Politech mailing list archives

FC: Report from DVD court hearing in San Jose, by ewhac

From: Declan McCullagh <declan () well com>
Date: Wed, 19 Jan 2000 09:31:48 -0500

*********

http://slashdot.org/comments.pl?sid=00/01/18/2111232&threshold=0&commentsort=0&mode=flat&cid=330

My View of The Day (Score:5, Informative)
by ewhac on Wednesday January 19, @02:53AM EST
(#330)
(User Info) http://www.best.com/~ewhac/
Today, the DVD Copy Control Association and the EFF
once again met in court, this time to argue for and against the
ordering of a Preliminary Injunction against, basically, the
entire Internet, forbidding further dissemination of DeCSS,
the source code module that decrypts DVD MPEG streams.
After today's hearing, there should be no doubt in anyone's
mind that shrinkwrap license "agreements" are monsterously
unethical and should on no account be allowed to stand.

It is worth noting up front that I am an adamant, vociferous
opponent of these so-called "agreements", so I hope the
reader will excuse some editorial bias. (Individuals interested
in my editorial on the subject can find it here.) Also, events in
court did not occur strictly in the order I will present; I will
be grouping together related concepts to make them easier
to compare.

Court began promptly at 13:30, and counsel for plaintiff and
defendant introduced themselves (the names went by too
quickly for me to get most of them). Judge Elfving indicated
that he would not render his decision today, but would rather
consider the arguments and filings before him and render a
decision at a future time. He was unwilling to commit to a
specific date, but indicated that it would not be overlong.
Judge Elfving then invited plaintiff's counsel to present their
argument.

Jeffrey Kessler began his argument with the following
question: Can a user extract trade secrets in violation of a
shrinkwrap agreement? A lot of other arguments were
presented, but it seemed to me that the DVD CCA's entire
case proceeds from this single precept.

In order to prevail in a trade secret violation, the plaintiff
must show:

That a trade secret exists. Trade secrets must posess
information, must derive value from their secrecy, and
that the secret's owner must employ reasonable
measures to protect that secret.
The secret was misappropriated. CCA argues that
"improper means" were employed to create DeCSS.

CCA's contention is that the reverse engineering employed
to discover the CSS algorithm was prohibited by Xing's
shrinkwrap license "agreement". (Kessler reiterated this point
with some force throughout the proceeding.) Since the
reverse engineering violated this contract provision, the
algorithm discovered within was improperly obtained due to
breach of contract, and is therefore a trade secret violation.
DVD CCA therefore argues that they are entitled to a
Preliminary Injuction forbidding further dissemination.

Kessler went to a lot of trouble establishing that the original
source of DeCSS was Xing's player. An expert's affadivit
asserts that the original DeCSS release contained only Xing's
key, suggesting that it was the Xing player that had been
reverse engineered. Presumably, by establishing Xing to be
the original source, they can invoke Xing's "license" that
prohibits inspection.

Kessler made the assertion that, even if the "clickwrap"
license had somehow been avoided, it still applies and is in
force, since the license stipulates that assent to the contract is
made, not by clicking on "OK", but by installing and using
the software.

Kessler also seemed to go to some lengths to attempt to
establish when DeCSS made its first appearance, which
appears to have been the binary-only release on 6 October,
1999 from the group M.O.R.E. (Masters Of Reverse
Engineering). Subsequent to that, Stevenson's work (where
he attacks the hash rather than the keys) appeared around
25 October, 1999. I presume he did this in an attempt to
establish that any release subsequent to these dates "must"
have come from the "improperly obtained" algorithms.

DVD CCA cited several court cases supporting their petition
for a Preliminary Injuction, which were granted forbidding
further dissemination of materials under dispute (notably, the
Religious Technology Center (Scientology) vs. Netcom).
Kessler further asserted that no court case has ever held
reverse engineering to be proper.

Kessler also cited the recently effected Digital Millennium
Copyright Act which, as a matter of "public policy", forbids
reverse engineering. However, he went on to state that DVD
CCA is not bringing suit under the DMCA; they are bringing
suit under the Uniform Trade Secrets Act.

