(Page 3 of 5)
On October 6, 1999, a 16-year-old Norwegian named Jon Johansen used an online mailing list to release a short, simple software program called DeCSS. Written by Johansen and two anonymous developers, DeCSS unlocked a piece of encryption that scrambles the content of a DVD when someone tries to play it on an unauthorized machine. Prior to Johansen’s software, the international DVD Copy Control Association (DVD CCA) was able to create geographical zones across which discs could not be recognized; for instance, you could not buy a DVD in the U.S. and play it in a French DVD player. The discs also were unreadable on computers that did not use either Microsoft’s Windows or Apple’s OS.
Released under a free software license, DeCSS was soon being downloaded from hundreds, possibly thousands, of websites. While many geeks used the technology to watch legitimately obtained DVDs on their Linux-run machines, other users deployed the program to copy and pirate DVDs. Various entertainment trade associations quickly sought to ban the software and have the teenaged Johansen arrested. In November 1999, the DVD CCA and the Motion Picture Association of America (MPAA) sent cease-and-desist letters to more than 50 website owners and Internet service providers, requiring them to remove links to the DeCSS code because of its alleged violation of trade secret and copyright laws, including (in the U.S.) the Digital Millennium Copyright Act (DMCA).
Passed in 1998 to “modernize” copyright for digital content, the DMCA included a controversial provision outlawing the manufacture and trafficking of any technology (whether software or firmware) capable of circumventing copy restrictions or access protections on a copyrighted work in digital format. It did not matter if the technology’s primary use was lawful (such as fair-use copying); as long as the potential for copyright violation was there, the software or hardware was considered illegal. Anything that monkeyed around with existing code could be subject to the law, if the existing code was written to protect copyright. “With the DMCA,” media scholar Tartelton Gillespie notes, “circumvention is prohibited, meaning that the technologies that automatically enforce these licenses are further assured by the force of the law.”
In December 1999, alleging trade-secret misappropriation, the DVD CCA filed a lawsuit against hundreds of individuals for publishing the unlocking software. Eventually two cases from this batch moved forward through the court system. In 2000 the MPAA (along with other trade associations) sued the well-known hacker organization and publication 2600, along with its founder, Eric Corley (more commonly known by his hacker handle, Emmanuel Goldstein), claiming violation of the DMCA. Corley would fight the lawsuits, asserting 2600’s journalistic free speech right to publish DeCSS. As frequently happens with censored material, the DeCSS code at this time was unstoppable; it had spread like wildfire.
Simultaneously, the international arm of the MPAA urged prosecution of Johansen under Norwegian law (the DMCA did not apply in his home country). The Norwegian Economic and Environmental Crime Unit took the MPAA’s informal legal advice and indicted Johansen on January 24, 2000, for violating an obscure Norwegian law that prohibits the opening of a closed document in a way that gains access to its contents, or otherwise breaking into a locked repository. Johansen (along with his father, since he was underage) was arrested and released on the same day, and police confiscated his computers. He was scheduled to face trial three years later.
Hackers Fight Back
Hackers saw Johansen’s indictment and the lawsuits as a violation of not simply their right to use software but also their more basic right to produce F/OSS. Many developers understood the attempt to restrict DeCSS as an all-out assault: “Here’s why they’re doing it,” wrote one commenter on the popular technology site Slashdot after Johansen’s computer was confiscated on January 24, 2000. “Scare tactic…This is a full-fledged war now against the Open Source movement.”
Hackers moved to organize politically, making forceful arguments that computer code is expressive speech. Many websites began providing highly detailed information about the DMCA, DeCSS, and copyright history, and the Electronic Frontier Foundation, a San Francisco–based organization dedicated to defending digital rights, launched a “Free Jon Johansen” campaign. The impressive level of legal sophistication on display was no accident.
Many open source developers are more than just geeks working within a novel legal framework; they are active producers of legal knowledge. That’s because developers have to learn basic legal skills to participate effectively in technological production. They must figure out, for instance, whether the software license on the software application they maintain complies with licensing standards. Developers also tend to closely track broader legal developments, especially those seen as impinging on their practices. Is the Unix company SCO suing IBM over Linux? Has the patent directive passed the European Parliament? Information regarding these and other relevant developments is posted widely on Internet relay chat channels, mailing lists, and especially techie websites such as Slashdot, BoingBoing, and Reddit.
There is also overlap between the skills, mental dispositions, and forms of reasoning necessary to read and analyze a formal, rule-based system such as the law and the operations necessary to code software. Both are logic-oriented, internally consistent textual practices that require great attention to detail. Small mistakes in either law or software —a missing comma in a contract or a missing semicolon in code—can jeopardize an entire system’s integrity and compromise authorial intention. Lawyers and programmers develop similar mental habits for making, reading, and parsing what are primarily utilitarian texts.
Pranksterism—more indigenous to hacker culture than to law firms—played a pivotal role in the open-source pushback as well. Prodromou, a Debian developer and editor of one of the first Internet zines, Pigdog, circulated a decoy program that hijacked the name DeCSS, even though it performed an entirely different operation from Johansen’s DeCSS. Unwilling to distribute the legally controversial material, Prodromou did the next best thing: “I think of this as kind of an ‘I am Spartacus’ type thing,” he wrote. “If lots of people distribute DeCSS on their Web sites, on Usenet newsgroups, by email, or whatever, it’ll provide a convenient layer of fog over the OTHER DeCSS. I figure if we waste just FIVE MINUTES of some DVD-CCA Web flunkey’s time looking for DeCSS, we’ve done some small service for The Cause.”
Thousands of developers posted Pigdog’s DeCSS on their websites as flak to confuse law enforcement officials and entertainment industry executives, since they felt these people were clueless about the nature of software technology. Dozens of these developers (including Johansen) received cease-and-desist letters demanding they take down a version of DeCSS that was completely unrelated to the decryption DeCSS.
Clever recreations of the DeCSS source code (originally written in the C programming language) using different programming languages (such as Perl) also began to proliferate, as did translations into poetry, music, and film. A site called the Gallery of CSS DeScramblers showcased 24 of these artifacts to demonstrate the difficulty of drawing a sharp line between software functionality and expression.
Seth Schoen, after being inspired by the gallery, took up the challenge of publishing a bona fide poem: 456 stanzas written over the course of just a few days.
After opening with some general thoughts, Schoen launched into a long mathematical description of the forbidden CSS code represented in DeCSS. The expert explains the CSS’s “player key,” which is the proprietary piece that enacts the access control measures: