Studios face crack in security for high-definition DVDs

SAN FRANCISCO: An anonymous computer programmer may have skewed the competition over standards for high-definition DVD discs by defeating a scheme that both sides use to protect digital content.

The standards, HD-DVD and Blu-ray, are being backed by rival coalitions of Hollywood studios and consumer electronics and computer companies that are marketing a new generation of digital media players and video game machines tailored for wide-screen televisions.

The HD-DVD coalition includes companies like Microsoft, Intel, Toshiba and NEC; the Blu-ray camp has Sony, Philips and Samsung. Among studios, Universal is exclusively backing HD- DVD. Paramount and Warner Brothers also support HD-DVD, but not exclusively. Representatives of Walt Disney, 20th Century Fox and Warner Brothers are on the board of the Blu-ray group.

The two groups have taken different technical approaches in their efforts to prohibit consumers from making copies of movies and other digital material stored on discs. Both groups use an encryption scheme known as Advanced Access Copy System. The Blu-ray system also adds a software-based component that makes it possible to modify the copy protection scheme on new discs if the old one is broken by hackers.

The standards are brand new, but it appears that the two groups' copy protection schemes are already about to be tested.

The HD-DVD camp may have suffered a setback when the programmer, who identified himself as Muslix64, announced in the Internet discussion forum Doom9 on Dec. 18 that he had successfully copied movies distributed in the HD-DVD format. The note directed readers to a site at which demonstration software he had written could be downloaded.

In an accompanying video demonstration posted on the Web site YouTube, the programmer showed encryption keys for six movies and concluded by stating "AACS is unbreakable? I don't think so. Do you? Stay tuned for source code in January. Merry Christmas."

Because the encryption system has a hierarchy of encryption keys, simply breaking the system for a single movie does not mean that it is possible to copy all movies. Experts who have examined the software posted by Muslix64 said that it was only a partial solution for making copies of the digitally protected material but that it did not bode well for the Advanced Access Content System.

The programmer has said he plans to post more software Tuesday describing a more complete attack on AACS.

On Friday, the industry group that is completing the AACS protection standard issued a short statement saying it was aware of the claims.

If the person who identified himself as Muslix64 were able to create a complete version of a decryption program, or if others extended the software so that consumers without technical expertise could readily make copies of movies, that would create a crisis for the HD-DVD camp.

That system contains a "revocation" mechanism for shutting down HD-DVD players whose encryption system has been compromised. But industry analysts say taking such a step would give the HD-DVD system a tremendous black eye, angering consumers and shaking the confidence of Hollywood studios in the system.

Today's DVDs are protected through an earlier encryption technique known as Content Scramble System, or CSS. That system was undermined in 1999 by a small group of programmers, and movie studios have said the new AACS would not fall victim to the same kind of technological attack.

The Blu-ray system adds modifiable copy protection software, known as BD Plus, that is based on an approach pioneered by a group of technologists at Cryptography Research in San Francisco as a safeguard in the event the AACS is compromised. Industry executives said Microsoft opposed the Cryptography approach because it would shift control to the studio and away from hardware makers.