This week's very special edition of Advogato's Number brings you a first-hand report of the DVD hearing in San Jose. The issues in the case are in fact subtle, and while the EFF lawyers did a great job and the judge seems to be very interested, it's far from a foregone conclusion. Advogato awaits the judge's ruling on the preliminary injunction eagerly.
The hearing was from about 1 to 5 today at the Santa Clara County Superior Courthouse in San Jose. Basically, the attorneys for the DVD CCA got up and spoke on and on for about a couple of hours, then the attorneys for the EFF spoke for about a couple of hours, and finally the DVD guys got to get a last word in. The Slashdot/cypherpunk contingent basically filled the courtroom, although not to overflowing. In general, we were fairly conservatively dressed (one young man with shocking-red hair notwithstanding) and reasonably well behaved, although there were a few times we laughed at the more ridiculous statements of the DVD attorneys.
Both sides presented their view of the facts. Basically, the DVD story is that a Norwegian hacker (Jan Johansen) improperly hacked the trade secret keys out of a DVD player made by Xing, and all subsequent work on DVD CSS followed from this original source code release. Trade secrets continue to be protected by law even if they're not a secret, as long as the original release was "improper," and that the people doing the subsequent distribution either knew or should have known about the improperness. The trade secret doesn't have to be obtained illegally, but it helps. Since the Norwegian trade secret law contains explicit exemptions for reverse engineering for the purposes of interoperability (a fallout, apparently, of IBM using trade secret law to shut out European hardware manufacturers from selling stuff to work with IBM computers), the DVD people fell back on the criminal breaking-and-entering offense. This was one of the events that provoked laughter, as can be imagined.
The EFF side emphasized that there were two independent reverse engineering works; the original by Johansen, and another one released later in October by Frank Andrew Stevenson (also in Norway). If the second were truly independent, then it would be a completely separate issue legally, and even if the first were found to be improper, distribution of the CSS "secret" would not be legally constrained. The EFF also pointed out a number of technical flaws in the DVD case (basically, only of interest if you're another lawyer), and wound up with a stirring appeal to First Amendment rights, the Pentagon Papers case, and the name of Thurgood Marshall.
So, basically the two battalions of lawyers did a fairly good job of presenting their cases, and now it will be up to the judge to decide. If you want more information yourself to tide you over while waiting, check out John Young's definitive archive.
After the hearing, many participants gathered outside the building, and Chris DiBona handed out t-shirts with the CSS code and a nice "no DVD CSS" logo. A few people were taking pictures; hopefully they'll be up on the web soon.
A lot of interesting stuff is going to get decided, or at least addressed, in this case. For one, the injunction very clearly calls for links to the source code to be enjoined, not just posting of the source code itself. That's pretty clearly a free speech issue, not least because the San Jose Mercury News (the city's major newspaper) posted links to the code on the front page of the paper edition as well as their web site. They're not named as a defendant (the DVD lawyers are not that stupid), but the same issues apply. The DVD lawyers then had the chutzpah to characterize the injunction as "narrow". Advogato would be really curious to see what an injunction characterized by the plaintiffs as "broad" would look like!
From this hearing, a few suggested guidelines regarding the handling of reverse engineered data emerge. This is not the first, nor is it likely to be the last, case of reverse engineering as it applies to free software.
Most importantly, if the data can be obtained clearly legally, that helps a lot. Different countries have different strengths of law in this regard - American is generally not all that bad, but the new Digital Millennium Copyright Act has some downright nasty provisions when it comes to tools to circumvent copyrights. There's a separate DMCA case being heard in Federal Court on the DVD issue, totally unrelated to today's hearing. Norway is generally in line with European law, with a nice exemption for "reverse engineering for interoperability," a pretty juicy loophole for free software developers. However, countries that are not signatories to the Hague convention on copyrights may be even more appealing. Free software is a global phenomenon; why not make good use of it here?