The plaintiffs also asserted that the "hacker community"
clearly knew that DeCSS was obtained improperly, and
proceeded to quote from postings in Slashdot discussion
fora made back in July where random people opined that a
DVD player for Linux might not be legal to develop. (There
were no in-court mentions of Natalie Portman or hot grits.)
Kessler asserts that this public discussion validates their
claim that the defendants "should have known" DeCSS is
illegal.

The plaintiff also stated that the fact people may have been
trying to develop a DVD player for Linux is entirely beside
the point. Moreover, he stated that DVD CCA was not
discriminating against Linux, that they were more than willing
to license CSS to any "credible party" who wanted to
develop a DVD player.

Finally -- and I think this is fairly significant -- DVD CCA
made the observation that, if this were a copyright case,
there might be a provision for reverse engineering under the
Fair Use doctrine. However, there is no such provision in
Trade Secret law, and the reverse engineering is therefore
improper.

Kessler then turned the floor over to Robert Sugarman, who
proceeded to disparage the EFF's First Amendment
arguments. He repudiated the assertion that the defendants
were news sources, and that they should not be accorded
the protections available to newspapers. He asserted that the
defendants are doing much more than engaging in First
Amendment-protected discussion on this issue.

He repudiated EFF's citation of the Bernstein case.
Copyright was at issue in Bernstein; this is a Trade Secret
issue.

He also likened the obtaining of the DeCSS algorithm to
breaking into Coca Cola's inner sanctum and stealing a copy
of their secret formula. (In fact, the analogy of Coke's secret
formula figured prominently in the plaintiff's arguments.)

Then he dropped a small bomb and stated outright, in open
court, that they seek to enjoin not only hosting of the DeCSS
code, but links to the DeCSS code. He asserted that,
because links provide "instant access" to the disputed
material, they should be forbidden as well.

He attempted to discredit the Open Source (nee "Hacker")
community's motives by bringing to the court's attention the
DeCSS Distribution Contest, and Copyleft's new DeCSS
t-shirts, painting it as juvenile and irresponsible.

For some reason, he also called attention to the recent
cracking of PacBell's ISP accounts, and CDUniverse's credit
card database. Presumably, he was trying to associate the
criminal activities of these individuals with the activities of the
defendants in the case, both of which "clearly" demand
decisive action from the court.

Finally, Mr. Sugarman asserted that, if a Preliminary
Injunction is not granted, the message it will send is:

Theft of trade secrets is OK,
IP law is no longer viable,
It is "not safe" to publish in digital media.

These remarks by the plaintiff's counsel consumed about an
hour and a half. Judge Elfving called a 15 minute recess, after
which counsel for the defense began.

The first guy (whose name I did not catch) seemed to rely
more on bombast and specious details than on concrete
questions of ethics and law. Nevertheless, he did raise some
interesting points.

The Scientology case was raised again, this time to point out
that the Preliminary Injunction granted and affirmed in that
case applied only to one person, not to the entire Internet.
He went on to cite the cases of Sega vs. Accolade and Vault
vs. Quaid, cases in which reverse engineering was upheld as
permissible.

He asserted there was only one real defendant in this case,
the one who allegedly did the "dirty deed": Mr. Johansen of
Norway who originally developed and published DeCSS. If
there is indeed a legitimate action that can be taken, it is
solely against this individual.

He turned the plaintiff's Coca Cola analogy on its head by
stating that one could buy a can of Coke, take it to a
chemical analysis lab, figure out what it was made of, and
publish the results. Such an act would be entirely proper
under the Trade Secret Act under which DVD CCA is
suing.

The defense also argued that trade secret law is a "relational
tort," enabling an action of one party against another. It does
not protect the secret itself.

