The hearing was from about 1 to 5 today at the Santa Clara County
Superior Courthouse in San Jose. Basically, the attorneys for the
DVD CCA got up and spoke on and
on for about a couple of hours, then the attorneys for the EFF spoke
for about a couple of hours, and finally the DVD guys got to get a
last word in. The Slashdot/cypherpunk contingent basically filled the
courtroom, although not to overflowing. In general, we were fairly
conservatively dressed (one young man with shocking-red hair
notwithstanding) and reasonably well behaved, although there were a
few times we laughed at the more ridiculous statements of the DVD
Both sides presented their view of the facts. Basically, the DVD story
is that a Norwegian hacker (Jan Johansen) improperly hacked the trade
secret keys out of a DVD player made by Xing, and all subsequent work on DVD
CSS followed from this original source code release. Trade secrets
continue to be protected by law even if they're not a secret, as long
as the original release was "improper," and that the people doing the
subsequent distribution either knew or should have known about the
improperness. The trade secret doesn't have to be obtained illegally,
but it helps. Since the Norwegian trade secret law contains explicit
exemptions for reverse engineering for the purposes of
interoperability (a fallout, apparently, of IBM using trade secret law
to shut out European hardware manufacturers from selling stuff to work
with IBM computers), the DVD people fell back on the criminal
breaking-and-entering offense. This was one of the events that
provoked laughter, as can be imagined.
The EFF side emphasized that there were two independent reverse
engineering works; the original by Johansen, and another one released
later in October by Frank Andrew Stevenson (also in Norway). If the
second were truly independent, then it would be a completely separate
issue legally, and even if the first were found to be improper,
distribution of the CSS "secret" would not be legally constrained. The
EFF also pointed out a number of technical flaws in the DVD case
(basically, only of interest if you're another lawyer), and wound up
with a stirring appeal to First Amendment rights, the Pentagon Papers
case, and the name of Thurgood Marshall.
So, basically the two battalions of lawyers did a fairly good job of
presenting their cases, and now it will be up to the judge to
decide. If you want more information yourself to tide you over while
waiting, check out John Young's definitive archive.
After the hearing, many participants gathered outside the building,
and Chris DiBona handed out t-shirts with the CSS code and a nice "no
DVD CSS" logo. A few people were taking pictures; hopefully they'll be
up on the web soon.
A lot of interesting stuff is going to get decided, or at least
addressed, in this case. For one, the injunction very clearly calls
for links to the source code to be enjoined, not just posting
of the source code itself. That's pretty clearly a free speech issue,
not least because the San Jose Mercury News (the city's major
newspaper) posted links to the code on the front page of the paper
edition as well as their web site. They're not named as a defendant
(the DVD lawyers are not that stupid), but the same issues
apply. The DVD lawyers then had the chutzpah to characterize the
injunction as "narrow". Advogato would be really curious to see what
an injunction characterized by the plaintiffs as "broad" would look
From this hearing, a few suggested guidelines regarding the handling
of reverse engineered data emerge. This is not the first, nor is it
likely to be the last, case of reverse engineering as it applies to
Most importantly, if the data can be obtained clearly legally, that
helps a lot. Different countries have different strengths of law in
this regard - American is generally not all that bad, but the new Digital Millennium Copyright Act has
some downright nasty provisions when it comes to tools to circumvent
copyrights. There's a separate DMCA case being heard in Federal Court
on the DVD issue, totally unrelated to today's hearing. Norway is
generally in line with European law, with a nice exemption for
"reverse engineering for interoperability," a pretty juicy loophole
for free software developers. However, countries that are not
signatories to the Hague convention on copyrights may be even more
appealing. Free software is a global phenomenon; why not make good use
of it here?
As was explained today, trade secret law covers relationships, not
content. The "wrong" is not disseminating the information, but having
improperly obtained it in the first place. Yet, knowledge of
improperly obtained information taints further work. This is something
to be particularly aware of in the context of free software, which
runs on free and open discussion. Advogato wouldn't change this
openness for anything, but suggests that someone who comes into
possession of potentially controversial information think a bit before
releasing it into the world. Perhaps giving someone else the
opportunity to cleanly and independently reverse engineer the data
would make a big difference if the matter happens to go to trial.
The issues at stake here are significant. Technology like CSS goes
against the very grain of free software, which at its heart is about
letting users have control over their own computer systems. I don't
want lawyers deciding under what context I can play DVD's I buy in the
store. I'm not at all interested in the Secure Digital Music Initiative. Most
examples of these kinds of schemes to date have fallen under their own
weight (divx clearly
comes to mind), but sooner or later there will be a format that's just
too damn tempting for most people to resist. Will it be legal to have
free and open systems to play this stuff, or will we have to invite
the recording industry and their lawyers into our computers to make
sure we play by their rules?
More coverage on Slashdot.
ewhac was kind enough to
give Advogato permission to repost his
first-person account, far more detailed than my own:
Today, the DVD Copy Control Association and the EFF once again met
in court, this time to argue for and against the ordering of a
Injunction against, basically, the entire Internet, forbidding further
dissemination of DeCSS, the source code module that decrypts DVD MPEG
streams. After today's hearing, there should be no doubt in anyone's
that shrinkwrap license "agreements" are monsterously unethical and
on no account be allowed to stand.
It is worth noting up front that I am an adamant, vociferous
opponent of these so-called "agreements", so I hope the reader will
some editorial bias. (Individuals interested in my editorial on the
can find it here.)
Also, events in court did not occur strictly in the
order I will present; I will be grouping together related concepts to
them easier to compare.
Court began promptly at 13:30, and counsel for plaintiff and
defendant introduced themselves (the names went by too quickly for me to
most of them). Judge Elfving indicated that he would not render his
decision today, but would rather consider the arguments and filings
him and render a decision at a future time. He was unwilling to commit
specific date, but indicated that it would not be overlong. Judge
then invited plaintiff's counsel to present their argument.
Jeffrey Kessler began his argument with the following question: Can
a user extract trade secrets in violation of a shrinkwrap
lot of other arguments were presented, but it seemed to me that the DVD
CCA's entire case proceeds from this single precept.
In order to prevail in a trade secret violation, the plaintiff must
- That a trade secret exists. Trade secrets must posess
information, must derive value from their secrecy, and that
secret's owner must employ reasonable measures to protect that
- The secret was misappropriated. CCA argues that "improper means"
were employed to create DeCSS.
CCA's contention is that the reverse engineering employed to
discover the CSS algorithm was prohibited by Xing's shrinkwrap license
"agreement". (Kessler reiterated this point with some force throughout
proceeding.) Since the reverse engineering violated this contract
provision, the algorithm discovered within was improperly obtained due
breach of contract, and is therefore a trade secret violation. DVD CCA
therefore argues that they are entitled to a Preliminary Injuction
forbidding further dissemination.
Kessler went to a lot of trouble establishing that the original
source of DeCSS was Xing's player. An expert's affadivit asserts that
original DeCSS release contained only Xing's key, suggesting that it was
Xing player that had been reverse engineered. Presumably, by
Xing to be the original source, they can invoke Xing's "license" that
Kessler made the assertion that, even if the "clickwrap" license had
somehow been avoided, it still applies and is in force, since the
stipulates that assent to the contract is made, not by clicking on "OK",
by installing and using the software.
Kessler also seemed to go to some lengths to attempt to establish
when DeCSS made its first appearance, which appears to have been the
binary-only release on 6 October, 1999 from the group M.O.R.E. (Masters
Reverse Engineering). Subsequent to that, Stevenson's work (where he
attacks the hash rather than the keys) appeared around 25 October,
presume he did this in an attempt to establish that any release
to these dates "must" have come from the "improperly obtained"
DVD CCA cited several court cases supporting their petition for a
Preliminary Injuction, which were granted forbidding further
of materials under dispute (notably, the Religious Technology Center
(Scientology) vs. Netcom). Kessler further asserted that no court case
ever held reverse engineering to be proper.
Kessler also cited the recently effected Digital Millennium
Copyright Act which, as a matter of "public policy", forbids reverse
engineering. However, he went on to state that DVD CCA is not bringing
under the DMCA; they are bringing suit under the Uniform Trade Secrets
The plaintiffs also asserted that the "hacker community" clearly
knew that DeCSS was obtained improperly, and proceeded to quote from
postings in Slashdot discussion fora made back in July where random
opined that a DVD player for Linux might not be legal to develop.
were no in-court mentions of Natalie Portman or hot grits.) Kessler
that this public discussion validates their claim that the defendants
"should have known" DeCSS is illegal.
The plaintiff also stated that the fact people may have been trying
to develop a DVD player for Linux is entirely beside the point.
he stated that DVD CCA was not discriminating against Linux, that they
more than willing to license CSS to any "credible party" who wanted to
develop a DVD player.
Finally -- and I think this is fairly significant -- DVD CCA made
the observation that, if this were a copyright case, there might be a
provision for reverse engineering under the Fair Use doctrine. However,
there is no such provision in Trade Secret law, and the reverse
engineering is therefore improper.
Kessler then turned the floor over to Robert Sugarman, who proceeded
to disparage the EFF's First Amendment arguments. He repudiated the
assertion that the defendants were news sources, and that they should
accorded the protections available to newspapers. He asserted that the
defendants are doing much more than engaging in First
discussion on this issue.
He repudiated EFF's citation of the Bernstein case. Copyright was
at issue in Bernstein; this is a Trade Secret issue.
