Technical Notes: On DVDs, Copy Protection, and the Microsoft Monopoly

Towards the end of last week, as the world's news networks were buzzing with the latest setback for Microsoft during their on-going legal battle with the US government, another important news item almost escaped my attention. A group of European hackers managed to finally break the encryption algorithm used on DVD to protect motion pictures against unauthorized copying.

This piece of news was interesting for a variety of reasons. First and foremost, it was the identity of those who did the crucial research that led to this breaking of the DVD encryption code. You see, they were not evil pirates bent on to rob the movie industry from hard-earned profits by illegally distributing bootleg copies of Star Wars or Titanic. No, it was a bunch of Linux programmers who had but one desire: they wanted to watch, on computers equipped with the Linux operating system, movies that they purchased legitimately.

The trouble is, they couldn't, and it isn't even because of an evil Microsoft conspiracy for Windows hegemony. DVD movies are encoded using a proprietary encryption algorithm that remains, to this day, the property of the DVD Consortium. This algorithm is released under strict confidentiality agreements, and licensed for a fee. These terms are incompatible with the way Linux system software, such as software drivers that would be required for DVD playback, are released. Linux and its components are protected by the GNU Public License which, simply speaking, requires that any derived work be released along with full source code. Therefore, it is fundamentally impossible to incorporate proprietary information into a Linux driver package. As for the license fees, since Linux and its system-level components are distributed for free, programmers would have no opportunity to recover the significant financial investment that such a license requires. In other words, we have a lose-lose situation.

Or do we? An enthusiastic group of Linux programmers was intent on proving otherwise. Rather than obtaining a license from the DVD Consortium, they decided to reverse engineer a DVD player. Prudently, they began to disassemble a software player rather than reverse engineer a hardware device, a much more difficult and costly exercise. As luck would have it, they hit the mother lode, so to speak; they stumbled upon a software design shortcoming that allowed them to recover not only the decryption algorithm, but a decryption key as well with laughable ease (basically, something that was supposed to be encrypted, wasn't, or so the news reports say.) This also allowed them to guess the values of many other valid decryption keys.

How was it possible, you ask? Could it be that the mighty DVD Consortium, comprised of industry giants the likes of SONY and others, goofed? Indeed, that seems to be the case; they goofed on several fronts in fact.

First, they goofed because they used a proprietary encryption algorithm. The history of cryptography clearly shows that the strongest encryption algorithms are those that have been made public, and tested thoroughly through the peer-review process. A proprietary algorithm is an algorithm with flaws that are waiting to be discovered.

They also goofed because they didn't enforce their own licensing terms with sufficient vigor; in particular, some argue that permitting the implementation of the DVD decryption algorithm in software was a mistake by itself, because it permitted easy reverse engineering.

But the biggest goof was their initial assumption: namely, that copy protection is an effective deterrent to piracy. The history of commercial software proves that this is not the case. The software industry briefly experimented with copy protection during the early 1980s. In the end it became evident: not only can dedicated pirates break copy protection with much less of an effort than it took to create the copy protection algorithms in the first place, even lay users were able to copy protected software with ease, thanks to the many disk copy programs that came into existence. "Breaking" the copy protection of a Commodore-64 or IBM PC game program was reduced to finding the right copy program from a set of a half dozen or fewer alternatives.

The movie industry apparently hasn't learned this lesson yet. They still believe that copy protection will protect their copyright assets. They still fail to realize that in reality, copy protection accomplishes only one thing: it makes the lives of legitimate customers miserable without deterring pirates the slightest.

Take, for instance, DVD region coding. It's supposed to prevent the playback of a movie on a player intended for a different world region. In the era of increasing globalization, the movie moguls decided to break the world up into six regions; in their grand vision of a brave future, a DVD you purchased in New York City becomes a useless coaster upon your return to Europe, for instance. This is supposed to protect their interests, in particular as it relates to the different release dates of movies in different parts of the world.

Except that the region code was broken with trivial ease soon after DVDs appeared on the market. Modified (code-free) receivers can be purchased with ease; modifications to DVD playback software are freely downloadable over the Web. Once again, it's the legitimate customer who suffers: when, for instance, someone returns from a year-long European assignment with an expensive DVD player purchased in Germany, said player will be useless with North American disks unless risky modifications are made.

Or take the infamous Macrovision copy protection. This protection mechanism introduces an extra signal into the video output of a player. This signal supposedly doesn't interfere with the quality of the video picture, but it does make it impossible to record the signal on a VCR. The emphasis is on the word "supposedly"; in reality, often the opposite is true. In my case, I have no difficulty recording Macrovision-encoded output on my high-end VCR, yet strange purple stripes appear on any DVD movie I attempt to play back using an analog loopback cable through my ATI tuner card in my computer. I wonder; given that I have paid good money for both my equipment and the movies I am trying to watch, is there someone I can sue? Do I smell the words class action here? (Never mind; who the devil has time for such legal nonsense?)

So what does this all have to do with the Microsoft monopoly (other than a coincidence of dates, that is), you ask? Pretty simple. One of the first major software companies that realized the futility of copy protection, and began to distribute their commercial products without such protection was none other but Microsoft Corporation. Movie moguls, take notice: Bill is richer than the rest of you put together...

Oh, but I forget. The US government says that Mr. William Gates is rich not because of anything decent he might have done, but because of an evil conspiracy for world domination. And we know that when the government says something, the government is always right, right?