November 5, 1999
Web posted at: 9:56 a.m. EST (1456 GMT)
by Mathew Schwartz
(IDG) -- After the motion picture industry spent years negotiating the encryption standard for digital video discs (DVD), a small group of Norwegian hackers recently released a program, called DeCSS, that can break the encryption on almost any DVD disk.
"This is a troubling situation," said Rick Clancy, a spokesman at Sony Corporation of America. He said Sony is still gathering information on the purported hack and added that "Sony is of course a strong advocate of content protection."
Every DVD disk has about 400 keys on it to make the disk readable to all of the various DVD players on the market. The players, in turn, also have the 400 keys licensed and encrypted in their hardware or software playback systems. But apparently one program, the XingDVD Player, from RealNetworks Inc. subsidiary Xing Technologies, didn't have its keys adequatey safeguarded. The hackers were thus able to deduce how to crack DVDs and released the DeCSS program, which will do it automatically.
According to CNN, the group was attempting to reverse-engineer a software DVD player in order to create one compatible with the Linux operating system. There is currently no Linux-compatible player.
DeCSS is reported to be circulating the Internet on Web sites and newsgroups. The program allows users to copy the contents of a DVD onto the user's hard drive.
Officials from RealNetworks weren't available for comment Thursday morning.
The hackers are claiming that the DVDs only have 40-bit encryption. By contrast, Netscape 4.7, the company's most recent U.S. exportable version, has 56-bit encryption. The U.S. exportable version of Internet Explorer 5.0 has 40-bit encryption.
This isn't the first DVD encryption to be broken. DVDs already have regional codes so that they can only be played on players bought in that region. This helps the movie industry distribute DVDs in the same pattern as films: premiere it in one market, then gradually release it in other markets. But movie producers often don't use the codes, and players have sprung up that can play DVDs with any of the various regional codes.