Plaintiffs,
v. 00 Civ. 277 (LAK) SHAWN C. REIMERDES, et al,
Defendants. ------------------------------x
July 20, 2000
9:00 a.m. Before:
HON. LEWIS A. KAPLAN,
District Judge
APPEARANCES
613
MR. GARBUS: May we approach the bench?
THE COURT: Yes, you and Mr. Gold may approach the bench.
MR. GARBUS: I got the Court's opinion yesterday when I got back to my office, and we will try and deal with it in some way. I do want to point out that as I read the transcript, I was asked to stop going into an area that I thought was relevant to the lawsuit because the Court felt that I was getting into a recusal issue. The Court then asked the question that was specifically related to the recusal issue. I think it's very difficult to try a case while this is going on.
THE COURT: I hear what you said, and what you've said is, regrettably, absolutely false. And the transcript so reflects.
MR. GARBUS: Secondly --
THE COURT: I did not stop you from going into anything. I raised a concern about whether you were doing it for a different purpose. I said that. You then said you weren't and therefore you would leave the subject. I said, look, if you want to press it, it raises another issue and I will deal with it. You then elected to stop.
MR. GARBUS: Thank you. With respect to the issue of
614 the press, the Court has already indicated in its previous decisions some concern. I had 12 calls from the press yesterday. I spoke to nobody. I do not fault Mr. Gold at all. I do understand, and I could be totally wrong, and I am not making criticism of any kind, that members of the Proskauer firm have spoken to the press. If I'm wrong, then I'm wrong.
MR. GOLD: I didn't hear what you said.
MR. GARBUS: That members of the Proskauer firm have been speaking to the press, and I find nothing wrong with it, I'm not even asking about it.
Are you saying --
THE COURT: Stop it, Mr. Gold.
MR. GARBUS: All I'm saying is if there is to be a bar, or if there is to be any significance given to any discussion by any member of the defense team or the defendants -- I have also seen Mr. Valenti's statements and statements by the MPAA -- then if the Court wishes to impose a press bar on everybody, I will not object to it.
THE COURT: Are you asking for it?
MR. GARBUS: Absolutely not. But I don't want to be the only one feeling the pressure of that restriction.
THE COURT: Mr. Garbus, any pressure you are feeling in this regard is internally generated.
MR. GARBUS: Thank you.
615
THE COURT: I have imposed no bar, no one has asked me to impose a bar, and so that the record is abundantly clear, yesterday when you made a statement to the effect that you had not been making certain sorts of out of court statements or would not, or something to that effect, there was comment on the fact that you were speaking only for yourself.
MR. GARBUS: Absolutely.
THE COURT: And you made clear that you were speaking only for yourself.
MR. GARBUS: Absolutely.
THE COURT: And you know we are not, all of us, totally in a vacuum. It is perfectly obvious that others at your table, or at least one other that I can identify, is speaking to the press with immense regularity.
MR. GARBUS: Do you care to mention the extent to which the other side is speaking to the press through press releases and distributing information as well?
THE COURT: I have absolutely no idea. I suppose you are both talking to the press a lot.
MR. GARBUS: I am not.
THE COURT: Those are generic you's. Both sides are obviously talking to the press.
Do you have a witness, Mr. Gold?
616
MR. GOLD: Yes, we do, your Honor.
MR. HERNSTADT: I think we have agreed to do Mr. Johansen first.
THE COURT: We will take Mr. Johansen out of order.
MR. HERNSTADT: Thank you very much, your Honor.
The defendants call Jon Johansen.
Q. Good morning, Mr. Johansen.
A. Good morning.
Q. Where do you live?
A. I live in Larvik, Norway.
Q. How old are you, sir?
A. I will be 17 in November.
Q. What is your educational background?
A. High school.
Q. Do you work now?
A. Yes, I do.
Q. Where do you work?
A. I work for WAP Factory in Oslo.
Q. What do you do for them?
A. I work in interactive TV.
617
Q. What does WAP Factory do?
A. We work with WAP, the Wireless Application Protocol, and interactive TV.
Q. Does it produce programs?
A. We -- yes, but not for the general public.
Q. Thank you. What program languages do you use?
A. I use C, C++, Assembler and JAVA.
Q. And what operating systems do you use?
A. I use GNU/Linux, FreeBSD and Windows NT.
Q. How many computers do you have at home?
A. I have three computers.
Q. And what are the operating systems on those computers?
A. One has GNU/Linux, one has FreeBSD and one has GNU/Linux and Windows NT.
Q. What do you use those machines for?
A. The Linux only machine is used as a router, which I use to connect to the Internet, and the FreeBSD machine is used as a file print server and the new Linux and Windows NT machine is my desktop machine.
Q. How long have you used Linux programs?
A. I used Linux for about three years.
Q. What is your primary operating system that you use?
A. That would be Linux.
Q. When did you first -- do you know what a DVD is?
A. Yes, I do.
618
Q. When did you first see a DVD?
A. I first saw a DVD in 1997.
Q. Okay. As of October 1999 did you own any DVDs?
A. Yes, I did.
Q. How many?
A. About 15.
Q. How many do you have today?
A. Today I have about 40 DVDs.
Q. Okay. Did you buy them?
A. Yes, I did.
Q. How much does a DVD cost in Norway?
A. Region 2 DVDs for the European market are about 20 to $30, but they lack -- they usually lack all the extra features that are on the region 1 U.S. DVDs, so I buy imported U.S. DVDs, which are about 40 to $50.
Q. Can you play an imported U.S. DVD in Norway?
MR. SIMS: Object to this whole line as irrelevant, your Honor.
THE COURT: Sustained. No, I'm not sure. Overruled. I will let it go a while.
MR. HERNSTADT: Thank you, your Honor.
A. Can you please repeat?
A. When a DVD comes from the factory it will only play the European region, which is 2, but almost all DVD players in
619 Norway are modified to play DVDs from the whole world.
Q. Who modifies the DVD players?
A. The stores usually have a person who they send the DVD players to to have them modified before they sell them.
Q. Do you have DVD a player in your home?
A. Yes, I do.
Q. How many?
A. I have a set up DVD player for my TV and I have a DVD player on my computer.
Q. On which computer do you have the DVD player?
A. That would be Linux.
Q. Do you know a program called DeCSS?
A. Yes, I do.
Q. What is it?
A. It is a program which decrypts DVD movies and stores them on your hard drive.
Q. Does DeCSS do anything else?
A. No, it does not.
Q. Who wrote DeCSS?
A. I and two other people wrote DeCSS.
Q. How did this come about?
A. In September, October, 1999 I met a person on the Internet and he was also a Linux user. We decided to investigate and find out how we could make a DVD player for Linux.
Q. Why did you want to do that?
620
A. Well, at the time I had a dedicated Windows machine, which I used only for DVD playback, and if I could get a Linux player I wouldn't have to have a machine just for DVDs.
Q. Okay. So what did you do?
A. Well --
MR. SIMS: Your Honor, object on relevance to this whole line.
THE COURT: Tell me why.
MR. SIMS: Excuse me?
THE COURT: Tell me why.
MR. SIMS: Because the issue in the case has nothing to do with why this person created an executable for DeCSS. It has to do with what its function is and what Mr. Corley has done.
THE COURT: I am going to hear the evidence, within reasonable time limits, for what it's worth. Go ahead. I mean the man is here from Norway, I might as well hear him.
MR. HERNSTADT: Do you want to hear the purpose of the evidence or would you rather hear the evidence?
THE COURT: You are going to get the evidence in and I will hear the argument later, unless we come to a point where I think you have taken too much time and then you can try to explain to me why we should take more.
Q. Mr. Johansen, what did you do next towards making DeCSS?
A. We agreed that the person who I met would reverse engineer
621 a DVD player in order to obtain the CSS algorithm and keys.
Q. Who was this person that you met on the Internet?
A. A person from Germany. I don't know his identity.
Q. Okay. What happened next?
A. About three days later when I was on line again, he messaged me and told me that he had found the CSS algorithm. He also sent the algorithm to me with the CSS authentication source which are written by Eric Fawcus earlier. He also sent me information on where inside the player he had found the algorithm, and he also sent me a single player key.
Q. Why did he send you the information on how he found the algorithm?
MR. SIMS: Objection.
THE COURT: Sustained.
Q. What did you do next?
A. Well, he had told me where inside the player he had found the algorithm, so I disassembled the DVD player myself to see where he had found it.
Q. Was this a software DVD player?
A. Yes, this was a software DVD player, the Xing DVD player.
Q. What did you do next?
A. Well, at the time -- the UDF is a file system which is used on DVDs, and at the time Linux did not have the proper support. It was currently in double opt. It was being double opted so I could not get it to work, so in order to test the
622 decryption, if the decryption algorithm found worked, I created a Window executable which would use the CSS algorithm to decrypt the CSS content.
Q. You said you got the CSS authentication program from Derek Fawcus?
A. Yes, I believe the CSS authentication had been posted anonymously in Assembler language on the Internet, and Derek Fawcus had picked that up and rewritten it in C language and posted it on his website.
Q. How do you know that it was Derek Fawcus?
A. He told me.
MR. SIMS: Judge, move to strike. Hearsay.
THE COURT: Strike what Mr. Fawcus told him.
Q. Were there any other indications that Mr. Fawcus might have been connected to the program?
A. The CSS-authentication?
Q. Yes.
A. Well, it was posted on his website so I presume he put it there.
Q. All right. Tell us what happened next.
A. Well, after I had created the DeCSS executable, I posted it on my website, I made an announcement on the LiViD mailing list. I posted a link to my website.
Q. Why did you make an announcement on the LiViD mailing list?
623
A. Well, I wanted them to know that we had successfully reverse-engineered a DVD player and obtained the algorithm we needed to make a DVD player.
Q. Why did you want the LiViD mailing list to know that?
A. That's what LiViD is about, it's about making a DVD player for Linux.
Q. Were you able to play DVDs on a Linux machine using DeCSS?
A. Well, yes. After I had decrypted a movie, I used the NIST MP-2 player to successfully play a DVD. I wouldn't have access to the DVD features but I could play the actual movie.
Q. Have you looked at any other programs that do substantially the same thing as DeCSS?
A. Yes, I have. Before I created DeCSS, I had analyzed a program called DVD Rip, which I had found on the Internet.
Q. Why did you need to make DeCSS if you had found a program that did essentially the same thing?
A. Well, DVD Rip, it takes a decrypted DVD movie from memory and stores it on your hard drive. It did not come in source, and in order to make a DVD player we would need to have source, and the DVD republication didn't contain the CSS algorithm and it was dependent on a DVD player for Windows.
Q. Did the DVD Ripped program decrypt DVDs?
A. No, it actually stole, if you would like to use that term, the DVD movie from memory after it had been decrypted by the Xing DVD player and then you save that stream on your hard
624 drive.
Q. Were the files created by DVD Rip and DeCSS the same?
A. Not exactly, but the files created could easily be compressed using another compressed algorithm.
Q. And did DVD Rip, the file created by DVD Rip, was the audio and video together or separate?
A. They were together.
Q. And how about with DeCSS?
A. Well, they are still together with DeCSS as well.
Q. Okay. Is there anything -- I'll move on. What happened to you after --
THE COURT: Let me get clarification of that. With DeCSS was there any need, is there any need to synchronize the audio files with the video files in order to see the movie in the form you would normally see a movie?
THE WITNESS: Well, if you make a DivX, is that what you mean? Or if you want to play the DVD movie after it has been decrypted?
THE COURT: Either way.
THE WITNESS: After we decrypt a movie with DeCSS, you can simply play it in your DVD player. You don't need to do anything.
THE COURT: What if you then want to compress it and transfer the compressed file to someone?
THE WITNESS: Well, that you would need -- I haven't
625 actually performed that procedure, but I believe there are steps needed to resynchronize the video and audio.
THE COURT: What is the basis for your belief in that regard?
THE WITNESS: I have read several articles on the Internet that describe those procedures.
THE COURT: All right. Go ahead.
Q. If you use DVD Rip to decrypt or to get a decrypted DVD file, is there a need to synchronize the audio and visual if you are going to compress it thereafter?
A. Well, I haven't performed that procedure myself, but I believe there would be.
THE COURT: Mr. Johansen, if you would sit back about another six inches, the audio will be a lot clearer.
MR. SIMS: Move to strike. No foundation to the last part of that.
THE COURT: I will take it for what it's worth. If he hasn't done it, he hasn't done it.
Q. After you posted the link to the DeCSS program on the LiViD site, what happened then?
A. Well, I had some small increase in visitors, not much. After the press started releasing articles and linked it to my site, I received a substantial increase in visitors.
Q. Was anyone on the LiViD site critical of you posting a link to CSS?
626
A. Yes, there was at least one person who felt that we should have released the source with the Xing key at the same time we released the executable.
Q. Did you release the source at the same time?
A. No, we did not.
Q. Why didn't you?
A. Because the source we had contained the Xing player key. If we were to release that source, the Xing would be harmed, the player key would be revoked and no new DVD movies would work with the Xing DVD player or the player we would have created.
Q. Did you intend never to release the source?
A. Before we created DeCSS we sent the source to Derek Fawcus. He was supposed to rewrite the source without the need for the Xing player key and then release that onto the Internet.
Q. Did any event occur to you personally as a result of your writing DeCSS?
MR. SIMS: Objection. Irrelevant.
THE COURT: Sustained.
Q. What happened next?
MR. SIMS: Objection. Irrelevant.
THE COURT: Well, look, we all know the story, don't we? What's the harm? Go ahead.
A. Well, in January, on January 25, I had to go to the local
627 prosecutor's office because of charges filed by the MPAA in Norway, and in February I received an award, a national student award which is awarded to students who are in high school and have achieved excellent grades and also achieved something outside of school in culture, sports, art.
Q. Why did you receive that award?
A. I believe I received the prize because of my part in the writing DeCSS.
Q. Did you get a prize?
A. Yes, I did.
Q. Did you get any money?
A. I received about $2,000.
Q. What did you do with the money?
A. I used $1200 and bought a high-end Sony DVD player for my
MR. HERNSTADT: Thank you very much, Mr. Johansen.
THE COURT: Mr. Sims. Thank you, Mr. Hernstadt.
Q. Good morning, Mr. Johansen.
A. Good morning.
Q. Now, you understood when you created DeCSS executable that DVD movies were encrypted using the CSS encryption algorithm, correct?
A. Yes, I did.
628
Q. And you first learned of CSS in about June or July of 1999?
A. Yes, I did.
Q. You understood that CSS required three sets of keys to play back a DVD?
A. Yes.
Q. And you understood that certain of those keys were themselves encrypted?
A. Well, I believe I understood that the CSS license requires anyone who makes a DVD player to encrypt their algorithm and key inside the DVD player.
Q. The program you created, DeCSS, that you posted, is a Windows program, correct?
A. Yes, that's correct.
Q. And you came up with the name DeCSS?
A. Yes, I did.
Q. What does the De in DeCSS stand for?
A. It stands for decrypt.
Q. DeCSS has no playback functionality, is that correct?
A. Yes, that's correct.
Q. Once a decrypttive VOB file is copied to the user's hard drive, he can do anything with that file that he can do with any other computer file?
A. Yes, that's correct.
Q. He can copy it again?
629
A. Yes, that's correct.
Q. Compress it?
A. Yes.
Q. He can copy it to a VCD? I'm sorry. He can copy it to a video compact disk?
A. Well, not in its original decrypted form. The size is too high.
Q. But if he compresses it, it can be copied to a video compact disk?
A. Yes, if he uses sufficient compression.
Q. And to a CD-ROM?
A. Yes.
Q. And it can be uploaded on to the Internet -- it could be uploaded to the Internet, correct?
A. Yes, just as any other file.
Q. Now, am I correct that someone in a chat room advised you two months ago that he or she had downloaded a decrypted DivX'd DVD movie from the Internet?
A. No, I believe someone told me that they had downloaded a movie. They didn't tell me what form it was or which movie it was.
Q. They didn't tell you that it was DivX'd?
A. No, they did not.
Q. What was the chat room, by the way, where you had that communication?
630
A. That would be #PC DVD.
MR. HERNSTADT: I object and move to strike the last several questions and answer on the grounds of hearsay.
THE COURT: I'm not going to take it for the truth.
Q. Now, Mr. Johansen, did you testify last night that you were told by this person that he had downloaded a DivX'd movie?
A. No, I believe I told last night that he had told me that he had downloaded a movie. He didn't say which kind of movie it was.
MR. SIMS: I don't quite remember the approach you want, but that testimony appears on page 10 of the --
THE COURT: I don't have it. Just read it. Give the page and line number and just read it. If there is a dispute over the accuracy of the reading or of the transcript, we'll deal with it.
MR. SIMS: Page ten, line 3. "Q. Okay. What has that person told you?"
A. I believe he told me he had downloaded a movie from the Internet.
THE COURT: I'm sorry. There is no reason you would be any more familiar with U.S. courtroom procedure than I might be with Norwegian. At this moment counsel is going to read from the transcript of what you said last night. When he says "question," what that indicates is that he is about to
631 read what you said last night and we will let you know when you are to answer again.
THE WITNESS: Okay.
MR. HERNSTADT: I can see that it's hearsay.
THE COURT: Well, now it goes to credibility. Go ahead.
Q. The transcript says: "Q. Okay. And what has that person told you?" And the reporter wrote down the following answer: "A. He told me that he had downloaded a DivX movie."
Is that correct?
THE COURT: Mr. Sims, your question is unclear. If you are asking him if it's correct that that's what the transcript says, we don't need that testimony. If you are asking him whether what he said last night is true, that's an appropriate question.
MR. SIMS: That's an appropriate question?
THE COURT: Yes. Mr. Hernstadt?
MR. HERNSTADT: Your Honor, actually the first question is not entirely inappropriate. This is not a final transcript.
THE COURT: Are you disputing its accuracy in this regard? Do we have to bring the court reporter in to testify as to the accuracy of the transcript?
632
MR. HERNSTADT: No, sir.
THE COURT: Go ahead, Mr. Sims.
Q. Is it true that you were told by this person that he had downloaded a DivX'd movie?
A. No, it is not.
Q. And did you testify last night that he did tell you that?
A. No, I believe I testified that he had said he had downloaded a movie, not which kind.
Q. Now, this conversation you had, what was the name of the chat room again?
A. Pound PC DVD.
Q. Is that the precise chat room where you had announced your creation of the Windows DeCSS utility?
A. Yes, that is correct.
Q. And how many months after you made that announcement in that chat room did you have this conversation with this person?
