CSS of DVDs Ruled 'Ineffective' by Finnish Courts

An anonymous reader writes "The CSS protection used in DVDs has been ruled "ineffective" by Helsinki District Court. This means that CSS is not covered by the Finnish copyright law amendment of 2005 (based on EU Copyright Directive from 2001), allowing it to be freely circumvented. Quoting the press release: ' The conclusions of the court can be applied all over Europe since the word effective comes directly from the directive ... A protection measure is no longer effective, when there is widely available end-user software implementing a circumvention method. My understanding is that this is not technology-dependent. The decision can therefore be applied to Blu-Ray and HD-DVD as well in the future.'"

Catch-22?

A protection measure is no longer effective, when there is widely available end-user software implementing a circumvention method. My understanding is that this is not technology-dependent.

What this would seem to say to me is that in order to get to the point at which the protection measure is considered to be ineffective, you have to go through a point at which it is not widely available, and you're breaking the law.

Does that seem a bit wrong to anyone else?

Re:Catch-22?

That might have been true in the past. In the age of the Internet, cracks can almost instantly become widespread.

Re:Catch-22?

In the age of the Internet, cracks can almost instantly become widespread.

Alright trolls, here's your once-in-a-lifetime chance to have your goatse posts be ontopic.

Mod parent funny

Wish I had some mod points. That's the funniest goatse post I've seen since it became tired (which was about 5 minutes after it was first posted).

Re:Mod parent funny

And what took you those five minutes?

I was furiously masturbating to it.

Oh wait, did I say that out loud?

Re:Catch-22?

That might have been true in the past. In the age of the Internet, cracks can almost instantly become widespread.

I don't know the precise wording of the law but I'm guessing that while it's legal to break already ineffective protection the person who made it ineffective in the first place can still be prosecuted.

In other words you can beat a dead horse, just don't beat the horse to death.

Re:Catch-22?

Not everyone is subject to the same law stopping reverse engineering. All that is needed is for someone to crack the encryption somewhere it is legal then distribute it so that it is widespread. Then everyone in Europe at least can use it.

I'm sure there's something missing here and I doubt any of that would really work but we can dream can't we.

Re:Catch-22?

If you crack the protection before the product is released, have you broken any law?

Re:

Not really , think civil disobedience.

I took from it that if it's widely hacked and in use then it's deemed useless.

Sort of like when everyone started decrypting dv... oh my bad.

Re:Catch-22?

On the other side of the coin, does this mean that all that is required to make it legal to crack a protection scheme is to crack it and make the crack widely available?

Re:

The catch is to make it simple enough for everyone to use it. Like include it in the VLC decoder set and distribute it. It's not just distributing code and expecting people to patch it. It's making it simple enough that the average Joe Sixpack can just get

Re:

The alternative would be for the courts to examine the protection method and decide (without any empirical evidence) whether the method is effective. That will never work. Frankly, I think the court's ruling is a huge victory for us - because it means th

Re:

Sounds like a good way to keep the law in sync with the norms of society.

Re:Catch-22?

While it seems odd, the global Internet makes it a reasonable possibility.

If a crack is available openly in places where it is legal, and you can get to those cracks from within a country where it is illegal, then I could still come to the conclusion that the protection is ineffecetive simply because anyone who wanted to circumvent it would trivially be able to, even if no laws in that country had yet been broken.

Re:

What this would seem to say to me is that in order to get to the point at which the protection measure is considered to be ineffective, you have to go through a point at which it is not widely available, and you're breaking the law.

Unless you can develop

Re:Catch-22?

"Does that seem a bit wrong to anyone else?"

No, in the same way watching a DVD disc that someone shoplifted is not the same as actually shoplifting the DVD in the first place.

The judgement seems to be along the lines of "the crack is so widely available, that it's not really even definable as an encryption system anymore". It's like if you leave your front door key under the mat (or in some other insanely obvious place) and then a buglar uses it to open the front door to your house and burgle it. Your insurance company won't normally pay out because effectively, you didn't really lock your door at all.

Re:

You are missing the point. The CSS protection is _weak_ and it can be bypassed easily with a free prog from internet. The whole CSS is _said to be strong_ while it is not according to this court (and my personal opinion).

Re:

I'm sorry, but I am a stranger in a strange land. What is "Catch-22" ?

