LJ Archive

Crackers and Crackdowns

Jason Kroll

Issue #0, linuxjournal.com

From Kevin Mitnick to Jon Johansen, the Empire strikes back.

DeCSS author Jon Lech Johansen's home was raided by special police forces at the whim of the Motion Picture Association, an organization which affectionately refers to itself as “a little State Department”. Jon's Linux box, his FreeBSD/Win2k box, as well as his Nokia cellphone (which we are sure played a large part in helping him to provide a DVD player for Linux, and is likely to harbor dark and mysterious secrets) have been confiscated. Although Jon was questioned for seven hours and then released, he and his father are charged and could face fines and up to two years in prison. The GILC, a coalition of civil rights groups throughout the world (notably including the EFF), has condemned the action as a violation both of the Human Rights Accords of the United Nations and the First Amendment of the US Constitution. Almost ironically, Jon's reverse-engineering rights are specifically protected by the notorious Digital Millennium Copyright Act (which itself is probably unconstitutional). (Incidentally, many have questioned whether the American constitution has much validity in Norway, a question of national sovereignty which is often overlooked; the point is merely that Jon violated neither American nor Norwegian law.)

DeCSS has been the source of much contention between the Linux community and government/industry (it's hard to tell government and industry apart these days). Linux hackers wanted to play DVDs on their Linux boxes, while the movie industry wanted to prevent people from being able to copy DVDs. Although currently the sheer size of DVDs is a better copy restriction than the most elaborate encryption, the techno-ignorant industrial lawyers probably allege increased bandwidth and some new compression scheme to make DVD distribution possible some day, as is currently the case with mp3s (a fair expectation). Still, encrypting DVDs hasn't any effect on whether or not they are easy to copy, so it's not clear how the industry's line of thinking holds up (apparently through techno-ignorance, though it's likely they have in mind complete control of the player market which would make them greater villains than we had initially suspected).

Jon and his group MoRE (Masters of Reverse Engineering) managed to break the encryption scheme (the actual breaking of the code is said to have been accomplished by an anonymous German member), apparently intercepting the data as it passed through a piece of hardware unencrypted (due partially to a design error on the part of the hardware manufacturer). As cryptographers know, it's not difficult to break encryption when you can watch the data get decrypted, although such a feat of international significance is outstanding, and pardon the age-ism (in technology, it seems age can be inversely proportional to intelligence) impressive for someone so young. Now 16 years of age, Jon is at the center of an international scandal and a focal point in the ongoing struggle between freedom-endorsing hackers and techno-ignorant, corporate-controlled, authoritarian government. The danger, however, is that the battle has escalated and American corporations have such sufficient influence over police, even in Europe, that a teenager can have his home searched and seized at their arbitrary intimations.

One question is why. Why is the MPA invading someone's home in another country and stealing this person's possessions to use as evidence to lock him in an iron cage for a couple years? Why are seven major Hollywood studios (Disney, Sony, MGM, Paramount, Fox, Universal Studios, and Warner Bros) assaulting one person and his father? They say it's because these studios are worried about potential “unauthorized duplication” in the future (when everyone has a T3 and terabyte hard drives), and they are worried about losing a few DVD sales this way (apparently more sales than they lose through not having a free DVD player for Linux). Of course, the techno-ignorant industry doesn't understand that encryption won't make duplicating DVDs any more difficult, but try telling them that.

Or do they know already? The encryption would allow the industry to put regional codes into DVDs, preventing American DVDs from running in Europe (where movies come out several months later and at higher prices), or preventing Indian DVDs (which cost less since India has less money) from running in America. In essence, it's an attempt to “extract the consumer surplus” by a technique known as “price discrimination” (which is in fact illegal according to US and much international law as well). If DVDs cost the same the world over, prices would be lower for consumers. In addition, the encryption facilitates censorship across continents and gives the DVD Copy Control Assocation complete domination over the DVD player market (which apparently involves huge licensing fees and whatnot). But why, why won't they tell that to the judge? Why do they keep lying?

The obvious conclusion would be that the industry is up to no good and can't let anyone know. These are the same seven studios who assault a human who exercises basic civil and technological liberties, as long as profit is perceived to be at stake. In years past, the predecessors to corporate leaders probably led invasion armies to colonialize and plunder the world. As usual, the handful of decent people is left to suffer. The more things change...

Fight government—shoot back

“We're going to need some bigger guns” says EFF attorney (presumably free-of-charge) Robin Gross as quoted on the 2600 homepage. Fortunately, on one level, you can't have much bigger guns than the Linux community, the 2600 community, the Electronic Frontier Foundation and the Slashdot community. Hackers across the board have been taking action against the MPAA's assault of civil liberties by mirroring the DeCSS source code all over the Internet. Indeed, after just one injunction was filed against Slashdot and 2600, hundreds of mirror sites sprung up all over. “Whack the mole” on a grand scale (if you're the Slashdotter who came up with this phrase, let me know so I can give you credit because this will be the technique for civil disobedience in the information age). Chris DiBona, Linux Evangelist from VA Linux, was even handing out DeCSS source code in the court-room while the judge was deciding on whether or not to allow the MPAA to get a restraining order against, essentially, the entire electronic world.

The problem, however, is the typical situation revolutionaries face: in order to fight the system, we often have to work within it. A close to home example is how Richard Stallman had to develop his GNU project on proprietary Unix. Socialists often have to work for the corporations and operate in the free markets they oppose, because otherwise they'll die. Free marketeers in communist countries again have to live in state housing, take state jobs, receive state food and state money even though it seems hypocritical. The GNU project even had to use copyright law in order to create the copyleft which accomplishes everything copyright restrictions are set up to prevent. In the DVD case, even though the law is the bad guy, and we are very effective at ignoring the law, a critical chance for winning the DVD war (which is, in essence, a struggle to protect the freedom to reverse-engineer, a freedom we cannot afford to deny the world) is to win the battle on the legal front. We can distribute the code as much as we want, mirror it, perfect free DVD players for all sorts of platforms, but as long as we're in violation of the law, we're open season for the government snipers. A world in which a whole community is in violation of a law is a world in which the government can arbitrarily arrest anyone, essentially a police state. Another description of a police state is when the government has all the guns, but who needs guns when you can have lawyers? A crafty lawyer can arbitrarily point the guns of government at anyone. Lawyers are one thing we need, to protect the first amendment, before anyone has to fall back on the second, and they're our key to success within the law.

“When I hear that word 'government' I reach for my revolver”

I will remember very clearly for the rest of my life that night, early last decade, when I had to fill a travel bag with hundreds of disks and thousands of pages of printed material and run off to the woods to hide it in the hopes that when the police came, they wouldn't find anything. People buried disks in parks, demagnetized their hard drives (those who had them), even simply destroyed collections of disks (or in one case, someone panicked and destroyed a collection of disks I had lent him). We waited all night but the police never came. In a few weeks, most of the boards (BBSs) were back up. However, that marked the beginning of the end for a lot of people, not because anyone got arrested but because they finally got scared off. Living in terror of the government wears on people, and I felt relieved when a couple years later I largely abandoned the old ways in favor of the GNU/Linux movement. (Nowadays I'm particularly careful; I haven't even got a home computer anymore.) The point is partially to brag how cool I am, but mostly to illustrate the point that living in terror of the government is not a good way to live, though there's another lesson here that you can break the law hundreds of times and not even get noticed ...

DeCSS is not directly and exclusively about government, however. The governments of the US and Norway would have ignored Jon's contribution to the Linux community had it not been for corporate pressure. Slashdot author Jon Katz has called it corporatism: the collusion between mega-corporations (essentially industry-wide cartels) and government in their effort to propagate American-style corporate capitalism across the world and arbitrarily construct laws that actually have nothing to do with the typical free market rhetoric which normally accompanies such tasks. (Not exactly the same kind of right-wing fascist/socialist government a la Peron that political scientists mean by corporatism, though similar in many ways.) People like Michael Parenti have been writing and lecturing about American imperialism for decades now, so the notion is not something new. What is new is that with the fall of the Soviet Union and (re)unification of Germany, global capitalism has reasserted itself with invigorated violence and aggression (although it has always been violent, aggressive and imperialist, from the Roman Empire to the Hanseatic League to the British Empire and beyond). The other new feature is that there is a backlash against it, albeit not very strong.

