CSS vs. CSS

Banner Oslo, Dec 12, 2002.

I've spent the last eight years of my life promoting CSS and have identified closely with those three letters, in that particular order. I never thought I would find myself marching through the streets (another article) in support of someone who cracked CSS.

Fortunately, the two CSS acronyms in the previous paragraph are unrelated. My CSS stands for Cascading Style Sheets, a language developed to describe the presentation of web pages. The other CSS is the Content Scrambling System developed by the DVD industry. My CSS was developed to protect structure and beauty on the web. Their CSS is a poorly designed proprietary mechanism to restrict access to information.

I write this report from a courtroom in Oslo where Jon Johansen is on trial for cracking their CSS. In the fall of 1999, the 15-year old Jon worked with fellow programmers to create a program, called DeCSS (not to be confused with DeCSS), which removes the CSS encryption from DVD movies. This allows movies to be played on non-Windows systems and enables viewers to skip past commercials that they are currently forced to watch by "licensed" players. Jon Johansen used DeCSS to decrypt parts of two movies that he had bought for himself and he shared the DeCSS program with others on the Internet.

The Norwegian police, after receiving a letter from the Motion Picture Association of America (MPAA), seized Jon's computers. Now, three years later, Jon is on trial. He could face two years in prison if convicted.

So, why do I care? Well, it may be Jon today — but Opera tomorrow.

Opera makes browsers in competition with Microsoft. The main task of a browser is to read coded information, decode it, and display it to the user; essentially, the same task as Jon's DeCSS. On the web, we're privileged that most documents and images are coded in well-known formats (e.g., HTML, JPEG, GIF and, yes, CSS). However, Microsoft is constantly pushing proprietary extensions to these formats. The next version of Microsoft Internet Explorer could well support proprietary encrypted formats forcing people to use only "licensed" browsers. Opera would suddenly be making "unlicensed" browsers. Then, if Microsoft were to write a letter to the the Norwegian police asking them to stop a small Norwegian company from producing "unlicensed" browsers, I'd like for there to an outcry — that's why I care.

In the courtroom, the prosecutor has spent days reading from Jon's chat logs. Having described Jon and his friends as "an international gang of youth criminals", the prosecutor has given a new villainous meaning to the smiley faces and "heh-heh" that pepper Jon's logs. Are these commonly used symbols really evidence of Jon's conspiracy against the international media industry?

In another moment providing amusement for Jon's supporters, who mainly consist of local Linux geeks occupying the two last rows in the courtroom, the prosecutor described Linux as "especially popular among hackers". This comment gained her a headline in one of the daily newspapers when it was discovered that her employer's web server (Norwegian Economic Crime Unit, Økokrim) runs on Debian GNU/Linux.

Interestingly, the prosecutor has tried to distance Jon from his supporters by claiming that DeCSS was not primarily developed to benefit the Linux community. She claims that Jon's main purpose was not to make a DVD player available on Linux but rather to create a pirating tool for the Windows operating system. Her evidence for this view comes from the chat logs where Jon is quite disparaging about Linux people: "goddamn linux fanatics, I wish someone would shoot them", though the statement was followed by smileys. In spite of her best efforts to divide and conquer, Jon's supporters remain supportive and exchange smug smiles when the prosecutor mixes up terms and technical concepts. (Also, it has been noted, Jon and RMS seem to be in agreement on the issue of Linux fanatics.)

The first of the three rows, reserved for spectators and supporters, is occupied by journalists from the main Norwegian dailies. The case receives its fair share of attention in this country, overshadowed only by the economic misdeeds of a former minister. One would think the Norwegian Economic Crime Unit would pay attention to such matters. Alas, they are probably too busy prosecuting Jon for his crimes. (I was wrong: they announced — in a Word document — their investigation the day after I wrote this report)

The prosecutor claims Jon's actions has dire consequences for the DVD industry. However, so far, not a single witness has testified that they know of anyone having used DeCSS to pirate movies. No one, not even Jon, has watched an entire movie decrypted by DeCSS. This last fact must be disappointing for the programmers, though it weakens the prosecution's case since it is not illegal to write software no one uses. As for dire consequences for the industry: DVD players are the best-selling Christmas gift in Norway this year.

Today's two highlights were the sudden evaporation of two witnesses' ability to answer obvious questions. First, Mr John Hoy, president of DVD CCA, did not understand his own organization's definition of "Copy Protection Functions". Had he answered any questions on this topic, he would have undermined the prosecutor's definition of "copy protection". Therefore he resorted to obstructive and vague answers until the defense stopped questioning him in sheer frustration.

The second highlight was when an expert witness of the prosecutor was asked if "zone-free" DVD players are easily available in the market. The witness claimed not to know thereby not revealing the fact that most players sold in Norway are "zone-free". These players break the DVD CCA rules by allowing people to play the US editions of DVD movies. So much for expert witnesses. This gives rise to the obvious question: "Why is Jon charged when zone-free DVD players are sold openly in the store next door?"

I have come to a couple of conclusions while watching this trial. First, we need a new law that protects one's right to read data to which one has lawful access. Second, the DVD CCA should rethink CSS. The next time they design a DVD encryption scheme (how about "Super-DVD"? heh-heh :-). Sure, let the same guys to do the technical work. But please find another name.


howcome, Dec 12, 2002 [minor updates Dec 13-15, 2002]