Thursday, May 03, 2007

Banning the distribution of AACS keys is futile

AACS keys are used to encrypt the content of HD-DVDs (this is an oversimplification; see Ed Felten's Freedom-to-Tinker blog for more detail). A particular "processing key" for AACS has recently been distributed on the Internet, with the AACS Licensing Authority issuing cease and desist orders to try to stop it. This has led to new and creative ways of distributing this 128-bit number, just as occurred with the DeCSS code for decrypting DVDs. When a cease-and-desist order went to digg, digg's users proceeded to give diggs to many different sites, at one point leading to the entire front page of digg being full of nothing but links to pages with the AACS key.

A couple of the more interesting methods include making the number into a song and displaying it with satellite photos of buildings that resemble hex digits. One individual appears to have had it tattooed on his chest.

This is exactly what we saw with DeCSS, which is memorialized in Dave Touretzky's Gallery of CSS Descramblers.

This case is even more absurd, in that AACS LA is claiming ownership of a number--and a relatively short one--not because it encodes any content or algorithm, but because it's one of potentially millions of keys assigned for use with its system.

UPDATE (May 11, 2007): As this t-shirt makes clear, trying to protect against the distribution of a 128-bit number is futile when knowledge of the number can be easily distributed without using the number itself. I'd love to see AACS LA try to make a case against the marketing and sale of this shirt.

No comments: