Episode 47
- Episode 48
- Episode 49
- Episode 50
- Episode 51
- Episode 52
- Episode 53
- Episode 54
- Episode 55
- Episode 56
- Episode 57
- Episode 58
- Episode 59
- Episode 60
- Episode 62
- Episode 63
- Episode 64
- Episode 65
- Episode 66
- Episode 67
- Episode 68
- Episode 70
- Episode 71
- Episode 72
- Episode 73
- Episode 74
- Episode 75
- Episode 77
- Episode 78
- Episode 79
- Episode 80
- Episode 81
- Episode 82
- Episode 83
- Episode 84
- Episode 85
- Episode 86
- Episode 87
- Episode 88
- Episode 89
- Episode 90
- Episode 91
- Episode 92
- Episode 93
- Episode 94
- Episode 95
- Episode 96
- Episode 97
- Episode 98
- Episode 99
- Episode 100
- Episode 101
- Episode 102
- Episode 103
- Episode 104
- Episode 105
- Episode 106
- Episode 107
- Episode 108
- Episode 109
- Episode 110
- Episode 111
- Episode 112
- Episode 113
- Episode 114
- Episode 115
- Episode 116
- Episode 117
- Episode 118
- Episode 119
- Episode 120
- Episode 121
- Episode 122
- Episode 123
- Episode 124
- Episode 125
- Episode 126
- Episode 127
- Episode 128
- Episode 129
- Episode 130
- Episode 131
- Episode 132
- Episode 133
- Episode 134
- Episode 135
- Episode 136
- Episode 137
- Episode 138
- Episode 139
- Episode 140
- Episode 141
- Episode 142
- Episode 143
- Episode 144
- Episode 145
- Episode 146
- Episode 147
- Episode 148
- Episode 149
- Episode 150
- Episode 151
- Episode 152
- Episode 153
- Episode 154
- Episode 155
- Episode 156
- Episode 157
- Episode 158
- Episode 159
- Episode 160
- Episode 161
- Episode 162
- Episode 163
- Episode 164
- Episode 165
- Episode 166
- Episode 167
- Episode 168
- Episode 169
- Episode 170
- Episode 171
- Episode 172
- Episode 173
- Episode 174
- Episode 175
- Episode 176
- Episode 177
- Episode 178
- Episode 179
- Episode 180
- Episode 181
- Episode 182
- Episode 183
- Episode 184
- Episode 185
- Episode 186
- Episode 187
- Episode 188
- Episode 189
- Episode 190
- Episode 191
- Episode 192
- Episode 193
- Episode 194
- Episode 195
- Episode 196
- Episode 197
- Episode 198
- Episode 199
- Episode 200
- Episode 201
- Episode 202
- Episode 203
- Episode 204
- Episode 205
- Episode 206
- Episode 207
- Episode 208
- Episode 209
- Episode 210
- Episode 211
- Episode 212
- Episode 213
- Episode 214
- Episode 215
- Episode 216
- Episode 217
- Episode 218
- Episode 219
- Episode 220
- Episode 221
- Episode 222
- Episode 223
- Episode 224
- Episode 225
- Episode 226
- Episode 227
- Episode 228
- Episode 229
- Episode 230
- Episode 231
- Episode 232
- Episode 233
- Episode 234
- Episode 235
- Episode 236
- Episode 237
- Episode 238
- Episode 239
- Episode 240
- Episode 241
- Episode 242
- Episode 243
- Episode 244
- Episode 245
- Episode 246
- Episode 247
- Episode 248
- Episode 249
- Episode 250
- Episode 251
- Episode 252
- Episode 253
- Episode 254
- Episode 255
- Episode 256
- Episode 257
Hosted By
Ran Levi
Born in Israel in 1975, Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.
In 2007, created the popular Israeli podcast, Making History, with over 12 million downloads as of Oct. 2018.
Author of 3 books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.
Special Guest
Andy Patrizio
Freelance Writer
I've been a beat reporter for a variety of technology publications, covering a wide range of fields, from semiconductors to the business end of the industry. I do my best to maintain solid relationships with vendors and sources alike, which keeps me on top of news and has helped me break significant stories as well.
Specialties: Systems and datacenters, cloud computing and virtualization, HPC, software development, business and financial reporting.