As was explained today, trade secret law covers relationships, not content. The "wrong" is not disseminating the information, but having improperly obtained it in the first place. Yet, knowledge of improperly obtained information taints further work. This is something to be particularly aware of in the context of free software, which runs on free and open discussion. Advogato wouldn't change this openness for anything, but suggests that someone who comes into possession of potentially controversial information think a bit before releasing it into the world. Perhaps giving someone else the opportunity to cleanly and independently reverse engineer the data would make a big difference if the matter happens to go to trial.
The issues at stake here are significant. Technology like CSS goes against the very grain of free software, which at its heart is about letting users have control over their own computer systems. I don't want lawyers deciding under what context I can play DVD's I buy in the store. I'm not at all interested in the Secure Digital Music Initiative. Most examples of these kinds of schemes to date have fallen under their own weight (divx clearly comes to mind), but sooner or later there will be a format that's just too damn tempting for most people to resist. Will it be legal to have free and open systems to play this stuff, or will we have to invite the recording industry and their lawyers into our computers to make sure we play by their rules?
More coverage on Slashdot.
In my opinon, DIVX was actually a very neat concept for what it was originally intended for: Renting DVDs.
Since DVD media is (or at least can be) so cheap, it makes sense to view it as throwaway - if you pay $5 to rent a movie (and that's the going rate in Norway, where I live) then throwing away (or having the customer keep) media costing $0.15 isn't unreasonable - that is probably cheaper than spending time on handling returns, especially if you count in the cases where the returns aren't done properly.
Of course, somebody had to come along and try to extract revenue at unreasonable places, and shoot it all down :-(
Eivind.
Today, the DVD Copy Control Association and the EFF once again met in court, this time to argue for and against the ordering of a Preliminary Injunction against, basically, the entire Internet, forbidding further dissemination of DeCSS, the source code module that decrypts DVD MPEG streams. After today's hearing, there should be no doubt in anyone's mind that shrinkwrap license "agreements" are monsterously unethical and should on no account be allowed to stand.
It is worth noting up front that I am an adamant, vociferous opponent of these so-called "agreements", so I hope the reader will excuse some editorial bias. (Individuals interested in my editorial on the subject can find it here.) Also, events in court did not occur strictly in the order I will present; I will be grouping together related concepts to make them easier to compare.
Court began promptly at 13:30, and counsel for plaintiff and defendant introduced themselves (the names went by too quickly for me to get most of them). Judge Elfving indicated that he would not render his decision today, but would rather consider the arguments and filings before him and render a decision at a future time. He was unwilling to commit to a specific date, but indicated that it would not be overlong. Judge Elfving then invited plaintiff's counsel to present their argument.
Jeffrey Kessler began his argument with the following question: Can a user extract trade secrets in violation of a shrinkwrap agreement? A lot of other arguments were presented, but it seemed to me that the DVD CCA's entire case proceeds from this single precept.
In order to prevail in a trade secret violation, the plaintiff must show:
CCA's contention is that the reverse engineering employed to discover the CSS algorithm was prohibited by Xing's shrinkwrap license "agreement". (Kessler reiterated this point with some force throughout the proceeding.) Since the reverse engineering violated this contract provision, the algorithm discovered within was improperly obtained due to breach of contract, and is therefore a trade secret violation. DVD CCA therefore argues that they are entitled to a Preliminary Injuction forbidding further dissemination.
Kessler went to a lot of trouble establishing that the original source of DeCSS was Xing's player. An expert's affadivit asserts that the original DeCSS release contained only Xing's key, suggesting that it was the Xing player that had been reverse engineered. Presumably, by establishing Xing to be the original source, they can invoke Xing's "license" that prohibits inspection.
Kessler made the assertion that, even if the "clickwrap" license had somehow been avoided, it still applies and is in force, since the license stipulates that assent to the contract is made, not by clicking on "OK", but by installing and using the software.
Kessler also seemed to go to some lengths to attempt to establish when DeCSS made its first appearance, which appears to have been the binary-only release on 6 October, 1999 from the group M.O.R.E. (Masters Of Reverse Engineering). Subsequent to that, Stevenson's work (where he attacks the hash rather than the keys) appeared around 25 October, 1999. I presume he did this in an attempt to establish that any release subsequent to these dates "must" have come from the "improperly obtained" algorithms.
DVD CCA cited several court cases supporting their petition for a Preliminary Injuction, which were granted forbidding further dissemination of materials under dispute (notably, the Religious Technology Center (Scientology) vs. Netcom). Kessler further asserted that no court case has ever held reverse engineering to be proper.
Kessler also cited the recently effected Digital Millennium Copyright Act which, as a matter of "public policy", forbids reverse engineering. However, he went on to state that DVD CCA is not bringing suit under the DMCA; they are bringing suit under the Uniform Trade Secrets Act.
The plaintiffs also asserted that the "hacker community" clearly knew that DeCSS was obtained improperly, and proceeded to quote from postings in Slashdot discussion fora made back in July where random people opined that a DVD player for Linux might not be legal to develop. (There were no in-court mentions of Natalie Portman or hot grits.) Kessler asserts that this public discussion validates their claim that the defendants "should have known" DeCSS is illegal.
The plaintiff also stated that the fact people may have been trying to develop a DVD player for Linux is entirely beside the point. Moreover, he stated that DVD CCA was not discriminating against Linux, that they were more than willing to license CSS to any "credible party" who wanted to develop a DVD player.
Finally -- and I think this is fairly significant -- DVD CCA made the observation that, if this were a copyright case, there might be a provision for reverse engineering under the Fair Use doctrine. However, there is no such provision in Trade Secret law, and the reverse engineering is therefore improper.
Kessler then turned the floor over to Robert Sugarman, who proceeded to disparage the EFF's First Amendment arguments. He repudiated the assertion that the defendants were news sources, and that they should not be accorded the protections available to newspapers. He asserted that the defendants are doing much more than engaging in First Amendment-protected discussion on this issue.
He repudiated EFF's citation of the Bernstein case. Copyright was at issue in Bernstein; this is a Trade Secret issue.
He also likened the obtaining of the DeCSS algorithm to breaking into Coca Cola's inner sanctum and stealing a copy of their secret formula. (In fact, the analogy of Coke's secret formula figured prominently in the plaintiff's arguments.)
Then he dropped a small bomb and stated outright, in open court, that they seek to enjoin not only hosting of the DeCSS code, but links to the DeCSS code. He asserted that, because links provide "instant access" to the disputed material, they should be forbidden as well.
He attempted to discredit the Open Source (nee "Hacker") community's motives by bringing to the court's attention the DeCSS Distribution Contest, and Copyleft's new DeCSS t-shirts, painting it as juvenile and irresponsible.
For some reason, he also called attention to the recent cracking of PacBell's ISP accounts, and CDUniverse's credit card database. Presumably, he was trying to associate the criminal activities of these individuals with the activities of the defendants in the case, both of which "clearly" demand decisive action from the court.
Finally, Mr. Sugarman asserted that, if a Preliminary Injunction is not granted, the message it will send is:
These remarks by the plaintiff's counsel consumed about an hour and a half. Judge Elfving called a 15 minute recess, after which counsel for the defense began.
The first guy (whose name I did not catch) seemed to rely more on bombast and specious details than on concrete questions of ethics and law. Nevertheless, he did raise some interesting points.
The Scientology case was raised again, this time to point out that the Preliminary Injunction granted and affirmed in that case applied only to one person, not to the entire Internet. He went on to cite the cases of Sega vs. Accolade and Vault vs. Quaid, cases in which reverse engineering was upheld as permissible.
He asserted there was only one real defendant in this case, the one who allegedly did the "dirty deed": Mr. Johansen of Norway who originally developed and published DeCSS. If there is indeed a legitimate action that can be taken, it is solely against this individual.
He turned the plaintiff's Coca Cola analogy on its head by stating that one could buy a can of Coke, take it to a chemical analysis lab, figure out what it was made of, and publish the results. Such an act would be entirely proper under the Trade Secret Act under which DVD CCA is suing.
The defense also argued that trade secret law is a "relational tort," enabling an action of one party against another. It does not protect the secret itself.
