Reply Decl. of John J. Hoy                                            NY1:\866045\01\$K8T01!.DOC\62130.0216

JARED B. BOBROW (State Bar No. 133712)
CHRISTOPHER J. COX (State Bar No. 151650)
2882 Sand Hill Road, Suite 280
Menlo Park, California 94025
Telephone: (650) 926-6200
Facsimile: (650) 854-3713

767 Fifth Avenue
New York, New York 10153
Telephone: (212) 310-8000
Facsimile: (212) 310-8007

Attorneys for Plaintiff


DVD COPY CONTROL ASSOCIATION, INC., a  not-for-profit trade association,



ANDREW THOMAS MCLAUGHLIN, an individual; ANDREW BUNNER, an individual; JOHN V. KEW, an individual; SCOTT KARLINS, an individual; GLENN ROSENBLATT, an individual; DALE EMMONS, an individual, EMMANUEL GOLDSTEIN, an individual; DOUGLAS R. WINSLOW, an individual; JONATHAN BLANK, an individual; ROGER KUMAR, an individual; ROBERT JONES, an individual; EN HONG, an individual; MATTHEW ROBERT PAVOLICH, an individual; IAN A. GULLIVER, an individual; JON HANSON, an individual; DAVID M. CHAN, an individual; CAMERON SIMPSON, an individual; TOM VOGT, an individual; CYRIL AMSELLEM, an individual; THORSTEN FENK, an individual; ADRIAN BAUGH, an individual and Does 1-500, inclusive.



* Pro Hac Vice App. Submitted



Date: January 18, 2000
Time: 1:30 p.m.
Dept. 2
Honorable William J. Elfving

I, JOHN J. HOY, hereby declare and state as follows:

1. I make this Reply Declaration in further support of Plaintiff DVD Copy Control Association's ("DVD CCA") application for a Preliminary Injunction for two reasons: first, to correct certain factual misstatements and reply to the contentions made in the Declarations and papers submitted on behalf of Defendants Andrew McLaughlin and Andrew Bunner in opposition to DVD CCA's application for a preliminary injunction; and second, to provide further clarification of the stringent measures taken by DVD CCA, and its predecessor, to secure the trade secrets of the CSS technology which it licenses. As stated in my previous Declaration submitted in support of DVD CCA's application for a preliminary injunction ("Hoy Decl."), I am the President of DVD CCA and have been intimately involved in all issues relating to the adoption of the DVD format and specifically in all aspects of the implementation and protection of CSS technology. (Hoy Decl., ¶¶ 1-4).

The Original "Hack" of CSS was Through the Xing License

2. Two postings on the Internet, one dated October 6, 1999 and one dated October 25, 1999, reveal that the original access to the CSS technology was a "hack" around the license issued by Xing Technology Corporation ("Xing"). (A true and correct copy of the October 6, 1999 posting is attached hereto as Exhibit A. A true and correct copy of the October 25, 1999 posting is attached hereto as Exhibit B.)

3. The October 6, 1999 posting appeared at, the web site which, on information and belief, was authored by Jon Johansen, the original Norwegian hacker. That posting required the "object code" to be downloaded. Object code is a code that computers understand.1 With respect to the information downloaded from this posting, performed the following tests to determine whether it included the Xing "master key." First, took a DVD disc of a motion picture and played it on the DVD drive of a personal computer ("PC") to determine that the PC and DVD drive actually worked. The motion picture played properly on the PC. Second, using the DeCSS program which had been posted on October 6, 1999, I copied the digital images from the DVD disc onto the hard drive of the same PC. Again, the motion picture played properly, thus proving that DeCSS could descramble the digital images from the DVD disc. Third, I then "zeroed out" (i.e., nullified) the Xing "master key" in the DVD ROM buffer memory and, using the same DeCSS program, copied the digital data from the DVD disc and the other "master keys" onto the hard drive of that PC. When I attempted to use the copied digital data, a message appeared on the computer screen stating that the motion picture could not be played. Finally, I "zeroed out" all of the other "master keys in the DVD ROBA buffer memory, but activated the Xing "master key" only. Using the same DeCSS program, copied the digital data from the DVD disc and the Xing key onto the computer's hard drive. When I attempted to play the motion picture from the hard drive this time, it played properly. From this experiment, I concluded that the October 6, l999 posting contained both the CSS technology and only the Xing "master key."