The WTO protests in Seattle were a good example of global capitalist violence directed against peaceful opposition, even though huge numbers of people overwhelmed the police and ultimately shut down the talks. However, the police had guns, gas and grenades, and the people didn't, so the cops stormed about with impunity assaulting anyone they pleased and ultimately chased everyone away. Later, they would commit spectacular acts of malice such as filling a bus with protesters and gratuitously discharging gas inside the bus—which incidentally had no restrooms. When the whole WTO affair was finished and the nearly 600 protestor-prisoners were released (after large, protracted protests at the county jail), the police were never held responsible for their actions and the victims were just left victimized and told to be grateful and flattered that the police hadn't just killed them outright. Indymedia is a good source if you want to read the extent of the brutality of Seattle police, though that's old news and a bit cliche by this point. The lesson is that authoritarians never back down. They went after their opponents viciously during the WTO confrontation, and they used special police to go after Jon Lech Johansen and his father during the DVD affair.

What can we do?

The hopeful characteristic in many of the responses I received to my “Free Kevin” article is that people want to know what we can do. All over Slashdot people have been asking this about the DVD struggle, and recently, Jon Katz has been called upon to provide a solution to the problem of corporatism. This signifies a cooperative potential across the computer world.

When it comes to moral behavior, not everyone can go out into the world and do good things. However, most people appear to be ready and willing *not* to do bad things. After all, inactivity is easy.

Boycott the Motion Picture Industry

It's really a moral imperative, otherwise the industry will be using our dollars to attack Jon Lech Johansen, and that's pretty traitorous on our part. It won't be difficult, just make a choice to see independent films instead of Hollywood movies, if you have to see films at all. Theater and opera are other possibilities; a bit expensive, but hopefully you would find them worth it. There is a wealth of entertainment available in this world, and sitting down and staring at pictures, whether the television, the monitor, or a movie, isn't exactly the best the world has to offer. I would advocate boycotting television as well just because it's insufferably stupid, though it's not directly related (movies get shown on the telly, and Fox, at least, has broadcasting concerns, but boycotting tv is less noticeable than boycotting the cinema). If you have to see some Hollywood movie, you could try to sneak in, or pay for another movie and then sneak into the room where your movie is being shown (just to be difficult and cast your dollars for a movie that isn't produced by Disney, Sony, MGM, Paramount, Fox, Universal Studios or Warner Bros., assuming there are other movie producers in mainstream cinema). Of course, you can also see matinees which cost less. You could even make just one exception in the case of major things like Star Wars or Lord of the Rings, if you haven't the willpower for a complete boycott. The idea is to reduce consumption, as far as you are able. The point is to vote with your dollars; while I would advocate boycotting the motion picture industry all together, as long as we seriously curb our expenditures on movies (even by refusing to buy soda and candy, i.e. sneaking in your own bloody candy) we'll send a message. It's up to every individual to decide how committed he or she can be. For me, it's not a sacrifice, I never see movies anyway, and I haven't got a television or radio for that matter.

Specifically, boycott Disney, Sony, MGM, Paramount, Fox, Universal Studios, and Warner Bros. All together. Everything they do.

Protest

Activists might prefer a more pragmatic approach, such as protesting with giant signs outside of theaters. The 2600 cats did this when Miramax was producing a heavily fraudulent film (based on a largely fabricated and defamatory book) about Kevin Mitnick. The protest was effective, and the executives had the script re-written. Monster corporations going after a kid and his dad look horrible (and for the sake of our struggle we'll get more sympathy if Jon comes across as a little kid instead of a technologically proficient, young adult). It is pretty sick, it's corporate assault on the family, after all. If the DeCSS situation doesn't go away soon, it's likely we'll see announcements on Slashdot and elsewhere about where and when the protests are and whatnot. 2600 is already advocating protests, check out their website for details.

What about mpegs?

The sneaky villain in all of this is the Recording Industry Association of America (RIAA), who is secretly meeting in Seattle at the moment in order to plot the demise of mp3s. How they propose to do this is not known at the moment. The industry has been trying to make the mp3 format illegal, which would be an interesting move. Interesting, because once again it would prove that the free market rhetoric espoused by corporatists actually has nothing to do with their intentions: free markets are about efficiency above everything else, and outlawing efficiency is completely contrary to this alleged principle. However, that looks impractical simply because the 3-digit IQ community wouldn't allow it. The other techniques have been developing new CD players and CD formats so that people would not be able to read CDs and turn them into files on a computer. This restriction, we can guarantee, would be quickly broken, and then we'd go through a DeCSS fiasco all over again. The other problem is that consumers (remember, business people don't refer to people as people, they refer to us as 'consumers') already have these old CD players that can't play new, encrypted CDs, and we'd all have to buy new players.