A. Excuse me? Could you please repeat?
Q. Yes. How long was it after you had made the announcement about the Windows DeCSS utility did you have this conversation with this person in which the person told you that they had downloaded a movie from the Internet?
MR. HERNSTADT: Object to the form.
THE COURT: Overruled.
A. I don't recall, but I believe it was about a month.
633
Q. And am I correct that the Pound PC DVD chat room is not limited to Linux users?
A. The Pound PC DVD channel is open for all users of PCs and DVDs.
Q. Thank you very much. Now, you testified on direct that a German person, I think, had reverse-engineered the Xing DVD player, is that correct?
A. Yes, that is correct.
Q. And that person goes by the nick Ham?
A. Yes, that's correct.
Q. And it's Ham who wrote the source code that performed the authentication function in DeCSS, is that correct?
A. No, that is not correct. He did not write the authentication code. He wrote the decryption code.
Q. He wrote the encryption code?
A. Decryption code.
Q. Decryption.
A. Yes.
Q. Ham is a member of Masters of Reverse Engineering or MORE?
A. That's correct.
Q. And are you also a member of MORE?
A. Yes.
Q. There are other members in Germany and Holland, is that correct?
A. Well, the third member is in the Netherlands.
634
Q. And it was Ham's reverse engineering of the Xing DVD player that revealed the CSS encryption algorithm, am I right?
A. Yes, that's correct.
Q. Reverse engineering by Ham took place in or about September 1999?
A. Yes, I believe it was late in September of 1999.
Q. And you testified that it was this revelation of the CSS encryption algorithm and not any weakness in the CSS cipher that allowed MORE to create DeCSS, is that correct?
A. Yes, that's correct.
Q. You obtained the decryption portions of the DeCSS source code from Ham, correct?
A. Yes, that's correct.
Q. You then compiled the source code and created the executable?
A. Well, in the form I received it, it was not compatible.
Q. Well, you testified the operation of DeCSS on a Windows machine initially, correct?
A. Actually, I tested it under -- it was under Windows.
Q. And in performing your tests on DeCSS, which DVDs did you decrypt?
A. Well, I don't recall which DVD I tried first, but the second DVD I tried was the Matrix.
Q. And how many times did you decrypt DVDs?
A. Well, each time I watch a movie I decrypt a DVD. I don't
635 recall how many times I watched the DVD movie on my computer.
Q. When you posted the Microsoft Windows executable version of DeCSS, you had no knowledge that the program would run under Linux, correct?
A. No, that's not correct.
Q. Had you run it under Linux at that time?
A. No, I had not, but in theory it should work using an application called wine, W-I-N-E.
Q. When you posted the DeCSS executable on your web page, you did not post the source code, correct?
A. That is correct.
Q. You testified a moment ago that you thought it would work under wine, is that correct?
A. That is correct.
Q. Have you ever actually tried that?
A. No, I have not.
THE COURT: Mr. Garbus, would you have a seat, please.
Q. Now, you first posted the DeCSS executable utility where?
A. I posted it on my website.
Q. And after that, you announced that it was available on your website in two different forums or two different places, correct?
A. Yes, that is correct.
Q. And what were those two places?
636
A. LiViD mailing list and the Pound PC DVD IRC chat room.
Q. Which did you do first?
A. That would be the Pound PC DVD chat room.
Q. Am I correct that when you posted the announcement to the LiViD mailing list that you just testified about, that was the very first time you had ever posted anything or sent any message to the LiViD mailing list?
A. Yes, that is correct.
Q. And did your announcement say anything about which operating systems it had been tested on?
A. Yes, I believe it did.
Q. And which operating systems did it identify?
A. I believe the message said it had been tested on Windows 95, 98 and Windows NT.
Q. Any others?
A. I believe Windows 2000 was mentioned, but I don't recall if it had been tested on that or not.
Q. And were there any other operating systems you identified as having tested it under?
A. No, I don't.
Q. So they were only Windows operating systems.
A. Yes.
Q. Now, you testified last night that your web page was a support page or Sigma Designs hardware-based DVD player, am I correct?
637
A. Yes, that is correct.
Q. What is Sigma Designs?
A. Sigma Designs is a company in California which has several years of experience in MPEG.
Q. To your knowledge, do they manufacture a CSS-licensed DVD player that runs under Microsoft Windows?
A. Yes, they do.
Q. What is it called?
A. It's called Hollywood Plus.
Q. Hollywood Plus.
A. Yes.
Q. And you are also aware that Sigma Design has announced plans to release a Linux-based DVD player?
A. Yes, I am.
Q. Do you understand that Sigma Designs has a license from the DVD-CCA to do that?
A. Well, I would assume they have or else they wouldn't be making it.
Q. And have you provided some assistance to the French programmer for Sigma Designs who is working on that Linux DVD player, correct?
A. Not direct assistance, but I have e-mailed him.
Q. You have?
A. E-mailed him.
Q. And have you provided any technical information to him?
638
A. No, I have not.
Q. Before you posted the DeCSS executable onto your web page and made the announcement that you testified about, have you ever had any communications with the defendant in this lawsuit Eric Corley?
A. No, I have not.
Q. You never communicated with him at all until after this lawsuit was filed, correct?
A. Yes, I believe that's correct.
Q. And you never saw Mr. Corley post a message to the LiViD mailing list prior to that time, correct?
A. Yes, that is correct.
Q. In fact to your knowledge -- strike that.
Do you have any knowledge that Mr. Corley has ever been a member of the LiViD group?
A. No, he has not.
Q. Now, at the time you posted your message onto the LiViD mailing list that you mentioned, you did not have the DeCSS source code on your page, correct?
A. That is correct.
Q. And am I correct that some members of the LiViD group expressed anger at you for not providing the source code with the utility?
A. Yes, that is correct.
Q. What is a flame war?
639
A. A flame war is when two or several people engage in a discussion which gets out of hand.
Q. Am I correct that you got involved in a flame war with at least one member of the LiViD group over the fact that you didn't post the DeCSS source code?
A. I did get involved in a flame war, but I am not aware if he was a member of the LiViD group or not.
Q. Where did the communication you had with respect to this take place?
A. Some of it took place on the LiViD mailing list and some of it was sent directly.
Q. And it began on the LiViD mailing list?
A. Yes, that is correct.
Q. Now, Mr. Fawcus created the css-auth source code that you used in creating the utility, correct?
A. Yes, that is correct.
Q. And the dispute centered around the fact that the German member of MORE, Ham, had used Mr. Fawcus's code but had removed Fawcus's name and copy left notification, is that correct?
A. Yes.
Q. What is copy left, as you understand it?
A. Copy left is when you use basically a copyright that gives the user freedoms instead of taking them away.
Q. And the dispute centered around someone's complaint that
640 MORE was not playing by the -- I'm sorry. What is GPL?
A. GPL is a copy left license provided by the Free Software Foundation.
Q. Was MORE's failure to credit Mr. Fawcus a violation of the GPL license, as you understood it?
A. Yes, I believe so.
Q. In a nutshell, MORE was not playing by the GPL rules that the LiViD group normally plays by, correct?
A. Yes, that is correct.
Q. And it was your understanding that Mr. Fawcus could sue you for that, correct?
A. Well, yes, that is correct.
Q. And you eventually settled your difference with Mr. Fawcus?
A. Yes, that is correct.
Q. You got a special license from him to use his source code without credit, correct?
A. Well, he agreed that we didn't have to do anything to provide new copies of the source with the original header.
Q. And your reason for doing that was to avoid making DeCSS's source code fully open source.
A. That's not correct. It was already an open source at that time.
Q. Am I correct that you didn't want it to be open source so that you could keep the secrecy of the Xing key?
641
A. Yes, that is correct.
Q. The Linux community, as you understand it, believes in free source code, open source code, correct?
A. Yes, that is correct.
Q. And MORE didn't make DeCSS available with open source code to the entire Linux community when it posted the utility, correct?
A. Yes, that is correct.
Q. When you announced to the LiViD mailing list in October that DeCSS.exe was available on your web page, you said that it works with the Matrix, DoD Speed Ripper doesn't, correct?
A. Yes, that's correct.
Q. It's your belief, I take it, that DeCSS is superior to Speed Ripper?
A. Excuse me. Can you please repeat.
Q. Do you believe that DeCSS is superior to Speed Ripper?
A. Not directly superior, but it does decrypt some movies that the Speed Ripper did not decrypt at that time.
MR. SIMS: I have no more questions. Thank you.
THE COURT: Mr. Hernstadt.
MR. HERNSTADT: Thank you.
Q. You were asked if you had used DeCSS to decrypt a DVD. Have you ever used a decrypted file from a DVD to make a DivX?
642
A. No, I have not.
Q. Have you ever placed a decrypted DVD on the Internet, transmitted it in some way?
A. No, I have not.
Q. Have you ever made it available on the Internet for someone to download?
A. No.
Q. Have you ever sold a decrypted DVD in any form?
A. No, I have not.
Q. Have you ever traded a decrypted DVD with anyone?
A. No, I have not.
Q. Have you ever downloaded a DivX movie?
A. No.
Q. Have you ever made a DivX movie available for uploading?
A. No, I have not.
Q. Have you ever made a DivX movie available for someone else to download from your website?
A. No, I have not.
Q. Have you ever used DeCSS for anything other than viewing DVDs that you purchased?
A. No, I have not.
Q. You mentioned the Sigma Designs player. Is that a software player?
A. Well, it's a soft -- it's hardware-based. It comes with a piece of hardware but you also need the player that comes with
643 it, a piece of software.
Q. Does that mean you have to buy two pieces?
A. The product contains two pieces.
Q. You testified that you did not release the source code on the DeCSS executable when you made the program a available on your website.
A. Yes, that is correct.
Q. Did you make the source code available to Derek Fawcus?
A. Yes, that is correct.
Q. And did Derek Fawcus write that source code -- rewrite the source code?
A. Yes, I believe he did.
Q. What operating system did he rewrite it for?
A. He wrote it for Linux.
Q. Why did you not want to release the source code for DeCSS?
A. Because the DeCSS source code contained the Xing player key. If we were to release that source, the Xing key would be revoked, Xing would probably have their license revoked, and new DVDs which would be released later would not work with Xing's player nor the player we would have created.
Q. You said that the German member of MORE found the CSS algorithm by reverse-engineering the software. Did he say to you whether it was difficult to do?
A. No, he said it was not difficult.
Q. Okay. You said that you did the same thing based on what
644 he informed you about how he had done it?
A. Yes, I did.
Q. Did you find it difficult to do?
A. No.
MR. SIMS: Objection. Irrelevant.
THE COURT: Sustained.
Q. How long did it take you to find the algorithm?
MR. SIMS: Objection. Irrelevant.
THE COURT: Why is it relevant, Mr. Hernstadt?
MR. HERNSTADT: Well, Mr. Sims brought it out on cross-examination, and I am merely trying to clarify the record with respect to the reverse-engineering process.
THE COURT: Did you raise it, Mr. Sims?
MR. SIMS: Certainly not in terms of effectiveness, which is where we're going now.
THE COURT: Did you raise it, whether it was subjectively in terms of effectiveness or not?
MR. SIMS: I don't think I did.
THE COURT: Let me look at my notes then.
MR. SIMS: I did ask questions about the obfuscation about the Xing key, but ...
THE COURT: Mr. Hernstadt, I don't see it quickly. I mean, is there something that you remember that will prompt my memory?
MR. HERNSTADT: I believe it was something about that
645 the key was hidden. I don't recall exactly what it is. I just had it in my note.
THE COURT: It will take less time to hear it then. Overruled.
THE WITNESS: Can you please repeat the question?
THE COURT: Did you find it difficult to do, was the question.
THE WITNESS: No, I did not.
Q. You discussed a dispute with Derek Fawcus about taking his name off the source code that he had provided. Were you aware of that?
A. No, I was not aware of that.
Q. When did you find out that his name had been taken off the source code?
A. I found that out when he posted a message to the LiViD mailing list saying that one of the files we had in our source was actually his, but it did not contain the GPL header on his name.
Q. What did you do when you read that posting to the LiViD list?
A. I e-mailed him and tried to sort out a solution.
MR. HERNSTADT: Thank you very much, Mr. Johansen. I have nothing further.
MR. SIMS: Nothing more, your Honor.
THE COURT: All right. Mr. Johansen, thank you very
646 much.
Mr. Gold?
MR. GOLD: I'm going to call Mikhail Reider to the stand.
THE COURT: Is Mr. Young back there? We are working on your request, but in the interim I can tell you that you are able to buy from the court reporters a floppy that has the day's proceedings by about 7 o'clock every night.
MR. COOPER: Good morning. Your Honor, plaintiffs call Mikhail Reider.
MR. GARBUS: May I just ask one thing? There is some question about whether or not the plaintiffs will rest after this witness or call another witness. Could we know that so we can decide how to arrange our witnesses?
THE COURT: That's a reasonable request.
Mr. Gold?
MR. SIMS: I don't know the answer to that. The short answer is if we have completed a stipulation, and we sent our work over to Mr. Hernstadt -- let me go find out.
THE COURT: I take it the answer is in your hands at the moment, Mr. Garbus.
MR. SIMS: I don't believe it will be necessary,
647 but --
MR. GOLD: Your Honor, this will be our last witness and we will rest after she leaves the stand.
THE COURT: Whether or not you get the stipulation?
MR. GOLD: Yes.
THE COURT: Okay. You have your answer, Mr. Garbus.
Proceed, Mr. Cooper.
MR. COOPER: Thank you, your Honor.
Q. Good morning, Ms. Reider.
Q. Who is your employer?
A. The Motion Picture Association.
Q. What is your current job position?
A. I am manager of worldwide Internet antipiracy operations.
Q. What is your education background?
A. I have an undergraduate Bachelors in international relations taken from the California State University of Northridge, and an M Phil. in international conflict resolution from the University of Dublin, Trinity College.
Q. What is your employment background?
A. From 1985 through '89 I was with the Rand Corporation, a governmental think tank as a research assistant. Subsequent to that, I took my M Phil. and joined the banking interest Great Western Financial Corporation as a legislative and
648 regulatory analyst. After that, I joined the Department of Justice Drug Enforcement Administration as an intelligence research specialist.
Q. When were you with the Department of Justice for the DEA?
A. From 1992 through '95.
Q. And what did you do with the DEA?
A. As an intelligence research specialist I collected and analyzed intelligence as it related to federal narcotics trafficking investigations.
Q. And after the Department of Justice, what did you do next?
A. I was briefly with the United States State Department Peace Corps in Thailand.
Q. And how long were you with the Peace Corps in Thailand?
A. Five to six month.
Q. And after you returned to the United States, what was your next position?
A. Again with the U.S. Department of Justice, this time in the Federal Bureau of Investigation.
Q. What did you do for the F.B.I.?
A. Intelligence research specialist.
Q. And that was during what period?
A. 1995 through '97.
Q. After your position with the F.B.I., what was your next position?
A. I joined the California State Bar Association as an
649 investigator.
Q. And how long were you with the California State Bar?
A. Only eight months.
Q. Why was that?
A. The Governor of California vetoed the fee bill which funded the state bar.
Q. Okay. And after that you took a position with?
A. The Motion Picture Association.
Q. I see. And your position with the MPAA began when?
A. In spring of 1998.
Q. Okay. Did you use computers in connection with the job positions you just described?
A. Yes. Yes, through all of the jobs.
Q. In what ways?
A. Both in research on the Internet and specialized data bases, as well as using proprietary software programs for analyzing large volumes of electronic data.
Q. Do you have any specialized training in Internet investigations?
A. Yes, I do.
Q. What is that training?
A. Both through the Department of Justice through intelligence schools and also through HTCIA.
Q. What is HTCIA?
A. The High Technology Crime Investigators Association. It's
650 a worldwide body comprised of state, local, federal law enforcement from around the world as well as private industry security officials who are dedicated to fighting cyber crime.
Q. Do you have any computer program experience?
A. Yes, I do.
Q. How extensive is that?
A. It's limited. UNIX, BASIC, does.
Q. Was that also received in the course of your various prior employments?
A. Yes, it was.
Q. What are your current job responsibilities at the MPAA?
A. I oversee all Internet investigations around the world and coordinate between our worldwide offices.
Q. Since the beginning of your employment by the MPAA in 1998 has the MPAA been monitoring the Internet for infringement activity?
A. Yes, actively.
Q. Can you generally describe what has been done?
A. Well, we monitor and search routinely website, FTP sites, FSUs, file swapping utilities, IRC, the Internet relay chat channels, news groups or Usenet.
Q. Could you briefly describe what file swapping utilities are?
A. They are basically glorified FTPs. They allow individuals to directly transfer files between one another, music or
651 movies.
Q. Can you give me the name of any file swapping utility that you are currently monitoring?
A. Sure. IMESL, Gooey, Hotline, ScourNet, FileShare, FileSwap, Freenet.
Q. Is Napster also a file sharing utility?
A. Napster also is an FSU.
Q. Would you just tell us what Internet relay chats are?
A. It's basically the CB radio of the Internet. It was created in the mid to late 80s. It allows people to talk in real time on line to one another no matter where they are, or near real time. They have a number of networks and within that channels.
Channels are created by any user whenever they feel like it, so channels can go up and go down in a matter of minutes or hours, or channels can be kept alive for years if the operators of that channel so deem.
Q. Once these channels are set up, are they all accessible to the public?
A. No, some of them are members only.
Q. How often does the MPAA monitor the Internet?
A. Daily.
Q. And how do you identify sites to monitor?
A. It's a combination of factors. Our member companies will send up sites they wish us to monitor. The public will call
652 or write in to us with sites as well as through our own intelligence gathering and investigations we have sites that routinely lead us to other plays that harbor piracy on line.
Q. Have the MPAA come aware of any instances of member companys' DVDs being decrypted and made available in any form on the Internet prior to October 1999?
A. No.
Q. When was the first time you heard of the existence of a utility that defeated CSS and decrypted the content of one of the studio's DVDs?
A. Early to mid-October of 1999.
Q. What was that utility?
A. DeCSS.
Q. What was the source of the original information you received in the existence of DeCSS?
A. I found it on a news posting on Slashdot.
Q. What did you do about the information regarding the existence of DeCSS?
A. I followed their links and ultimately downloaded a copy of DeCSS.
Q. And did you test it to see if it worked?
A. Yes, I did.
Q. Did it?
A. Yes, horrifyingly simple to use.
Q. How long did it take you to download DeCSS?
653
A. A matter of minutes.
Q. And how long did it take you to decrypt a DVD using DeCSS?
A. Approximately five minute.
Q. What operating system were you using?
A. Windows.
Q. Was DeCSS a Windows program?
A. Yes, it was.
Q. What did you do next?
A. I notified our legal department and Ken Jacobson, who is my direct supervisor, and began to request the issuance of cease and desist letters. Ultimately we filed this lawsuit.
Q. Now, have you ever heard of a program called DiVX?
A. Yes, I have.
Q. And when did you first become aware of that program?
A. Late February, early March of 2000.
Q. Did you download it?
A. Yes, I did.
Q. And did you examine it?
A. Yes, I did.
Q. What is it?
A. It's a codec or compression, decompression algorithm that allows one to take the rather substantial files from the DVD and highly compress them to make it easy for distribution or manipulation.
Q. Did there come a time when the MPAA became aware of the
654 availability of decrypted DVDs on the Internet?
A. Yes, we did.
Q. When was that for the first time?
A. Late April, early May of 2000.
Q. How did you become aware of that?
A. Through our routine monitoring some of the pirate sites we routinely look at, we began to see evidence of these decrypted DVDs.
Q. How many titles initially did you see being available?
A. A handful.
Q. How many sites?
A. I'm sorry?
Q. How many sites initially?
A. Again, a handful.
Q. Since late April or early May, has the MPAA become aware of any increase in the availability of encrypted DVDs?
A. Absolutely. The number has certainly surged upward.
Q. On what types of sites have you seen these DVDs being available?
A. It runs the gamut from website to FTP sites, offering on IRC channels, FSUs.
Q. Do all of the sites offer decrypted DVDs for download or hard goods through barter or sale?
A. No, not all of them.
MR. GARBUS: I would object unless we have the
655 windows or the pictures of the site that she is referring to. Other than that, it's hearsay.
THE COURT: What do you say, Mr. Cooper?
MR. COOPER: Your Honor, the windows or site, if you will, are on the Internet and are constantly changing. I don't believe that there are any screen shots other than those we have produced in the discovery. We have produced some of those, and we are eliciting general testimony regarding this witness's experience and activity in connection with what the MPAA knew about these activities and when. And for that purpose I think it's competent.
MR. GARBUS: I will object to any testimony that's not related to particular screen shots. Any testimony that she wants to talk about that has screen shots related to it or marked in as exhibits, I would have no objection to.
THE COURT: Is it your position, Mr. Garbus, that the plaintiffs in this case and the MPAA knew and did nothing about cracks of CSS for a long time? Haven't you been singing that refrain?
MR. GARBUS: Yes.
THE COURT: And that's not a pejorative comment, but since the opening of the trial?
MR. GARBUS: Yes.
THE COURT: Why isn't it relevant to that?
MR. GARBUS: Anything is relevant if there is
656 admissible evidence with respect to it.
THE COURT: It's state of mind. It's offered not for the purpose of the truth. It's offered for the purpose of state of mind.
MR. GARBUS: I object to it. I think it's offered --
THE COURT: Why isn't it relevant to state of mind? Is state of mind relevant, in your estimation?
MR. GARBUS: I think the state of mind is not relevant. I think what's relevant is what the truth is.
THE COURT: Mr. Cooper, what do you say to that?
MR. COOPER: Well, we agree that state of mind is not relevant, although we are trying to respond to what we understood the defendants' position was. This information is being offered as testimony of what Ms. Reider saw in connection with her activity for the MPAA. It's competent testimony with respect to that.
Whatever Mr. Garbus might want to ask her regarding what an individual site may have said, I think the issue is what the MPAA was doing in connection with its investigations in response to Mr. Garbus's prior positions that it wasn't doing enough.
THE COURT: Look. Haven't the plaintiff's taken the position -- I mean, isn't this a precise turnabout? Mr. Garbus spent a couple of days trying to establish that this CSS system had been cracked a long time ago, the studios knew
657 it, they didn't protect themselves, and you folks constantly objected that none of that was relevant on the ground that the effectiveness or robustness of your security system was not material here, and I sustained those objections. Right?
MR. COOPER: Yes, your Honor.
THE COURT: All right. So now comes turnabout. You want an answer on all of that, and I previously ruled it out when he tried to put it in. Why shouldn't I do the same thing for the same reason when you try to put it in?
MR. COOPER: Your Honor, what you are suggesting about the proper scope of the issues that are reasonably and in material dispute in this case, we agree with. The question here is a little different than the one you earlier ruled upon.
THE COURT: Tell me how it's different.
MR. COOPER: The earlier question went to the efficacy of CSS as a security system.
THE COURT: Right.
MR. COOPER: This I believe addresses Mr. Garbus's second point, which we also believe is irrelevant, and that is that the MPAA, once the circumvention device became known, did too little or otherwise failed to react to the threat imposed by DeCSS quickly enough. And while I believe that that is also irrelevant, we are attempting to respond to that to the extent the Court is interested in the issue.
658
THE COURT: Well, let's find out. Mr. Garbus, what Mr. Cooper describes as your second point, are you in fact making that argument, that is to say, that the MPAA was too slow getting here?
MR. GARBUS: What she is testifying to, as I understand it, is that --
THE COURT: Mr. Garbus, I will let you say what you want to say, but I really would like an answer to the question first.
MR. GARBUS: Can I hear the question again.
THE COURT: Are you making that argument?
MR. GARBUS: The answer is yes.
THE COURT: Overruled. I am not taking it for the truth. I am taking it on the issue of whether the MPAA's right to relief, if it has any, is in any way affected by undue delay in getting to the courthouse.
Go ahead, Mr. Cooper.
Q. Do all of the sites you have just described offer decrypted DVDs for download or hard goods through barter or sale?
MR. GARBUS: Let me see if can I make it clear. Our point is --
I'm prepared to do this at the sidebar.
659
THE COURT: Go ahead, Mr. Garbus.
MR. GARBUS: It's our point that once they knew about DeCSS, two things happened. One is they did nothing about it; two, that prior to the time that they knew about DeCSS, they knew about other utilities that ripped DVDs, and as I understand what her testimony is, it is that she saw sites that said it's from the DVD. These are not sites that say, as I understand her testimony, it's from a DVD that's deencrypted through DeCSS. So just let me parse out our position a little more precisely, if I can. Again, I am prepared to do it at the sidebar unless the Court is comfortable.
THE COURT: Mr. Garbus, you can stop repeating that. If I find I need a sidebar, I will let you know.
MR. GARBUS: Thank you.
It is our position that last year they knew about a number of procedures that could be utilized with respect to DVD movies, that the only procedure that in any way related to Linux or, if you want to call it a competitive technology, was DeCSS. What they did is they did not go after any of the technologies, they only went after DeCSS. So the delay deals with their knowledge prior to DeCSS that there were other rippers and other utilities and their failure to do that. At least that's our position.
THE COURT: My ruling is the same. Go ahead, Mr. Cooper.
660
I'm not taking it for the truth. I'm taking it as I indicated.
MR. COOPER: Would you read back the pending question, please?
THE COURT: That is, the truth of anything that was on the websites.
A. No, not all of the sites. Some of them point in the direction of where to locate them but they don't actually offer distribution themselves.
Q. And has the MPAA followed those pointers from one site to another?
A. Yes, we have.
Q. And approximately how many of these site have you become aware of in the last two and a half months?
THE COURT: Be specific about what sites you are talking about. So far we have ones that offer to barter and sell and you've got ones that point.
Q. Can you distinguish between the ones that offer for barter, sale or download on one hand and the ones that point?
A. Yeah. Approximately over 40 sites.
Q. Of which type?
A. Those which offer for barter or sale, distribution as opposed to just pointing in the direction.
Q. What is the MPAA currently doing about these sites?
661
A. We have ongoing investigations.
Q. And can you, without going into the investigative details of any of those investigations, tell me anything about them?
A. We have investigations currently active with federal law enforcement here in the U.S. and worldwide.
Q. Which U.S. agencies?
A. U.S. Customs, Secret Service and F.B.I.
Q. Do you have information regarding any connection between the recent availability on the Internet of decrypted DVDs and the utility DeCSS?
A. Absolutely.
Q. What is that information?
A. Well, prior to the appearance of DeCSS we had seen no decrypted DVDs anywhere on the Internet, and thereafter we watched DeCSS proliferate alarmingly. It was simple to use. We saw decrypted DVDs appear for sale and distribution not long thereafter.
MR. GARBUS: I object to the question. She was asked what information she had and then she responded with speculation.
THE COURT: Where was the objection before she answered, Mr. Garbus?
MR. GARBUS: It was only after she answered that it was clear.
THE COURT: You know better than that, with all due
662 respect, but I think part of this testimony --
MR. GARBUS: Look at the answer. See where the answer comes in.
THE COURT: Part of this answer has no foundation, at least to the extent it's offered for the truth. The portion in which the witness said that prior to the appearance of DeCSS they had seen no decrypted DVDs anywhere on the Internet, I think that is perfectly admissible. It relates to her personal knowledge.
The part of the answer that speaks of watching it proliferate at an alarming rate I take to be that she saw lots of sites on the Internet offering movies, but I have heard no evidence based on personal knowledge that what was on the Internet, that is to say, offers to sell or barter or whatever, are properly considered for the truth of those statements.
The part of the answer that says we saw decrypted DVDs appear for sale and distribution not long thereafter, I guess I need to hear more about in order to find out on what basis the witness is telling me that.
MR. COOPER: Just to understand that last point, I believe the witness testified that DeCSS was first on the Internet in October and that the first appearance --
THE COURT: Here is your problem, Mr. Cooper. Your problem is whatever was said a few minutes ago that you are
663 trying to prove, that in fact since October there are lots of movies being bought and sold over the Internet that were decrypted through DeCSS, you are trying to prove it by saying that there were none before October. Then DeCSS appeared, all of which I think is relatively -- at least the second point is uncontroversial. And the first point is evidence to support your position, although it's disputed.
The third point depends on the truth of whatever was on the Internet. That is to say, if the witness saw 40 website offerings to sell DVD movies, you would like me to conclude that in fact those websites were, as they said on the Internet, offering to distribute decrypted movies, that is, they would perform as they indicated they would perform; and then you are asking me further to draw the inference from the timing that whatever they were selling or offering to sell came from the DeCSS.
Now, the link you are having a problem with here is that I think Mr. Garbus's objection is that it would be inappropriate for me to assume that simply because you see on the Internet a page that says "come get your copy of the Matrix from us" means that in fact if somebody went to that site a decrypted copy of the Matrix would be forthcoming. That is essentially your argument, right, Mr. Garbus?
MR. GARBUS: Yes, or that there is any reason to believe that it comes from DeCSS or any other source.
664
THE COURT: Well, I understand that point as well, but they are asking me to infer that from the timing.
MR. GARBUS: Yes, your Honor, you stated our position.
THE COURT: Okay. Now, he is making what I take to be essentially a hearsay and/or a competence argument, probably more hearsay than competence, about my considering, or the purpose for which I consider Ms. Reider's testimony about what is available on the Internet.
The situation would be the same if we were trying a trademark case and you were trying to prove the availability in the marketplace of counterfeit Levi jeans from newspaper articles that indicated that somebody was offering counterfeit Levi jeans. Now, there is perhaps a legal issue that you may want to brief, both of you, as to whether that's appropriate evidence, but I think that analogy is exactly what we're talking about. Right, Mr. Garbus?
MR. GARBUS: Yes, sir.
MR. COOPER: That's Mr. Garbus's analogy, your Honor. We don't believe --
THE COURT: No, that was my analogy.
MR. COOPER: We don't believe that's the correct analogy in this case. This is not a case in which we are pursuing for the relief sought in this case, the relief that would be sought in a case in which the bootleg --
665
THE COURT: No, of course you're not. But the whole purpose of this line of testimony, putting aside responding to this sort of quasi laches argument, is to persuade me that this is a real problem. And whether it's a real problem depends, at least in part, on whether it's out there in the marketplace. And the way those kinds of issues are usually handled in a trademark case is that the investigator comes in and says that I went to the store on Fordham Road and I bought these six pairs of counterfeit jeans and here they are, and a witness shows up from Levis and says we didn't make them, they're counterfeit.
MR. COOPER: Your Honor, this goes to the question of the appropriateness of relief and the question of a reasonable apprehension of harm in the absence of that relief.
We are not attempting to prove here or indeed seek the relief associated with copyright infringement per se. We are not attempting to adduce the kinds of hard evidence that would be necessary for a case that involved those issues. What we are doing is attempting to provide to you our reasonable apprehension that in the absence of the release sought we will be harmed.
THE COURT: Well, you know, I hear the words but I'm not sure I understand the symphony, to mix my metaphors very badly. I really am not.
Look, I will hear the testimony, Mr. Garbus, but you
666 clearly know I understand the point, and if you want to brief, either or both sides, the issue of what I'm supposed to consider, that aspect of the testimony we have just narrowly focused on, the witness's testimony about what's available over the net, you are welcome to brief it. And in order to decide this case, if I find I have to decide it, I'll decide it. For now I'll hear the evidence.
MR. COOPER: Thank you, your Honor. Let me just conclude with this witness then, your Honor, based on what you have said, with two areas of questions.
Q. First, I believe that we left off with this question of the connection between DeCSS and the decryption of movies.
Have you seen any direct connection between DeCSS and the decrypted DVDs on the Internet in your investigation?
MR. GARBUS: I object on the grounds of lack of foundation.
THE COURT: Let me just go back to one or two more thoughts that just occurred to me about the last question before you go on, Mr. Cooper.
Among the things that you ought to consider, if you are going to brief this point, and then I will consider whether you brief it or not, are these:
First of all, I suppose it might be argued that when somebody posts on the Internet saying, "Come to me, I'll sell
667 you a copy of the Matrix," that is a statement of a state of mind, or a present intention or something like that from which one is entitled to infer conduct. I'm not sure about that, but that's why I put it on the table.
Secondly, maybe this notion of a verbal act as it relates to the hearsay rule is implicated.
I'm really not sure about either one of those points, but I want to let you know I'm thinking about them so you can respond in due course.
Okay, Mr. Cooper.
MR. COOPER: Thank you, your Honor.
Q. Do you have the question in mind, Ms. Reider?
A. Could you repeat it, please?
Q. Let me restate it.
Has there been in your investigation any direct connection in the information that you have seen between DeCSS and the decryption of the movies on the Internet?
A. Yes, there have been.
Q. What is that information?
A. I have seen sites where they suggest the use --
MR. GARBUS: I assume I have a continuing objection.
THE COURT: Look, I think you should make your objections, but if it's the same objection, if you would be so kind as to say "the same objection," then I will simply know
668 it's the same thing, we don't have to pause, I will take it subject to what I just indicated.
MR. GARBUS: I think I will say the same thing.
THE COURT: Okay. Same ruling. If it's something new, let me know it's something new.
Go ahead, folks.
THE WITNESS: May I continue?
I have seen sites that have suggested the use of DeCSS in order to then use the DivX codec against DVDs that also offer DivX-made movies on their sites.
Q. Ms. Reider, given the wide proliferation of DeCSS on the Internet, what help would the issuance of a permanent injunction in this action do in your enforcement activity for a number of companies?
MR. GARBUS: I object.
THE COURT: Well, I am going to take that answer as well. Let it be added to my list of things that counsel should consider with respect to the stuff of the Internet, Rule 803(17) and how it applies in the electronic age. Rule 803(17).
Okay. Ms. Reider, I realize I'm stepping on your lines constantly here this morning. Do you need the question read back?
A. Yes, please.
669
MR. GARBUS: Your Honor, it seems to me, unless I'm missing the point, that this sounds like a legal conclusion.
THE COURT: I don't think it's a legal conclusion. I mean, that's kind of like asking somebody who lives downstream of a damn that's about to be destroyed what effect a permanent or preliminary injunction against tearing down the damn would have on his property. The answer is a perfectly practical one about preventing the river from flowing across the property. I think that's what the question asks for.
MR. GARBUS: Okay. I have stated my position.
THE COURT: I understand.
MR. GARBUS: I'm not moved by the analogy between a damn and a flowing river.
THE COURT: I know. I have given you lots of analogies to think about in this case.
Go ahead, Mr. Cooper.
A. It would send a very strong message to both those that would engage in illegal behavior and to law enforcement to enforce it. It will make my job certainly, hopefully, easier in terms of enforcing the right of our member companies for the safety and security of their intellectual property.
Q. Let me ask you the same question with respect to the effect, if the Court does not issue a permanent injunction, what effect will that have on your activity to enforce the interests of the member companies?
670
THE COURT: Believe me, that's not a useful question either. There is another component that needs to be in that question for it even to be relevant.
MR. GARBUS: Can we ask how upset she would be if you deny the injunction?
THE COURT: We will have you testify about how upset you will be if I grant it.
MR. COOPER: You mean if the Court concludes that there is a violation here that determines not to issue the injunction?
THE COURT: I don't know what the point of all this is. Obviously the case isn't over, and if there is more evidence that sheds light on the subject, I will certainly consider it, but it seems to me that there is a reasonably strong case to be made for the proposition that the barn is unlocked and this horse is out.
Now, it seems to me also that what the MPAA wants is a legal determination that unlocking this barn was illegal, and so the next guy who considers unlocking another barn is going to have something serious to think about. I suspect you are also asking me to issue an injunction against the guy who unlocked this barn not to unlock it again even though there is no horse in it. So, you know, I don't know that this witness has any light to shed on that subject.
MR. GARBUS: I must say I'm now finding your
671 analogies much more to my liking.
MR. COOPER: If I may, let me just say that our position is obviously that the analogy that you referred to is not apt, as Mr. Garbus has pointed out in his prior responses. I recognize now is not the time to argue that issue. And under the circumstances, if the witness's testimony about her own experiential ability to deal with this issue and what aid the Court's injunction might have in her enforcement activities is not something that the Court is interested in receiving at this time, then I would say that our --
THE COURT: That was not my point. This whole little discussion got started because you asked her what the effect of my not issuing an injunction would be, and I assume that I am going to hear a tale of woe, obviously just like I've heard a tale of woe on the other side if I do issue the injunction.
But the critical ingredient is that the witness has just told me that what this is all about is to send a message. And there are various ways to send messages if indeed the message is one you are entitled to have sent. And the concerns I expressed yesterday and today on this subject have addressed the form of any message to which you might be entitled. That's what that was addressed to.
