DVD Copy-Protection Scheme Defeated?

Hackers have succeeded in defeating the Digital Versatile Disc's copy-protection encryption, according to several reports that popped up in late October and early November. Source code for decrypting entire movies is now circulating on the Internet, and an underground trade in illicit copies has arisen.

This inevitable development occurs just as the DVD is gaining mainstream approval as the video source of choice, and confirms Hollywood's worst fears about making high-resolution entertainment media available to the general public. "The ramparts are being breached," Motion Picture Association of America president Jack Valenti said in describing the situation to Congress.

This somewhat hysterical characterization would seem to indicate that perfect copies of DVD movies are being replicated by the millions. The reality is not that serious. Although the encryption keys are circulating and people are making copies, the copies are much-lower-resolution Video Compact Discs (VCDs) or ultra-low-rez AVI files (which are almost unwatchable even with the best equipment). VCD is a stripped-down format free of DVD's interactive features and high-quality sound and picture, requiring only about 600MB of disc space compared to DVD's 4.7GB.

Almost unknown in the US, VCD is a popular format elsewhere in the world, especially in countries where piracy is a way of life. VCDs of new theatrical releases are reportedly sold on the streets in countries like Russia, China, India, Israel, and Brazil months before the debut of the authentic versions. Price, not quality, is the overriding consideration. "Master tapes" from which copies are made are often shot with hand-held camcorders in movie houses, then transferred to VCD.

The current buzz is due to a utility program called DeCSS, developed by two European programmers who exploited a weakness in DVD playback decoders. In playback, the decoded digital datastream is necessarily exposed. Instead of sending the code to audio and video DACs for sound and picture, DeCSS saves the datastream as a huge file on a hard disk, minus the encryption. The whole process is made easy by a device called an in-circuit emulator, used to monitor hardware activities. "The key is right there in plaintext, in an area where you're not supposed to look—like under the doormat," one engineer posted on a digital TV newsgroup.

Despite the entertainment industry's predictable reaction, DVD "rippers" are nothing new. "There have been DVD ripping tools available for months," said British computer programmer Derek Fawcus. "DeCSS is simply the latest in a line of methods of doing this." As has been pointed out here and elsewhere, the human propensity for tinkering, combined with the proliferation of technology, means that no intellectual property is safe from piracy. Any encryption scheme can and will be defeated. The answer to the problem lies not in more complex encryption, better law enforcement, or more aggressive lawsuits, but in making films on DVD so affordable that there is little incentive to copy them. Who would pay $20 for a lo-rez copy if they could buy the studio original for $10?

DVD supporters, fearing that piracy will inhibit Hollywood's embrace of DVD, are understandably upset. One possible outcome is a Divx-style distribution model in which each copy and each user have individual keys that must coincide via a secured (and monitored) transaction for a movie to be played. Hackers are therefore working not only against the movie studios, but against the best interests of movie lovers as well.