Reporter’s Notebook: With the news this week that he had broken the digital rights management (DRM) protections in iTunes, 22-year-old Viking hacker Jon Johansen once again put himself front and center in the issue of copy protection vs. intellectual properly. Only this time, he’s taking a much greater risk.
In 1999, the then-15-year-old Norwegian was part of a trio of programmers called MoRE (Masters of Reverse Engineering). He never actually spoke with them. They all were anonymous to each other, one of the conveniences of the Internet.
The three found a Windows-based DVD player, made by Xing Technologies (which was acquired by Real Networks in 1999) that wasn’t properly protected. DVD uses a copy protection system called Content Scrambling System (CSS), an encryption key designed to prevent copying the DVD files.
CSS used a relatively weak 40-bit key because back then, 40-bit encryption was the maximum allowed by law for export. But that didn’t matter, because Xing forgot to encrypt its CSS key, so it was trivial for the MoRE trio to reverse-engineer it.
They produced a program called DeCSS, which opened the file, read the data, decrypted it with the Xing CSS decryption code, and wrote it back to the disk without any copy protection.
I know this all too well because I was the first reporter to speak with Johansen on the subject. A friend at the Motion Picture Association of America sent me an innocuous e-mail, right around this time in 1999, with a link to a site claiming their utility could remove DVD protection.
It worked. I gave my friend one week to do some damage control with the studios before I ran a story. One week later, my stories, with interviews with Johansen, ran on Wired News, where I was a freelancer at the time. It became national news.
I asked Johansen several times during the interview if he wanted me to leave his name out of the story. “What can they do to me?” he asked.
Famous last words.
His life was turned upside down, as was his father Per’s, since his father’s Web site was used as the host for the DeCSS code. The Norwegian Motion Picture Association acted as the proxy for the MPAA and brought copyright violation charges against the two.
Johansen became a poster boy for electronic free speech, celebrated and supported legally by the Internet’s hacker culture, the EFF and civil liberties groups. He would face two trials. It took three years but he was eventually acquitted both times.
Now he’s gone after FairPlay, the DRM in iTunes that locks digital music to the iPod. Johansen claims to have broken the restrictions tying iTunes songs to one iPod player and plans to license it to digital music stores looking to sell copy-protected songs so they can be played on an iPod.
He claims to have broken it.
Johansen is part of a company called DoubleTwist Ventures, which consists of two people: him and co-founder Monique Farantzos.
You would think he might be a little gun shy about taking on the Digital Millennium Copyright Act (DMCA) again. Wrong. This is a guy who adopted the nickname “DVD Jon.”
Thus far, Johansen has gotten a lot of press but nothing has been made public, other than the claim to breaking the code; no licensees have been revealed.
The implications of Johansen’s work are unclear. Without customers, he won’t be going very far. Johansen and Farantzos didn’t respond to requests for an interview and, as usual, the Apple public relations have not responded to requests for comment.
Van Baker, vice president of research for media at Gartner, said the fallout depends on whether it sticks and on what the crack really means.
“Does that mean Apple stuff can be played on other devices? It could be a boon to some of the other player vendors, but I don’t think it will cause a wholesale move from the iPod because the iPod is a pretty good product,” he said.
Now, if it means that all of the FairPlay stuff can be cracked and turned into open MP3 files, then the labels could be upset if it doesn’t get fixed. Chances are good that once he delivers his crack, Apple will just fix it in a few days and go on its merry way, said Baker.
The real risk is performing such a crack in the U.S. “By cracking FairPlay, he’s in violation of the DMCA, so he’s subject to prosecution if he’s here.”
Even though Johansen was put on trial twice in his native Norway, Baker thinks he got off easy. “I think the Norwegian courts were a bit more forgiving than the US courts would be,” he said.
Good luck, Jon.
Andy Patrizio is a senior editor in the San Francisco bureau of internetnews.com.