Copy Restriction Destroys

I cracked my first game when I was in the second grade. I had a Commodore 64, and it was more or less my life. I was very excited, because I knew this could be the start of something. At the time, I thought copy restrictions were immoral and that information should be shared, I didn't know anything about free software or open source, it was just an intuited moral attitude. After a little while of opening games up with hex editors to remove the passwords that you had to enter from a page in the manual, I learned some tricky things about copy restriction.

One popular technique on the C64 was to fill the disk mostly with unreadable junk, lace it with blocks of good data, and overdrive the disk drive (old disk drives, for the 5.25" disks, operated at 3 speeds depending on where on the header was reading the data). So, you have a drive reading a disk full of bad data (designed to throw off copy programs), spinning the disk at the wrong speeds and grinding over bad blocks. You could literally hear it grinding away, and it sounded horrible. The problem with this practice, and with all of the techniques of bad blocks, blocks of bad lengths, etc., is that it would ruin disk drives, literally and aurally grinding them up; the most common problem was that it threw the heads out of alignment, among other things. Now, if you were a tech, you could open up your drive and go at it with an oscilloscope to fix it. However, the fact remained, those greedy software firms were producing software that damaged people's computers all for the sake of stopping people from copying software, which of course we did anyway. The destructive copy restriction schemes forced us to crack them, forced us to use cracked software. These troubles continued into the world of Amiga, and I constantly found myself with misaligned disk drives more often than not, and knowing that if I wanted to get software to work, I'd either have to get software that didn't have bad blocks, or I'd have to get a cracked copy; it was the only way to protect my drive. I imagine the copy restriction schemes alone probably caused more damage than the most malicious hackers, crackers, and virii, and this says nothing of harm from the more conniving things software firms have done.

The point of this is that corporations will destroy your hardware without a second thought, they will also sell you products that are bad for your health, and build cars that aren't safe for you or the planet. Oddly, the corporate-irresponsibility attitude is so prevalent today that anytime someone complains that a company is harming consumers or destroying the environment, we get told, “Shut up! The company's out to make a profit, your moral pontificating is out of line and inappropriate!” Apparently, the very fact that you're out to make a profit alleviates one from responsibility. That's a pretty good deal if you're destructively inclined.

Boycott Everyone

Richard Feynmann, hero to intelligent people the world over, once suggested that if an advertisement insulted our intelligence, we should not buy the product. I've been trying that my whole life, and it's made it impossible to purchase anything, which is probably a good thing considering what I get paid. The point is, we vote once or twice a year with our votes (assuming we have civil rights), but we vote thousands and thousands of times every year with our dollars.

Boycott the motion picture industry—it's a moral imperative, otherwise we're voting with our dollars to persecute Jon Johansen and his father, and that's the geek equivalent of treason.

Boycott the recording industry—the RIAA is trying to abolish mp3s, and that's just the start of their conspiracy. CDs cost too much already, and pretty soon we'll be jerked into buying new players and encrypted CDs that we can't read. We'll face hardware that we can't control and algorithms we're no longer allowed to use. We have to resist this assault on our technological autonomy, which means not supporting the industry. Already the industry charges stupidly high prices for CDs, so high, that unless I can find a used CD, I won't buy it. $20 for a Cure album that came out twenty years ago? I don't think so, and I don't buy it. We can't contribute dollars to an industry that wants to invade our world (computers), outlaw our algorithms, take control of our hardware and data away from us, and sic the government on its own citizens in order to enforce its weird, corporate ideas for law. Maybe this means not listening to as much music, or borrowing CDs from friends. Maybe it means downloading mp3s instead. Musicians who are allegedly in music not for money, but for art's sake, would want their music to reach the largest audience possible, and would be flattered to see mp3s of their tunes travel around. Otherwise, it's time for pop stars to admit that they're just in it for the money, stop lying to their fans, and stop nominally pretending to be populists and leftists and whatnot. I'm finished with buying CDs, it's mp3s from now on, the way it ought to be (though I'll have to get a computer to play them since I haven't got one right now). Any rock star who whines about “piracy” should first admit, “Yes, I'm in it for the money.” If we were all saints, we could abstain from listening to proprietary music all together, but at least for now we can stop paying for it.