A novel, for starters: http://en.wikipedia.org/wiki/Catch-22 [wikipedia.org]

Idiomatically, it means an especially perverse, circular no-win situation. The "catch" in the novel refers to a policy where a soldier may request to be relieved of duty for reasons of insani

I think extending this to BR and HD is a stretch.

It's an interesting concept though - if you can crack the system, and the cracks are easily obtainable in enduser products, then it is - for the purposes of the courts - not really encrypted. I like that thinking.

Re:I think extending this to BR and HD is a stretc

I do too. I wonder if we will ever see that in the good old US of Corporations... Damn there i go again being forward thinking like our , dvd decrypting european overlords, and I for one welcome them.

Re:I think extending this to BR and HD is a stretc

I like this ruling a lot. I notice that the DMCA includes similar language.

Sec. 1201. Circumvention of copyright protection systems

        `(a) VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES- (1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title. The prohibition contained in the preceding sentence shall take effect at the end of the 2-year period beginning on the date of the enactment of this chapter.

What are the chances of us getting a similar ruling in the US?

Re:

You misunderstand. "Fair use" is an exception to copyright protection. It is not a means of defense against copyright infringement, which would necessarily involve the commission of copyright infringement--fair use is *noninfringing* use and therefore th

Obligatory Monty Python reference

...and there was much rejoicing!

All Over Europe?

The conclusions of the court can be applied all over Europe since the word effective comes directly from the directive.

Correct me if i'm wrong, but afaik the meaning of directive is that each member-country has to make their own law, based on these directives. So they must make their own interpretations if the directive, and therefore court rulings cannot make a direct precedence across borders.

Re:All Over Europe?

I think you are right. In addition, in France at least a district court ruling would not constitute jurisprudence. Only a ruling by the Conseil d'Etat (supreme or high court) would do. The ruling could possibly be used in arguments though.

Re:

The directive gives instructions how to implement it to the law of each country. There is some leverage but the main concept is to be kept the same. Each country dont have to agree 100% with the directive but they have to obey it from the most parts. Good

Of course you know this means:

Freedom Pastry!

You've crossed the line now, Denmark.

- The Corporate States of America

Re:Of course you know this means:

Finland [wikipedia.org] != Denmark [wikipedia.org].

Re:Of course you know this means:

That's what those Swedes want you to think.

Re:Of course you know this means:

All the swiss people in Sweden will take offense of the mixup here.

Re:Heh, heh, - ooops it was Finland, not Denmark

it's all the same the us over here in Alabama.

I didn't know you Albanians even had Internet access...

Freedom!

Eat your Freedom Fries, lads! These Finns need Liberatin'!"

CSS?

Duh, what do cascading style sheets have to do with DVDs? They must have embedded web content. That must be it.

Stop! I'm kidding. Put the flamethrowers away!

Re:

Actually, spyware is loaded via the @import command. Got to infect all those computers belonging to pirates. As for innocent bystanders, they're collateral damage in the war on pirates.

Re:

Ha! @pwned_by_the_man

But...

If the enforcement technology is ineffective, does that make violating the copyright OK? Weak analogy: A stop sign in an intersection is easily circumvented, does that mean it's OK for me to blow right by them? No, I'm not on the side of the mafiaa - ju

Re:But...

Well your logic is askew... There are specific laws that deal with the use case of a stop sign denoting exactly what to do. There are no specific laws relating to the use of CSS on DVDs.

Re:But...

Decrypting DVDs and violating copyrights are not the same thing. There are plenty of reasons I have for decrypting CSS without the DVD-CCA's approval which do not violate copyright law in any way.

Your linkage of unauthorized decryption with violating copyright law is exactly what the "mafiaa" would like for you to believe. You've fallen into their trap. You have lost. Have a nice day.

Re:

Wrongo. In 1974 [bc.edu] Congress revised copyright law to keep up with the nacent computer industry. To make a long story short, in order for the copying to count, the copy must be embodied in a "fixed" medium. That is, something non-volatile. RAM doesn't count.

An

Re:But...

There's a very distinct (and important!) difference between bypassing enforcement technology and violating copyright.

Copyright law spells out how to tell if a use of copyrighted works is infringing or not, and provides a list of examples of non-infringing use.

However, enforcement technology may well prevent you from doing any sort of copying; even what is explicitly provided as an example of allowable use! Bypassing the enforcement technology for this purpose is clearly not a violation of the owners copyright.