He also likened the obtaining of the DeCSS algorithm to breaking
into Coca Cola's inner sanctum and stealing a copy of their secret
(In fact, the analogy of Coke's secret formula figured prominently in
Then he dropped a small bomb and stated outright, in open court,
that they seek to enjoin not only hosting of the DeCSS code, but
the DeCSS code. He asserted that, because links provide "instant
the disputed material, they should be forbidden as well.
He attempted to discredit the Open Source (nee "Hacker") community's
motives by bringing to the court's attention the DeCSS Distribution Contest,
new DeCSS t-shirts, painting it as juvenile and
For some reason, he also called attention to the recent cracking of
PacBell's ISP accounts, and CDUniverse's credit card database.
he was trying to associate the criminal activities of these individuals
the activities of the defendants in the case, both of which "clearly"
decisive action from the court.
Finally, Mr. Sugarman asserted that, if a Preliminary Injunction is
not granted, the message it will send is:
- Theft of trade secrets is OK,
- IP law is no longer viable,
- It is "not safe" to publish in digital media.
These remarks by the plaintiff's counsel consumed about an hour and
a half. Judge Elfving called a 15 minute recess, after which counsel
the defense began.
The first guy (whose name I did not catch) seemed to rely more on
bombast and specious details than on concrete questions of ethics and
Nevertheless, he did raise some interesting points.
The Scientology case was raised again, this time to point out that
the Preliminary Injunction granted and affirmed in that case applied
one person, not to the entire Internet. He went on to cite the cases of
Sega vs. Accolade and Vault vs. Quaid, cases in which reverse
was upheld as permissible.
He asserted there was only one real defendant in this case, the one
who allegedly did the "dirty deed": Mr. Johansen of Norway who
developed and published DeCSS. If there is indeed a legitimate action
can be taken, it is solely against this individual.
He turned the plaintiff's Coca Cola analogy on its head by stating
that one could buy a can of Coke, take it to a chemical analysis lab,
out what it was made of, and publish the results. Such an act would be
entirely proper under the Trade Secret Act under which DVD CCA is suing.
The defense also argued that trade secret law is a "relational
tort," enabling an action of one party against another. It does not
the secret itself.
He asked, "Where is Xing in this case?" If, as submitted, DVD CCA's
license requires licensees to take reasonable measures to protect their
trade secrets, then Xing has clearly failed in this obligation.
asserted the DVD CCA does not provide code itself, but expects the
individual licensees to develop compliant code. Therefore, any
misappropriated technology belongs to Xing, not to DVD CCA.
Finally, he made a highly dubious assertion that there was no
evidence submitted to establish that DVD CCA were the legitimately
licensors of CSS (which has been developed by Matsushita and Toshiba),
therefore were not empowered to bring this action. (This was readily
debunked by the plaintiff during rebuttal.)
After he finished, Eben
Moglen, Professor of Law from Columbia Law
School took over. I don't think I overstate the issue when I say this
absolutely kicked ass. Besides being a good orator, the man
understands technology as well as law. He's written a treatise on the
issues of intellectual property in the digital age entitled Anarchism
Triumphant: Free Software and the Death of Copyright.
Mr. Moglen basically proceeded to shred the plaintiff's arguments.
He pointed out that DeCSS has nothing to do with wholesale copying; DVDs
be bit-for-bit duplicated and will play in any player without the use of
DeCSS. He debunked the assertion of "irreparable harm" to the movie
industry by doing some basic bandwidth math showing that downloading a
gigabyte movie will take you 30 hours (DSL speeds), and if you have a
backbone connection, it'll take ten hours. Wholesale copying of movies
this manner is therefore not a realistic concern.
He raised the plaintiff's assertion that, while it may not be
economically viable to copy movies today, these technologies will become
cheaper and more available in the future. However, such theoretical
damages are not at issue; the court need only concern itself with what
Mr. Moglen went on to describe CSS as extremely weak, and outlined
Stevenson's novel attack against the cipher, which involves attacking
hash value to reconstruct the "title key" by which the MPEG stream may
decoded. In such a case, none of DVD CCA's keys are employed.
key for any disc can be cracked on a Pentium-III in about 18 seconds.
drove home CSS's weakness by mentioning that Mr. Johansen of Norway is
years of age. Thus, the trade secret at issue must not have have been
secret, as it was literally child's play to discover it.
With all this, Moglen asserted that no cause of action remains
because no trade secret remains. The "secret" in question was obtained
legitimate means, and Stevenson's subsequent work illustrates that none
DVD CCA's alleged secrets need be involved in decrypting a DVD. Had the
CCA acted more swiftly in restraining Mr. Johansen, they might have a
for action. As it is, they've waited too long.
When he concluded, Moglen received light applause from the gallery
as Judge Elfving asked for rebuttal from the plaintiffs.