DeCSS: Hackers Vs Hollywood
I know what you’re thinking right now: which Malicious Life composer had a stroke, to write such horrible intro music? Don’t worry, all our composers are in perfect health. In fact, we don’t have a composer–we haven’t for months now.
The music you just heard–if we can call it music–is definitely not pleasant. It sounds like the kind of thing a small child would make using the Garage Band app on their parent’s iPad. But it’s actually pretty cool.
Back in early 2000s, libertarian-leaning programmers around the world began a miniature artistic movement, all based on a software program. The idea was to use the source code of this particular program, and turn it into various forms of artistic expression. T-shirts and ties with the code were manufactured, and sold online. A high school student printed the code as the quote in his high school yearbook. Another group of friends created a video, where the code scrolled onscreen in the style of a Star Wars movie intro sequence.
The song you just heard was part of this movement. A man named Jeff Schrepfer created it by, quote, “removing all the white space,” in the code, “then transforming each ASCII character into a single […] note of its midi equivalent.” Essentially, he translated the text of the program into musical notes, which is why it sounds nonsensical. Later Mike Castleman, another software engineer, created his own version of the song by incorporating all white space and new lines of the code into the length of the notes.
Still, even if it’s not pleasant to the ear, have you ever heard a computer program before? Have you ever even considered that that is possible? Schrepfer and Castleman, like other members of the hacking community, were proving that you can hear, see, and experience source code in all kinds of ways. Just like speech, or ideas.
After a year or two, people had come up with over 40 different ways of expressing that same source code in artistic form. But it wasn’t all for fun. These people wanted to make a point, and shove their point in the face of America’s legal system. Fade DeCSS song #1 back in Because they had a lot on the line. A teenager, facing years in jail. U.S. copyright law. And the future of free speech.
Hi, I’m Ran Levi. In this episode of Malicious Life: the story of DeCSS, a battle of hackers versus Hollywood.
The Napster Effect
On June 1st, 1999, Shawn Fanning and Sean Parker released Napster, the MP3 file sharing platform that allowed people to send and download high-quality music from their favorite artists, for free. For two years thereafter, the platform would wreak havoc on the music industry. As listeners saved their money, music acts, labels and publishers saw their revenues plummet. Lawsuits were filed against Fanning and Parker. A cultural shift was in the making, the legacy of which would survive long past 2001. We have Napster to thank, in part, for the Spotifys and Pandoras of our world today–those applications which allow us to listen to just about anything, for a small fraction of what we’d have to pay if physical records were still the norm.
Now imagine being a movie executive, as the Napster era was unfolding. You’d probably be shaking in your shoes. Piracy already existed in the film industry, but nothing along the lines of Napster. More often than not, bootleg movies were shot by people sitting in theaters, pointing their low-grade hand-held cameras at the screen. Image and sound quality was low, disseminating large numbers of VHS tapes was a chore, and movie files, in digital format, were far larger and more cumbersome to disseminate than three-minute songs. So the movie industry had a leg up over their colleagues in music. But were these precautions enough?
“Content Scramble System”
In the late ‘90s the industry shifted, in large part, from VHS tapes to DVD technology. DVDs had longer lifespans than VHS tapes, and allowed for greater sound and video quality. The shiny silver discs looked slicker, took up less physical space on store shelves, and DVD players were relatively cheap to produce.
At the same time, for all the added convenience they lent distributors and customers, DVDs also introduced new security concerns. Blank discs were cheap enough to buy, and with their speed and storage capacity, could prove a useful vehicle for copying large data files–like, say, a full movie. The format was new, so it was yet to be seen how pirates might make use of the DVD format. Still, studios were well aware that they would try. As a precaution against piracy, a new standard for DVD security was devised. It was called “CSS”, short for “Content Scramble System”.
CSS worked kind of like a house key does. Most of the time, you keep your front door locked. Only you, anyone you live with, and maybe a trusted neighbor or friend hold the right kind of key, capable of unlocking your door. The system ensures that nobody is able to enter your house without express permission.
CSS worked by first scrambling the data stored on a DVD disc. Every verified manufacturer of a DVD player was given their own unique “key”, capable of decrypting the CSS algorithm. So if you insert “Shrek” into your Sony DVD player, your player will unlock the movie with its stored key, and then run it. Insert the same disc into an unverified player and nothing will happen.