1 Programmers write computer programs in a form called "source code." The source code consists of a set of instructions in a particular language like "C" or "FORTRAN." Compilers change the source code into an intermediary form called "object code," which is understood by a particular type of computer. The object code is then transformed into a low-level language] called [machine language which the computer actually executes.

4. The October 25, 1999 posting (an anonymous posting to the Livid mailing list at contained "source code." Source code is the language in which programmers write computer programs. From looking at the text of this posting (without performing a test as that described in Paragraph 3 above), I can determine (i) that it contains the Xing "master key" and (ii) and that it does not contain any other "master key." I am informed and believe that the code posted on October 25, 1999 operates as a CSS descrambler module.

5. Thus, as of October 25, 1999, the date which DVD CCA alleges in its Complaint that CSS technology first appeared in source code form on the Internet (Complaint, ¶ 45) -- and the date which Frank A. Stevenson claims (through his Declaration filed on behalf or defendants Bunner and McLaughlin, see discussion at ¶¶ 6-14, infra) was the first date on which cryptanalysis of CSS ciphers was publicly disclosed on the Internet -- there was a posting of CSS source code which contained only the Xing "master key." I am not aware of any other posting of the CSS technology on the Internet as of October 25, 1999 which contained any of the other "master keys." Access to CSS technology was thus obtained in violation of the specific provision in the Xing end-user license "click wrap" agreement which prohibits reverse engineering. (See Reply Decl. of Chris Eddy, ¶ 7 and Ex. A).

Declaration of Frank A Stevenson

6. Declarant Frank A. Stevenson ("Stevenson") states that to the best of his knowledge, he is the "first person that publicly disclosed the cryptanalysis on the CSS ciphers. (Stevenson Decl., ¶ 3). Mr. Stevenson's Declaration demonstrates that both he, and others working to hack CSS through the Livid project (a forum whose sole purpose was "to provide Video and DVD playback capabilities to the linux computing platform", id., ¶ 4) knew, or had reason to know, that CSS was proprietary trade secret technology that was protected by a series of "master keys."

7. For example, as demonstrated in the Reply Declaration of Jonathan S. Shapiro, Esq. ("J. Shapiro Decl."), members of the Livid project were aware as early as July 25, 1999 that CSS technology -- the trade secrets that are at the heart of this action -- was protected by a series of "master keys" and that the only way to access the CSS encryption codes was to hack through those keys, each belonging to a company that had entered into a license agreement with DVD CCA's predecessor. (Hoy Decl., ¶¶ 14-15). On July 25, 1999, one member of the Livid project wrote:

I am new to this list, and with great interest, I read about your progress on CSS unlocking and decrypting.

There is one thing I don't understand. Why don't you take a look at the existing software decoders that are available for windows? I've got installed 4 of them (XingDVD, WinDVD, Cinmaster engine, PowerDVD) and each one is capable of playing every CSS encrypted DVD I own. In theory it should be possible to take out the CSS decrypting code part and use it in the LiViD project. Even copyright reasons hold you back from re-using the code, it should help to learn a lot about the process.

(J. Shapiro Decl., ¶ 53) (emphasis added). To my knowledge, all of the software licensees of CSS technology, including Xing, require end users to enter a "click wrap" license which specifically prohibits reverse engineering.

8. Moreover, the Internet postings of those individuals who were developing and/or discussing the means to hack through the master keys to gain access to CSS technology, referred to in the Shapiro Reply Declaration, demonstrate that they knew, or had reason to know, that such actions were wrongful.

9. For example, postings on as early as July 1999 clearly establish the state of mind of the hacker community. The following is a sample of posts made on July 15, 1999:

With DVD all the decoding is done locally, and if the decoding can be done in software (which it often is, under windows, anyway) than that code can be RIPPED and ported to other platforms. Period. The Law? F**k the law. Someone will do it regardless and post it to USENET and ftp servers in countries where US law is meaningless, and the SW will spread and no one will be able to stop it. The secret nature of DVD decoding is already doomed and has been since day one when software was released to do it. If they really wanted to keep it secret, they'd have had a better chance if they kept all the decoding in hardware. But it's too late now. The genie is out of the bottle. (by root at megami dot org) (emphasis in original).

My impression is that the decryption algorithms for DVD are kept as a big secret to prevent movie piracy (which as most of us know is becoming the next big thing on the net). In order for linux to get a decoder, it would have to come from either (a) hardware or (b) some group who has access to the decryption scheme.... (by spam2( (emphasis added).

There is an incorrect perception that copyright and patent and RE reverse engineering laws are universal. They are not. If someone in say, Taiwan, or some other non-Berne non-WIPO country REs the code and posts it to the usenet, how is this illegal? Now I suppose it's illegal for Joe US Citizen to download and use this code, but the genie will be out of the bottle so to say, and it will then be impossible to suppres sic the knowledge anymore. (by anonymous coward) (emphasis added).

Yes, it is true, we have now all the needed parts for software decoding of DVDs, but any software doing so will be illegal and/or non-free....

The information about CSS is obtained by reverse engineering some DVD software decoder. Reverse engineering is nearly every time prohibited by license agreements, and for example european law allows reverse engineering only for software compatibility issues. So the CSS source was not obtained in a legal way, and it is at least a very problematic issue if we may use this source however. I'm unsure if CSS is also protected by patents. (by kjuZ)debian dot org) (emphasis added).

I'm sure Matthew P. and the source codes 'creator' will be contacted to cease and desist distribution of the code. The anonymous source (who isn't entirely anonymous, as far as I know, as he made himself known on other forums), will be at the most risk here for legal problems. Best idea now is to download the code. Get it spread around as widely as possible. It may not be able to be used legally when all is said and done, but at least it will be out there for others to work with. (by Sontas) (emphasis added).

What are the laws regarding reverse engineering, specifically reverse engineering a piece of software that has a specific clause in it's usage license not to reverse engineer or dissasemble sic the code? Are there any ways around a reverse engineering clause of a software product? (by Sontas) (emphasis added).

. . . I don't see how Reing [reverse engineeringj the CSS mechanisms in a DVD player would be considered legal. You are not maintaining any kind of compatibility. The only way I can see it being able to be legal under that law Norway is to claim you did it for maintaining compatibility with other DVD authoring software. Even then, one could only legally RE the encryption algorithm used and perhaps where on the disc hone has to place the disc and title keys. (by Sontas) (emphasis added).

What if I buy a machine with software already installed? These are shipped ready-to-run, and don't present all the EULA screens that the setup programs offer. Nobody could prove I even saw a license agreement, let alone approved it. (by artg) (emphasis added).

The windows EULA says you cannot reverse engineer. It also says that if you do not agree to the terms of the agreement, you are entitled to a refund. How many people actually got refunds? If microsoft doesn't honor their side of the agreement, legally you don't have to either. (by

What are the laws of reverse engineering, specifically reverse engineering a piece of software that has a specific clause in it's usage license not to reverse engineer or dissasemble sic the code? (by r.e.wolffE)

I think criminal charges are up to 3 years in jail and $10,000 per violation. That would of course be for serious violations, or if someone was out to destroy you. (by anonymous coward) (emphasis added).

(J. Shapiro Reply Decl., at ¶¶ 18-22, 24-28).

10. Declarant Stevenson states that on or about October 25, 1999, anonymous post of CSS C source code was made to the Livid project mailing list. Stevenson posted a copy of this on his Web site. (Stevenson Decl., ¶ 14). Stevenson states that the "anonymous source" could not "be executed as a program" and did "not contain any player keys" (id., ¶ 7), a clear acknowledgement that the means to obtain the CSS technology was through one of the keys owned by the licensees of the CSS technology. (A portion of Stevenson's posting to the Internet, attached as Exhibit C to his Declaration, is titled "The Divide and conquer attack, Deviced and written by Frank A. Stevenson 26 Oct 1999 . . . Released under the GPL license.")

