Breaking Microsoft's Digital Rights Management

The Digital Millennium Copyright Act (DMCA) and the Attack on the First Amendment

As a United States citizen, the right that I am the most proud of is our almost unrestricted right to publish. The United States is strong in every way because of our free press. The free press is at the root of innovation in the United States. The free press is the reason that the United States leads the world in technology and ideas.

A free press serves as a brake on government and corporate corruption. Although many would like to hide their actions in the dark, the courts have upheld the right to publish information that embarrasses the powerful. Without a free and open press the people of the United States would not have known that the government and military lied to them during the Viet Nam War. We would never have known about the secret "contra" war in Nicaragua, where people working with Ollie North ran arms in and drugs out.

I am writing this Web page about six weeks after the United States suffered the worst terrorist attack in our history. In this dark time the citizens of the United States should reflect on our history and our values. The people who founded our country and wrote our Constitution risked their lives for the freedoms that are guaranteed there. But they also knew that a Constitution was only paper. The only guarantee of freedom is in the people themselves. A people who are cowardly and craven will allow their freedoms to be stripped from them by the powerful.

Our freedoms have been viciously attacked by the Digital Millennium Copyright Act (DMCA). Congress passed this odious law that attacks our First Amendment rights while the lobbyists for the recording, movie and software industry shoveled money into their pockets. The people who voted for this law cared little for our precious freedoms and less for the oath they took to uphold the Constitution.

The DMCA is a direct attack on the right of United States citizens to publish. The DMCA makes it illegal to distribute software, in either object or source form that can defeat copyright protections. A Russian citizen, Dmitri Sklyarov was arrested while attending a computer science conference in the United States. Sklyarov's crime, under the DMCA, was to develop software that defeated the copy protection included in Adobe e-books. Unfortunately software source code, published on the Internet, does not have the clear First Amendment protections that that speech does. However, even speech has been attacked as Professor Edward Felton found out when he tried to publish his paper on the Secure Digital Music Initiative's music watermark.

Historically the United States has given its citizens wide latitude in publishing. Even material which is objectionable to many people may be published. This includes violent pornography, drug and bomb making instructions and fascist screeds. The right to publish has been limited only when there is a compelling reason and the courts have, so far, narrowly defined "compelling. For example, the design of nuclear weapons cannot be published. Nor can the names of covert agents working for US Intelligence. In general classified information cannot be published, but in the case of The Pentagon Papers, publication of classified information was allowed. The US Government has a long history of classifying material to cover-up embarrassing information. The courts have sometimes recognized that embarrassment is not the same as national security and allowed the publication of classified material.

Compelling reasons to limit free speech and publication should not include protecting the profits of large multi-national media corporations. Yet this is exactly what the DMCA does: it limits publication to protect corporate profit. Not only can software that attacks copyright protections not be published, but the DMCA also threatens the right to publish articles that describe the computer science principles behind this software.

Trade Secrets and the Suppression of Free Speech

The media industry and those who provide protection schemes are attempting to use trade secret law to suppress free speech.

Free speech is never absolute. For example, if I sign an agreement with a company that pays me for my services, frequently I agree not to disclose the trade secrets that I learn about as part of my work. This limits my free speech, but I have agreed to this limitation in advance.

The software industry and Microsoft in particular frequently include a license agreement as part of their software installation. These agreements are long and written in impossible to read legalese. Most users ignore them. Similar agreements are included in software packaging. The theory is that by breaking the seal the user agrees to the conditions in the license.

An increasingly popular condition in these impenetrable licenses is an agreement not to "reverse engineer" the software, protection schemes or anything else the provider does not want you to know. Users who do so violate what the vendor claims is a trade secret agreement. This is the legal argument taken by the Motion Picture Association of America (MPAA) in the suit against anyone associated with the DeCSS software that allows DVD copying.

This is an obscene approach for the MPAA and media vendors to take. These licenses are difficult to understand, even for a well educated college graduate. The licenses are intentionally made to be difficult to understand so users will agree to them without reading the agreement. Requiring a complex license to use a media player or to view a movie on a DVD is simply ridiculous. Claiming a trade secret agreement when no trade secrets are disclosed, as they are between an employee and an employer, is even more outrageous. These agreements have never been challenged in court so it is unclear whether they are enforcible.