So, when you leave out of your question to the witness about an injunction the fact that if you are entitled to prevail, you might get relief short of an injunction, it
672 seems to me it's just a waste of everybody's time, with all due respect, counsel.
You can ask the question with both components if you want.
Q. Ms. Reider, in the event that the Court determines that the plaintiffs are entitled to some relief, and the Court determines that the relief would not include a permanent injunction, would that have an impact on your ability to enforce the interests of the member companies?
MR. GARBUS: Same objection.
THE COURT: Overruled.
A. Yes, it will have a huge impact.
Q. What is that impact?
A. There won't be any teeth, if you will, in it. We will have no way to enforce that injunction.
Q. In the absence of an injunction?
A. In the absence.
THE COURT: If there is no injunction, there is obviously no injunction to enforce, Ms. Reider.
Q. The question is what impact would the absence of the injunction have in connection with your attempt to enforce the member company's rights?
A. It will have a huge impact.
Q. In what way?
MR. GARBUS: I have a continuing objection.
673
THE COURT: Overruled.
A. We would have no ability to stop this. It would grant a license to anyone in the world to do what they would with our intellectual property, not just in this respect but in future events.
THE COURT: I won't say what I was just about to say, but, look, Ms. Reider, let's get down to the facts of this case as opposed to the rhetoric.
If I understand it correctly, DeCSS is everywhere on the Internet. I realize that's a hyperbolic statement, but it's all over the play, right?
THE WITNESS: It's prevalent, yes.
THE COURT: Now, if I issue an injunction that says that Mr. Corley can't put it on his website, how does that affect DeCSS being everywhere else?
THE WITNESS: It affects it in that we can get enforcement of other sites that are offering it, refusing to take it down.
THE COURT: Because of what?
THE WITNESS: Because there is precedent.
THE COURT: Suppose the result were -- and I am not saying it will be -- but just hypothetically suppose the result were that the judgment recited that there was clearly a controversy between the plaintiffs and this defendant as to the legality under the DMCA of posting this utility, that the
674 controversy is persisting, that the posting of this utility violates the Act, that you are entitled to a judicial declaration of whether the conduct is lawful or not and the court declares it is unlawful, the question of whether to issue an injunction, invoke the discretionary power of the court, courts have said for 300 years, at least that courts of equity ought not to use the equitable power of injunction to try to accomplish the impossible or to perform something which is entirely futile, and therefore, in the exercise of discretion, given the broad prevalence of this particular utility, this time the court declines to issue the injunction because it would do no practical good.
Now, it seems to me that perhaps there is an argument in those circumstances that when you go to somebody and say, look, it's on your website but it is in fact illegal, you've got something to talk about, and it certainly sends a message to the next guy with the next version of DeCSS that it's a whole new ball game. Now, I don't understand your argument given that set of hypotheses.
MR. GOLD: May I address the Court for a second, your Honor?
THE COURT: No. I'm obviously going to hear everybody on this at great length, all the lawyers, before this is all over, but Ms. Reider is if not the chief, one of the top enforcement people for the industry. She is offered
675 as a witness about what the practical significance of different kinds of relief in this case might be, and before I hear the lawyers' argument, I would like to hear what the person in charge of performing the function has to say about that. That's why you brought her here, as I understand it.
So, Ms. Reider, you know, I would like you to answer that. One of the great things about a nonjury trial is the judge gets to ask questions that are bothering him.
THE WITNESS: Well, your Honor, in our experience thus far, trying to get prosecution at least on the criminal side of things for failure to comply under existing law, it's very difficult without being able to show damages or qualify that damage, quantify it. If you just tell people, gee, you shouldn't do that, but there is no penalty for having done that --
THE COURT: But, look, this is a criminal statute. This is not a criminal case, but it's a criminal statute, it says any person who violates Section 1201 or 1202 willfully and for purposes of commercial advantage or private financial gain can go to jail perhaps for as long as ten years.
Now, if the United States courts determine that posting a utility like this is a crime and you hand a copy of that decision to the person who is posting it, don't you think there is some evidence maybe that if it doesn't come down off the website it is a willful violation?
676
MR. COOPER: Your Honor, is that a question posed to Ms. Reider from a factual standpoint?
THE COURT: Yes. She is making an argument that without an injunction there is no effective remedy, and I want to hear why.
THE WITNESS: Do you think I could get an AUSA or a DA to take that case and enforce it?
THE COURT: It beats me. I mean, they haven't indicted anybody in this case as far as I know.
Okay. Mr. Cooper, go ahead.
MR. COOPER: Nothing further of this witness, your Honor.
THE COURT: Thank you. Mr. Garbus?
MR. GARBUS: Just one question.
Q. Did you say you hadn't seen a movie on the Internet until this year?
A. Can you repeat your question?
Q. When for the first time did you see a movie on the Internet?
MR. COOPER: Objection, your Honor. It misstates the testimony.
THE COURT: Well, it didn't purport to state any testimony, so it can't misstate it.
677
A. Can you clarify, Mr. Garbus?
Q. When for the first time did you see a movie on the Internet?
A. What type of movie, Mr. Garbus? I'm not clear on what you're asking.
THE COURT: The question is very ambiguous.
Q. Any kind of movie on the Internet.
THE COURT: What do you mean, watched the movie?
MR. GARBUS: Yes.
A. Any kind of movie?
Q. Yes.
A. A couple of years ago.
Q. In 1998.
A. That's correct.
Q. And since 1998 how many movies did you watch on the Internet?
A. I don't know.
Q. Were these movies that you bought to play on the Internet?
A. Can you play a movie on the Internet, Mr. Garbus?
Q. On your personal computer.
A. No, this is in the capacity of my job.
Q. Now, did you at any time learn -- let me go back to the beginning of the process. As I understand it, you were given at some point in time these LiViD documents which we have referred to as Plaintiffs' Exhibit 9.
678
A. I need to see the documents that you are referring to.
MR. COOPER: Your Honor, I believe this is beyond the scope of the direct.
THE COURT: Let me see where it's going.
Q. Do you remember when you looked at the LiViD group of documents -- withdrawn.
At some point in time did either Mr. Jacobsen or Litvak give you a group of documents which were downloaded from the LiViD site?
A. No, they did not.
Q. Did you at any time go on the net to find any LiViD documents?
A. Yes, I did.
Q. When was that?
A. As I recall, October or November of '99.
Q. And at whose direction was that done?
A. Under my own direction. I'm the supervisor of antipiracy.
Q. By the way, are you a lawyer?
A. No, I'm not.
Q. Now, what did you do after you downloaded those documents?
A. I reviewed them and turned them over to legal.
Q. And who was that?
A. Our legal department, Mark Litvak.
Q. To the best of your memory, was Mr. Goldstein or 2600.com mentioned in any of those LiViD documents?
679
MR. COOPER: Objection, your Honor. Hearsay and plainly beyond the scope of direct.
THE COURT: The hearsay objection is just wrong. Why isn't it beyond the scope, Mr. Garbus?
MR. GARBUS: I'm trying to find out what she did. She winds up saying she has a lot of information. I'm trying to find out the basis for that information.
THE COURT: Sustained.
A. Can you repeat question, please?
THE COURT: I sustained the objection.
THE WITNESS: Sorry.
Q. Do you know what a DOD Speed Ripper is?
A. Yes, I do.
Q. Let me show you a document UP.
MR. COOPER: Your Honor, we object to the introduction of this document.
THE COURT: It hasn't been offered yet.
MR. COOPER: It's attorney/client privilege, your Honor.
THE COURT: Well, somebody should give me a copy of the document.
MR. GARBUS: This is one of the --
THE COURT: Just give me a minute, please.
THE COURT: Pose your question and I will ask the
680 witness not to answer until I have had an opportunity to hear an objection, and please pose the question in a way that doesn't disclose the content of the document, Mr. Garbus.
Q. Did you learn at some time in December of the existence of a utility called DOD Speed Ripper?
THE COURT: Answer the question, please.
A. I don't recall.
Q. Let me show you this document and see if it refreshes your recollection.
THE COURT: Go ahead.
MR. COOPER: Your Honor, are you ruling on the privilege issue?
THE COURT: So far there is nothing that, in my view, implicates a privilege. She is being shown a document for the purpose of refreshing her recollection as to her state of mind in December.
MR. COOPER: It's the use of the document which is an attorney/client communication, to which we object.
THE COURT: I understand. You said that in the first place.
MR. COOPER: I understand that. The question is whether they are entitled to use a document which is an attorney/client communication.
THE COURT: I understand your point. To that extent,
681 I'm offering your point.
MR. COOPER: Thank you, your Honor.
THE COURT: What's the question, Mr. Garbus?
Q. Does it refresh your recollection that you were told back in December of 1999 about the DOD Speed Ripper?
A. No, it does not.
Q. Did you ever see that document before?
A. I don't recall it.
Q. Do you see your name on it?
A. I do see me copied, but the date of the missive was during a time I was not in the office.
Q. Did you ever see that document at any time?
A. I don't recall.
Q. When for the first time, if ever, did you hear the term "DOD Speed Ripper"?
A. I don't recall the exact date.
Q. Was it in 1999?
A. I don't recall the date, sir.
Q. Did you ever go to a site to see what a DOD Speed Ripper was?
A. I have looked at it, yes.
Q. And tell me when you went to that site for the first time.
A. I don't recall the date.
Q. Was it in December of 1999?
A. I don't recall the date, sir.
682
Q. Any time in the last eight month?
A. I don't recall the date, sir.
Q. Now, you said before that you worked together with the F.B.I., the U.S. Customs and who else?
A. That I worked for?
Q. The MPAA works together in its antipiracy investigations, you said before, with the F.B.I., U.S. Customs and who else?
A. Secret Service.
Q. Has anybody ever shown you a document that indicates one particular film was taken off the Internet that had been deencrypted through DeCSS?
THE COURT: Didn't you have a stipulation the object of which was to avoid this litany with every witness?
MR. GARBUS: Well, I think we are trying now to get into what her investigation was. She is coming to certain conclusions, and you have permitted, subject to the qualifications that you have made, her testifying about information. I am prepared to accept that when she speculates that the stuff that's on the Internet, whatever it is that she sees, that she doesn't know the source of anything that's on the Internet, namely, whether it comes from DeCSS, DOD Ripper.
THE COURT: So I understand your point. Let's make this simple. You're saying, Ms. Reider, that you have seen various films, decrypted films offered on the Internet, right?
THE WITNESS: That's correct.
683
THE COURT: Do you have any way of saying whether any particular one of the ones you have seen offered was decrypted by DeCSS as opposed to some other technology apart from whatever inference you draw from the timing?
THE WITNESS: No, my investigations are still ongoing.
THE COURT: Okay. You have your "no," Mr. Garbus. Let's go.
MR. GARBUS: Thank you. You asked the question better than I could have.
Q. Now, you also indicated that there were various -- did you ever look to see whether or not 2600.com sells any pirated copies of DVDs?
THE COURT: I take it there is no such contention in this case, right, Mr. Cooper?
MR. COOPER: That's correct, your Honor.
THE COURT: Okay. Next.
Q. And there is no contention that they barter, sell it or point to anybody who does sell it?
THE COURT: Mr. Cooper?
MR. COOPER: If the "it" is decrypted DVDs, yes, your Honor.
THE COURT: Okay.
Q. Do you know what a Speed Ripper is, by the way?
A. I know what it alleges to be.
684
Q. What does it allege to be?
A. It alleges to decrypt DVDs. It's a DeCSS clone.
Q. DeCSS clone?
A. Um-hum.
Q. Do you know if DOD Speed Ripper was available before DeCSS?
A. Not to my knowledge.
Q. What is the basis of that? When for the first time did you know that Speed Ripper was available?
MR. COOPER: Asked and answered, your Honor.
THE COURT: Overruled.
A. I don't recall the date.
THE COURT: Okay. We will take our morning break. 15 minutes.
THE COURT: You may proceed.
Q. You said that, as I understand it, once you learned -- when did you learn of DeCSS for the first time?
A. Early to mid-October of '99.
Q. What did you then do after you learned it?
A. I pursued an investigation and downloaded it and then notified our legal team.
Q. Now, have you ever used a DoDs Ripper?
A. Not all the way through.
685
Q. Tell me what you have done with it.
A. I have downloaded it and I have extracted a single VOB file with it.
Q. And have you ever used a DOD Ripper?
MR. COOPER: Ambiguous.
THE COURT: What is the ambiguity?
MR. COOPER: I think it's the same question he asked before.
THE COURT: Is there a different --
Q. Do you know of anything separately called the DOD Ripper rather than a DoDs Ripper?
A. No, I don't.
Q. How about Power Ripper?
A. I have heard of it.
Q. Have you ever utilized it?
A. No, I have not.
Q. Have you ever heard of DOD Speed Ripper?
A. I was under the impression that is what we were speaking about.
Q. In other words, to you, Power Ripper and DOD Speed Ripper are the same thing?
A. No, your earlier question regarding DoDs Ripper was my --
Q. Excuse me a minute. Go ahead.
A. It was my impression we were discussing the DOD Speed Ripper.
686
Q. Have you ever tried css-auth?
A. Yes, I have.
Q. And what have you done with it?
A. Just looked at the code.
Q. Have you ever tried css-cat?
A. Only looked at the code.
Q. Have you ever seen the end product, in other words, a movie that is made, that has been started with the process of a DOD Ripper, Power Ripper, Speed Ripper, css-auth or css-cat?
A. You want me to break those down?
Q. Sure.
A. I have seen the end product of movies that have been decrypted.
Q. And have you ever issued a report, have you ever compiled a report about any of your work with respect to these utilities and the movies that have then been downloaded?
A. Not that I recall.
Q. With respect to your investigation of DeCSS, have you ever prepared a report of that investigation?
A. I'm sorry. Can you repeat the question?
Q. With respect to any work that you did on DeCSS, Did you ever prepare a report for the MPAA in any investigation you did?
A. Not that I recall.
Q. Did anyone at the F.B.I. or U.S. Customs or the Secret
687 Service or the MPAA ever ask you to prepare any report about any investigation you made concerning DeCSS?
A. I wouldn't be at liberty to tell you if any of those federal agencies requested such a report.
MR. GARBUS: Your Honor, I would like to know if this woman has ever prepared a report relating to DeCSS.
THE COURT: You can answer yes or no at least.
THE WITNESS: Not that I recall.
MR. GARBUS: We got past that pretty quickly.
Q. Now, Ms. Reider, you've talked about you being the chief investigator at the MPAA to determine the piracy consequences of DeCSS, is that right?
A. That is not my only function.
Q. Is that one of your functions?
A. That's one of many, yes.
Q. And you're telling me that you never prepared a report for the MPAA concerning your investigation of DeCSS, is that right?
A. Not that I recall.
Q. When you say not that you recall, just sit back for a moment, take your time. Did you prepare such a report or did you not?
MR. COOPER: Argumentative.
THE COURT: Overruled.
A. Not that I recall.
688
Q. Is there any document that I might conceivably show you that would help you remember whether you prepared such a report?
A. Well, if I knew that -- I don't know what you're asking.
Q. Is there any document that I could show you, or that anybody in the world could show you, that could refresh your recollection as to whether or not you ever prepared a report for the MPAA concerning DeCSS?
MR. COOPER: Argumentative. Calls for speculation.
THE COURT: I'm going to allow it one more time. You would think you were trying a medical malpractice case. Once more.
A. I don't know.
Q. Did you ever produce a memo -- forget about the word report -- for the MPAA or any other governmental agency concerning DeCSS, the proliferation of it, the use of it, or the consequences of the films that it would produce after that DeCSS application was DivX'd?
A. I don't recall.
THE COURT: Mr. Garbus, you took her deposition, right?
MR. GARBUS: Yes.
THE COURT: And I know that at least one whole box of documents from her file was given to me for in camera inspection on a claim of privilege that were subsequently
689 turned over to you.
Now, this is not the time to be either doing discovery or whatever else this is. If you have a document, let's go to it. If you don't have a document, ask something else.
MR. GARBUS: I understand --
Shall we approach the bench?
THE COURT: No.
MR. GARBUS: -- that there is no such document, that she never prepared a report for the MPAA. Now, we have been through a series of discussions where we have asked them to produce lists of documents that we were promised that we have never gotten. I can go through that now, but I don't think it's an appropriate time.
THE COURT: Neither do I. So, you're complaining they didn't give you the document that she says doesn't exist. Is that the net of the complaint?
MR. GARBUS: No. Let me just go on.
Q. I'd like to learn something about what your investigation consisted of. After you gave the Linux document to someone at the MPAA in October or November, what did you then do in the course of your investigation?
A. I'm sorry. Which Linux documents are you referring to?
Q. Did you testify that you downloaded some documents in October, November and December from the LiViD group?
690
A. I don't know. They would have to read it back to me.
Q. Did you download -- let's start at the beginning. Did you at any time download any documents from the LiViD group in 1999?
MR. COOPER: Your Honor, Mr. Garbus already elicited testimony about what the witness downloaded and I think you then sustained the objection with respect to this questioning regarding the LiViD group and the documents downloaded with respect to it.
MR. GARBUS: Your Honor, I would like to get into what her investigation consisted of. She has come in here allegedly as a witness to give information about that investigation.
THE COURT: One question at a time. You already asked her -- you first started off from the mistaken premise that Mr. Jacobsen or Litvak gave her documents from the LiViD site. She said, no, that hadn't happened. You then asked her whether she went onto the site, and she testified she went onto the net and found LiViD documents in October or November, that she downloaded, reviewed them and turned them over to legal, specifically to Mark Litvak. Now, I don't know why we have to do it all over again.
MR. GARBUS: Because she said she didn't remember that.
THE COURT: No, she didn't.
691
MR. GARBUS: Let me go on, if I can.
Q. After you turned these documents over to Mr. Litvak, then what happened?
MR. COOPER: Ambiguous.
THE COURT: Overruled.
A. Then what happened in respect to what?
Q. Your investigation. Everything is directed now towards your investigation. What did do you with respect to your investigation after you turned these documents over to Mr. Litvak?
A. I continued to look for evidence of piracy.
Q. Tell me what you did.
A. In respect to what, sir?
Q. DeCSS.
A. I continued to look for sites offering DeCSS and to request the issuance of cease and desist letters.
Q. And were you also looking for sites relevant to DOD Ripper or Power Ripper or Speed Ripper?
A. Our investigations are ongoing.
Q. Were you, at that time that you were looking for DeCSS sites, also looking at sites for DOD Speed Ripper, Power Ripper -- and Power Ripper? Excuse me.
