Talk:High-bandwidth Digital Content Protection/Archive 2010

The Master Key
I have removed the full "text" of the alleged master key, as I strongly feel that it does not belong in this article. I think it is sufficient to either link to an external copy of the master key hexadecimal values or to link to a news story which references it. Including the full text of the key does not conform to Wikipedia style standards and is a distraction to the rest of the article.  Amit   ►  13:20, 14 September 2010 (UTC)


 * User:TerrorBite added italicized text to the article urging editors not to post the full text of the key. Although I agree with the idea of including that warning, it is certainly against Wikipedia style to have a message directed to the reader within the context of the article.  We don't, for example, urge users not to vandalize pages with high rates of vandalism (e.g. "Please don't add jokes about George W. Bush to this biographical article").  Wikipedians should be free to edit this article as they see fit, and others of us should police and revert changes that are either obvious vandalism or go against consensus reached on this talk page.  Thoughts?  Amit   ►  13:31, 14 September 2010 (UTC)


 * I agree it is bad style, but it is for the best until such time as an admin can semi-protect the article. The warning can probably be removed in a day or two after all the hype has died away. Feel free to remove the warning if you feel it is bad style. Note that I included a more visible warning at the top of the page as well. --TerrorBite (talk) 13:38, 14 September 2010 (UTC)


 * User:77.103.114.41 has just moved my warning messages into the page source as comments, which is a much more elegant solution that obviously only page editors will see. I don't know why I didn't think of this myself. I've also put in a request for semi-protection of the article. --TerrorBite (talk) 13:55, 14 September 2010 (UTC)


 * Yea, this will suffice for now. If it means anything, I vote YES for semi-protection.   Amit   ►  14:05, 14 September 2010 (UTC)

I've protected the page for three days. It's a bit early perhaps, but it's been added once. I've got concerns about whether publishing the key is breaking someone's copyright or other legally things. If the consensus builds to publish here, then please take it to the copyright noticeboard or possibly ANI to get wider eyes on this, as I don't want to unnecessarily put us at risk. Ged UK  14:55, 14 September 2010 (UTC)

By way of precedent, consider AACS encryption key controversy, wherein much the same scenario happened: alleged secret DRM crypto key posted in various places, removed, much activism, posted at various Wikipedia articles, removed, protection, debate, readdition, more debate. It seems to have settled on being in the article, the horse having bolted and been flogged to death. To my mind, WP:RS always applies, and whatever the rights and wrongs it can't be in a Wikipedia article until the key itself (not just mention of it) is in a reliable source. Keyspam is also relevant. Incidentally, asking Mike and the Foundation for an opinion might not get as committal a response as one might hope. The safe harbor elements of OSCILLA/DMCA protect the Foundation only so long as it acts as a "mere conduit"; if it starts practicing editorial control (yay or nay), it risks weakening that protection. -- Finlay McWalter ☻ Talk 17:48, 14 September 2010 (UTC)

IMHO, the actual key is very likely copyvio while the fact the it may have been purloined, as referenced by the Engadget article, does belong in the article. In fact, a brief mention in the lead is probably warranted. Ronnotel (talk) 12:33, 15 September 2010 (UTC)
 * Well, that was my thinking too; it's their key and we can't really rewrite it, so it would seem an obvious copyvio, for now at least. Ged  UK  14:35, 15 September 2010 (UTC)
 * Glad someone agrees with me. I deleted the offending revisions and indefed the ip. Ronnotel (talk) 14:47, 15 September 2010 (UTC)
 * WP:IPBLENGTH. -- Finlay McWalter ☻ Talk 14:55, 15 September 2010 (UTC)
 * Indef is not necessary... the IP in question only has those two edits to this article. I think a stern warning would certainly be warranted before applying this kind of ban, especially since the Anonymous IP did not attempt to re-add the offending text while all the discussion was going on.  Finlay McWalter's link should set the precedent, and the indef block should be removed as soon as is convenient.  In addition, Wikipedia's official policy on dealing with copyvio states rather plainly, "Contributors who repeatedly post copyrighted material despite appropriate warning may be blocked from editing by any administrator to prevent further problems."  The IP did not make "repeated" attempts to post copyrighted material, and there was no warning given to the anonymous user before the block action was taken.   Amit   ►  16:42, 15 September 2010 (UTC)
 * IP is a vandalism-only account and engaged in gross copyright violation. Any reconsideration should go through the normal channels via an unblock request from the IP accompanied by a clear explanation of what the user was trying to accomplish and whether he/she was likely to re-offend. For now, I've dialed it back to 1 week. Ronnotel (talk) 17:02, 15 September 2010 (UTC)
 * While I still disagree with your particular reading of Wikipedia policy on this matter, I'm glad you amended the block length to 1 week rather than indefinite.     Amit    ►  17:34, 15 September 2010 (UTC)

