Blu-ray copy protection group criticised over hack

A leading advocate of the Blu-ray next-generation optical storage format has spoken publicly to criticise the group responsible for the AACS copy protection technology used with both Blu-ray discs and the rival HD DVD format, following online reports that the encryption key had been hacked and is being distributed online.

'Josh', who runs the Blu-ray.com website, said that the decision by the AACS LA [Advanced Access Content System Licensing Authority] to send 'cease and desist' letters to websites that posted or linked to an encryption key for HD DVD discs has been entirely counter-productive. Instead of suppressing distribution of the key, it has succeeded only in proliferating it.

'The key was posted, and then numerous hacker sites posted the key to spread the word,' he wrote on the Blu-ray.com website. 'While it was available, it was contained to that relatively small group of individuals. Then AACS started issuing cease and desist orders, and that is when mainstream media caught on. Now, the code is everywhere - even on t-shirts - and it has become impossible to stop the virus. How one organisation can be so sloppy is beyond me, but one thing is sure: AACS has failed.'

It was after Digg.com removed links to the key after receiving one of the AACS LA missives that the extent to which the cease and desist campaign would misfire became clear. The news website was overwhelmed by angry users posting multiple instances of the code, forcing its founder Kevin Rose to backtrack and promise never in future to delete stories or comments containing the code.

Josh argues that the problem is not simply that the AACS key was so easily and widely distributed, but that the system itself is clearly flawed.

AACS, he says, 'has proven to be as effective as a screen door on a submarine. The first Title Key was discovered on the Web in January, and it took them three months to address the issue - not exactly the definition of a prompt response.'

More recently, a method was discovered using an HD DVD drive for an Xbox 360 to partially bypass the AACS system - you do not even need to have the encryption key to copy the disc content. This, Josh claims, indicates that future applications could 'bypass the system completely, meaning any key change would have zero effect on the drive's ability to read and copy media'.

Any shortcomings in AACS's ability to protect discs would appear to have greater implications for HD DVD then it would for Blu-ray. The Blu-ray Disc Association (which is not affiliated to Blu-ray.com) responded to the AACS hack by announcing that it would accelerate the introduction of BD-Plus, which promises much tighter controls on copying by uniquely encrypting individual discs, rather than applying just one key per title. The first BD+ discs are expected to be released in June.

AACS LA has been asked to comment.