11. Stevenson then states that he posted a "break on the CSS cipher used for encrypting movie files" on October 27, 1999. (Id., ¶ 15). He states that this "attack reduced the workload for finding a CSS key used to encrypt an individual block of movie data . . ." (id.), thus again recognizing the importance of the "master keys" as the means to gain access.

12. On October 28, 1999, Stevenson made a post, titled "Working PlayerKey cracker," "describing a break on the player keys to the Livid mailing list," stating that "this attack will enable a competent programmer to derive all 400 or so player keys from a single known player key in 5 to 10 minutes on an ordinary PC." (Id., ¶ 16 and Ex. E) (emphasis added).

13. On October 30, 1999, Stevenson made another post "describing an attack on the disk hash" to the Livid project. (Id., ¶ 17). He states: "This attack described a method for extracting a title key directly from this hash, thus negating the need for any player keys when viewing a DVD movie." (Id.) (emphasis added). Thus again, Stevenson recognizes that the purpose and intent of those hacking into to the CSS technology was to "negate" the need for the "master keys" which DVD CCA and its predecessor had put into place for the specific purpose of protecting the CSS technology -- the trade secrets at issue here.

14. Although Mr. Stevenson states that "there are a variety of methods that can achieve the cracking of the encryption scheme without ever seeing or agreeing to a Xing license agreement," (id., ¶ 19), he fails to state any. In any event, that is beside the point. His Declaration clearly proves that he was aware that CSS was technology that was licensed pursuant to an agreement that contained anti-reverse engineering provisions and that the "master keys" were the means used to protect it.

Declaration of Defendant Andrew Bunner

15. Defendant Andrew Bunner submitted a Declaration in which he fails to state where he actually obtained the trade secrets which he disseminated on his web site. He states only that he became aware of the "deCSS program" on or about October 25, 1999 by reading and participating in discussions held on the web site. (Bunner Decl., ¶ 3-4). As set forth in Paragraphs 4-5 above, an October 25, 1999 posting of DeCSS included information that it came from the Xing software, a fact that has been discussed on (See Shapiro Reply Decl., ¶¶ 48-96). In any event, as demonstrated above, as well as in the Shapiro Reply Declaration, the discussions on contained numerous references to the wrongful nature and questionable legality of the CSS hack. Given these facts, Bunner's statement that at the time he posted the DeCSS program on his web site, he had "no information suggesting that the 'deCSS' program contained any trade secrets" and had "no reason to believe the 'deCSS' program was not either properly reverse engineered or independently created" (id., ¶¶ 13-14) is not credible.

Defendant Andrew McLaughlin Fails to Submit Any Declaration

16. Defendant Andrew McLaughlin has submitted no Declaration explaining how he acquired the CSS trade secrets. McLaughlin's pre-litigation comments on his web site -- "Mark of the scofflaw! Here's my local copy of CSS decryption software, enjoy!" -- establish that he knew he was in possession of and was freely disseminating material that he had wrongfully obtained. (See Complaint, ¶ 50). That statement has now been replaced with "Here's the disputed code" and is followed by copies of the DeCSS program.

Declaration of David Wagner

17. Although Declarant David Wagner ("Wagner") states that he has worked extensively reporting "serious flaws" in the techniques used for encrypting credit card numbers and in the privacy codes of U.S. and European digital cellular phones (Wagner Decl., ¶¶ 5-7), and that he has been "closely watching this case" (id. ¶ 14), he has never made any contact with me, or to my knowledge, any employee of DVD CCA or its predecessor, any of the creators of CSS technology or any of the licensees of that technology to report the alleged weaknesses which he proclaims to have known. Similarly, I know of no academic research published by Mr. Wagner on the subject of CSS encryption technology. If Mr. Wagner was truly concerned that "as electronic commerce becomes more prevalent, criminals gain an increasing financial incentive to exploit security vulnerabilities in our critical systems" (id. at ¶ 8) and believed that "it is the scientific community's duty to study these issues and to report on systemic risks that the public at large may not be aware of," (id. at ¶ 10), he should have reported his concerns of the alleged weaknesses in CSS encryption to DVD CCA.

18. In contrast to Mr. Wagner's assertions, DVD CCA is not attempting to "ban research into DVD security systems" or to "ban the publication of the DVD security weaknesses which are the results of that research." (Id. at ¶ 14). DVD CCA would welcome such research. Rather, DVD CCA is seeking to stop something quite different -- the illegal publication of the trade secrets for the CSS technology which DVD CCA licenses. The publication of DVD CCA's trade secrets serves no academic or scientific interest. Instead, Defendants have published and distributed these trade secrets for one purpose only -- to enable Defendants and others to violate the intellectual property of the motion picture industry.

19. Mr. Wagner's Declaration in fact supports DVD CCA's assertion that the CSS technology is a trade secret. He states his "understanding . . . that the DVD security design relies in part on distributing software in an 'obscured' form -- hidden in locations that are not obvious." (Id. at ¶ 21 ) (emphasis added). Wagner states further:

. . . I am aware of tools and techniques which apparently allow interested parties to bypass the standard installation process and gain access to the DVD player software without ever seeing or agreeing to any license agreements that may restrict reverse engineering. I am also aware of a tool which purports to allow one to continue the standard installation process without agreeing to any license agreement (see, e.g., /No License htm).

(Id., ¶ 27) (emphasis added). The fact that one must "bypass" a license agreement to gain access to the installation software indicates a conscious decision to evade one of the principal protection mechanisms required by DVD CCA to protect the trade secrets which it licenses.

20. Mr. Wagner criticizes CSS because it uses a 40-bit encryption system. (Id. at 25). However, at the time CSS technology was developed and put into place, the export laws of many industrialized countries, including the United States, prohibited the export of any encryption system that was longer than 40 bits. Because CSS technology is exported throughout the world, a security system longer than 40 bits would have been illegal.2 Thus, the maximum encryption system permitted by law was put into place. Mr. Wagner does not state any additional facts to support his allegation that "CSS was extremely poorly designed" (id. at ¶ 31) and that there was "sloppy workmanship in the DVD security measures." (Id. at ¶ 32).


2 Indeed, Mr. Stevenson recognizes this fact in his November 8, 1999 posting to the Internet. attached as Exhibit A to his Declaration. He states: "CSS was designed with a 40 bit keylength to comply with US government export regulation, and as such it is easily compromised through brute force attacks (such are the intentions of export control)."

21. Mr. Wagner's conclusions about the effects of the "hack" of CSS technology are contradictory. On one hand, he states that "the ability to break the CSS revealed in October 1999 does not appear to make large-scale piracy significantly easier today." (Id. at 33). Yet, in the next paragraph, he states that "it is fundamentally impossible to secure software DVD players against copying and piracy by dedicated individuals. Even if the CSS had been designed properly, the unpleasant truth is that it will still be a straightforward cryptanalysis exercise to circumvent the DVD copy protection measures by technical means." (Id. at ¶ 34) Thus, Mr. Wagner again recognizes that the way to gain access to the trade secrets which DVD CCA seeks to protect in this action is through "circumvention," not by any proper means.

Declaration of John Gilmore

22. The Declaration of John Gilmore ("Gilmore Decl.") is premised on the incorrect statement that "there are many legitimate reasons" for allowing one to use the DeCSS software for windows and the "similar 'readdvd' software" for the linux operating system to make copies of a DVD disc onto his or her hard drive by circumventing the products of CSS licensees. (Gilmore Decl. at ¶ 9-10). CSS is proprietary technology licensed by DVD CCA. The only proper way to gain access to that technology is by using the products properly licensed by DVD CCA and its predecessor.

23. Gilmore goes on to state that "one major reason for making such copies is to allow linux developers and users to watch their DVDs on their non-windows computers." (Id. at 10). linux is an alternative operating system to windows. It was developed as an "open" system which is available at no charge to the user. To date, no person or entity has taken a license from DVD CCA or its predecessor to use CSS in a linux application. If a person or entity were prepared to take a license on the same terms as existing licensees, such a license would be granted. At that point, linux users could lawfully view motion pictures on their non-windows operating system. Until then, linux users have no "right," via a "hack" around other software licenses, like the Xing license, to gain access to this proprietary technology.