In addition to security, CSS also lent mo vie distributors power to dictate where, when and how people could watch movies. For example, Shrek came to American movie theaters in May of 2001, and was released on DVD in November of the same year. It only premiered in Chinese movie theaters in January of 2002. Because American and Chinese DVD players held different keys, DreamWorks were able to sell DVDs in the winter of 2001 to American households, without concern that they could be copied and played on Chinese DVD players, which would threaten in-theater revenue.
Some took issue with this feature of CSS, and how it prevented them from watching already widely available movies because of where they lived in the world. Others were frustrated that it failed to cooperate with Linux, an increasingly popular operating system for tech enthusiasts. Then there was a libertarian-leaning coalition within the hacker community, for whom CSS ran antithetical to their deeply-held ideological belief in total freedom of information. Before long a few members of that community took it upon themselves to challenge Hollywood, by breaking CSS.
“DVD Jon”
At age six, Jon Lech Johansen began playing around with his father’s computer. Per Johansen, a mild-mannered Norwegian postal worker who owned a business selling computers on the side, encouraged his son’s emerging hobby. Quickly the hobby developed into an obsession. At age seven Jon’s father bought him his own computer, so that he could finally get his son to stop hogging his own.
More than anything else, Jon took to the art of reverse engineering. He liked taking things apart, and put them back together. At age 14, for example, his father bought him a digital camera. It was buggy, so Jon went in, analyzed its software, and rewrote it to work better. A few years later, he bought an MP3 player that kept crashing. After studying how it worked he built a superior program for the device, and posted it online so that others could download it for free. The company that manufactured that MP3 player then reached out to Jon, interested in hiring him for more formal work. Jon sent in his resume, but never heard back. Probably, he says, “it had something to do with my age.” He was 17 at the time.
In his blog, Jon acknowledges learning from and writing to those programmers who came before him, reading articles, tutorials, and a textbook on microprocessors. And if he was a computer whiz, he sure looked the part, too: skinny, crew cut, glasses, paler than Norwegian snow.
Jon was only 15 years old when he first posted DeCSS online. It’s why the story was so juicy when, on January 24th of the following year, Norwegian police raided his home, in a small town of Southern Norway, seizing his phone, computer and CDs.
Here was the mysterious DVD hacker–the man who battled Hollywood’s biggest studios and puberty at the same time! International media outlets wrote of the criminal wunderkind, and his program that could play back any movie. Norwegian newspapers cried out “here, look, things do happen in Norway!”
Jon Johansen became a celebrity. He got a nickname: “DVD Jon”. Faced with criminal charges, a campaign was started to “Free Jon”.
Just about everybody who heard about Jon Johansen got the same story. Of course, it was almost entirely false.
How DeCSS Was Born
Drink or Die, or DoD, for short, was founded in 1993 by a hacker living in Moscow. By 1995 DoD was a global piracy enterprise, with branches in the U.S., Europe and Asia, made up of hobbyist hackers, university undergraduates, and working engineers who would leak proprietary software from the companies they worked for. They had a website, and a slogan: “warez bearz from Russia and Beyond”. (“Warez”, you should know, is a name for pirated material.)
DoD may have been one of the world’s most significant piracy organizations in 1995, but by the end of 1996 they’d largely fallen off, responsible for only approximately one percent of the world’s pirated material online by 1999. Still, remnants of the organization maintained. One of its remaining members went by the name dEZZY.
dEZZY, a German hacker nicknamed “The Nomad”, and a U.K. software engineer named Derek Fawcus, all separately, over the year of 1999, contributed towards the same goal of breaking CSS.
On September 23rd, 1999, dEZZY’s “DoD Speed Ripper 1.0” program was published to the “LiViD” internet mailing list. Speed Ripper did decrypt CSS, but it was flawed. For example, it would not work for all Warner Brothers titles, as was discovered when it was tested on a DVD for “The Matrix”.
Meanwhile, on September 11th, Jon Johansen had engaged a user named “mdx” over Livid’s internet relay chat, about how the CSS encryption protocol might be discovered by probing a poorly-secured DVD player. Eleven days later, mdx informed Jon that a German hacker, nicknamed “the Nomad”, had already done just that.
Remember how CSS works: every DVD player’s running software contains its own key, capable of unscrambling the data on a DVD. In order to secure the system, those DVD players must encrypt their keys–lest someone like Nomad peek in, and find its decryption algorithm. Well, it turns out a company called Xing Technologies had not encrypted their decryption key.