He asked, "Where is Xing in this case?" If, as submitted, DVD CCA's license requires licensees to take reasonable measures to protect their trade secrets, then Xing has clearly failed in this obligation. Further, he asserted the DVD CCA does not provide code itself, but expects the individual licensees to develop compliant code. Therefore, any misappropriated technology belongs to Xing, not to DVD CCA.
Finally, he made a highly dubious assertion that there was no evidence submitted to establish that DVD CCA were the legitimately assigned licensors of CSS (which has been developed by Matsushita and Toshiba), and therefore were not empowered to bring this action. (This was readily debunked by the plaintiff during rebuttal.)
After he finished, Eben Moglen, Professor of Law from Columbia Law School took over. I don't think I overstate the issue when I say this guy absolutely kicked ass. Besides being a good orator, the man clearly understands technology as well as law. He's written a treatise on the issues of intellectual property in the digital age entitled Anarchism Triumphant: Free Software and the Death of Copyright.
Mr. Moglen basically proceeded to shred the plaintiff's arguments. He pointed out that DeCSS has nothing to do with wholesale copying; DVDs may be bit-for-bit duplicated and will play in any player without the use of DeCSS. He debunked the assertion of "irreparable harm" to the movie industry by doing some basic bandwidth math showing that downloading a 5.1 gigabyte movie will take you 30 hours (DSL speeds), and if you have a direct backbone connection, it'll take ten hours. Wholesale copying of movies in this manner is therefore not a realistic concern.
He raised the plaintiff's assertion that, while it may not be economically viable to copy movies today, these technologies will become cheaper and more available in the future. However, such theoretical future damages are not at issue; the court need only concern itself with what is happening now.
Mr. Moglen went on to describe CSS as extremely weak, and outlined Stevenson's novel attack against the cipher, which involves attacking the hash value to reconstruct the "title key" by which the MPEG stream may be decoded. In such a case, none of DVD CCA's keys are employed. The title key for any disc can be cracked on a Pentium-III in about 18 seconds. He drove home CSS's weakness by mentioning that Mr. Johansen of Norway is 15 years of age. Thus, the trade secret at issue must not have have been very secret, as it was literally child's play to discover it.
With all this, Moglen asserted that no cause of action remains because no trade secret remains. The "secret" in question was obtained by legitimate means, and Stevenson's subsequent work illustrates that none of DVD CCA's alleged secrets need be involved in decrypting a DVD. Had the DVD CCA acted more swiftly in restraining Mr. Johansen, they might have a cause for action. As it is, they've waited too long.
When he concluded, Moglen received light applause from the gallery as Judge Elfving asked for rebuttal from the plaintiffs.
Mr. Kessler assailed the work of Stevenson, saying that it proceeded from the improper DeCSS code by Johansen. Therefore, Stevenson's work, though novel, is "contaminated" by Johansen's alleged breach of the Xing "license", and the trade secret is still protected.
He argued against defense assertions that no license was in force, saying basically, "Yes, there was!" He attacked EFF's citation of the Sega case, stating that it was a copyright case, and that reverse engineering was held to be proper under Fair Use. This is a trade secret issue.
However, he went on to call attention to the DMCA again, stating that, as a matter of "public policy", reverse engineering is held to be improper. Then he flips again, and says they're not citing DMCA, only the Uniform Trade Secrets Act (which has no provisions for fair use).
Finally, the floor was turned over to Mr. Sugarman who (under pressure of time) characterized Professor Moglen's arguments as entertaining but irrelevant. All DVD CCA seeks, says Sugarman, is to take down the DeCSS code and all links to the DeCSS code. They are not seeking damages, nor are they seeking to quash discussion of the merits of the algorithm; only the trade secret itself.
Judge Elfving then thanked counsels, said there was a lot to think about, and would render his decision as soon as possible. Court was then adjourned at around 16:50.
My Analysis and Opinion:
We may readily concede that CSS was a trade secret, developed in secret, and made available under a comprehensive contract that obligated licensees to maintain the secrecy of the techniques used. It also seems fairly certain that the initial cracking of the CSS involved taking apart the Xing player and seeing how it worked. In order for this action to be a trade secret violation, Johansen's disassembly would have to be an improper use.