24. Mr. Gilmore attempts to minimize the significance of the illegal activities of the linux defendants by stating that the current state of technology does not support large-scale piracy. (Id. at ¶¶ 19-20). First, this argument virtually concedes that the actions of these defendants is illegal. Second, this argument ignores the prospect that sophisticated and well-funded entities can indeed use the stolen trade secrets to support large-scale piracy. Finally, the technology for the transmission of motion pictures over the Internet is developing quickly. The potential for large-scale piracy through that medium is overwhelming.

25. Mr. Gilmore purports to criticize the CSS system although he admits that he "does not yet have access to the actual specifications of the DVD Content Scrambling System." (Id. at ¶ 30). Like Wagner, his only real criticism of the CSS system appears to be that it is protected by a 40-bit key. As discussed above, the trade regulations of the United States and other industrialized countries prevented the export of an encryption product with more than 40 bits. DVD CCA and its predecessor complied with the governing regulations regarding security at the time CSS was developed and implemented.

26. Both Mr. Gilmore and Mr. Wagner appear to have a fundamentally flawed view as to the development and implementation of trade secrets. Gilmore states that "modern day encryption systems are shielded by law from scientific inquiry." (Id. at 36). Wagner states that "the DVD industry elected to keep its inner workings secret." (Wagner Decl., ¶ 26). The CSS technology was created under the strictest security for the very purpose of preserving trade secret protection. After its development, access to the technology was strictly limited to licensees who agreed to comply with the stringent security specifications set forth in the CSS License Agreement. (See Hoy Decl., ¶¶ 14-19; see also discussion at ¶¶ 24-27, infra).

27. Mr. Gilmore does get one thing right. He states: "Miscreants are free to discover and exploit weaknesses, whether to listen in on 'private' cell phone calls, to steal intellectual property, etc." (Gilmore Decl., ¶ 41). That is exactly the point of this lawsuit. The defendants in this action have gained access to DVD CCA's trade secrets with knowledge that this information has been gained illegally. The discussions on the Internet among the defendants and others about the "hack" of CSS does not have any semblance of an "educational" or "scientific" inquiry into encryption. Rather, the sustained comments of these defendants proves that the intent of this community was and is to misappropriate the trade secrets licensed by DVD CCA and to use those trade secrets to violate the copyright of the motion picture industry. As Mr. Wagner states in his Declaration: "It appears that, because there was no commercial entity creating DVD software for linux, the programmers did it for themselves." (Wagner Decl., ¶ 26).

DVD CCA and its Predecessor Took Substantial Steps To Protect the Trade Secret Status of the CSS Technology.

28. As described in my Declaration submitted in support of DVD CCA's Application for a Preliminary Injunction, dated December 24, 1999, DVD CCA's predecessor began licensing CSS technology on our about October 31, 1996. (Hoy Decl., ¶ 14). A true and correct copy of the Amended and Restated CSS Interim License Agreement that each of the licensees of CSS has executed ("The CSS License Agreement") is attached hereto as Exhibit C.3 (See Hoy Decl., ¶¶ 14-19).


3 For reasons of confidentiality, the names of all companies mentioned in the Agreement have been redacted. Additionally, the CSS Agreement consists of both the CSS License Agreement and an agreement pertaining to specifications for the CSS technology. Because the latter agreement contains highly confidential proprietary information that is not at issue in this lawsuit, it is not attached.

29. Section 5.4 of the CSS License Agreement requires all licensees to comply with all applicable rules and regulations of the United States and other countries and jurisdictions "relating to the export or re-export of commodities, software and technical data insofar as they relate to the activities under this Agreement, and shall obtain an approval required for such rules and regulations whenever it is necessary for such export or re-export." At the time that DVD CCA's predecessor began licensing CSS technology, the United States and other industrialized countries provided that no exported product containing encryption technology could contain more than 40 bits (See ¶¶ 20, 25 supra).