Apparently CNET has fewer copyright trolls than Wikipedia, and links straight to the key in their article, and so does PC Magazine. —Preceding unsigned comment added by 85.204.164.26 (talk) 03:47, 18 September 2010 (UTC)
 * And so does Tom's Hardware Haseo9999 (talk) 19:30, 18 September 2010 (UTC)

Extension of copyright to master key
Per WP:ELNEVER, I have been removing any link to a published version of the master key. This operates on the theory that the master key is the copyrighted property of DCP, LLC. The API and all the accompanying documentation are released under license and would of course be protected by copyright. The only thorny question is whether a non-public part of the API, such as a hex version of the master key, would also be covered. If someone can show a clear cut reason why the hex version belongs in the public domain then I'd be happy to relent. However, WP tends to err on the side of caution w.r.t. copyright violation. Are there any experts who can help out here? Ronnotel (talk) 20:33, 20 September 2010 (UTC) allows works to be reused in Wikimedia projects under current policy, unless it is inherently in the public domain due to age or source."
 * Further, after checking at WP:Copyright problems, I found this text:
 * "Copyright is automatically assumed as soon as any content (text or other media) is created in a physical form. An author does not need to apply for or even claim copyright for a copyright to exist. Only an explicit statement (by the author or the holder of the rights to the work) that the material is either:
 * in the public domain,
 * licensed with the Creative Commons Attribution-Sharealike 3.0 Unported License (CC-BY-SA), or
 * otherwise compatible with CC-BY-SA,
 * Since the hex key exists in physical (i.e. tangible) form, it seems pretty clear that WP considers it covered by copyright according to this definition. Ronnotel (talk) 21:34, 20 September 2010 (UTC)


 * In order for something to be protectable under copyright it needs to contain an element of originality or creativity (see for example Bridgeman Art Library v. Corel Corp.). A cryptographic key generated by a random number generated does not contain any creativity (I'm not aware of any case law that claims otherwise). Furthermore, we were linking to the key to provide provenance, which would likely be a fair use even if the material was copyrighted. —Ruud 00:20, 21 September 2010 (UTC)


 * And as a side-note, Intel referred to the key as "a" master key and not "the" master key, which might imply master keys are not unique and this particular key is not the master key Intel generated. —Ruud 00:20, 21 September 2010 (UTC)
 * Thanks for the citation and I agree that were we in US District Court, the issue of copyright applicability in this situation would carry weight. However, wouldn't you agree that the WP policy I cited above seems to use a broader standard? WP copyright policy is pretty carefully measured by the WMF board. I'd be reluctant to go around it without more guidance. The fair use argument seems somewhat tenuous. We have Intel's admission that it's genuine so do we really need to establish provenance? On the issue of the potential for multiple keys - I think you are suggesting that the key may belong to someone else and therefore not be covered by Intel's IP rights? Is there any evidence that any other party has IP rights to HDCP? I thought it was solely owned by Intel via it's DCP subsidiary. Ronnotel (talk) 01:47, 21 September 2010 (UTC)


