The Helsinki District Court has dealt another blow to CSS, the copy-protection scheme used in commercial DVDs. In a ruling issued today, the court found that CSS is "ineffective" as a form of DRM and that the two defendants cited for violating Finnish copyright law were not guilty.
After Finland's copyright laws were changed in late 2005 to harmonize with a 2001 EU copyright directive, a group of Finnish copyright activists put up a web site that echoed information that has been easily available on the Internet (and T-shirts) for years: how to crack and circumvent CSS. They then turned themselves into the police for violating Finland's new copyright laws.
Two of the activists were charged with illegally manufacturing and distributing a circumventing product along with providing a service to "circumvent an effective technological measure." During the court proceedings, expert witnesses testified as to the ineffectiveness of CSS as a DRM system, an argument the court found compelling. "[S]ince a Norwegian hacker succeeded in circumventing CSS protection used in DVDs in 1999, end-users have been able to get with easy tens of similar circumventing software from the Internet even free of charge," wrote the court. "Some operating systems come with this kind of software pre-installed.... CSS protection can no longer be held 'effective' as defined in law."
The decision may be appealed by the government, which apparently brought the case independent of the copyright holders or the DVD Copy Control Association, which administers CSS. Given the fact that the Helsinki District Court is at the bottom of Finland's legal system, this case is by no means precedent setting.
That said, the implications could be far-reaching. All EU member nations were required to implement the EU's copyright directive, which defines a technological measure as being effective if "where the use of a protected work or other subject-matter is controlled by the rights-holders through application of an access control or protection process, such as
encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective."
CSS no longer achieves the protection objective, according to the Helsinki court, and if other European courts interpret the directive in a similar manner, CSS could be declared "officially" ineffective. There is no reason why it would stop with CSS, either. Cracks such as DVD Jon's reverse-engineering of FairPlay could fall into that category. It could even open the door to AACS being found ineffective, should the war between hackers and the AACS Licensing Authority tilt decisively in the direction of anti-DRM forces.
All of that is in the mysterious future at this point. If Big Content gets the idea that EU member states will follow the lead of the Helsinki District Court on DRM measures, it will certainly lobby for a looser definition of what constitutes effective DRM while ratching up the level of DRM it employs.
reader comments