Digital Era Legal Battles

Part 2: DeCSS

by Matthew M. Lug - Tech News Reporter

Last week I wrote a brief introduction to the Napster situation, alluding several times to the case of the MPAA vs. anyone even remotely involved with DeCSS. Like the Napster mess, the DeCSS case involves one of the big AAs (the MPAA this time instead of the RIAA) and plenty of confusing copyright issues. However, the DeCSS case differs from the Napster case in that it is based on the creation and distribution of a piece of source code, not the use of a program. (On a side note, I'm not being quite as objective as I was last week because I feel just a bit more strongly about the issues involved in this case.)


Before talking about DeCSS, it would probably be a good idea to introduce CSS. Content Scrambling System (CSS) is the encryption that is used to prevent DVD movies from being played on unauthorized hardware. DeCSS, as the name implies, is software that can decrypt CSS. It was developed by a kid in Norway (Jon Johansen) and quickly spread throughout the internet. More information than you could ever possibly want to know can be found at


Continuing along in the list of acronyms, the Digital Millennium Copyright Act (DMCA), Public Law 105-304, is the legal foundation for the MPAA's attack on anything and everything DeCSS. The full text can be found at this strange looking address: (you may find it easier to just go to and search for Public Law 105-304). Part of the DMCA states that it is illegal to create, distribute, or use anything that can circumvent access control mechanisms. In physical terms, this is essentially like saying that if someone sells you a newspaper and tells you that you can't read it in a bathroom, then you can be sued or arrested if you read it in a bathroom or tell other people how to read a newspaper in a bathroom. This sounds completely insane, which is why this law only applies to digital content.

Lawsuits for everyone

Following the creation and distribution of the DeCSS source code last year, the MPAA sent cease and desist letters to anyone who hosted a copy of DeCSS online. The intent would seem to be to remove information from the internet. The reality is more like rolling a boulder up a hill, only to have the boulder roll back down to the bottom every time you get to the top. A more modern analogy would be trying to get the air back into a space station module after it leaked out into space. By the MPAA's own admission, only 60% of sites hosting DeCSS removed it after receiving cease and desist letters from the MPAA (as of this past May, the percentage is likely to have increased following the recent court decision). There are bound to be many sites that the MPAA does not know of and many more constantly being created. Add to that any copies being distributed through e-mail or on physical media, and it is clear that it will take more than threatening letters to eradicate DeCSS.

Eventually, the MPAA decided it was time for a major league lawsuit in New York City. The defendants were initially Jon Johansen and 2600 magazine, which published the source code in one of its issues. After a witness tried to prove that DeCSS was speech by showing that it was being distributed on t-shirts, Copyleft, the company that sold the t-shirts, wound up as a defendant. For more information on the views of both sides of this case, the MPAA's side is explained here: , and the defendants' is explained here:

The Verdict

On August 17, the verdict in the NY lawsuit came back in favor of the MPAA. However, it should be noted that the judge in this case (Lewis Kaplan) had possible ties to the MPAA, and questions about potential bias were raised throughout the trial. His ruling answered these questions, showing a clear bias against the defendants. The online version of the ruling has mysteriously disappeared, but the quote "Defendants, on the other hand, are adherents of a movement that believes that information should be available without charge to anyone clever enough to break into the computer systems or data storage media in which it is located." is a nice example of some kind of bias - the defendants never made this claim. The issue was not the legality of the use of the DeCSS source code, but instead the legality of distributing and linking to the DeCSS source code. There are several other good examples of Kaplan completely missing the point, but I'm trying to keep this article short. To his credit though, he also said "Less radically, they have raised a legitimate concern about the possible impact on traditional fair use of access control measures in the digital era." This is of course the central issue, but the judge did not expand on this and instead fell back to the DMCA to justify his ruling. One thing is certain: a successful appeal is almost guaranteed.

Illegal Information

The implications of this case and the recent ruling are actually quite scary. Information - in any format - has been declared illegal. If this decision is upheld, it could be the first step toward the systematic burning of books. Beyond the illegality itself, the reason for DeCSS being illegal is also cause for concern. This information isn't a threat to national security or the safety and well being of the citizens of the United States - it is a threat to the MPAA's control over what customers can do with products they buy. The law now protects corporate interests above all else.

The Future

CSS is only the beginning of the use of encryption to restrict use of products. Many video content providers have been pushing to expand encryption into all video devices - television sets, VCRs, etc. - so that it would be possible to control what content can be recorded and played back. If this happens, fair use as we know it today could become a thing of the past. You already can't legally make a backup of a DVD movie you legally purchased. What additional restrictions will the future bring?

WPI Policies

According to Sean O'Connor, WPI's Network Manager, Napster use and DeCSS are being handled like other abuses of the network. Since Napster is used almost exclusively to download music that is restricted from distribution under copyright, the use of Napster could cause legal troubles for WPI and any students who are involved. To prevent such legal action, the use of Napster is not allowed unless the user can prove that permission was given by the copyright holder to download specific audio files. Given the recent ruling on the DeCSS case, the posting of the DeCSS source code will also not be allowed.

Additionally, Napster was found to consume a significant percentage of WPI's available bandwidth (currently 5 T1 lines). According to the Acceptable Use Policy (AUP) for the WPI network (, "The purpose of these facilities is to support research, education, and WPI administrative activities, by providing access to computing resources and the opportunity for collaborative work." When Napster use accounts for a large portion of the available bandwidth, that bandwidth is unavailable for legitimate academic use. In this sense, Napster use was violating the AUP, specifically: "don't consume unneeded resources; to include network bandwidth, compute time, disk, or processes."

Will the use of Napster on campus ever be allowed? O'Connor said that the Napster ban will be lifted only if the use of Napster is found to be legal and WPI has adequate bandwidth to accommodate it without interfering with academic use of the network. Even then, policies regarding the acceptable use of Napster will be created and bandwidth limitations will be put in place.

O'Connor repeatedly stressed that the Network Operations staff does not set out to find and stop every single violation that takes place on the network, nor does it attempt to monitor and control every use of the network. The primary goal of NetOps is to keep the network running reliably for academic uses. People who use an extremely large amount of bandwidth will be investigated and any use that is likely to provoke legal action is likely to be banned for the protection of WPI and individual users.

Back to Stuff I've Written
Created and maintained by Matthew M. Lug (Contact Matthew M. Lug)