 * From a normative point of view I would argue that, because the AACS keys are listed in the respective article, the community policy seems to be that reproducing (and by extension linking to) a cryptographic key is acceptable. The Foundation explicitly does not involve itself with any such policy, because that will mean losing their safe harbour protection. (This also means there is very little legal risk in reproducing or linking to the key. Intel will first have to sent a DMCA takedown notice to the Foundation, at which point a Foundation employee will remove the key or link from the article.)
 * My point regarding the possible non-uniqueness of the master key is that if it is not exactly the key Intel generated, but a different master key generated from device keys as described by Crosby, it is impossible for them to make a copyright claim. As far as I'm aware they have not done so and if they ever take legal action it will therefore be done under the DMCA anti-circumvention clauses and not under copyright law.
 * In this regard it may also be interesting to point out Digital Millennium Copyright Act. —Ruud 02:10, 21 September 2010 (UTC)
 * In order to support a link, I think we need to somehow get around the statement Copyright is automatically assumed as soon as any content (text or other media) is created in a physical form from my above citation. I don't see any exceptions that would apply here. Ronnotel (talk) 12:24, 21 September 2010 (UTC)
 * Thi definition is erring on the safe side and I have offered some arguments against the key being protected by copyright. Also see http://www.eff.org/deeplinks/2007/05/09-f9-legal-primer, in particular "Is the key copyrightable?". —Ruud 13:31, 21 September 2010 (UTC)
 * Policy is policy. If the policy is wrong it can be changed. And of course there's always WP:IAR (which carries with it inherent risks as well). If the policy needs to be enhanced then we should start there but I should warn you the WMF gets very interested whenever the copyright policy pages are changed. In order to change policy or circumvent it in this instance you need to get WP:CONSENSUS, which hasn't happened yet. Ronnotel (talk) 13:54, 21 September 2010 (UTC)
 * I get the feeling you're misinterpreting the implications of Copyright is automatically assumed as soon as any content (text or other media) is created in a physical form. CNN articles are copyrighted as soon as they are published, but that doesn't mean we can't cite them or link to them.
 * I think a link to the original pastebin is very appropriate, and a respectable number of other users seem to agree. Does anyone other than Ronnotel oppose such a link?
 * I'm sure Ronnotel has the best intentions, but the removing seems a bit mis-placed. At the very least, I believe it would be better to err on the side of leaving a link up and avoiding potential edit wars, unless consensus dictates otherwise. ~ Josh "Duff Man" (talk) 06:16, 23 September 2010 (UTC)
 * While I don't agree with Ronnotel's position that the published key on pastebin constitutes a copyright violation, your counter-argument isn't valid either. There is a big difference between linking to copyrighted material published by the copyright holder and linking to material violating someone else's copyright. —Ruud 18:00, 23 September 2010 (UTC)

If linking to the pastebin key were illegal in the US, I'm sure PC Magazine, CNET, and even Tom's Hardware's articles wouldn't link to it. But they do link to it, rather prominently. See the links to their articles right above this section. Tijfo098 (talk) 07:49, 23 September 2010 (UTC)
 * @Duff - Please read WP:ELNEVER - we link to CNN articles because they are not in violation of copyright. However, I'm asserting - and no-one has offered any convincing evidence to the contrary, that posting the text of the hex key is in violation of copyright and therefore subject to WP:ELNEVER. Perhaps this should be posted on one of the copyright violation boards and get some more expert opinion. Ronnotel (talk) 23:12, 24 September 2010 (UTC)
 * "ELNEVER" says "The subject of this guideline is external links that are not citations to sources supporting article content." The link you removed was a citation. You don't seem to read your own rules. Tijfo098 (talk) 21:38, 25 September 2010 (UTC)

HDCP master key
Is it illegal to have a citation linking to (one of) the HDCP master keys when sources like CNET or PC Magazine do provide such a link?
 * Here is some interesting reading that you will probably find pertinent as it relates to similar activities regarding the DeCSS keys. http://www.eff.org/deeplinks/2007/05/09-f9-legal-primer


 * I am not a lawyer, though I am somewhat versed in DMCA issues (though generally not ones related to this area). Regardless, the thing I think (ie: IMHO) are relevant are that regardless of such an outcome, it may be dangerous to post/include links to such things as certain interpretations of the DMCA may make doing so carry some form of liability. Regardless of whether such liability is found to be valid, the cost of fighting such a lawsuit is probably not something that would be wanted by anyone (the editor or WMF). In such situations, I've got no idea (or say) in what WMF should allow, but if it were my company or project, I for one would not take the chance. Mention that such has occurred is one thing. Linking to a site that discusses it and links to a site that may or may not have such information in detail is another thing (one level closer to "dangerous") - but linking directly to such content is something I would personally never do, even if one was entirely sure of the legality; especially with the penchant for lawsuits (and attempts at making examples) by various of the "content protection groups". For instance (discussing actions that some may construe as "shady" actions by such content creators and protection groups), it's not like certain big media companies (like let's say hypothetically Viacom) have uploaded their very own video files to certain services (hypothetically YouTube), and then sued such services for having such content online. While I wont claim such actions are frivolous, and wont claim they are actually in direct violation of DMCA 512(f), I am guessing there are those who could or have made such claims. Nonetheless, it hasn't stopped such "hypothetical" lawsuits from occurring.