Even if one were to accept the outrageous concept that the use of a mass media technology creates a trade secret agreement between the vendor and the user, the liability should at most extend to the person who disclosed the information. The MPAA has attempted to extend the publishing prohibition and liability to anyone who republishes the material (for example, the hacker publication 2600 republishing the DeCSS source code). The publishers of 2600 have not necessarily come into contact with the vendor's products (nor have I ever used Microsoft's media player that supports DRM). So there can be no trade secret agreement between the vendor and any secondary publisher.

Cryptographic techniques do not depend on secrecy. In fact, companies like RSA Security publish their algorithms (for example their RC5 algorithm) so that people outside of RSA can attempt attacks. The fact that the media industry is depending on secrecy to protect their "intellectual property" is a statement of how poor their engineering is.

Microsoft Digital Rights Management

Recently The Register reported that an anonymous author using the name "Beale Screamer" had cracked the Microsoft Digital Rights Management (DRM) protection scheme for music and other media. The author of this software did not want to follow Dmitry Sklyarov to jail and has remained anonymous. The existence of the DMCA means that no web site in the United States can publish the software that breaks Microsoft's DRM protection without fear of being prosecuted. However, The Register is in England where the DMCA does not apply. At the time of this writing, The Register article has a link to the software that will allow you to down-load it. Software that implements mathematical algorithms tends to be small compared to, say, compilers (this simply reflects that fact that the effort goes into developing the mathematics, rather than the software). Another way to look at this is that with the DMCA in place, it does not take that much source code to get you into lots of trouble. As of the October 18, 2001 release of the software:

source lines file name
118 MultiSwap.c
238 ecc.c
545 main.c
724 msdrm.c
21 MultiSwap.h
36 ecc.h
47 msdrm.h
1729 total lines

I don't have any interest in using this software. I removed it after I ran the the UNIX utility wc on the source files to generate the data for the table above.

One thing that is worth noting is that this is a relatively small piece of software. It should be possible to entirely describe its functionality in English, such that the English can be directly translated by a programmer into C code. Although the courts don't extend First Amendment protection to software source, the First Amendment should cover the English expression of the software source. A program that translated C to a restricted set of english and the restricted set of english back to C could also be envisioned. If the First Amendment did not cover the English result of such a translation, then in theory the First Amendment would not cover mathematics publications either. For example, pure Lisp embodies lambda calculus and could be viewed as an executable form of mathematics. This is true of a language like C as well, although we lose some mathematical properties.

The anonymous author of this software seems to be a professional computer scientist. A great deal of work went into a very sophisticated attack on Microsoft's DRM. Along with the software are well written articles on copyright issues and Microsoft's DRM scheme. These articles are mirrored here, as I down-loaded them from The Register. I have only added HTML formatting. The technical description of the Microsoft DRM is obviously not the work of a "teen hacker", but of a mature computer scientist. The technical discussion includes some important issues about how Microsoft could use this technology to support their monopoly power.

As a United States citizen and resident I cannot publish the software source that went along with these writings without fear of civil and criminal liability. Although the courts have not yet recognized software source as a form of speech, the written word (and these Web pages) are still supposed to be protected by the First Amendment.

Disclaimers

I'd like to point out that the anonymous author's words are his, not mine, although I agree with what "Beale Screamer" writes. Don't send me e-mail asking for the source code. I don't have this source code and would not distribute it. Although the DMCA is a horrible and offensive law, like "Beale Screamer", I have no desire to run afoul of it.

"Beale Screamer"'s articles and related files:

In closing it is probably worth noting that an increasing number of computer scientists are taking time from their other work to provide the technical means for people to recover the fair use rights that the DMCA has stolen from them. The power of the DMCA to inspire such bitter feelings in a highly educated and talented group is simply another indication of the fact that it is bad law.

Annotated References

Ian Kaplan, October 2001
Revised: November 2002