He asked, "Where is Xing in this case?" If, as submitted,
DVD CCA's license requires licensees to take reasonable
measures to protect their trade secrets, then Xing has clearly
failed in this obligation. Further, he asserted the DVD CCA
does not provide code itself, but expects the individual
licensees to develop compliant code. Therefore, any
misappropriated technology belongs to Xing, not to DVD
CCA.

Finally, he made a highly dubious assertion that there was no
evidence submitted to establish that DVD CCA were the
legitimately assigned licensors of CSS (which has been
developed by Matsushita and Toshiba), and therefore were
not empowered to bring this action. (This was readily
debunked by the plaintiff during rebuttal.)

After he finished, Eben Moglen, Professor of Law from
Columbia Law School took over. I don't think I overstate
the issue when I say this guy absolutely kicked ass. Besides
being a good orator, the man clearly understands technology
as well as law. He's written a treatise on the issues of
intellectual property in the digital age entitled Anarchism
Triumphant: Free Software and the Death of Copyright.

Mr. Moglen basically proceeded to shred the plaintiff's
arguments. He pointed out that DeCSS has nothing to do
with wholesale copying; DVDs may be bit-for-bit duplicated
and will play in any player without the use of DeCSS. He
debunked the assertion of "irreparable harm" to the movie
industry by doing some basic bandwidth math showing that
downloading a 5.1 gigabyte movie will take you 30 hours
(DSL speeds), and if you have a direct backbone
connection, it'll take ten hours. Wholesale copying of movies
in this manner is therefore not a realistic concern.

He raised the plaintiff's assertion that, while it may not be
economically viable to copy movies today, these
technologies will become cheaper and more available in the
future. However, such theoretical future damages are not at
issue; the court need only concern itself with what is
happening now.

Mr. Moglen went on to describe CSS as extremely weak,
and outlined Stevenson's novel attack against the cipher,
which involves attacking the hash value to reconstruct the
"title key" by which the MPEG stream may be decoded. In
such a case, none of DVD CCA's keys are employed. The
title key for any disc can be cracked on a Pentium-III in
about 18 seconds. He drove home CSS's weakness by
mentioning that Mr. Johansen of Norway is 15 years of age.
Thus, the trade secret at issue must not have have been very
secret, as it was literally child's play to discover it.

With all this, Moglen asserted that no cause of action
remains because no trade secret remains. The "secret" in
question was obtained by legitimate means, and Stevenson's
subsequent work illustrates that none of DVD CCA's alleged
secrets need be involved in decrypting a DVD. Had the
DVD CCA acted more swiftly in restraining Mr. Johansen,
they might have a cause for action. As it is, they've waited
too long.

When he concluded, Moglen received light applause from
the gallery as Judge Elfving asked for rebuttal from the
plaintiffs.

Mr. Kessler assailed the work of Stevenson, saying that it
proceeded from the improper DeCSS code by Johansen.
Therefore, Stevenson's work, though novel, is
"contaminated" by Johansen's alleged breach of the Xing
"license", and the trade secret is still protected.

He argued against defense assertions that no license was in
force, saying basically, "Yes, there was!" He attacked EFF's
citation of the Sega case, stating that it was a copyright case,
and that reverse engineering was held to be proper under
Fair Use. This is a trade secret issue.

However, he went on to call attention to the DMCA again,
stating that, as a matter of "public policy", reverse
engineering is held to be improper. Then he flips again, and
says they're not citing DMCA, only the Uniform Trade
Secrets Act (which has no provisions for fair use).

Finally, the floor was turned over to Mr. Sugarman who
(under pressure of time) characterized Professor Moglen's
arguments as entertaining but irrelevant. All DVD CCA
seeks, says Sugarman, is to take down the DeCSS code and
all links to the DeCSS code. They are not seeking damages,
nor are they seeking to quash discussion of the merits of the
algorithm; only the trade secret itself.

Judge Elfving then thanked counsels, said there was a lot to
think about, and would render his decision as soon as
possible. Court was then adjourned at around 16:50.

