Recently, someone leaked the cryptographic key (a 16-digit hexadecimal number) that can be used to decode content on the high definition HD-DVD format, making it possible to rip HD-DVD discs—something which has long been possible, though illegal, for conventional DVDs. The story made it to the Web site Digg. If you’re not familiar with the site, it works like this: People submit stories from around the Web and other Digg users give them a thumbs up (“digg”) or a thumbs down (“bury”). The more popular the story gets, the more prominently it’s displayed on the site. There are other similar sites, like Reddit, but Digg is among the most popular, able to drive vast amounts of traffic that can bring even big sites to their knees. Getting dugg can be both a boon and a curse to a webmaster.
The story about the cryptographic key didn’t stay on Digg long; it was removed by the administrators, who claimed that the “the owners of this intellectual property [believe] the posting of the encryption key infringes their intellectual property rights.” While it’s unknown precisely what organization approached Digg, many suspect it was the Advanced Access Content System Licensing Authority (AACS-LA), the organization that maintains and owns the AACS copy protection system. (Legal action has also been threatened on other sites that have published the key.)
Unfortunately, while this may have seemed like a logical step for the AACS-LA to take, it was also pretty darn stupid.
You see, from my experience, the kind of people who are interested in this information also tend to be the kind of people who will react quickly and vehemently to what they perceive as censorship. As a result, dozens upon dozens of stories containing the key have now popped up on Digg and elsewhere. Some users have disguised the key as other information: for example, sneaking it into the Wikipedia page on the IPv6 protocol as a hexadecimal IP address. (It was subsequently removed) One person translated the hex values into colors; another user made an OS X screensaver that does nothing but display the code. Geek celebrity Wil Wheaton encouraged people to add the code to his Wikipedia entry as his favorite number. It’s even been immortalized in song and on shirts. Other stories were as simple as “I would like to share my favorite new numbers with everyone!” In short, that code is now everywhere . It’s quite possibly the most quickly spread piece of information to ever appear on the Internet.
The HD-DVD folks have run into a prime example of the hydratic equation. You may remember the story of the multi-headed Hydra from Greek mythology: Every time Heracles cut off one of the heads, two more sprang up in its place. Not that there was anything that really could have been done about it—once the code genie got out of the bottle, he wasn’t going back in. That inevitability points to one of the fundamental flaws of digital rights management (DRM). Most DRM systems depend on “security through obscurity;” they rely upon keeping one crucial piece of information, like a password, secret. The problem is, if you keep information in an encrypted form and somebody wants to view that information, it has to be decrypted first. And that entails having that secret key. So the key is, in effect, just waiting to be discovered, and the combined ingenuity of the world’s hackers ensures that sooner or later, the key will come out.
So, how do you protect a system that’s doomed to failure? Legislate it, naturally. The Digital Millennium Copyright Act (DMCA) makes it a crime to break the encryption schemes, even for totally innocuous acts like making a digital copy of your DVD for personal backup purposes. It’s also worth noting that breaking this encryption is the only way users on platforms like Linux can watch protected content like DVDs on their computers, since officially sanctioned programs usually aren’t made available for Linux.
There’s also a larger question here: can numbers can be considered intellectual property? Certainly a word or phrase can be trademarked or otherwise copyrighted, but can I type 909897234985792834759237495 and say that nobody else is allowed to use that number without my permission? If so, then I contend that something is very, very wrong with our intellectual property system. Now, I would certainly be annoyed—and for good reason—if my password was suddenly posted on Digg, but I don’t think that I’d have grounds for legal action, especially of the intellectual property variety, merely because someone had plastered pleistocene42 all over the Internet. For one thing, merely having the secret code doesn’t allow you to break the encryption; you still need a program to do it. I’m guessing (and fervently hoping) that any attempt to use the DMCA to prosecute those spreading the code would be thrown out of court. It’s like suing somebody for guessing what number you’re thinking of.
Back to the Digg administrators, who found themselves stuck between a rock (the HD-DVD group) and a hard place (their own users). If they censored the stories, as the HD-DVD people have requested, they may be upholding their terms of service and protecting themselves, as Digg CEO Jay Adelson stated in his blog post, but they also break their promise of a democratized system of information proliferation. Digg founder Kevin Rose is smart enough to realize this (and, from a more practical standpoint, smart enough to realize that the cat was not just out of the bag but well on its way to Mexico). His ultimate “if you can’t beat ’em, join ’em— decision to post the key on the Digg blog and vow to “go down fighting” was really the only thing he could do if he hoped to retain any sort of credibility.
Digg has, at least, learned an important lesson here which the HD-DVD people would be well advised to heed: when you give the power to the people, sometimes they’re going to turn it right back on you.
Dan Moren is the author of Macworld.com’s Gadgetbox column and co-editor of the MacUser blog.