So, circumventing the enforcement tech, and violating copyright are two seperate things.

Now, to continue on a slightly different topic... Why should circumvention be illegal in the first place? Copyright law already handles every case where someone who is circumventing the enforcement is doing something you'd classify as wrong. It seems to add redundancy, and more importantly, target a new class of people... namely those who are trying to excersize thier fair-use rights.

I'll leave it up to you to speculate who could want such legislation and why they'd want it. I'm pretty sure you can figure out my thoughts on it, I'll leave you to develop your own.

Re:But...

Why should circumvention be illegal in the first place?

Because the satellite TV companies, and more recently the movie industry, bought up a lot of Senators and Representatives and got some legislation passed?

Re:But...

I didn't say why *is* it illegal, I asked why *should* it be illegal... :P

The answer you gave is to why it is.

So which politician...

...do we have to bri^H^H^Hlobby to get some key sections from this "European Copyright Directive" tacked onto the end of the DMCA?

And how did the Europeans get all the good lawmakers anyway? I'm thinking about moving to Finland where copyright seems to make more sense.

Nice...

...but just a note on law. Even though EU passes directives, each country must pass their own laws in parliament. The EU does not make "federal law" like in the US. They may also apply different exceptions and such. So the law is not the same and even if it were, precedents do not legally apply. However, this goes straight to the core of the directive so if other countries read "effective" the same way... The precedent sounds rather strange to me though, it's like saying "if enough people are breaking the law, the law doesn't apply". Somehow I think they meant "to the effect of" meaning "however they do it, as long as it protects a copyrighted work". Not that it matters since the actual law is probably in Finnish anyway.

Re:Nice...

The precedent sounds rather strange to me though, it's like saying "if enough people are breaking the law, the law doesn't apply".

Nothing strange there IMHO, considering the following:

1. This is how advocates of nonprofit 'piracy' have often argued. The law should represent common morality, so whatever a significant portion of people do should not be illegal.
2. This ruling is similar to saying that you can legally break ROT13 and press Shift while loading a CD. It's saying that if CSS is so easy to break then it doesn't deserve any legal protection. Much like insurance companies that have standards for bike locks.

"effective" means "used by copyrightholder"

There is a problem with this ruling, as it only takes local law into account, and not the directive. According to the EU "solidarity principle", the interpretation of local laws made because of EU directives should be in line with the directive.

And the InfoSoc directive [eu.int] actually defines "effective technological measures" in article 6.3.

The definition is contrary to common sense. Basically the directive defines "effective technological measures" as "technological measures" used by copyright holders:

3. For the purposes of this Directive, the expression 'technological measures' means any technology, device or component that, in the normal course of its operation, is designed to prevent or restrict acts, in respect of works or other subjectmatter, which are not authorised by the rightholder of any copyright or any right related to copyright as provided for by law or the sui generis right provided for in Chapter III of Directive 96/9/EC. Technological measures shall be deemed 'effective' where the use of a protected work or other subjectmatter is controlled by the rightholders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.

You can only get such perverted definitions if you let the copyright holders write the law! I'm glad that Finland will not take part in such a perversion.

Re:"effective" means "used by copyrightholder"

Technological measures shall be deemed 'effective' where the use of a protected work or other subjectmatter is controlled by the rightholders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.

(Emphasis mine)

The nice Judges in the Helsinki District Court have decided that, with the wide-spread use of DeCSS, CSS no longer achieves it's objective. So rather than make criminals out of all the Linux users in Finland (- those who don't watch DVDs on their computers) they have rightly stated that DeCSS isn't an effective encryption mechanism, and thus, it isn't any more illegal to bypass the CSS than it would be if the DVD in question were unencrypted.

Well, then

CSS is Finnished then.

Re:

Now don't get me wrong, I hate DRM in all forms, but isn't this just like saying if I lock my door with a lock that is easily pickable, then it's ok for someone to break in?

This is probably true if you think about insurance business. Likewise, trademark law requires the owner to actively defend the trademark.

Of course, the main problem with these analogies is that basic copyright still applies; you can break CSS in orde

Wrong analogy - your house, THEIR key

No. DRM says that when you leave your house, someone ELSE controls the key and locks your door, and decides under what conditions you're allowed to have your key back to enter your own house. This ruling just says that if the key to your house is widely available on the Internet, you're allowed to use that widely-available key to enter your own house.