 * But again, I am in no position of authority to make a ruling on this and I am not a lawyer; I simply post my perspective and how I would handle myself in such matters (which is not to take the chance). Best, R OBERT M FROM LI  TALK/CNTRB 00:18, 26 September 2010 (UTC)
 * All we are doing is linking to a online WP:RS, after that, we have no legal responsibility for their content. Off2riorob (talk) 01:02, 26 September 2010 (UTC)
 * Correct, assuming the WP:RS does not post the key or methods of cracking HDCP. Or at least, that was the determination on the DeCSS testcase (and upheld on appeal). In the DeCSS case and related activities surrounding the issue, even Digg.com was temporarily shut down. WP:RS does not trump legal requirements, hence my breakdown above. Best, R OBERT M FROM LI  TALK/CNTRB 01:19, 26 September 2010 (UTC)
 * Well I could shut digg down... I read your comments, there is no benefit at all to posting the codes here but we clearly can link to a reliable citation even if keycode is listed there. Off2riorob (talk) 02:34, 26 September 2010 (UTC)
 * And I still respectfully disagree, as the court ruled (which was upheld on appeal) "that those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not lawfully be offered, and (c) create or maintain the link for the purpose of disseminating that technology." so, once again, WP:RS does not trump the law and judicial interpretation. R OBERT M FROM LI  TALK/CNTRB 03:24, 26 September 2010 (UTC)
 * Are you involved in some way with this? There are no other people here with your legal fears. Off2riorob (talk) 05:13, 26 September 2010 (UTC)
 * Check my userpage please. I have dealt with DMCA issues before, and though a takedown notice is supposed to be the standard first step, I am well aware, from personal experience (though fortunately not directed at us) that such is not always the first step, hence my suggestion to err on the side of caution. In one such instance I was involved with, the legal bills piled up to well into the five figure mark, and closer to 6 figures than not; before the situation was resolved with a "yeah, I guess we dont have anything, and probably could have just filed a takedown notice" - so take that for what it's worth. Sometimes, stuff sits out there forever... other times, one company decides to try to make an example of another, thinking it will help future enforcement. R OBERT M FROM LI  TALK/CNTRB 06:07, 26 September 2010 (UTC)
 * Yes, I had a look at your user page. IMO you are overly cautious, perhaps because you had a bad experience. Ity is clearly too late, the company knows the cat is out of the bag and they are much more likely to be writing new keycodes than attempting to remove what can very easily be found all over the Internet. Anyway, that is my position and I have commented enough, I do not support posting the actual code here but I do support added a WP:RS if the code is in it.Off2riorob (talk) 06:15, 26 September 2010 (UTC) Off2riorob (talk) 06:13, 26 September 2010 (UTC)


 * I think part (c) of that legal test is not met here. Do you think CNET and PC Magazine don't retain any lawyers aware of the DeCSS case? The AACS key was published in The Inquirer and ZDNet UK back when the AACS guys were busy sending takedown notices to everyone. And the articles are still on-line, they are used as references in the AACS encryption key controversy. Intel apparently did not send anything of that kind to pastebin about the HDCP key, which is the original Internet source according to a couple of WP:RS, so worth citing in this article for historical purposes.