Mr. Kessler assailed the work of Stevenson, saying that it proceeded
from the improper DeCSS code by Johansen. Therefore, Stevenson's work,
though novel, is "contaminated" by Johansen's alleged breach of the Xing
"license", and the trade secret is still protected.
He argued against defense assertions that no license was in force,
saying basically, "Yes, there was!" He attacked EFF's citation of the
case, stating that it was a copyright case, and that reverse engineering
held to be proper under Fair Use. This is a trade secret issue.
However, he went on to call attention to the DMCA again, stating
that, as a matter of "public policy", reverse engineering is held to be
improper. Then he flips again, and says they're not citing DMCA, only
Uniform Trade Secrets Act (which has no provisions for fair use).
Finally, the floor was turned over to Mr. Sugarman who (under
pressure of time) characterized Professor Moglen's arguments as
but irrelevant. All DVD CCA seeks, says Sugarman, is to take down the
code and all links to the DeCSS code. They are not seeking damages, nor
they seeking to quash discussion of the merits of the algorithm; only
trade secret itself.
Judge Elfving then thanked counsels, said there was a lot to think
about, and would render his decision as soon as possible. Court was
adjourned at around 16:50.
My Analysis and Opinion:
We may readily concede that CSS was a trade secret, developed in
and made available under a comprehensive contract that obligated
to maintain the secrecy of the techniques used. It also seems fairly
certain that the initial cracking of the CSS involved taking apart the
player and seeing how it worked. In order for this action to be a trade
secret violation, Johansen's disassembly would have to be an improper
In order for it to have been improper, Johansen would have to be
laboring under an obligation to maintain the secrecy of the Xing code
the CSS algorithm. The DVD CCA asserts that this obligation existed in
form of the shrinkwrap "agreement" which restricted, among other things,
reverse engineering. So the DVD CCA's entire case hinges on whether
shrinkwrap "licenses" are enforceable.
Let us put aside the fact that Johansen is Norwegian, where
different laws and standards apply; and let us also put aside the fact
he is a minor, who likely can't be bound to contracts without parental
consent (again, Norwegian law may differ on this point). Let us
instead on this contract that, by the most tenuous forms of assent, may
considered in force and remove from the licensee a litany of valuable
rights, including reverse engineering.
As I stated earlier, it is my adamant position that such documents
are pure fiction; that they are not and should not be taken
These instruments have little basis in law, and no basis whatsoever in
simple ethics. They run counter to the real and reasonable expectations
consumers when they purchase software; that a sale has taken place, and
hold title to that particular copy of the software, subject to copyright
restrictions. The "agreements" seek to alter the terms of the sale
Further, these contracts attempt to escape vendors from the
provisions of consumer protection laws, "lemon" laws, and remove from
consumers their rights under Fair Use provisions of copyright law and,
some cases, the First Amendment (by forbidding discussion of
And all one needs to do to assent to such onerous conditions is to,
and use the software."
If A.H.Robins had attached such a license to its Dalkon Sheild,
would it have been upheld? Would thousands of women around the country
found themselves unable to seek damages because they had "agreed" to
A.H.Robins harmless? If Black&Decker attached such a license to its
saws saying you could only use Black&Decker saw blades, could it be
enforced? We might concede they could cancel the warranty, but could
sue you for breach of contract, as DVD CCA has done over CSS?
Even if we were to presume such licenses are enforceable, how could
they be said to apply to minors, who cannot be bound to contracts
parental consent? Must we then require that computer stores not sell
software of any kind to anyone under age 18?
The idea is worse than ludicrous, it is offensive. No credible
argument can be brought to bear that shrinkwrap licenses have any
constructive use or benefit -- for consumers or publishers -- much less
foundation in ethics and basic human decency.
Some suggest that the "parade of horribles" that shrinkwraps enable
has not happened, and is not likely to happen. I submit that a
corporation seeking a broad injunction, reaching beyond the borders of
state and even the country, to constrain domestic and foreign nationals
engaging in legitimate, ethical behavior to be a "horrible" that even
most paranoid among us could not have anticipated. There can be no
doubt that shrinkwrap licenses are a big, fat, ugly problem, and
under any circumstances be allowed to stand.
Those who might suggest the GPL is weakened by such a position need
not worry. While most commercial software "licenses" purport to
use, the GPL constrains copying. Absent a license of
any kind, you still
have the right to use your lawfully obtained software. You would not,
however, have the right to make and distribute copies; the default
conditions of copyright law apply. (This is true even if you're a
Right to Use is concomitant with purchase; right to copy is not.
It is difficult to predict how the Judge will rule. Unlike the TRO
hearing, the plaintiff was very well prepared. Both sides presented
arguments well. Judge Elfving stated that he wishes to be thorough, and
will doubtless spend a good deal of effort considering the arguments.
Still, both sides were articulate, and it will depend on who Judge
chooses to believe, so the decision could go either way. Cross your