“We found that one of the companies had not encrypted their CSS decryption code, which made it very easy for us,” Jon Johansen later told Wired Magazine. “We didn’t think it would be that easy, in fact.”
With the Xing key in hand, these hackers were able to start building a program that could mimic an authorized DVD player, and therefore run any DVD. dEZZY was able to solve his Warner Brothers problem, and due to a quirk of piracy software networks–where, typically, new versions of programs are not allowed to be published before a period of two to three weeks has passed–dEZZY handed the code to Nomad.
Also implemented in the new program was CSS authorization code from Derek Fawcus, who’d previously worked on the problem of making DVDs watchable on Linux systems. CSS contains an authorization component, in addition to its encryption component, the code for which had been leaked anonymously online earlier in 1999, and rewritten in the C programming language by Fawcus.
Altogether, as a result of the work laid out by these three parties, DeCSS was birthed. Jon Johansen wrote a graphical user interface for it, and published it to Livid on October 6th. The source code leaked later that day. Johansen, mdx and Nomad formed a group, called “MoRE”: Masters of Reverse Engineering. And then, a few weeks later, another breakthrough occurred.
Reverse-engineering the Xing DVD player to obtain its key was the discovery which allowed DeCSS to be born. It turned out that, as significant as finding that key was, equally important was finding out that it was only five bytes long. This was, essentially, a password short enough for a computer to guess. On October 27th, a Norwegian video game developer named Frank Stevenson created a Livid account in order to post his brute force attack algorithm, capable of decrypting CSS without any key. 170 more authorization keys would fall, before the hackers figured that was enough and moved on. This meant that, even if Hollywood removed the Xing decryption key from all future DVDs, their program would have a bank of other keys that would also work. If Hollywood removed every one of these 170 keys, the hackers had the tools to guess whatever new keys replaced them.
On November 1st, 1999, Wired magazine broke the story to the wider world.
“The worst fear of movie studios has been realized,” it read, “DVD movie encryption has been broken.”
A Fight For Credit
“My name is Andy Patrizio. I’m a freelance journalist who brought the story on DeCSS back in 1999 for Wired News. I had a friend in law enforcement at the MPAA and back then, DVD-ROM drives were very rare and very expensive. I had one because I was a reviewer. So she knew this and she sent me an email saying, “Hey, these guys are claiming they can remove DVD copy protection. Can you check it out for me please?”
So I had a – I was a DVD owner at the time and so I ran the program. It was called “DeCSS” and it worked perfectly and I sent her an email back saying, “Oh, yeah, it works. You better find a DVD-ROM drive for me to test it out and I will come up and give you a demo.”
I lived in Marina del Rey at the time. The MPAA is in Encino. For those of you who don’t know the lay of the land in Los Angeles, that’s about a 30-mile drive over the mountains. It’s not a fun drive. But I went up the next day and the CTO of the MPAA was there with a laptop that had a DVD-ROM drive in it and I popped in a DVD and I ran it, the DCSS program, and showed them.
Now DVD-ROMs could be read and you could see the files, the VOB files, but you couldn’t run them. You couldn’t copy them onto a hard drive and run them because they were encrypted. What I did was I ran the DCSS program and then ejected the DVD from the DVD drive and I showed them. You know, here it is. Here’s the disc. I will – and I showed them the movie running off the hard drive. I said, “This thing works.”
Soon after demonstrating DeCSS to the CTO of the Motion Picture Association of America, Andy went online in search for someone who could tell him more about it. He didn’t have to venture far. Unlike dEZZY, Nomad and mdx, Jon Johansen personally published DeCSS online, and used his real name in doing so. He welcomed the attention.
“I didn’t think that the MPAA could reach out and try to strangle a 15-year-old kid from Norway. If I had known, I never would have put his real name in.
But he was fairly insistent on it. I met him on IRC. That’s where we talked because the link that was sent to me for DCSS had contact info and he said, “Hey, you can find me on this server and this channel.” That’s exactly where I found him and I told him who I was. I was never surreptitious. I said upfront, “I’m a journalist with Wired News. Would you like to talk?” He said, “Sure.””
After the first article broke it was picked up by other news outlets, rewritten, twisted, and before long the teenager responsible for writing a GUI was now being referred to as the man who cracked CSS. Or, rather, the boy.
