A busy week for the courts

Posted Oct 8, 2004 20:49 UTC (Fri) by Ross (subscriber, #4065) [Link]

Please keep in mind that IANAL.

If I had reverse engineered their CD key techniques do you not think they would haul me into court

If you had reverse engineered their key generation techniques then yes (although I doubt that algorithm is embedded in the client binaries). If you had reverse engineered their key verification techniques then what would be their claim? This reverse engineering would not in any way allow any extra use of their CD.

Really? I don't know for sure how their key validation code works, but I can tell you with certainty that any validation performed by the client would be insufficient because an unlicensed user would already bypassed that very check when installing the unlicensed copy. The format of the key sent to Battle.net is entirely different than the key a user types in, and it is different every time so I don't see how you would adapt the client-side check anyway. The data sent to the server is encrypted or transformed in some way which makes it appear random. I believe they do additional checks on Battle.net which are not present in the client, but how can I possibly know what those checks are, or how the random-looking data is interpreted? We can only reproduce observable behavior. The server will always send the same response to a good key so all we know is what the end result is. Do suggest we should try millions of different key inputs against their servers to try to guess at the algorithm? I can tell you what the end result of that would be (hint, it wouldn't be a working algorithm nor would it have resulted in fewer lawsuits). One data point I have is that it can't be public key encryption because there is just too little data.

Also, to distribute code which verifies or rejects a key would make it very simple for someone to create a brute-force key generator. Do you suggest Blizzard would not consider that a DMCA violation? I really, really, don't recommend that course of action for anyone. It seems at least as likely to displease Blizzard.

And on top of that, any protections would be meaningless becuase they could be bypassed with a user adding "#if 0 ... #endif". It's less than pointless.

If you had for example decided to relay all the license info to the Blizzard servers for verification and you had requested that people not distribute copies where this has been disabled then I think many responsible people would have complied. Sure, some people would distribute the "loose" version but it would not have been like decss. Decss is necessary for me to use my legitimate purchases on my linux machine. The loose version of bnetd would not be necessary to use your legitimately purchased CD, it is only be necessary if you want to do something illegitimate. Also, your hands would be clean and I think you would have a more interesting court case. Perhaps it would be easy or even trivial to circumvent but you could at least argue that it is neither you nor your software that is circumventing.

It's not possible to relay the request because it is based on session- specific information so you can't just be a man-in-the-middle and proxy the communications. I suspect if it were possible that it would not be approved by Blizzard and would have led us to a similar situation today. Blizzard could make this possible but they not want to assist us (see below about Quake-style authentication). And finally, this approach has excatly the same problem as adding a reverse-engineered key check to the server: it can be disabled with little effort so it is meaningless.

DeCSS is not neccessary for you in the same way that bnetd is not neccessary. You could choose to use an official, licensed player for your DVD. You could choose to use an official, licensed server (Battle.net) for your game. To paraphrase the other side's argument: "If you don't want to, tough; you can not buy the {game,DVD}." I see your distinction as false, and I do not see what is illegitimate when privately using properly purchased software in any way you like just like which doesn't involve duplication, distribution, public display, or another exclusive right of the copyright holder. I don't see what is wrong with using properly purchased DVDs any way you like.

I also disagree about the "clean hands". You may not know but that term "dirty hands" has a specific meaning in US law which I don't believe applies here. In any case, I already argue that my software is not circumventing.

What burdens me to write copy protection code for someone else's products?

Maybe the DMCA does, maybe it doesn't but the DMCA is a terrible law so look at other examples. Many rights come with extra responsibilites. In Ireland, those who have a gun license must also own a certain standard of gun-safe and must keep the guns locked in this safe when not in use. You have a right to drive but you have a responsibility not to speed (even though speeding is often harmless to others).

So the ability to write bnetd is an "extra right" which I should have to get permission from Blizzard for, or maybe a government agency? I thought software was speech? How about some examples: Should the WINE or SAMBA projects have to get permission from Microsoft, or even worse, from every single program with copy or access controls which use those interfaces? If Microsoft's website contained key-checking code could they claim that other websites are circumvention tools?

It's not clear to me that in general you should have a right to replicate with no responsibility to preserve existing copyright protection (where possible). You seem to want a right without a responsibility. Granted the DMCA is a shambles and makes no clear and sensible provisions for this situation. As I mentioned above in another post, maybe the sofware company should be obliged to give details of it's license verification algorithm. In this case it probably would have done no good as the check could be commented out.

So any video codec should have to implement all copy protections of other codecs? Or just closely-related ones? Should Linux have to implement the same Trusted Computing guarantees that Windows does? Should free BIOS projects have to implement DRM-encumbered BIOSes? Should Linux be able to disable Intel's unique processor ids? This path leads to insanity.

If a user connects to bnetd with an illegal copy of a game they have already succeeded in bypassing Blizzard's copy protections and already have a working copy running on their computer. They have already broken the law.

I was not talking about illegal copies, I was talking about legal copies being installed on multiple machines. bnetd allows these copies to get around the spawned copy restrictions. One might argue that the spawned copy restrictions are unreasonable but blizzard would have been perfectly within their rights not to allow spawning at all. Bnetd does cause this, until bnetd arrived there was no way to get around these restrictions.

I see. Those aren't technically legal copies, but I see the distinction you are making. The problem with that is that Blizzard already allows this. Their games are perfectly able to check for duplicate serial numbers without any interaction with the server, at least in the same game. If they do not (and I guess that is the case since we are discussing it) I would think Blizzard doesn't see it as an important check. For the case of copies in different games, see my previous comments about a Quake-style authentication server. The simple fact is that Blizzard does not want to implement that because it would separate the functionality from Battle.net thus removing legal excuses for stopping the bnetd project. We can't make them do it and the law doesn't either. So we are stuck with people telling us that we should have implemented key checking, but it is practically impossible to do without Blizzard's assistance. And don't say we didn't ask.

Blizzard has a particular business model and bnetd disrupts that model. This is fair enough to some extent although I think it's a bit rude and perhaps shortsighted - if you win then blizzard (and everyone else) will have to remove ad revenue from their bugets, leading to either higher prices or poorer games.

Blizzard's business model should really have nothing to do with the discussion. But for the sake of argument let me just say that the revenue from ads must be miniscule compared to the bandwidth costs alone.

That said, I think I do agree with your right to replicate their server (I didn't say interoperate - what things are now interoperating that were not interoperating before bnetd came along?). But I'm far from convinced that your right to replicate shouldn't also come with a responsibility to protect some of the interests of the original developers (this is a general statement, not my interpretation of a particular law).

I disagree with your viewpoint but recognize your right to disagree with mine, and also recognize that differing viewpoints can be supported by logical and rational beliefs. But specifically, I do not understand your suggestion that it is an obligation to not produce software like bnetd when it can be used with illegal copies of someone else's software even when there is no easy way to prevent it. Can car manufactures easily prevent people from running over pedestrians? No. Should they stop making cars? No. The things which interoperate are the game and bnetd. This is just like the third-party car part industry. Third-party spark plugs can interoperate with the vehicle. The term interoperation is not restricted to being a third-party mediating or adapting two existing components but also includes a new component working with a single existing one.