My Analysis and Opinion:

We may readily concede that CSS was a trade secret,
developed in secret, and made available under a
comprehensive contract that obligated licensees to maintain
the secrecy of the techniques used. It also seems fairly
certain that the initial cracking of the CSS involved taking
apart the Xing player and seeing how it worked. In order for
this action to be a trade secret violation, Johansen's
disassembly would have to be an improper use.

In order for it to have been improper, Johansen would have
to be laboring under an obligation to maintain the secrecy of
the Xing code and the CSS algorithm. The DVD CCA
asserts that this obligation existed in the form of the
shrinkwrap "agreement" which restricted, among other
things, reverse engineering. So the DVD CCA's entire case
hinges on whether shrinkwrap "licenses" are enforceable.

Let us put aside the fact that Johansen is Norwegian, where
different laws and standards apply; and let us also put aside
the fact that he is a minor, who likely can't be bound to
contracts without parental consent (again, Norwegian law
may differ on this point). Let us concentrate instead on this
contract that, by the most tenuous forms of assent, may be
considered in force and remove from the licensee a litany of
valuable rights, including reverse engineering.

As I stated earlier, it is my adamant position that such
documents are pure fiction; that they are not and should not
be taken seriously. These instruments have little basis in law,
and no basis whatsoever in simple ethics. They run counter
to the real and reasonable expectations of consumers when
they purchase software; that a sale has taken place, and they
hold title to that particular copy of the software, subject to
copyright restrictions. The "agreements" seek to alter the
terms of the sale after the fact.

Further, these contracts attempt to escape vendors from the
provisions of consumer protection laws, "lemon" laws, and
remove from consumers their rights under Fair Use
provisions of copyright law and, in some cases, the First
Amendment (by forbidding discussion of benchmarks). And
all one needs to do to assent to such onerous conditions is
to, "install and use the software."

If A.H.Robins had attached such a license to its Dalkon
Sheild, would it have been upheld? Would thousands of
women around the country have found themselves unable to
seek damages because they had "agreed" to hold
A.H.Robins harmless? If Black&Decker attached such a
license to its power saws saying you could only use
Black&Decker saw blades, could it be enforced? We might
concede they could cancel the warranty, but could they sue
you for breach of contract, as DVD CCA has done over
CSS?

Even if we were to presume such licenses are enforceable,
how could they be said to apply to minors, who cannot be
bound to contracts without parental consent? Must we then
require that computer stores not sell software of any kind to
anyone under age 18?

The idea is worse than ludicrous, it is offensive. No credible
argument can be brought to bear that shrinkwrap licenses
have any constructive use or benefit -- for consumers or
publishers -- much less any foundation in ethics and basic
human decency.

Some suggest that the "parade of horribles" that shrinkwraps
enable has not happened, and is not likely to happen. I
submit that a California corporation seeking a broad
injunction, reaching beyond the borders of the state and even
the country, to constrain domestic and foreign nationals from
engaging in legitimate, ethical behavior to be a "horrible" that
even the most paranoid among us could not have anticipated.
There can be no further doubt that shrinkwrap licenses
are a big, fat, ugly problem, and must not under any
circumstances be allowed to stand.

Those who might suggest the GPL is weakened by such a
position need not worry. While most commercial software
"licenses" purport to constrain use, the GPL constrains
copying. Absent a license of any kind, you still have the right
to use your lawfully obtained software. You would not,
however, have the right to make and distribute copies; the
default conditions of copyright law apply. (This is true even if
you're a minor.) Right to Use is concomitant with purchase;
right to copy is not.

It is difficult to predict how the Judge will rule. Unlike the
TRO hearing, the plaintiff was very well prepared. Both
sides presented their arguments well. Judge Elfving stated
that he wishes to be thorough, and will doubtless spend a
good deal of effort considering the arguments. Still, both
sides were articulate, and it will depend on who Judge
Elfving chooses to believe, so the decision could go either
way. Cross your fingers...

Schwab

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo () vorlon mit edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------

Current thread:

FC: Report from DVD court hearing in San Jose, by ewhac Declan McCullagh (Jan 19)