In a statement published on November 4th, 1999, Jon Johansen wrote the following:
“I never told the media that I had cracked the dvd encryption. What I told them, was that we (MoRE) had made an app called DeCSS which would decrypt dvd movies and let them be played off your hd, or off dvdrs if you have a dvd burner. I always used _we_ and _MoRE_ when talking to them. I never said anything about me or my position in the group. Now that the storm is over, I see that all they were after, was to get a big story. They even included some of “my” quotes, which I never said. When media starts making up stuff, it’s really sad.”
You may find it unsurprising that, facing jail time, Jon might try and absolve himself of any crimes. In reality, his statement was published long before he faced criminal charges. His denial was merely one part of a longer post titled “The Truth about DVD CSS cracking by MoRE and [dEZZY/DoD]”, co-authored by deZZY and Nomad who, despite remaining anonymous, seemed to want their due credit. You can sense their jealousy elsewhere in the post, like when they wrote:
“Lately, Jon Johansen of MoRE has been pretty much all over the news in Norway, though he had NOTHING to do with the actual cracking of the DVD CSS protection. Yes, it was MoRE who did DeCSS, but the actual crack was not a team effort, MoRE didn’t even exist back when the anonymous German (who is now a MoRE member) cracked it… Most of the papers chose a headline very similar to this: “15-year old Norwegian cracked the DVD-code”. They probably did this because they wanted to make a big Norwegian “Wooohoooo” out of it.”
In public, rather than back away from his potential criminal liability, Jon seemed to revel in his new celebrity. Other hackers now looked up to him. He won an award for his work (and, a couple years later, he’d win another). He made a jump few have ever achieved–from a skinny computer nerd, to a bad boy vigilante. He wasn’t apologizing for anything, or trying to steer away from the story. At a New York City conference the summer after their home was raided, Jon and his father held a Q&A discussion in front of admiring fans. Watching video from their panel, you can tell how Jon feels about his situation. He doesn’t try to deny his role in DeCSS–if anything he leans into it, cracking jokes and throwing insults at Hollywood and the U.S. judiciary system. When speaking of the making of DeCSS, whether in his panel or to journalists, he always uses the pronoun “we”. From a legal perspective, that kind of language would make the next few years of his life rather complicated.
“I will never forget his famous last words. He said, “What are they going to do to me?””
The MPAA Sues Everybody
When Hollywood’s major movie studios caught wind of DeCSS, they had reason to be worried. There were already widely available tools online, capable of converting large DVD files to Video CD format, which would allow them to fit on standard CD disks. Recordable DVD drives were set to hit the market the following year, meaning even that step wouldn’t be necessary. All the while, DeCSS source code was spreading rapidly among those with the power to use it. Dozens of hacker websites re-posted the code.
So, the studios had two options: build a better CSS, or sue everybody.
“When it came out in 1999, it was still a really, really early market. It was still early enough that if they had recalled all the keys, put out brand new keys for everybody, made sure that they were protected and encrypted, yeah, it would have hurt the early adopters but they would have understood and I think that they would have gone forward from this because the market was so small. It’s not like now.
People were taking a hit, I’m sure. People may have needed new firmware for their DVD players and software may have been broken and some old discs may have been rendered useless. But it was still early enough to do something about it and the industry didn’t react quickly. Instead of reacting with a technological solution, they were reacting with a legal solution. That never works.”
Hollywood movie studios began sending threatening letters to those who mirrored the DeCSS code on their websites. Some caved, while others remained unphased. Even more websites began mirroring DeCSS in response to those threats, in defiance against those studios.
In the following months, the DVD Copy Control Association, based in California, applied for a restraining order against any publication of the program, naming 72 websites as defendants. All the major movie studios–Disney, MGM, Paramount, Tristar, Universal, Columbia, and 20th Century Fox–joined together in a lawsuit against three individuals–Eric Corley, Shawn Reimerdes, and Roman Kazan–and their websites. (Kazan, it turned out, was wrongly named in the suit–he was the owner of a web hosting service, not a DeCSS mirroring website).
