Wikipedia:Wikipedia Signpost/2007-05-07/The key to Wikipedia

A number of Wikipedia articles got caught up in events elsewhere on the internet this past week, including an unusual form of spam that prompted developer intervention. This came about as the byproduct of a revolt on a popular social news website over the takedown of postings containing a compromised encryption key.

Background
The incident highlights some of the controversial provisions of the Digital Millennium Copyright Act as it relates to digital rights management (DRM). It dealt with the Advanced Access Content System, a standard used on the HD DVD and Blu-ray formats for high-density optical discs. AACS has been the subject of efforts to crack its copy protection since it began appearing on devices last year. A specific key that is part of the system was published in February on various websites, starting with the Doom9 forum. AACS Licensing Administrator (a trade group that manages the DRM technology for these formats) described it as a "processing key" and announced that it had taken steps to render the hack largely ineffective.

The key that appeared in February was a 32-character sequence in hexadecimal notation. It eventually began appearing on the voting-based news site Digg with posts urging people to "spread this number." One of these disappeared from the site, and a follow-up post received an inordinately large number of votes, or "diggs", before it too disappeared. On 1 May, Digg acknowledged that it was removing these postings in reaction to legal complaints. But the posts circulating this key continued to mushroom and collect votes, drowning out other activity on the site. A variety of other websites that covered the controversy also experienced a rash of similar postings in any forums open to public comment. Finally, eight hours after its previous statement, Digg announced it would no longer delete items containing the key, and the site eventually returned to normal.

Wikipedia effects
Unlike Digg, where the entire home page was taken over by posts related to the key until management backed down, the key never appeared on the Wikipedia Main Page. It did get posted repeatedly to various articles, some on topics relevant to the issue, but also on a number of completely unrelated articles. Given the key's appearance in totally inappropriate places and the way things had played out on Digg's website, the developers responded to multiple requests and added it to the spam filter. Greg Maxwell wrote an essay about the problem that formed the basis for the page Keyspam.

The inclusion in the spam filter prevents any edit containing the character sequence of the key from being saved. This drew objections from editors who thought it should at least be mentioned in the articles on HD DVD or AACS. In response, others pointed out that the incident or even the hack itself could be discussed without reproducing the actual key. The legal ramifications of the decision were also a major topic of discussion, since the DMCA makes it illegal to provide any part or component of technology designed to circumvent technological access controls on copyrighted works. A number of people concluded this would preclude publishing the key, while others argued that the purpose of its use on Wikipedia is not covered by the statute, or else that a lawsuit was at least unlikely.

As explained by Electronic Frontier Foundation attorney Fred von Lohmann, the issue is not one of copyright infringement, meaning that online service providers might not be protected from liability by the "safe harbor" of the DMCA's notice-and-takedown process. Digg CEO Jay Adelson told Wired the company actually received a cease-and-desist letter earlier, not specifically related to the post that sparked the revolt. This would be consistent with the fact that similar letters were sent in mid-April, to Google among others. (The Wikimedia Foundation has not received one; although the New York Times initially included Wikipedia in the reported list of recipients, the paper issued a correction the next day.)

Even with the use of filtering to block the key itself, administrators intervened to protect a number of articles affected by the fallout. And naturally, the entire saga was being documented with its own article, AACS encryption key controversy, covering the incident along with some of the creative manifestations of the key.