In order for it to have been improper, Johansen would have to be laboring under an obligation to maintain the secrecy of the Xing code and the CSS algorithm. The DVD CCA asserts that this obligation existed in the form of the shrinkwrap "agreement" which restricted, among other things, reverse engineering. So the DVD CCA's entire case hinges on whether shrinkwrap "licenses" are enforceable.
Let us put aside the fact that Johansen is Norwegian, where different laws and standards apply; and let us also put aside the fact that he is a minor, who likely can't be bound to contracts without parental consent (again, Norwegian law may differ on this point). Let us concentrate instead on this contract that, by the most tenuous forms of assent, may be considered in force and remove from the licensee a litany of valuable rights, including reverse engineering.
As I stated earlier, it is my adamant position that such documents are pure fiction; that they are not and should not be taken seriously. These instruments have little basis in law, and no basis whatsoever in simple ethics. They run counter to the real and reasonable expectations of consumers when they purchase software; that a sale has taken place, and they hold title to that particular copy of the software, subject to copyright restrictions. The "agreements" seek to alter the terms of the sale after the fact.
Further, these contracts attempt to escape vendors from the provisions of consumer protection laws, "lemon" laws, and remove from consumers their rights under Fair Use provisions of copyright law and, in some cases, the First Amendment (by forbidding discussion of benchmarks). And all one needs to do to assent to such onerous conditions is to, "install and use the software."
If A.H.Robins had attached such a license to its Dalkon Sheild, would it have been upheld? Would thousands of women around the country have found themselves unable to seek damages because they had "agreed" to hold A.H.Robins harmless? If Black&Decker attached such a license to its power saws saying you could only use Black&Decker saw blades, could it be enforced? We might concede they could cancel the warranty, but could they sue you for breach of contract, as DVD CCA has done over CSS?
Even if we were to presume such licenses are enforceable, how could they be said to apply to minors, who cannot be bound to contracts without parental consent? Must we then require that computer stores not sell software of any kind to anyone under age 18?
The idea is worse than ludicrous, it is offensive. No credible argument can be brought to bear that shrinkwrap licenses have any constructive use or benefit -- for consumers or publishers -- much less any foundation in ethics and basic human decency.
Some suggest that the "parade of horribles" that shrinkwraps enable has not happened, and is not likely to happen. I submit that a California corporation seeking a broad injunction, reaching beyond the borders of the state and even the country, to constrain domestic and foreign nationals from engaging in legitimate, ethical behavior to be a "horrible" that even the most paranoid among us could not have anticipated. There can be no further doubt that shrinkwrap licenses are a big, fat, ugly problem, and must not under any circumstances be allowed to stand.
Those who might suggest the GPL is weakened by such a position need not worry. While most commercial software "licenses" purport to constrain use, the GPL constrains copying. Absent a license of any kind, you still have the right to use your lawfully obtained software. You would not, however, have the right to make and distribute copies; the default conditions of copyright law apply. (This is true even if you're a minor.) Right to Use is concomitant with purchase; right to copy is not.
It is difficult to predict how the Judge will rule. Unlike the TRO hearing, the plaintiff was very well prepared. Both sides presented their arguments well. Judge Elfving stated that he wishes to be thorough, and will doubtless spend a good deal of effort considering the arguments. Still, both sides were articulate, and it will depend on who Judge Elfving chooses to believe, so the decision could go either way. Cross your fingers...
Schwab
While many people have strong feelings about the subject, many of us
would
likely not have the background or the insight to comment on the issue
other than to say "this sucks".
It's refreshing to see an editorial-like overview with a well
thought-out viewpoint.
- Idcmp
The injunction was granted today. Gif's of the injunction are here.
One comforting bit of news: the judge narrowed the injunction so that it does not prohibit linking.
The DVD case sure looks like it's going to be an interesting battleground.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!
del.icio.us
Digg
Google bookmark
reddit
Simpy
StumbleUpon
Furl
Newsvine
Technorati
Tailrank