Jon Johansen’s trials in Norway–there were two of them–largely rested on his personal role in the development and proliferation of DeCSS. A case against him in the state of California mattered little, as state courts had little jurisdiction over a teenager living in Norway. Even the orders placed against all those websites mattered relatively little in the larger scheme of things because, like a game of whack-a-mole, every website shut down over DeCSS mirroring might spawn one or two more in its stead. But the case brought by Hollywood’s major studios was different. Commonly referred to as “Universal v Reimerdes”, the suit claimed that the defendants, in re-publishing DeCSS, were in violation of the Digital Millennium Copyright Act, or DMCA, written into U.S. law in October of 1998, which criminalized devices and services facilitating the circumvention of copyright controls. Shortly after the charges were first filed, Reimerdes and Kazan entered into settlement and were soon dropped from the case. That left only Eric Corley, and his popular publication “2600: The Hacker Quarterly”, the sole defendant representing an entire underground hacking movement.
An Artistic Movement is Born
Where the DVD Copy Control Association sought injunction against specific instances of websites they could find which published DeCSS, “Universal v Reimerdes” took a broader approach. 2600 was merely propped up as an example of the broader precedent the studios wished to set–that anyone who has posted, or will post DeCSS or any similar copyright-infringing software, is in violation of U.S. law.
Those in the hacking community knew that a win for the studios would have implications far past DeCSS, to all kinds of other online software distribution. The defense argued that code itself is a form of speech–not merely functional, but a means of human expression. Dr. David Touretzky, a professor from Carnegie Mellon University, was called to speak for the defense. In his testimony, Touretzky argued that no clear line can distinguish code from speech, because code is simply human ideas written in computing language. All code, he pointed out–from Javascript to binary–is readable to a human. A program like DeCSS described in English, written in C code, born out in mathematical functions, in zeros and ones, or in any other form may appear different in presentation, but the underlying expression is equivalent across all forms. Therefore, because software represents human ideas and can be expressed in language, and because the type of code used to describe an idea doesn’t change the fundamental idea itself, the code itself–no matter the form–is a form of speech.
Backing up Touretzky’s argument was an entire free- and open-source community, rallied by Eric Corley and Jon Johansen, that set out to prove the link between code and speech. A protest movement formed, and programmers far and wide began using DeCSS as a tool, finding any creative way to describe it in forms other than its own source code. There were Jeff Schrepfer and Mike Castleman’s songs, the Star Wars movie, t-shirts and ties. Somebody wrote out the DeCSS authorization code as a calligram for the DVD logo, and a high school student named Erik Michaels-Ober used a portion of the authorization code as his yearbook quote.
Evan Prodromou, a software developer operating under the name “Mr. Bad”, wrote software for removing Cascading Style Sheets–the ubiquitous programming language used for visual design–from web pages. Removing Cascading Style Sheets from the web is harmless, but it’s about as useful as removing the paint from your house, or your car. Prodromou acknowledged its uselessness, but the trick was: he got to name his program “de-CSS”. He started distributing de-CSS online, and encouraged others to do the same. In one case, a school was made to remove de-CSS from a student’s web page, earning negative media attention when it was discovered to be that de-CSS, not the real DeCSS.
Dave Touretzky himself, as part of the movement, wrote out a description of DeCSS in plain English, and posted a screenshot of its code, as if to ask: does it count as speech if I describe it in words, or use it in a picture? Someone else did a 7-and-a-half-minute dramatic reading of Derek Fawcus’ authorization component, as if to ask: does it count as art if I present it in dramatic form?
The most famous artwork of the DeCSS movement was written by a hacker named Seth Schoen. In 456 stanzas, all in five-seven-five haiku form, Schoen weaved together a description of DeCSS with commentary, artistic flourishes and an invocation of the Muse:
“Now help me, Muse, for I wish to tell a piece of controversial math, for which the lawyers of DVD CCA don’t forbear to sue: that they alone should know or have the right to teach these skills and these rules. (Do they understand the content, or is it just the effects they see?) And all mathematics is full of stories (just read Eric Temple Bell); and CSS is no exception to this rule. Sing, Muse, decryption once secret, as all knowledge, once unknown: how to decrypt DVDs.”
Schoen’s poem not only attracted the attention of major news outlets and research entities, it did the most to blur the line between where software ends and speech begins. Any hacker with skill and patience could extract DeCSS from “How to decrypt a DVD: in haiku form”, but did that mean the poem itself wasn’t a just expression of free speech? It was a poem, useful but also creative and multifaceted. Trying to pick out the code from the art would be rather difficult, and trivial, and you’d probably look silly if you tried to do it.