30. The CSS License Agreement specifically prohibits licensees from reverse engineering the CSS technology. Section 5.3 of that agreement provides:

Licensee shall under no circumstances reverse engineer, decompile, disassemble or otherwise determine the operation of CSS Specifications, including, without limitation, any encryption/decryption or scrambling/descrambling algorithm or logic of CSS, except that Licensee may, to the minimum extent necessary for the purposes of testing, debugging, integration or tuning of Licensee's own CSS Compliant Product to ensure that it works in its intended operational environment with other CSS Compliant Products (the 'Analysis Purpose'), conduct performance or electrical analyses with respect to the operation of other CSS Compliant Products that form part of such intended operational environment ('Analysis'), subject to the following conditions:

(a) Licensee shall not perform any Analysis, in whole or in part, for the purpose of deriving or discovering CSS Specifications that have not been made available and licensed by DVD CCA to Licensee hereunder (the 'Derived Information').

(b) To the extent Licensee obtains Derived Information, inadvertently or otherwise, Licensee shall immediately notify DVD CCA, and upon instruction of DVD CCA, Licensee shall within ten (10) days thereafter return or destroy any portion of Derived Information that is not solely necessary for the Analysis Purpose and cease any use of same for any purpose.

(c) Subject to Section 5.3(b) above, the Derived Information: (i) shall only be used for the Analysis Purpose and for no other purpose; and (ii) shall be treated as confidential in the manner corresponding to the same type of information as specified in Section 5.2.

(d) Nothing herein shall be construed as an inducement for Licensee to reverse engineer any products of any CSS Licensee or third party.

(e) For purposes of this Section 5.3: (i) 'testing' shall mean a process of evaluating Licensee's CSS Compliant Product to ensure proper operation; (ii) 'debugging' shall mean a process of finding the cause of an error in a Licensee's or other's CSS Compliant Product, but not analysis for the purpose of exposing possible design features; (iii) 'integration' shall mean a process of evaluating the performance of Licensee's CSS Compliant Product in combination with other CSS Compliant Products to ensure that they properly operate together; and (iv) 'tuning' shall mean a process of evaluating and improving Licensee's CSS Compliant Products to work more efficiently with other CSS Compliant Products.

Clearly, the end users of the products manufactured by the licensees under the CSS Licensee Agreement can have no greater rights than the licensees have under the CSS License Agreement.

31.   Section 5.2 of the CSS License Agreement contains the confidentiality restrictions imposed on the licensees to protect the trade secret status of the CSS technology. The CSS License Agreement requires licensees to maintain the confidentiality of certain defined pieces of information, such as the algorithms and "master keys." As such, licensees are subject to a stringent set of rules to ensure the maintenance of confidentiality within the group of licensees:

(a) Among the safeguards taken is the requirement that only those licensees that absolutely need to know a particular algorithm and/or key are provided with such information. For example, a manufacturer of semiconductor chips for descrambling CSS content in stand-alone DVD players is provided with information necessary for manufacturing such chips but not with information concerning the scrambling process itself or the authentication between DVD drives and the descrambling module used for computer-based implementations. Companies that merely assemble parts and components produced by others may be required to be licensees in order to purchase such parts and components, but these companies are not provided with the proprietary CSS information at issue.

(b) The CSS License Agreement mandates that licensees only provide the proprietary CSS technology at issue to the strictest minimum number of licensee's employees who require access to the information, beginning with only three employees and expanding beyond three only upon notification to the licensor of the names of the additional employees Licensees who violate these requirements are subject to liquidated damages in the amount of $1 million per violation (with a cap based on profits made from the sale of licensed products).

(c) Licensees implementing authentication and descrambling functions in software are required to do so only in a manner that obscures the proprietary CSS technology at issue, so as to effectively frustrate anyone seeking to obtain such proprietary information. Specific means of accomplishing this protection requirement are provided to licensees to illustrate the types of measures to be taken and the level of technical skill that must be employed to defeat any such measures. Failure to abide by these operating restrictions can subject the licensee to injunctions prohibiting the sale of the product in which the failure occurs, through actions brought either by the licensor or by third party beneficiary content owners (motion picture companies that are licensees under the CSS License Agreement and have made copyrighted content available on DVD discs encrypted using CSS technology).

I declare under penalty of perjury that the foregoing is true and correct.

Dated: January 13, 2000
Morgan Hill, California


John J. Hoy

Log in or register to write something here or to contact authors.