Guys, did anyone even check AACS encryption key controversy? It's full of keys, and not just the famous one. And it has been so for years, I checked the history. In comparison, adding a link as reference is far less offending, especially when the link can be cited from WP:RS, as you like to call them. Also, have a look at illegal prime. The worst thing that can happen is that Intel (through its subsidiary) would send a takedown notice to the WMF. See Talk:Texas Instruments signing key controversy for example. Given that Intel did not seem to have sent anything to pastebin.com, or to any of the magazines that published a link to it, even that seems unlikely. Tijfo098 (talk) 06:16, 26 September 2010 (UTC)
 * Please see WP:OTHERSTUFFEXISTS. The fact that other articles may have WP:COPYVIO materials is no justification for doing so here. Ronnotel (talk) 13:01, 27 September 2010 (UTC)
 * Straw man. The question is not whether we are allowed to include material violating copyright, but whether we should link, as a source, to material which may be requested to be taken down under the DMCA. There is no explicit policy on this, thus looking at other articles is per Other stuff exists a perfectly valid method of reasoning or informing ourselves of prior concensus. —Ruud 17:38, 27 September 2010 (UTC)
 * In all honesty, I think I'm missing something here. I'm not sure what DMCA and take-down notices have to do with this. It's much easier, all we have to do is consider WP policy. #1 - policy states that copyright is automatically assumed for all content unless a waiver is explicitly granted, and #2 - policy states that we don't link to pages that violate copyright. I'm sorry for being so thick about this, but in order to support such a link, someone needs to demonstrate why this wouldn't violate WP policy. Ronnotel (talk) 18:16, 27 September 2010 (UTC)
 * Assumption: a proposition that is taken for granted, as if it were true based upon presupposition without preponderance of the facts. Now if we do take into account the specific facts, we find that the text in question is a cryptographic key and that, as cryptographic keys are not eligible for copyright, the text in question cannot be copyrighted and therefore cannot constitute a copyright violation. There is not difference with the reproduction of artwork on Wikipedia. While we would initially have to assume the digital reproductions we display are copyrighted by those producing them, when taking into account Bridgeman Art Library v. Corel Corp., we can reach the conclusion these reproductions are in the public domain and can be safely displayed. —Ruud 20:26, 27 September 2010 (UTC)
 * We've already discussed this - whether the key is covered by copyright under various legal theories is irrelevant. WP policy assumes that they are. If you can cite WP policy to the contrary then please do so. Citing US District Court precedents is original research and of no use. Ronnotel (talk) 20:32, 27 September 2010 (UTC)
 * BTW - I have listed at WP:Copyright problems. I think we need more expert advice on this issue. Ronnotel (talk) 20:47, 27 September 2010 (UTC)
 * I interpret the policy as stating that material is assumed to be under copyright unless evidence to the contrary is provided (in contrast with being assumed to be in the public domain unless evidence to the contrary is provided.) I cannot in any reasonable way read the policy as stating that cryptographic keys should be considered protected by copyright (despite them not passing the creativity criterion as in Bridgeman Art Library v. Corel Corp., Feist v. Rural, etc.), as your interpretation seems to be. Furthermore, your interpretation would be in direct contradiction to common practice on Wikipedia. —Ruud 21:26, 27 September 2010 (UTC)
 * Once again, here is the text from the relevant WP policy: Copyright is automatically assumed as soon as any content (text or other media) is created in a physical form (emphasis mine). I see no requirement regarding creativity here; Bridgeman is irrelevant. Please address the WP policy concerns - there may be other exceptions in WP policy that I'm not aware of. It may also be true that WP policy is wrong and needs to change. I'm perfectly willing to listen to any well-reasoned argument based on WP policy. However, continuing to argue legal precedents from US District Court is tangential and bordering on disruptive. Ronnotel (talk) 13:49, 28 September 2010 (UTC)
 * That response does in no way relate to my argument. My emphasis was on the word "assumed" here, and it's implications for the interpretation of the text you quoted. By changing the emphasis you are diverting from the issue, not making a valid counter-argument. I'd also prefer if you do not make any unsubstantiated claims about my argumentation being disruptive. —Ruud 14:23, 28 September 2010 (UTC)
 * The policy clearly states that copyright is assumed for any content unless there this explicit permission granted to release said copyright. It doesn't say "unless evidence exists to the contrary" - you seem to be making up that interpretation. In this case, you have provided no evidence that the copyright has been released. The release of the hex key was not published under fair use nor any other plausible exception. It is quite clearly published in violation of the owner's copyright and therefore cannot be linked to by WP under the theory of "contributory infringement". WP always errs on the side of caution w.r.t. to copyright infringement and the policy are very explicit. No amount of wiki-lawyering will change that. Ronnotel (talk) 14:36, 28 September 2010 (UTC)
 * To me the "unless evidence exists to the contrary" part seems to be the only reasonable interpretation of that specific sentence. What would, according to you, be the correct procedure be to determine whether something is not a copyright violation? —Ruud 14:38, 28 September 2010 (UTC)

I would look at the last part of the same paragraph: ...unless it is inherently in the public domain due to age or source. The only question here is whether the hex key is "inherently in the public domain" due to its source. For instance, images produced by the U.S. Government are in the public domain by law. I can't think of any reason why a secret code protected by extensive layers of licensing would be "inherently in the public domain". Ronnotel (talk) 15:15, 28 September 2010 (UTC)
 * Because, in order to not be in the public domain a work needs to contain (by law) an element of originality, which a random number does not. I found this policy describing the community's and Foundation's stance relating to this point: commons:Commons:When to use the PD-Art tag (in particular the sections The U.S. case of Bridgeman v. Corel (1999) and The position of the WMF). —Ruud 15:37, 28 September 2010 (UTC)
 * I appreciate the leg work to track down the WMF position you linked to. In fact, I have used the same reasoning to defend certain images. However, the leap from a photograph of a genuine work of art, to what you call a random number is a bit too far for the work to be considered "inherently" in the public domain. There needs to be a broad consensus that the hex key is in the public domain and that just doesn't exist here. Ronnotel (talk) 15:58, 28 September 2010 (UTC)
 * Given the status quo at AACS encryption key controversy and statement by legal experts, I would have to disagree, but see no reason to continue this discuss at the moment. —Ruud

I'm going to list the AACS article as well, because you imply that it contains a copyvio as well. The illegal prime article only contains a circumvention device. Tijfo098 (talk) 13:24, 28 September 2010 (UTC)