5,400 words later, Schoen’s poem ends: “Have mercy on me, Lord, and lesser judges, and on Jon Johansen.”
Epilogue
Jon Johansen pleaded not guilty in 2002, under trial by Norwegian courts, arguing that he neither built the DeCSS program himself–that was Nomad–nor used it to distribute pirated DVDs to others. If found guilty, he would face up to two years in prison.
On January 7th, 2003, Johansen was acquitted of all charges against him. An appeal was filed two weeks later, and after facing trial for a second time, Johansen was again acquitted on December 22nd of the same year.
Jon’s no teenager anymore. He’s 35 now. Despite the trouble he got into as a kid, he never turned away from reverse engineering, and taking on major corporate interests. In 2004, he hacked FairPlay–a program which was to iTunes what CSS was to DVDs. In 2007, he was one of the first people to crack the original iPhone, allowing it to run Windows and circumvent Apple’s exclusive partnership with AT&T at the time.
Derek Fawcus, the only other person whose real name was associated with DeCSS, was forced to ditch and cut all ties he had with the DeCSS program. But he, too, avoided legal consequences of his work, since he neither published the original CSS authorization code online–he only rewrote it in C–nor himself gave it to the Masters of Reverse Engineering–they took it without asking first.
In October 2000 an undercover U.S. Customs operation began, designed to dismantle Drink or Die. Throughout 2001, James Cudney–known as Bcrea8tiv online–rose up the ranks of DoD, all while logging conversations in chat rooms, collecting screen names and personal information on members of the group, and feeding it all to U.S. law enforcement. On December 11th, 2001, a coordinated global raid commenced in the U.S., Canada, England, Norway, Finland, Sweden and Australia, targeting 62 people in all. One of those 62 may or may not have been dEZZY, and the group was ended for good.
Universal v Reimerdes was first brought on January 14th, 2000, and the judge presiding over the case, Lewis Kaplan of the Southern District of New York, instituted a injunction requiring that 2600 remove DeCSS from their website while the case was ongoing. In an act of rebellion, Eric Corley and 2600 removed the program from their site, but posted links to other websites that offered DeCSS for download. Despite the threats of legal action, as the case was proceeding, around 30 English-language websites either maintained live download links for DeCSS, or posted links to sites that did.
In his final ruling Kaplan found in favor of the plaintiff, concluding that the Digital Millennium Copyright Act advances a substantial government interest and is not a tool for wanton suppression of free speech. The MPAA won the case, and 2600, along with all other websites participating in the act, were ordered to take down DeCSS, and any links to any other websites hosting it. The legal precedent set by Judge Kaplan was strong in its affirmation of U.S. copyright authority, even if its effect on DeCSS itself was not. Websites around the world–in the U.S., Europe, and as far as China–continued to post the program even years after being ordered to take it down.
DeCSS, in the end, had very little to do with watching movies. Even at its peak, it seems to have had little noticeable effect on the piracy market that existed long before and long after it.
“Did it hurt some sales? Probably but the masses really weren’t keen to how to download a DVD and then burn it. You know what I’m saying? It’s not like this was something that anyone could do. You had to have a little bit of technical skill to use BitTorrent or whatever to download the DVD and then burn it onto a blank ROM. So I don’t think it had the ability to have the massive effect that MP3 theft is having for example.
And Hollywood, I never heard of a studio going under or a video store going under or anyone else going under because of DCSS. Maybe somebody can point to lost sales. But I really don’t think that they were hurt all that badly by it to be perfectly honest.”
More than anything, DeCSS was a symbol of a movement. It came to stand for a group identity–a shared ideology for the promotion of free and open digital information, against the large corporate and government interests who would seek to confine it.
Do you, listener, feel akin with those hackers and their mission? That all digital expression should be without limit? Perhaps you feel the opposite–that those hackers misappropriated the sanctity of free speech as a ploy to try and legalize piracy, and threaten an entire industry that only sought control over its own product.
Either way, two decades later, it seems neither side really won what they were after. Movie sales have been challenged not so much by piracy, but by streaming services. We’re now left with the question: if DeCSS caused so many people so much trouble, incited a legal storm and an ideological war, what, in the end, was it really all for?