Boycott Amazon—fight against software patents, and besides, Richard Stallman said so.

Boycott anyone whose actions you oppose—every time you spend money at a company with an agenda you don't like, whether they do business with countries that torture people, or mistreat their employees, or pollute, or support fascist politicians and dictators, you've voting with your dollars in support of these people, letting the corporations know that commerce and money are more important than everything else, and you're ultimately the reason they're allowed to get away with what they do. We don't have to take to the streets with picket signs, smash McDonald's and spray-paint “meat is murder” (as happened during the WTO protests), or take to the hills. We can, however, curb consumption as much as we can of bad products, and boycott as much as we can. Government is not on our side, and we can not rely on government to regulate corporations since in actuality it's corporations who regulate the government. We'll have to do it from the ground up, by boycotting everything we don't like. I boycott nearly everything, including automobiles and gasoline, and it hasn't negatively impacted my life a great deal.

I suppose no one would mind if we didn't have to fight these struggles, if the battle for freedom were not necessary every single day, if we could just live and enjoy. Unfortunately, we're not able to do this, at least not for very long. Every moment our technological freedoms are being eroded away by corporate and government collusion. It's been happening for years, and it has exceeded the basic copyright issues of years ago. For a long time, Microsoft led the charge to deliver the software equivalent of a car with its hood welded shut. We had to deal with proprietary software for far too long, closed source binaries that we had no control over, and this was often on computers where you were effectively logged in as root all the time. Secret codes got placed inside files, and pretty soon people wanted to start monitoring users (and with IE linked right into your kernel, it's an invitation for catastrophe).

Under Assault

Fortunately, GNU/Linux saved us from this horrible fate. However, the battle has hardly even begun. Web sites have started monitoring users, even RealNetworks was covertly collecting data on its users, and pretty soon DoubleClick will compile enormous consumer databases. Bryan Pfaffenberger warned about this only a couple months ago, and it seemed like a problem we'd face a few years from now, but already it's here. (You can find Bryan's columns, under Currents, at our index here.) Emulation has been under assault for a long time, with many companies hoping to make it completely illegal, without any regard for the technological implications or what it means for basic civil liberties in the information age. Cryptography was under assault for a long time, but the NSA is easing up and patents are expiring so we can hope for better things soon in this area at least, which may be an important tool in protecting our privacy from corporate control.

However, the technological world is increasingly held hostage to corporate whim, whether through software patents, or just lobbying groups who want to outlaw this and outlaw that, arbitrarily molding the law and distorting the markets for their own benefit. The boycott of Amazon.com hasn't put an end to the one-click patent, but if the movement grows large enough we may be able to put an end to all software patents. Right now the government is ignorant of technology, and susceptible to anyone who would seek to use it as a tool with coercive power for business, hence the explosion of patents. This demonstrates corporate America's eagerness to jump in and abuse government the moment it becomes possible, so we would best be advised to make it impossible for this to happen, and one good start would be the abolition of software patents.

GNU/Linux was the movement that saved computing, and it's clear what to do to contribute to that. However, the battleground is much larger now, and it's less clear what we can do. The flip side, of course, is that there are many more ways to contribute to intellectual and technological freedom than were available before Linux (where basically you can code or evangelize). There are things we can decide not to do (whom to boycott), this sort of action is easy, and there are things we can actively do. What this will mean will become clearer as time goes on and the battle plans materialize. Right now, the assault on DeCSS and mp3 is pretty vague, but when we find out exactly what they're up to, we'll for sure have an active plan of our own, and the brainpower to back it up. 2600's got a plan already, so if you wanted to get started right away, go to their website and check it out. Linuxguiden, a Norwegian Linux site, has an electronic petition with nearly 8000 signatures, you probably want to sign as well. As certain swordwielding Frenchmen were wont to say, all for one and one for all.

Relevant Links

The Enemies

LJ Archive