A. I don't recall a time frame.
Q. When did you start looking at DeCSS sites?
A. Early to mid-October of '99.
692
Q. And can you tell me to the best of your recollection whether that was before or after you were looking at sites for DOD Ripper, if in fact you were?
MR. COOPER: Objection, your Honor. I think it has been asked and answered repeatedly and it's plainly beyond the scope of direct.
THE COURT: It's certainly sustained as to form. Let's start with that. Try another question.
Q. After you started looking at the DeCSS site, did you make any notes of any site you saw?
A. Can you clarify "make notes"?
Q. Did you write anything down on a piece of paper?
A. I imagine we downloaded those sites that we found.
Q. And do you recall now which sites that you found?
A. Not specifically.
THE COURT: Isn't that precisely the carton of document that was submitted to my chambers that was then turned over to you, Mr. Garbus, like maybe 5,000 pages of it?
MR. GARBUS: I don't know if that was all the documents. What Mr. Schumann testified was that he had gotten a part of the documents. I'm trying to find out now what the documents were that she downloaded.
Can we approach the bench?
THE COURT: No.
MR. GARBUS: Let me tell you where I would like to
693 go, and if there is an issue about it, I just don't want to go there.
I think I'm entitled to know -- she is the only witness for the MPAA thus far produced. I understand she is their last witness. We have been told about this awesome threat of DeCSS, and I would like to find out what the MPA has done since they first learned about it, and I would like to find out during the course of this investigation or this discussion with her what she has done, because she is the head of piracy, with respect to the other utilities that allegedly cause piracy, and whether or not she or anyone can tell basically, if something is on the screen, which utility it comes from --
THE COURT: You already got that stipulation, didn't you, early this morning?
MR. GARBUS: The last part I have.
THE COURT: Right.
MR. GARBUS: Now I would like to go to the investigation. What I have said before is if they were serious at all about DeCSS, that there were many, many ways that they could have learned in October, November exactly who had DeCSS, what was being done with respect to it, and I think what they would have concluded, at least I would have concluded, is that it was being used for the Linux machine and that these other utilities may be appropriate "illegal copying
694 or piracy tools," but DeCSS, for precisely the reasons that Mr. Shamos testified, is not.
Now, whether or not your Honor feels that makes DeCSS still prohibitable by the statute is something for an appropriate time, but it seems to me I'm entitled to go through that with this witness.
THE COURT: What is on the table are questions nit-picking about documents that you know full well were produced to you, piles of them.
MR. GARBUS: Let me tell you some of the documents we did not get. Shall we go through that now?
THE COURT: Mr. Garbus, no.
MR. GARBUS: May I ask my question?
THE COURT: You can ask a new question.
MR. GARBUS: Thank you.
Q. Now, when you say you were monitoring sites for DeCSS in November of '99 --
THE COURT: By the way, if we do get to that subject, I'm still waiting for the affidavit about your client's hard drive. Just keep that in mind. Let's go on.
MR. GARBUS: May I have the last question asked repeated to me?
Q. Did you ever tell anybody from October until today that you had ever seen a pirated copy of a digital movie, a
695 specific movie?
A. Yes.
Q. And did you ever tell anybody, or write a report, or furnish a document indicating that it related in any way to DeCSS?
A. As I stated before, I don't recall any report on DeCSS.
Q. Putting aside report, any e-mails?
A. I don't recall specifics.
Q. What has been your training as an investigator? You worked for the F.B.I. for a period of time?
A. That's correct.
Q. Were you trained there as an investigator?
A. That's correct.
Q. And did the F.B.I. have some practice with respect to making reports?
A. Yes, they do.
Q. Tell me what that practice was.
MR. COOPER: Relevancy, your Honor.
THE COURT: Sustained.
Q. Did the training include --
THE COURT: Sustained.
Q. You indicated that -- let me ask this. When you say you are monitoring websites, did you ever call any website in order to determine the name, address or identification of any individual who had been allegedly selling movies on any of
696 these file sharing sites?
A. Excuse me. You'll need to clarify your question. You have asked about websites and FSUs all in the same sentence.
Q. Did you ever call anybody as part of your investigation, or to your knowledge, if it's not confidential, the F.B.I., Secret Service, U.S. Customs?
THE COURT: The question is lost with the digression. Start the question again.
Q. Did you ever call anybody at anybody website that had file sharing to determine where the films came from?
A. Do you mean did I telephone anyone?
Q. Yes.
A. Not personally.
Q. Did you ever make any investigation with respect to any of those file sharing sites as to where the films came from?
A. Yes, we routinely investigate.
Q. And what did that investigation indicate?
MR. COOPER: Objection, your Honor. It's not only confidential, ongoing investigations. Much of the information she has on this subject is privileged and it is plainly beyond the scope.
THE COURT: Well, you better come to sidebar. Mr. Garbus and Mr. Cooper.
THE COURT: Let's deal with scope first. Mr. Garbus,
697 why is it within the scope?
MR. GARBUS: My position is that they know that DeCSS is not a pirating tool. My information. And I believe that they may have made an attempt to determine that and may have concluded what I have just said is so. Whether or not that goes to your ultimate question about whether or not the DeCSS is an appropriate or inappropriate circumvention is something else. But it seems to me what I am entitled to know is this.
There are ten different utilities that with respect to, let's say, the nine others, as I understand it, they did no investigation, and that basically what you are dealing with is an attempt to take a product away from, let's say, the Linux source group, and that I think that what the MPA was doing was basically protecting the licensing arrangement and that this entire investigation had little and nothing to do with piracy. And I think they are aware of the fact that the stuff that's up on the Internet is not DeCSS material. Not only the negative of it, but that they know that it's not.
THE COURT: So that's why it's within the scope of the direct, is that right?
MR. GARBUS: If you want, I will make her my witness at an appropriate time, keep her in court and I'll make her my witness.
MR. COOPER: Your Honor, my principal concern -- I don't think it's necessary --
698
MR. GARBUS: I don't think it's within the scope of the direct based on the conclusions that they drew. She is the chief investigator. They put her on the stand. She comes to assert conclusions. I think the facts contradict her conclusions.
THE COURT: What conclusion?
MR. GARBUS: Well, I must tell you every one of the conclusions is that DeCSS is a contributing factor or is one of the reasons they are very concerned. One of the critical parts of her testimony, as I understand it, is the spiking or the enormous increase in material on the net since DeCSS first comes about.
THE COURT: Um-hum.
MR. GARBUS: And I think the truth of it is you have nine other utilities that lead to that spiking, and the one utility that does not is DeCSS because it has a different function.
THE COURT: You are certainly entitled to ask her about the question of whether these other utilities could have led to the spike. There is no question about that.
MR. GARBUS: Okay. And I want to know.
THE COURT: But I don't think that's what you have been asking her.
MR. GARBUS: I have been trying to get the background for it. I have been trying to find out her investigation. If
699 you are asking me to ask a conclusory question, I'm prepared to do that. I wanted to know what her investigation indicated. It seems to me I'm entitled to do that.
THE COURT: Mr. Cooper?
MR. COOPER: Our concern, your Honor, is that the question that I think Mr. Garbus last asked her has the potential for eliciting information regarding the specifics of investigations of other potential actions and ongoing investigations in cooperation with law enforcement.
I will say, for instance, that the MPAA member companies are among the plaintiffs in an action filed today against ScourNet, and to the extent that Mr. Garbus's question is potentially going to elicit privileged information regarding the investigation leading up to that action, I believe we are entitled to protection from having to answer that question under a variety of privileges.
I don't think it's necessary for Mr. Garbus's right to question the witness on any relevant information she might have, but I am concerned that it's privileged information and information regarding ongoing investigations not be divulged in connection with such a response.
MR. GARBUS: I am here to represent a client. My understanding is that, of all of the utilities, the one that is not being used for piracy is DeCSS because of the amount of time it takes to do a variety of things. What is being used
700 for piracy are these other utilities, that the investigation into DeCSS is solely related to the fact that there is a competitive machine out there called Linux. That's what I'm trying to get to.
If we can do all that with a stipulation, if we can do all that -- not the last part about Linux -- but if we can do it with a stipulation, I will try to craft one and I would try and ask it in one question, but I was trying to get into the investigation concerning it.
MR. COOPER: I don't even know how to respond to that. The only information we have on any of those assertions are from Mr. Garbus's mouth. This witness isn't able to testify to that factual information because it's simply nonexistent.
MR. GARBUS: She is the chief investigator. She may contradict everything I said. She may say everything I just said is wrong.
THE COURT: Look, Mr. Garbus is entitled to cross-examine her on the subject of whether this spike in the apparent availability of pirated movies on the Internet after October or November is attributable to the appearance of DeCSS. I think there are other ways of doing it.
MR. GARBUS: I could ask her one question.
THE COURT: We will take it one question at a time. There are other ways of doing it. Let's try.
701
MR. GARBUS: Judge, you are an experienced trial lawyer. If you can think of a better way for me to formulate a question so we don't have a problem, I will do it.
THE COURT: I'm not getting your rate anymore to formulate the questions, Mr. Garbus.
MR. GARBUS: You may be exagerating.
THE COURT: I don't think so.
MR. GARBUS: May I have the last question, please?
THE COURT: I am going to sustain the objection to that question, because it's much too broad in the circumstances, and it does implicate privileges. It implicates legitimate confidentiality concerns beyond privileges, but there is some appropriate area here that I have indicated at the sidebar, and counsel can pursue it.
New question.
Q. Have you ever seen any documents that indicate whether or not all of the films that are on these file sharing programs do or do not come from Power Ripper?
A. No.
Q. Have you ever seen any documents --
MR. GARBUS: Judge, if you have a better way of formulating the question, I will take it.
702
THE COURT: As I said to you, I'm not getting paid the rate you are getting for formulating questions. Once upon a time I was, but not anymore. That's your job.
MR. GARBUS: Did we get an answer?
THE COURT: There is not a question.
Q. Can you tell by looking at any of the file sharing programs what percentage of the films that are described on those file sharing programs come from any particular utility?
A. You want to know what compression was used on them or --
THE COURT: Let's try to make this simpler. I can't resist, Mr. Garbus. I'm sorry. Think of it as pro bono.
I understood from a previous witness that when you see a film listed on a website or an FSU that has been decrypted and is available for sale or exchange, that you can't tell from the listing itself what mode of decrypting the film was used. Is that consistent with your understanding?
THE WITNESS: Yes, it is.
THE COURT: All right. Are there other ways that you can ascertain by what means a film offered on the Internet or an FSU for exchange or sale has been decrypted?
THE WITNESS: I don't know.
THE COURT: Back to you, Mr. Garbus.
Q. Who would know at the MPAA, if anybody?
A. I don't know.
Q. Do you know who Brad Hunt is?
703
A. Yes, I do.
Q. What is his job?
A. He is our chief technology officer.
Q. Have you ever had any discussions with him about the two questions that the judge has asked you?
A. No, I have not.
Q. And who is Rick Hirsch?
A. He is the head of antipiracy for the IDSA.
Q. To your knowledge, does anyone at the MPAA have the answers to the two questions that the judge posed?
A. I don't know.
Q. To your knowledge, does anybody in law enforcement have the answers to the two questions the judge has posed?
A. I don't know.
THE COURT: Has anybody on the Cincinnati Reds? Come on. Don't you think there is an easier way to do this, Mr. Garbus?
MR. GARBUS: You tell me. Your questions are not objectionable. Mine can be. Go ahead if your Honor wants to formulate the question.
THE COURT: Mr. Sims has offered.
MR. SIMS: I will pose the question if you want, your Honor.
THE COURT: It's Mr. Garbus's examination.
Q. Now, we have heard about a surge in Internet piracy, is
704 that right, over the last six months?
A. In respect to decrypted DVDs.
Q. Right. Can you tell whether or not that surge comes as a result of the utility Power Ripper or DeCSS or DOD Ripper or any other utility?
A. Not definitively.
Q. Has anyone at the MPAA ever made any investigation to determine what the utility is or was being used to create that surge?
A. I don't know.
Q. Have you ever made any investigation to determine which utility leads to that surge?
A. As I stated before, it's an ongoing investigation.
THE COURT: Maybe we can get at it a little bit better this way. If you were to download the file of a decrypted movie obtained over the Internet or through an FSU, are you aware of any means by which you can examine the code and the data file of the download and determine through that examination how the movie was decrypted?
THE WITNESS: I don't have that answer yet.
THE COURT: You don't have it yet.
THE WITNESS: No.
THE COURT: I take it the answer is that you hope to find out some day, but you don't know it now, is that correct?
THE WITNESS: I hope to find out soon, yes.
705
THE COURT: All right.
Q. So, as of now, nobody knows the answer to my question?
THE COURT: As of now, Ms. Reider doesn't know the answer.
THE WITNESS: That's correct.
Q. As of now, do you know if anybody in the MPAA knows the answer?
A. I don't know.
Q. To your knowledge does anyone in law enforcement know the answer?
A. I don't know.
Q. Now, has anyone ever said to you --
THE COURT: Let me ask another question, because I think it may short-cut this a lot. Would I be correct in assuming, Ms. Reider, that there are other investigative techniques that you have and are pursuing in an effort to find out by what means any movies that may be offered on the Internet were decrypted, out of conventional law enforcement type techniques?
THE WITNESS: That's correct, your Honor.
THE COURT: Okay. Let's go.
Q. What are those techniques, and what is it that you're doing?
A. We regularly try to determine the source, the author's identity, location.
706
MR. GARBUS: Can I hear the answer again?
Q. During that course of investigation, have you ever determined that DeCSS was ever used to send a film over the Internet?
THE COURT: Well, on that you already have your stipulation, Mr. Garbus. They have no direct evidence that that ever occurred. They are asking you to infer it from other things.
Q. Have you ever tried to determine whether or not any -- from your investigation -- any of the films on the file sharing programs came from DeCSS?
MR. COOPER: Asked and answered, your Honor.
THE COURT: Yes, I think it was.
MR. GARBUS: Your Honor, can I have five minutes? Could I just have a five-minute break?
THE COURT: Yes, sure.
Q. During the course of your investigation, when you have gone to these file sharing sites, have you ever learned that the information posted on the site is false, namely, that they don't have the movies that they say they have?
A. On occasion the download does not come through.
Q. And when you say "on occasion the download does not come
707 through," what does that mean?
A. There is some sort of error in the transfer.
Q. Do you know whether the film is on the site or it's just a dud, that they say they have a film?
A. I don't know.
Q. Do you have any reports or records concerning the number of duds on these file sharing sites?
A. Not to my knowledge.
Q. To your knowledge, does any law enforcement agency have any information concerning the duds on these file sharing sites?
A. I don't know.
MR. GARBUS: Excuse me, your Honor. We are just trying to go through all these document now. It's a little rough.
Q. This is document CO, which also has attached to it -- well, let me show you this first. I show you Defendants' Exhibit AT?
MR. GARBUS: May I approach the bench?
THE COURT: Yes.
Q. And I ask you whether or not you have ever seen this document before. Have you ever seen that document before?
A. You showed it to me at the deposition.
Q. Prior to the deposition had you ever seen it before?
A. Not that I recall.
708
Q. Let me show you a document entitled CO.
MR. COOPER: Your Honor, this is a privileged document.
THE COURT: Mr. Knight is who?
MR. COOPER: Mr. Knight is one of the attorneys, a former regional director for the MPAA.
Mr. Litvak, as you know, is counsel for the MPAA. And, your Honor, I believe that this goes to efficacy and is not properly within the scope of direct.
THE COURT: Mr. Garbus?
MR. GARBUS: As I said, I'm prepared to make this witness -- rather than get into scope or not scope at some point -- I'm willing to make her my witness as a hostile witness.
THE COURT: And what about the rest?
MR. GARBUS: Can I hear the rest again?
THE COURT: Privilege, relevance.
MR. GARBUS: This is the Macrovision report.
THE COURT: Please do not describe what it is. There is a privilege claim.
MR. GARBUS: I don't see why it's privileged.
THE COURT: You don't see it.
MR. GARBUS: It's a public document.
THE COURT: CO is a memorandum from Mr. Hunt to Mr. Knight, who was just identified as an attorney. We are
709 laboring under some difficulty here, and I appreciate that that affects everyone, because in an effort to get this case to trial, you have seen probably 95 percent of the plaintiff's privileged documents on a "no waiver" basis with the understanding that admissibility would be determined at trial. In other circumstances, a determination would have been made as to privilege, and if it was determined to have been privileged, you never would have seen the document in the first play. So please don't announce its contents while we are discussing whether there is a proper privilege claim.
Now, would you address the privilege claim and the relevance argument.
MR. GARBUS: With respect to relevance, it refers to the document, which I don't perceive to be privilege.
THE COURT: No, AT is not. But by saying this refers to it, you, of course, have already disclosed part of the content of CO. But let's go on.
MR. GARBUS: Judge, shall we do this at the bench?
THE COURT: I think you are fully capable of discussing the relevance and the privilege issues without discussing the contents.
MR. GARBUS: I would like to ask her whether looking at that document, to which there is an objection with respect to privilege, refreshes her recollection as to whether she saw a document that was not privileged.
710
THE COURT: For that limited purpose, you may show her CO.
MR. GARBUS: Thank you.
THE WITNESS: He already has.
THE COURT: You have already seen it, Ms. Reider?
THE WITNESS: He just gave it to me.
THE COURT: He just gave it to you. All right. Ask her the question.
Q. Does reading that document refresh your recollection as to whether or not you saw a document entitled "Macrovision"?
A. No, it does not.
Q. Did you ever have any discussion with anyone at the MPAA concerning any Macrovision analysis of the DVD CSS hack.
A. Not that I recall.
Q. Were you told by anyone at the MPAA that Macrovision had determined that the DeCSS hack has no commercial significance?
A. I don't recall.
Q. Were you ever told by anybody at the MPAA -- by the way, do you know who Macrovision is?
A. Vaguely.
Q. Tell me who they are.
A. They are a company that provides content protection for videotape.
Q. Were you ever told by anyone at the MPAA either that a Merdan report or a Macrovision record had determined that the
711 DeCSS hack has proven to be more difficult and complicated to use than the average consumer is willing to put up with?
A. No.
Q. Did you have any conversations with anyone at the MPAA concerning the differences in the use of the DeCSS utility and the other utilities we have talked about, the DOD Ripper, the Power Ripper, the Speed Ripper, with respect to their efficacy, with respect to illegal copying?
A. Can you read back that whole question, please?
A. Not that I recall.
Q. Did anyone at the MPAA ever tell you that DeCSS was not consumer or user friendly and would not pose a problem with respect to illegal copying?
A. Not that I recall.
Q. Did anybody tell you the contrary?
A. I don't recall.
Q. Did you ever see any MPAA report that said that DeCSS is not a utility that is appropriate for piracy or copying?
A. Not that I recall.
Q. Do you know if the MPAA ever made a determination that DeCSS is not a copying or pirating utility?
A. Not that I recall.
Q. Did they ever come up with any contrary conclusion?
A. I don't know.
712
Q. When for the first time did you learn about Linux?
MR. COOPER: It assumes facts not in evidence, but it's beyond the scope.
THE COURT: Sustained as -- pardon me?
MR. COOPER: And irrelevant.
THE COURT: Sustained as to form. Rephrase it.
Q. You previously talked about downloading material from the LiViD group site. Is that right?
A. That's correct.
Q. Prior to that time, had you ever heard of Linux?
A. As an operating system?
Q. Yes.
A. Yes.
Q. When did you hear about it for the first time?
A. I don't recall the date.
Q. Was it in 1999?
A. I don't recall the date.
Q. Did anyone at the MPAA ever tell you about Linux or did you learn it on your own?
MR. COOPER: Your Honor, relevancy. I recognize that Mr. Garbus is entitled to cross-examine the witness on proper matters, but I get the impression we are engaged in a filibuster.
MR. GARBUS: Engaged in what?
THE COURT: A filibuster is what he said.
713
Overruled for the moment.
A. I don't recall.
Q. When for the first time did you ever hear the term "LiViD group"?
A. I don't recall having heard that specific title.
Q. How did you know to go to the LiViD website, download the material you downloaded in October and November?
A. I'm an investigator. I followed a trail there.
Q. Tell me what the trail was.
A. I read about it on Slashdot.
Q. And, by the way, do you know or anyone at the MPAA have any reason to believe that 2600.com has anything to do with the surge in Internet piracy?
MR. COOPER: Your Honor, to the extent that Mr. Garbus is asking the witness of her knowledge from attorneys in connection with this lawsuit, it would be privileged.
THE COURT: I just don't even begin to see the relevance of it.
Q. Take aside the question --
MR. GARBUS: Unless you are ruling on relevancy.
THE COURT: I am ruling on relevance. There has been no clam here. They don't have to establish what you are suggesting you were provided.
MR. GARBUS: It certainly goes to the question of damage, doesn't it?
714
THE COURT: There is no damage claim in this case, whatever you say in your papers. They amended their complaint to delete it.
Q. Other than DeCSS, do you know what other ways there are to copy DVDs?
A. Only what I have read.
Q. And what is it that you've read?
A. The drink or die Speed Ripper claims.
Q. Tell me what that is.
A. With all due respect, sir, you have been asking me about the DOD Speed Ripper.
Q. So that's the only thing that you know of that is used to decrypt DVDs other than DeCSS, is that right?
A. To my knowledge.
Q. Has anyone ever told you that any of these other utilities that we have talked about can be used to decrypt DVDs?
MR. COOPER: Ambiguous, your Honor.
THE COURT: I don't think so.
THE WITNESS: Could you read the question back, please?
A. Not that I recall.
Q. In response to Mr. Cooper's question before, you stated that you tested DeCSS. Do you remember that?
A. That's correct.
715
Q. You didn't mention whether you were alone or with other people. Were you alone?
A. No.
Q. Who was with you?
A. To the best of my recollection, Brad Hunt, Rick Hirsch and Richard Kroon.
Q. And you have identified Brad Hunt as the chief. Rather than go through it again, tell me who those three people are.
A. Brad Hunt is our chief technology officer, Rick Hirsch at the time was director of worldwide antipiracy, and Richard Kroon is a manager in our MIS department.
Q. What is Brad Hunt's background, to the extent you know it?
A. I don't know.
Q. Who did the actual downloading?
A. I did.
Q. And were you doing it under their supervision?
A. No, I was not.
Q. Did you then, after you downloaded it, watch a movie?
A. We decrypted a DVD.
Q. Which one?
A. As I recall, it was a Star Trek movie.
Q. Did you watch the movie?
A. We watched segments of it.
Q. How much?
A. In total, approximately five minutes.
716
Q. Is it fair to say that there is no report or memo concerning that?
A. I can't speak for others.
Q. Did you ever make a report or memo concerning that?
A. Not that I recall.
Q. You said before that you hoped to have an answer soon about whether a movie file reveals the decryption technique. Who have you asked for this answer?
A. I have not yet asked anyone.
Q. You hope to have an answer soon, you haven't asked anybody. Can you tell me whether or not anyone to your knowledge is studying whether or not a movie file can reveal -- that's been downloaded -- can reveal the decryption technique?
A. I don't know.
Q. When do you hope to get an answer to the question you didn't ask?
THE COURT: You think that's a proper question, Mr. Garbus?
Q. When do you hope to learn when there will be information about whether a movie file reveals a decryption technique?
MR. COOPER: Objection, your Honor.
THE COURT: Overruled.
A. In the near future.
Q. Is the near future sometime this year or next year?
717
A. I would say that was subjective as to what you would qualify "near."
Q. You used the word. What do you mean by that?
A. Hopefully within the year.
Q. Now, do you know of any techniques that are being developed by the movie studios or the MPAA to stop the transmission of unauthorized movies over the Internet?
A. I have no specific knowledge.
Q. Does the word "digital transmission" mean anything to you?
MR. COOPER: Relevancy and scope, your Honor.
THE COURT: Sustained.
Q. By the way, do you in the course of your investigation use informants?
A. Yes, I do.
Q. And are these informants used to determine facts for your investigation?
A. They contribute intelligence.
Q. And has any of the intelligence that has been contributed indicated to you that DeCSS is used in any way for any illegal copying?
A. Yes, it does.
Q. Where is that found, that intelligence?
MR. COOPER: Your Honor --
Q. Is that in any documents?
THE COURT: What is it, Mr. Cooper?
718
MR. COOPER: We had an understanding with respect to the specifics of investigations and, in particular, the informants, at least I understood we did with opposing counsel. I am just wanting to make sure that that last question is limited to whether the witness has copies of informing as opposed to what the details of the investigation are.
Q. Let me make it clear, I am not interested in any informants's names and I don't want to you give me any informants's names.
Have you ever soon a document from an informant -- by the way, how many informants do you use in the New York office?
A. In the New York office?
Q. Yes.
A. There are no informants in the New York office.
Q. How about Washington?
A. Informants in the Washington office?
Q. How many informants does the MPAA have in the United States?
A. I don't know.
Q. How many informants does the MPAA have in Encino, California?
A. Zero in Encino, California.
Q. Where are the informants located? I don't want to know
719 cities, just general areas.
A. They are around the world.
Q. Have any of these informants ever given you a written document that shows that a DeCSS film was ever on the Internet or was ever sold or copied?
A. Not specifically.
Q. How much money does the MPAA spend each year in its piracy efforts?
A. I don't know.
Q. How many people -- by the way, where are you located?
A. Encino.
Q. And how many people are there in your office?
A. Approximately 120 or so.
Q. And how many of those people do you supervise?
A. Directly?
Q. Yes.
A. Four or five.
Q. How many people do you supervise indirectly?
A. It depends on the investigation.
Q. With respect to the DeCSS investigation.
A. It depends on which site offering DeCSS.
Q. Is there any investigation that the MPAA is making of 2600.com?
A. To the extent we filed this lawsuit.
Q. Other than that?
720
MR. COOPER: Your Honor, I believe the witness's testimony has been that after a certain point in her investigation she turned it over to legal and this lawsuit resulted. He is asking outside of this lawsuit?
MR. GARBUS: I will now go before the lawsuit.
Q. Prior to January 13, was there an investigation of 2600.com?
A. Under the direction of the legal department.
Q. And do you know when that investigation began?
A. I can't give you an exact date.
Q. Now, you say, as I understood it -- where did you get DeCSS from in the first instance?
A. I don't recall.
Q. Did you say you got it off Slashdot?
A. No, I did not.
Q. Do you know why 2600.com was the only person sued in this lawsuit? Is there anything that you know, as a result of any conversations you had prior to January 13, why Mr. Goldstein and 2600.com, along with the other two defendants, were being made the subject of this suit?
MR. COOPER: To the extent the witness has any information on this subject, it is plainly privileged.
THE COURT: Sustained.
Q. What is the budget of your department?
A. I don't know.
721
Q. What is the budget of the antipiracy department of the
A. I don't know.
THE COURT: Mr. Garbus, I have let you go on for a long period of time because it is now reasonably clear to me that the object of this morning's exercise, in at least some part, is simply to fill up hours that you want to fill up. That's my perception of it anyway. We have gotten down nearly to the color of the carpet in the office and what brand of coffee is in the coffee machine. I don't see the relevance of any of it. If there is any, I would like to hear it now.
MR. GARBUS: I would like to know -- I think it's relevant. The MPAA has made allegations about DeCSS as a piracy tool. As I understand it, DeCSS is used primarily for the Linux machine; that with respect to piracy or illegal copying, that it is the other utilities that are used, and that the reason that DeCSS is the subject of this lawsuit is not so much related to piracy but it related to the use by Linux and other open source people of DeCSS which allows it to play DVDs.
In other words, the argument that we have been making since the beginning of this case is that this is not a piracy case, this is not an illegal copying case. Rather, this is a monopoly case where the DVD licensees control who shall play DVD hardware.
722
THE COURT: And would you point to the pleading that you have filed that makes this a monopoly case, Mr. Garbus.
MR. GARBUS: My memory is it's in the answer. I don't have the answer before me.
THE COURT: Yes. Well, I have looked at it since yesterday, and it is not there. What you allege in the answer is that Congress's enactment of the DMCA and the application of that statute, presumably by the courts of this country, violates the antitrust laws.
MR. GARBUS: If --
THE COURT: Excuse me. That is the only antitrust allegation you have made in any pleading in this case. Now, I suspect that you know, but in any case, I will say, that it is impossible as a matter of law for the Congress of the United States, by enacting a statute, or for a court of the United States, by applying it, to violate the antitrust laws.
If there were an inconsistency between the DMCA and the antitrust law, standard principles of law that have been established in this country for 200 years, require the result that because the Sherman Act was enacted in 1890, the Clayton Act in 1914 and the Robinson-Patman Act in 1936, and the DMCA in 1998, that the antitrust laws, to whatever extent they may be inconsistent with the DMCA, are repealed.
Now, I don't see any inconsistency, and if there were, it's not an issue in this lawsuit and let's just get on
723 with this lawsuit.
MR. GARBUS: I don't think it's an appropriate response at this time. We have submitted briefs to you on that question. I don't believe that the DMC --
THE COURT: What brief is that, Mr. Garbus? Could you bring my attention to it, please?
MR. GARBUS: Yes. We have a brief where we talk about Sega, Betamax and the Connectix case. I think it's the reply brief, and it's my memory that in that brief we talk about the holdings in those three cases, and we discuss the issue of whether or not the DMCA has in effect overruled those three case.
It is our view that it has not. And in each of those three cases, as I interpret the cases, they had arguments about fair use, but they also had arguments under general copyright discussion about monopoly, and we have cited those cases in our brief and that has been part of our argument.
THE COURT: I stand fully by everything I said. Let's move on. And if there is any relevance to this line of examination, I still haven't heard it, and it is now 12:25, and I am warning you now that your time with this witness is running out. And if you don't get to something relevant, I will simply terminate the examination after fair warning. You have had part of that warning now.
MR. GARBUS: I will stop examining this witness.
724
THE COURT: I have not terminated your examination. If you wish to stop now, that's your choice.
Do you wish to stop now?
MR. GARBUS: I will ask two or three questions.
Q. When you tested DeCSS, did you apply DivX?
A. No.
Q. Have you ever applied DivX?
A. No, I have not.
Q. Do you know what DivX is?
A. Yes, I do.
MR. GARBUS: Excuse me. I have no further questions at this time.
THE COURT: Are you through with the witness, Mr. Garbus?
MR. GARBUS: Yes, I am.
THE COURT: Is there any redirect?
MR. COOPER: No, your Honor.
THE COURT: The witness is excused.
THE COURT: Your next witness, Mr. Gold?
MR. GOLD: As I said before, this was our last witness. However, there are some disputes about documents still, we hoped, would have been resolved last night, but I'm told they weren't. So prior to the resolution of those
725 document issues, which we would like to put in on our case, we are not finished with the complaint, we are prepared to address them.
MR. SIMS: I have an informal agreement with Mr. Hernstadt and Mr. Atlas that, subject to your Honor's permission, we have given them last night a list of the exhibits, a subset of those we had marked, that we would like to move in. They can't get to their objections until either tomorrow or, they said this morning, more likely Monday.
So I think what Mr. Gold is saying is that we would like to close subject to the offering of that evidence. I believe that they will agree to much of it and then that will narrow the amount of argument over the remaining arguments that would be made at the time that we offer that evidence.
THE COURT: Is that satisfactory, Mr. Garbus?
MR. GARBUS: I have to speak to Mr. Hernstadt. I was not part of these conversations.
MR. ATLAS: We were provided by Mr. Sims with their exhibit list this morning. I have gone through and taken some notes. I have narrowed down the issues. I would agree that you should keep their eyes open. To the limited extent that they will submit certain exhibits and certain deposition designations, that's fine with us. We will try and work those issues out tomorrow and over the weekend.
THE COURT: Okay. Plaintiff rests subject to
726 deposition excerpts and exhibits.
MR. GOLD: Thank you, your Honor.
THE COURT: Mr. Garbus?
MR. GARBUS: We would be prepared to put on a witness after lunch.
THE COURT: 2 o'clock.
727
A F T E R N O O N S E S S I O N
2:00 p.m.
THE COURT: We are missing somebody. I guess not.
Counsel, I gather you filed a motion in the Court of Appeals yesterday to stay the trial on the ground that I should not sit. Does anybody know what the status of that is?
MR. GARBUS: It has been denied.
THE COURT: It has been denied. All right. Call your first witness.
MR. HERNSTADT: Defendants call Edward Felten.
MR. GOLD: Your Honor, may I make a motion with respect to this witness?
THE COURT: Yes.
MR. GOLD: Your Honor, it would appear that Mr. Felten is a distinguished professor of computer sciences at Princeton and he has submitted one and a half page declaration, six lines of which talk about what he is going to testify about.
I would rather hand this up to you so you could see the six lines for yourself.
THE COURT: Mr. Felten, why don't you have a seat for a second anywhere you like.
MR. GOLD: May I approach, your Honor?
THE COURT: Yes.
MR. GOLD: This is the declaration. I'm referring to
728 page 2.
THE COURT: Okay. I have read it.
MR. GOLD: This is one of several cryptographers who have submitted affidavits and the subject listed here I respectfully submit, and as we set forth in our motion in limine, have nothing to do with the charges we have made against the defendant.
THE COURT: The very first item, the function similarities and/or differences between source and object code, I take it that that really is a foundation of the whole case, right? I mean unless you know that, you don't know anything about this case.
MR. HERNSTADT: Yes, your Honor.
MR. GOLD: The second, third and fourth, your Honor?
THE COURT: Well, let me hear from Mr. Hernstadt.
MR. HERNSTADT: About the relevance of this witness, your Honor?
THE COURT: The relevance of items 2, 3 and 4 on this statement.
MR. HERNSTADT: The relevance of items 2, 3 and 4 go into two parts of our case, one is the First Amendment argument that we make. All of this is testing, all of the research that comes out of this testing is stuff that is material that is published and discussed and part of a discourse. DeCSS is an example of the type of program that
729 fits into the categories as set forth here.
THE COURT: That fits into?
MR. HERNSTADT: The categories that are set forth here, 2, 3, 4. If a law is passed that permit the silencing of discussion about a program because it does one thing, if it's speech, then the First Amendment is violated. That's an argument we have made. I think in order to understand that, it is important that you understand the nature of the research, the nature of the interaction, the accelerated sessions. It's not just publications. It is a more complicated interaction. And also, the benefit to the public of the discourse, of the open public discourse.
MR. GOLD: Your Honor, one of the exhibits we were handed during lunch, that I assume they gave us because they were going to try to present in court, is a letter that a bunch of scholars presented to Congress before they passed the statute. I think the defendants are mistaking this for a legislative body. They don't like the statute --
THE COURT: We know they don't like the statute.
MR. GOLD: Well, that's what 2, 3 and 4 --
THE COURT: I never met a defendant that liked the statute under which they were being sued. Most drug dealers have a problem with the narcotics laws. I didn't mean to compare these people to drug dealers by any stretch. Perish the thought. Just to illustrate the point. Most corporations
730 don't like the antitrust laws. Do you like that better?
MR. GOLD: If we get into 2, 3 and 4, you will be into a lot of things I think you'll find have no relevance at all.
THE COURT: Well, look, I'm prepared to be educated to a point, and if I find that it's relevant and useful, I will hear more. If the only objection here is relevance, I am prepared to go a little bit of a way to find out whether I think there is really something to it.
MR. GOLD: It's relevance, and it's the fact that under the statute, on the face of the statute as we have set forth, your Honor, there can be no cryptographic research exception for these defendants.
THE COURT: No, but it is fair to say that in my preliminary injunction ruling on the basis of no record at all other than what you have told me, I came to the conclusion all by myself that given the assumption that code has some expressive content, there needs to be at some point potentially a balancing with respect to constraining the publication, because any constraint on the publication, given the assumption, involves a First Amendment value.
Now, I think, therefore, that I need to hear potentially evidence of this character in order to come to an informed judgment about how to balance, instead of being in the position that I found myself in in January, through no
731 fault of the plaintiffs, of basically having on the one side your contention that this program did nothing but rip off your product and the defendants' position that it didn't matter, the First Amendment was a complete obstacle.
MR. GOLD: In terms of the sole purpose of the product, the defense has admitted that the sole purpose was to serve DeCSS.
THE COURT: I understand that, but there are other issues here, and I am going to allow the witness to testify. I'm not sure until I hear it how much of what he has to say is useful, but I'm certainly going to start listening.
MR. GOLD: Thank you.
MR. HERNSTADT: Your Honor, just to make the record clear, we have never submitted that the sole purpose is to circumvent. We have submitted evidence that one of its purposes is to decrypt. But that's not the same thing as circumvent.
THE COURT: I know. You are a good lawyer, Mr. Hernstadt.
MR. HERNSTADT: Thank you, sir.
THE COURT: It certainly doesn't serve the purpose of allowing people to play Space Invaders. Okay. Let's go with the witness.
732 having been duly sworn, testified as follows:
Q. Good afternoon, Professor Felten. Could you tell us what your education in the area of computer science is?
A. Sure. My education in general, I received a bachelors degree from CalTech in 1985 and in 1991, a masters degree, in 1993, a Ph.D. in computer science, both of those at the University of Washington.
Q. And in the course of your studies, were you awarded any honors?
A. Yes. My graduation from CalTech was a graduation with honors, and I received an award for the -- for outstanding research outside the classroom at CalTech, and when I was in graduate school, I received an AT&T graduate fellowship and also a Mercury 7 fellowship.
Q. What was the AT&T graduate fellowship?
A. This is a merit-based fellowship awarded by AT&T to a few computer science students at top schools, and it is basically a full ride through graduate school.
Q. After you completed graduate school, where did you go?
A. I joined the faculty at Princeton.
Q. Where are you teaching now?
A. Still at Princeton, the computer science department.
Q. What is your present position?
733
A. I'm an associate professor of computer science.
Q. What courses are you teaching?
A. The courses I have taught in the last few years include introduction to information security, a course on computer networks and distributing computing, and some special topics courses related to computer security and some other topics.
Q. Do you know what DeCSS is?
A. Yes.
Q. Do you teach, use DeCSS in any of your classes?
A. Yes, I used it in my introduction to information security course this last spring.
Q. What are your primary areas of research?
A. I do research in a number of areas. The main one is computer security. I also do research related to operating systems, to Internet software and some research related to computer networks.
Q. Have you been given any honors or awards in connection with your research?
A. Yes. These include some fellowships, a Sloan fellowship, a National Young Investigator Award from the National Science Foundation, and also some "Best Paper" awards at conferences. For example, at the symposium on operating system principles in 1997, which is the most prestigious conference in operating systems which meets every two years, I received the "Best Paper" award at that in 1997, so that indicates -- that is
734 said to indicate that I had written one of the two or three best papers in the area of operating area research in that area.
Q. Have you authored or coauthored a number of publications?
A. Yes. At least 50 articles in the scholarly -- at least 50 scholarly publications in the form of articles plus two books and some magazine articles.
MR. HERNSTADT: Your Honor, may I approach the witness?
THE COURT: Yes.
Q. Professor Felten, I have handed you Exhibit I believe BBP?
A. Yes.
Q. Could you identify that?
A. This is a declaration that I filed earlier in this case and attached to it is a copy of my CV.
Q. Does your CV list your publications and articles?
A. Yes, it does.
MR. HERNSTADT: Your Honor, rather than spending more time with that, I would move this into evidence.
MR. COOPER: No objection, your Honor.
THE COURT: Are you including within the offer the attached paper on Protocol Failure Analysis in Applied Cryptography Curriculum?
MR. HERNSTADT: Yes, your Honor.
THE COURT: Mr. Cooper?
735
MR. COOPER: Your Honor, I'm not familiar with that article as having been part of the declaration. Certainly I don't have a copy in what I have here from Dr. Felton's --
THE COURT: I will receive that part of the exhibit which consists of the declaration itself and the attached CV but not at this point the article.
MR. HERNSTADT: Very good, your Honor. Actually I don't have it either.
MR. COOPER: I don't believe it was attached.
THE COURT: It sure is, stapled to the one Mr. Hernstadt just handed me.
MR. COOPER: We have never seen it, your Honor, to the best of our knowledge.
THE COURT: That just happened. Let's go.
Q. Do you do any other work outside of teaching and research?
A. I do consulting for a number of companies and others. Some of that consulting is technical consulting, advising companies, particularly in the security field. I serve on technical advisory boards for six or seven companies, most of them start-ups in the security area, and I also do some consulting related to litigation.
Q. Have you ever testified in a case in connection with your consulting?
A. Yes, I testified twice in the Microsoft antitrust case in
736 front of Judge Jackson, and in that case, I also was deposed twice and filed two declarations.
Q. And did the court take your testimony as an expert?
A. Yes. The Department of Justice designated me as an expert and Microsoft did not object, so the judge accepted my testimony on that basis.
Q. What were the subject matters of your testimony in that case?
A. I testified in general about operating systems, web browsers and Internet software. I testified specifically about the Microsoft products that were at issue in that case, Windows 95, Windows 98 and Internet Explorer, the relationship among them. I testified about general issues relating to the design of software and how software could have been designed in ways other than what Microsoft did and a few other topics.
I should also add that I also testified about the security implications of what Microsoft had done in the design of their products.
Q. In case anyone in the room doesn't know, what was the result of that case?
A. The --
MR. COOPER: Relevancy, your Honor.
THE COURT: Sustained.
Q. Are you familiar with the Linux operating system?
A. Yes.
737
THE COURT: Before we get to that, I want to ask the witness one question.
I had another lawsuit at some point in which I thought about but ultimately did not appoint a court expert in a computer science area, and I remember that somebody referred me to somebody at Princeton. I never engaged any "expert." Was that you?
THE WITNESS: I don't recall ever being contacted.
THE COURT: I don't remember the name either.
MR. GARBUS: It was another one of our experts.
THE COURT: Okay.
Q. Do you use the Linux operating system?
THE COURT: Who was it, Mr. Garbus?
MR. GARBUS: I think it is Larry Peterson.
THE COURT: I don't remember the name.
MR. GARBUS: I don't think you and he ever spoke.
THE COURT: I think that's probably right. I think there may have been an e-mail or two.
Go ahead.
Q. Do you use the Linux operating system?
A. Yes, I do on a regular basis. I have one in my home, in my office, and I have at least two in the lab that my research group uses.
Q. And do you also have a Windows computer?
A. Yes, I also have Windows computers in each of those places
738 as well.
Q. Is one of those two operating systems your preferred operating system?
A. I think it depends what your purpose is. I think that in general, Linux is faster, more stable and more flexible than Windows, and so if that's what I'm after, then that's the system of choice.
The big advantage of Windows is that it has support for a lot more applications, and if you need one of those applications that's not available on Linux, then I would choose Windows for that reason. I think that if both operating systems had equivalent sets of applications, I would choose Linux.
Q. What programming languages do you use in your work?
A. A number of them. Like most computer scientists, I use whatever language fits the job, and so this would include languages like C, C++, Java, Pearl, NL and a number of others.
Q. And is there a connection between programming languages and what has been referred to as case, source code and object code?
A. Sure. Source code, I think of it as a general term referring to certain kinds of computer languages. The form in which the person typically writes the code directly is often referred to as source code, so think of source code as being one kind of computer language.
739
MR. HERNSTADT: Your Honor, the defense would offer Professor Felten as an expert.
THE COURT: Just as I told the other side, it's not necessary. If there is an objection to an opinion he offers, we will deal with it then.
MR. HERNSTADT: Very good. Thank you, your Honor.
Q. You said earlier that one of your primary areas of research is security.
THE COURT: Does that mean you're leaving source code and object code?
MR. HERNSTADT: No. I'm coming back.
Q. What is your main focus of scholarship and teaching in the area of security?
A. I, in my research group, do two things that I think distinguish us from -- there are two ways in which we try to distinguish our work. One is in focusing on the security of widely used software, software that is deployed on a lot of people's computers and that a lot of people are relying on. The other is in trying to take a sort of holistic approach, to consider the whole picture of what is involved in security at a system level as opposed to focusing on the microlevel on particular components.
Q. Does this research involve any reverse engineering?
A. Yes, we use reverse engineering quite a bit. One of the things that we do is do detailed security studies of products
740 that are deployed in the field, and in doing that, one needs to understand how the product works, what it does, whether the things that the manual says are actually true, and so on. To do that, you need to examine the software while it is running in a sort of bit-by-bit fashion, and that is reverse engineering.
Q. Does it involve encryption research as well?
A. Yes, many of the systems that we study involve encryption and do encryption, so encryption is part of that holistic picture that I talked about.
Q. You described taking apart programs, looking at programs very precisely. Is that what is known as hacking?
A. We, the term "hacking" has been used in a lot of different ways. Back when I started out in computer science, the term "hacking" would have been almost universally applied to that. In other words, hacking at one time was a term that was used just to refer to playing around with computer systems, trying to get them to do things, sort of analogous to tinkering if you will. A person who was particularly good at that would be called a hacker.
Then at some point in time, people who used computers for criminal purposes started to call themselves hackers, tried to apply that complimentary word to themselves, and the press picked it up and now you hear the word used especially in the public and the press in a negative way. So when I hear
741 someone use that word, I really have to look at the context to see what they mean.
Q. Could you give us an example of a security research project -- before you get to that, before when you were talking about the work you were doing you used the word "we." What did the "we" refer to?
A. We refers to a research group which consists of myself and at various times a number of graduate students, perhaps some undergraduate students, sometimes faculty colleagues get involved. So what it means is really a group of people headed by me.
Q. Could you give an example of a security research project that you have worked on?
A. Sure. One project that we spent a number of years on is -- started out with a study of the security of JAVA. Java is a programming language and a system which was deployed by itself and also in conjunction with web browsers, and because of technical reasons, which I'll skip -- unless you really want to hear them -- the security of Java was important for the overall security of web browsers and, hence, the security of people browsing the web, and so we started out in this project by doing a detailed study of Java to try to understand whether it provided the security guarantees that the vendors of Java systems said it did and, if not, why not. And then we moved on from there to deal with the implications of what we
742 had found.
Q. Which vendor's version of Java did you look at first?
A. We started out looking at the version from Sun Microsystems because at the time we started, that was by far the most popular version. Later on Netscape came out with their own version of Java and we began to study that and Microsoft came out with their own version and we began to study that. For most of the project, we were looking at all three implementations because those formed by far the bulk of the systems that were actually deployed.
Q. Do researchers request the permission of a vendor in advance before they start looking at a program?
A. No. We did not feel that we needed permission from anyone to do what we were doing, and certainly we were happy to talk to the vendors about what we were doing if they wanted to engage us in a dialog, but we did not feel we needed their permission to do it.
Q. Did your research reveal vulnerability in the various implementations of Java?
A. Yes, quite a few. Over the course of about two to three years, we found roughly a dozen of what I would consider serious security vulnerabilities in various versions of Java.
Q. What did you do with the results you found?
A. We do a number of things. We discuss and publish the results publicly. We discuss these results with the vendors
743 in order to help the vendors improve their products. We -- and we use them to feed into and motivate our research in the future, and I also use them in teaching.
Q. Where are the results published?
A. They are published in a number of places and in a number of different ways. Because there are a number of audiences who we would like to reach and who I think are interested in hearing about this, ranging from the public, the average user of this technology, on up to the sort of very advanced research community, so we use the method that in each case makes sense for talking to that constituency.
For the research community, we will publish papers in journals and so on, give talks at conferences. For the public, we will put articles on your website, talk to the press, whatever we think will help convey the information we have learned to the people who need to know it.
Q. When you describe the vulnerabilities, do you do so in a specific way, detailing what is wrong with the program?
A. Yes, we think it is important that the information about the vulnerabilities is available to people who have an interest in knowing about it. We think the public benefits from that kind of discussion in a number of ways, and so in each situation, we are as specific as we think we need to be in order to fully inform the public in the research community.
Q. Do you include code sometimes when you release the
744 results?
A. Sometimes. Sometimes we do. It depends really on the circumstances. It depends on what we think is necessary and appropriate in order to communicate our results.
Q. Now, looking at the Java project, did you disclose to the vendors whose products you looked at the result you found before you published them to the general public?
A. Well, we tried in every case. We were not always able to establish a communication with the vendor that was useful. In at least one instance, we tried to reach the vendor, tried to communicate to the vendor. What we found was we couldn't get through the public relations protective screen that they put up in front of their engineers. In other instances, we did disclose to the vendor because we thought under the circumstances that was the -- that was an effective way to proceed in order to serve the public interest. But we always disclosed the results of our research to the public very promptly.
Q. Why do you do that?
A. Well, we think we have a responsibility to do it. Early on in the process of our discovering these vulnerabilities and dealing with them, I was concerned about what was the right way to behave, what was the -- what was the ethical thing to do in this situation. And so I went and I spoke to an ethicist at the university, a philosopher who studies ethics,
745 and I had lunch with her a few times and tried to sort through what was the right thing to do in these type of situations.
The one message I took away from that was our prime responsibility ethically in this situation was to the public, to make sure that the public had the information they needed in order to make good decisions about what to do. And so my belief for a number of reasons is that the public is served by the disclosure of this information to all of the community that I talked to, ranging from the public itself down to researchers.
Q. Okay. What other benefits are there from publishing the result of your research?
A. I think there are a bunch of benefits that accrue to the public as a result of this. First of all, there are the more direct benefits. The public, after all -- first, the public, after all, is using these systems, and they -- and the public is making decisions about whether to use a particular technology, and I think the public benefits from making those decisions based on accurate information.
That is, if someone is deciding whether to deploy -- whether to install a Java virtual machine on their computer, they would benefit from knowing about the security of it. If someone is deciding whether to buy a DVD player, they would benefit from knowing about the security of the -- about the strength of the security mechanisms installed in it.
746
For example, if I know that the DVD players have weak security in them, I might decide that maybe I don't want to buy a DVD player now, maybe some new technology with better security is going to come along in a year and I will have to throw my DVD player away.
So knowing about the security, knowing about whether the security representations made by the vendors of these systems is accurate, and knowing about what are the risks of deploying a particular product, and understanding how things are likely to play out in the future, all help the public. And that comes from having accurate information about the security level of the product that they are using.
That principle really applies to anyone who is thinking about investing in a technology in any way. So it might be the member of the public who is thinking about buying something which is going to use that technology. It might be someone who is thinking of releasing content in the DVD format. It might be someone who is making a movie in the case of DVDs, understanding what they are doing when they sign away to someone the right to make DVDs with their work on it. It might be someone who is thinking of going into a partnership with a company who is using a particular technology. All of these people can make better decisions and more informed decisions if they actually know what are the implications of the decisions they are making.
747
An additional benefit to the public along the same lines is that over time, the public learns which products tend to have problems, which companies tend to release products that have problems, and they tend to develop a sense of which kinds of technology are likely to have good security and which are not, and that in the long run helps people understand what to do. If they can see the next security problem coming, then they can also make better decisions.
Q. Do you use the results you publish in teaching?
A. Yes. I believe rather strongly that in teaching students about computer security, how -- to design secure systems, you have to understand how systems really fail in practice, and I think there is a good analogy here to the engineering of buildings to stand up to earthquakes. If you are going to design a building that can stand up to an earthquake and not fall down, or you want to teach someone to do that, you have to understand how buildings actually fall down in earthquakes, which parts break and why, which of the engineering practices in building the buildings tend to lead to strong buildings and which don't. You have to look at that experience because that's the only way you can keep your education, your understanding from drifting off into theoretical irrelevance. You need to understand how things actually break in practice so you can avoid it in the future.
Q. Now, in publishing your results, have you ever published
748 code for a program that would exploit the vulnerabilities you have discovered in your research?
A. Well, I make a distinction here between publishing code that demonstrates the existence of a vulnerability and publishing code that actually lets you harm someone. That is, if you can demonstrate that a vulnerability exists, that that system does not do what the people selling it say it does, then that is a public good. And if you can do that without providing all of the steps that someone needs to actually hurt someone, then so much the better. So there is an important distinction here. We do and have published code that demonstrate the existence of vulnerabilities, but we have not published code that takes all the steps necessary to harm someone.
Q. Now, you mentioned before that you know what DeCSS is.
A. Yes.
Q. Could you tell us, what is DeCSS?
A. The DeCSS is a program that allows material on a DVD encrypted with the CSS system to be decrypted essentially.
Q. When did you learn about DeCSS?
A. I learned about DeCSS -- I don't recall the exact date -- I would estimate it was maybe in January roughly. And I learned about it from reading reports in the press and also from seeing Frank Stevenson's paper about it.
Q. Did you examine DeCSS to understand what it did?
749
A. Yes. At the time I got a copy of Frank Stevenson's paper, I got a copy of DeCSS, I read them both side by side to understand what was going on, to verify for myself that what Mr. Stevenson had said and what was reported in the press was generally accurate.
What Mr. Stevenson said was precisely accurate. What was said in the press was generally accurate. Just to understand what was going on, it was another one of those examples I talked about, about how systems fail.
Q. When you refer to Mr. Stevenson's paper, are you talking about Frank Stevenson's cryptoanalysis of the CSS algorithm?
A. Yes, that's what I meant.
Q. Did you learn anything about CSS upon examining DeCSS and Mr. Stevenson's paper?
A. Yes, I learned a number of things about it. First of all, I learned about how it worked, but I also learned about the level of -- relative level of security that it offered. I learned about what mistakes the people designing it had made, and that let me move on and think about the implications of those mistakes.
Q. Did you identify any particular flaws?
A. Sure.
MR. COOPER: Relevancy, your Honor.
THE COURT: No, I understand the relevance. Overruled. This does not go -- at least I'm not taking it on
750 the issue of robustness. Go ahead.
A. Okay. There are a number of mistakes that the designers of CSS made, starting out with designing their own cryptosystem, instead of using a standard well-established one that was known to be strong. That is a common beginner's mistake and something that I advise my students against.
Beyond designing their own cipher, using a 40-bit key is also a very significant mistake. It allows the system to be broken by a brute force attack. In addition to that, there was a third, more technical error that the designers made that Frank Stevenson describes in his paper. That allows the keys to be extracted with considerably less work even than a brute force search.
Q. Based on your experience, would you describe CSS as a security system?
A. Yes, it's a security system in the sense that I use the term. I use the term broadly meaning that it's any kind of system that's intended to control or restrict the use of anything, so in that sense, it is a security system.
Q. What does CSS protect?
A. What it does or what it was intended to do is to -- it was really two things. First of all, it was designed to prevent a CSS-encoded DVD from being played in any player which did not have the CSS algorithm in it. Second, it has the effect of preventing any use other than playing of the material on the
751
Q. Did it have any -- was it designed or intended to protect the material in the DVD from being copied?
A. It did not -- it certainly did not, nor could it have prevented the encrypted content from being copied to somewhere else to our disk, to another DVD.
THE COURT: Could you sit back about five more inches from the microphone, because whether you get too close, it reverberates.
THE WITNESS: Sure.
THE COURT: Thank you.
Q. You mentioned before that it prevents a person from having access to the material on the disk. Why would a person who has purchased a DVD want to have access to the material on the disk?
MR. COOPER: Objection, your Honor. It's not relevant.
THE COURT: Sustained.
MR. HERNSTADT: Your Honor, I think this goes to the various exemptions and other noninfringing uses.
THE COURT: Maybe it does, but this gentleman is an expert on computer science, not an expert on why somebody else might want to have access to a DVD file.
MR. HERNSTADT: Very good. May I approach the witness?
752
THE COURT: You may.
Q. Professor Felten, I am giving you Exhibit BBS which is the declaration of Professor Appel. I would ask you to turn to Exhibit B at the very back. Is that an article that you coauthored with Professor Appel?
A. Yes, it is, it's an article the two of us coauthored which we submitted to the copyright office in response to a request for comments related to the copyright office's opinion regarding the DMCA, and also a slightly modified version of this will appear -- I should say this, along with a little bit of explanatory material explaining what the DMCA is and so on, will appear in the Communications of the ACM Magazine in the September issue.
Q. What is that magazine?
A. Communications of the ACM is sort of the flagship magazine of the ACM which is the primary professional society for computer scientists. Every member of the ACM gets the magazine.
Q. What does ACM stand for?
A. Association for Computing Machinery.
Q. What do you discuss in this article?
A. The article discusses the -- the article discusses a number of reasons why scholars in various disciplines, including computer science, would want to, and in fact need to in order to do research, have access to the raw bits, the raw
753 text, if you will, of a copyrighted work in order to do various kinds of scholarship that do not infringe copyright.
MR. COOPER: Your Honor, if I may. If this testimony is going to proceed in this direction, it seems to me that it's outside of the scope of the expertise for which this witness is offered. It seems to me to address the drafting of the DMCA and the desire to have access to material protected by encryption rather than to the science of cryptography.
MR. HERNSTADT: I think this article addresses the scholarly uses to which he would put a program like DeCSS, and in all of its permutations, the research that he discussed earlier as well as the need for access to materials, in order to conduct research. I also -- it goes to an argument that we have made and will continue to make that fair use is exempted and protected activity by the DMCA.
THE COURT: The question of whether fair use is exempted by the DMCA requires the reading of the words Congress put on the piece of paper. It's not a matter for each side to bring in witnesses to testify as to their beliefs on the subject. So to that extent, I don't think it's a appropriate.
MR. HERNSTADT: If I may, I'm not presenting Professor Felten to discuss his beliefs, but, rather, examples of the types of activities that he would and has in his professional life undertaken.
754
MR. COOPER: Your Honor, it's not any of the four topics for which this witness has been identified and it's plainly outside of the scope for which he has been offered.
THE COURT: Well, what about that, counsel?
MR. HERNSTADT: Your Honor, this is within the scope of his discussion of the relationship between -- excuse me -- of scholarship, the importance of disseminating and making available information concerning the subject of such tests and methodology and results of testing. I think that this is addressing the needs of scholarship in perhaps a broader sense but it is certainly within the scope of what he was to talk about. The harm of scholarship that would result from not being able to undertake certain practices I think is part of the methodology of scholarship.
MR. COOPER: I don't think that's a fair characterization of what he is being asked to testify about. We accept that he is an appropriate witness to testify about issues with respect to publishing security analyses and so on, but I think this questioning goes to entirely different subjects, none of which go to the question of whether the defendants in this case have any potential fair use defense.
MR. HERNSTADT: Your Honor, I am prepared to move into evidence or request to move into evidence Exhibit B of the Appel declaration and allow you to make your own assessment of how it fit into this.
755
THE COURT: I think that's the appropriate course.
I take it, Professor Felten, that what you said in Exhibit B to Defendants' Exhibit BBS in fact represents your genuinely held views, correct?
THE WITNESS: Yes, it does.
THE COURT: All right. Well I'm going to receive it for whatever it's worth, but, Mr. Hernstadt --
MR. HERNSTADT: I'm going to move on.
THE COURT: Let me finish making the point. So what is received is just Exhibit B to Defendants' Exhibit BBS.
(Defendant's Exhibit B to Exhibit BBS received in evidence)
MR. HERNSTADT: I would request that we separate it and put it in as BBS-1.
THE COURT: Let's deal with that later. I would like to finish what I'm trying to say to you.
I think it is probably self-evident, or if not, close to self-evident that scholars could make use of some materials that might appear in digital form -- and I don't limit myself to motion pictures -- if they were free to circumvent whatever technological protections there might be that stand between them and the digital form of the material.
You now have this witness's view that that is so, and you have his article. I don't think you have to beat a dead horse on that point. You know, it goes or doesn't go wherever
756 you want it to go, and eight or nine more witnesses on the same point -- and I don't know whether that's what your plan is -- would be a little bit cumulative. Okay?
MR. HERNSTADT: Thank you, your Honor.
THE COURT: All right.
Q. Professor Felten, let me move on. Professor Felten, based on your experience and expertise in the area of security research, do you have an opinion as to whether the disclosure of the DeCSS program was good?
THE COURT: Sustained. Good?
Q. Whether there is a value, a public value to the disclosure of the DeCSS program?
THE COURT: Sustained. I have a lot of respect, based on what I've read of his CV and what I have seen here, for Professor Felten. But the last time I've looked he is not an expert on what the public values are and whether they are expert or not, the people who make those judgments in this society are called Congressmen and Senators.
Q. Professor Felten, do you have an opinion as to the impact of the disclosure -- the impact on the CSS of the disclosure of the DeCSS's program?
MR. COOPER: Your Honor, it's vague and I believe, if I understand it, beyond the scope of the expertise of this witness.
757
THE COURT: Look, Dr. Felten, would I be right in assuming that in your judgment, the disclosure of DeCSS code has been of some value to you and in your opinion others who follow the same line of work as you do from a scholarly point of view?
THE WITNESS: Yes, I think it has meaning in my research and in my teaching.
THE COURT: Is that what you wanted, Mr. Hernstadt?
MR. HERNSTADT: Yes.
Q. Could you explain how it has helped you?
A. Sure, I talked about in general about the benefits to research that come from a discussion of real system failures and why they fail and so on, and all of that holds true for DeCSS. I think it's a very instructive example for researchers. It's a benchmark against which we can hold up research which claims to improve practices or to improve designs. We can ask would this new method really have prevented this kind of problem. It has been useful to me in teaching. I have used it as an exam in my course, for example, as one thing students can study where they can see a real failure and think about why and how it happened and think about what they might do differently.
Q. Turning back to source code and object code, Professor Felten, what is source code?
A. I think of source code and object code as being sort of
758 two ends of a spectrum. There are lot of different languages in which you can express computer programs, and there are different styles of languages and computer scientists argue endlessly about which ones are better. There are also different levels of programming, like one talks about high level or low level.
Generally high level is referring to things which are closer to the level at which people tend to write programs. Low level means closer to the level at which computers execute them. But I don't think there is a clean distinction necessarily between source code and object code. It's kind of a continuum on which all of the different forms of computer languages can be placed.
THE COURT: Can I try it this way? This isn't the first computer case I have ever dealt with, and the understanding that I have always had runs something along these lines, and I would like you to tell me to what extent it is right and to what extent it is wrong.
My first proposition, computers operate in a binary environment; that is, everything is a one or a zero, right?
THE WITNESS: Yes.
THE COURT: That derives from the fact that various bit of silicon in the computer either have a positive electrical charge or a negative electrical charge, am I right?
THE WITNESS: Yes.
759
THE COURT: So in order for a computer to understand any instructions or data that a human being wishes to enter into a computer, it must be received by the computer in the form of a string of positive or negative charges or to put in common parlance, ones or zeros, right?
THE WITNESS: Yes.
THE COURT: Object code consists of that machine-readable sequence of yes/no, one/zero impulses, true?
THE WITNESS: Yes, that's the strict definition of object code.
THE COURT: Okay. Now people have a hard time understanding strings of ones and zeros in potentially almost infinite length. So source code is a language, whichever particular one it may be, that is less abstract and easier for human beings to understand than a string of ones and zeros, correct?
THE WITNESS: Yes, generally.
THE COURT: Okay. And whether through the process known as compilation or through some other process, whatever a programmer writes in source code gets transformed for the computer to operate upon into object code, i.e. the string of ones and zeros or positive and negative charge, true?
THE WITNESS: That transformation does happen but it doesn't always happen in one step. There are sometimes intermediate steps, intermediate languages, for example.
760
THE COURT: When you spoke of a continuum, there are computer languages that involve modes of expression or conveying information or instructions that are at one end of the spectrum close to English or some other spoken or written human language, and other types of languages that are much farther away from spoken and written language and much closer to but not quite get at the machine readable binary format?
THE WITNESS: Yes, that's the distinction between high level and low level.
THE COURT: Okay. Let's go, Mr. Hernstadt.
Q. Okay. Judge Kaplan identified source code as less abstract than object code. Is it in fact less abstract?
A. That's a hard question. I would say they are abstract in different ways. There are certainly some things which you can learn more fruit any from source code. I talked about high level and low level. There are sort of high level ideas about how the program is structured in general, sort of the architecture of it which you can generally get more easily from source code. But there are other things which you can learn more easily from object code.
Q. Can you read object code?
A. Yes, it's not as easy -- it's not the easiest language to read certainly. We teach students to read it and write it as part of their education.
761
Q. Are there parts of your research where you rely on your ability to read object code to get the information you need?
A. Yes. I should add that we do things other than read object code. We also execute it and you can learn a lot by doing that.
Q. You talked about the different programming languages. Is there -- is source code and object code, are they also types of languages?
A. Well, object code in the sense of the thing that the computer directly executes it. For types of microprocessors there is a single language. There are many different languages that you would classify as source code or sort of intermediate things. There is a huge variety of languages.
Q. What did you mean when you discussed source code and object code being on a continuum?
A. What I meant is that different levels -- different languages might, you might write programs that might be at different levels. Some are easier to read and write, some are closer to what the machine executes, and that in the creation of programs, you sometimes work with languages that are at a sort of intermediate level. You might translate a program from the language in which you wrote it into some other language, then read and modify it in that intermediate language, and then translate it again into the final object code. So it's not -- it's not a binary distinction between
762 source code and object code. It's not just it's this or that. There are in between stages, in-between levels of expression.
Q. And based on your experience with source code and object code, is it your opinion that object code is expressive?
A. Certainly.
MR. COOPER: Your Honor, in a legal sense, he plainly doesn't have that experience.
THE COURT: I don't take it in the legal sense. I obviously want to hear what he means by that.
A. So the way I interpret the question is can one computer scientist communicate to the other by the medium of object code. I think certainly the answer is yes. You can learn a lot from reading and analyzing and executing object code if you know how to do it, and so can you learn about what the author of the code, what the person who made that code intended the program to do, you can learn about how the program was constructed, you can learn about aesthetic and engineering decisions that the person made, and from all of that, you can learn things that the person who created the program put in there.
THE COURT: Dr. Felten, let me ask you this: Can one locksmith communicate information about a lock to another by providing a key to the lock?
THE WITNESS: I think you could -- I think in that instance, you could get some information about the lock from
763 the key, less information than you could get by taking apart the lock.
THE COURT: Go ahead.
MR. HERNSTADT: Your Honor, in fact I'm done. Thank you very much, Professor Felten.
THE COURT: Let's take our afternoon break. 3:15.
THE COURT: Okay. Mr. Cooper.
Q. Professor Felten, now you testified that your practice in the security analyses in which you have been involved has been to publish an initial report regarding the flaws you discovered and followed later by a more scholarly report, correct?
A. That's right, yes.
Q. And on occasion, you have included in your initial reports portions of source code to the extent necessary to explain your analysis, correct?
A. That's right. That's part of informing the public, as I described before. Sometimes in order to do that, you have to publish code, and so that people can look at what you've done so that they can evaluate whether what you are saying is true, and so that they can understand the implications of the flaw that you found.
764
Q. Am I correct that you have been personally involved in approximately 12 analyses where you discovered a flaw in an encryption or security system?
A. About 12 flaws, yes.
Q. Okay. And of the reports you published with respect to those 12, you found it appropriate to include portions of source code in your initial reports on three of those, is that correct?
A. Yes, approximately three. Those were the cases where we thought it was appropriate, where what we needed to communicate was best communicated in the form of code.
Q. And in every one of those instances, you were able to publicly and professionally discuss and demonstrate the flaws without providing people with the tools to take advantage of those flaws, correct?
A. Without providing people with all of the tools, yes. Without providing people, as I said, with all of the tools for actually harming someone. That's not to say that we did not provide code to demonstrate the existence of security flaws, which we did. I also should point out that we are talking now about the initial disclosure. Later we did scholarly publications and other kinds of publications and those more often included code and more detailed discussion of the flaws.
Q. Professor, you have never included the entirety of the source code of the exploitation of a flaw in any of your
765 publications, have you?
A. Exploitation in the sense of allowing someone to be harmed, no; but demonstration, yes.
Q. But you have never included in any of your publications the entirety of the source code in the exploitation outlined to defeat the security system you were discussing, isn't that correct?
A. I think I explained it as well as I could in my previous answer.
Q. But you are not answering my question, which is you have never had occasion in any of the analyses in which you have been engaged to publish the entirety of the source code which represented the exploitation of the flaw you were studying, isn't that correct, sir?
MR. HERNSTADT: Objection.
THE COURT: Sustained. I think there is a problem with the question.
Q. Do you know what an exploitation is in the encryption and cryptology area?
A. It's a term I've heard. I don't understand a precise definition of it.
Q. Do you have your own definition of that term?
A. It's sometimes used to refer to a demonstration. Sometimes it's used to refer to what I'll call a fully damaging piece of code.
766
Q. Okay. So let's use it in the latter instance, a fully damaging piece of code. You would agree, would you not, that in either source or object code form a utility that was designed to actually exploit a discovered flaw in a security system would fall into that latter category?
MR. HERNSTADT: Objection to the form of the question.
THE COURT: Overruled.
A. Something that was designed to actually say reformat someone's hard disk or to actually infringe someone's copyright, no, I have never actually -- I would put either of those in the latter category and I've never released that kind of code.
Q. Okay. In source or object form, correct?
A. In source or object form, I've never released code which allows someone to take all the steps needed to harm someone.
Q. In fact, in all of the instances in which you were involved in encryption analysis, you deliberately avoided providing people with the tools necessary to break the system you were studying, correct?
A. Yes. I made -- in all these instances, I made a deliberate decision not to provide all of the steps to harm someone. To connect this to DeCSS, my understanding of DeCSS is that it is more in the line of a demonstration as I've used the term. It does not distribute code which has been -- which
767 has been -- I'm sorry -- not code -- it does not distribute content that has been taken from a DVD.
Q. No, it defeats the encryption on the CSS system and that's all it does, isn't that true, Professor?
A. What it does is it allows material to be decrypted, and I'm obviously not here to talk about whether that's legal. But in a sense that I understand the distinction between demonstration and exploitation as you defined it, I think it falls in the demonstration area, because it does not copy and distribute copyrighted material.
Q. No, it circumvents the certain security system that's intended to protect that material, doesn't it?
MR. HERNSTADT: Objection.
THE COURT: Sustained. It's argumentative.
Q. Professor, in your view, the distribution of a fully functional set of code that allows one to break a security system is unethical, correct?
A. I think it depends on the circumstances. As I said before, you have to look at the circumstances and understand what it is necessary to communicate in order to inform the public, in order to inform the research community, and I can imagine situations in which the only way to do that was to distribute code which was a full exploitation in the sense that you determined, and then I think you'd have to face a sort of balancing decision. So I can't say that it would
768 always be unethical in my view to do that.
Q. Didn't you testify at your deposition to the effect that you never provide a tool which lets someone take all of the steps in breaking into someone's computer and doing damage as a result?
MR. HERNSTADT: Can we have a page and line?
THE COURT: Come on, Mr. Cooper, follow the rules.
MR. COOPER: I'm referring to Exhibit AZL, page 69, line 15 through 18.
THE COURT: Read it.
"Q. We did not provide, we never provided a tool which let someone, which gave someone all of the steps of breaking into someone's computer and doing damage."
A. Could you repeat the question about that passage, please.
"Q. But in all of the 12 instances where you were the discoverer of the flaw and you were involved in one way or another in the ultimate public disclosure of that flaw, in no instance did you find it necessary to provide people with the tool to take advantage of the flaw in order to describe it, discuss it, illustrate it or analyze it, right?"
You did testify in that fashion, didn't you, Professor?
MR. HERNSTADT: Objection.
THE COURT: I don't get it, Mr. Cooper. What you just read, if I understood it, it was a question, and
769 witnesses don't usually testify by asking questions.
MR. COOPER: His answer, if I may repeat the answer: "We did not provide, we never provided a tool which let someone, which gave someone all of the steps of breaking into someone's computer and doing damage."
THE COURT: Answer?
MR. COOPER: That was the answer.
THE COURT: That was the answer. Okay. Got it.
Q. Next question: "Q. And you, you deliberately avoided doing that, isn't that true? "A. That's correct."
THE COURT: Next question, counselor.
Q. You were also able to teach and discuss security flaws in your classroom with your students regarding CSS without at any time operating DeCSS as an executable utility, isn't that correct?
A. Yes. In order to do the teaching that I did in that course, I did not execute DeCSS as an executable utility. Again that's not to say that in general one would never need to execute something in order to teach about it, but given what I decided to teach those students in that limited time about, I did not need to do that.
Q. It wasn't necessary for you to use the executable utility in order to discuss what you chose to discuss regarding those
770 flaws, correct?
A. I didn't use the software in the classroom in the sense of executing it. What I did was I got DeCSS and I got Frank Stevenson's paper, I read them myself, I understood the situation, and based on my access to those materials and my understanding, I was able to teach the students about CSS and DeCSS.
I informed the students that this code was available on the network and I informed them that if they wanted to study it, they could study it. I don't know what they did as a result of that. Certainly, as with everything in my course, it was obviously not okay for the students to infringe copyright, but I would not be at all surprised if some of the students chose to do that kind of investigation themselves based on my telling them that the code was available.
Q. Now, it's possible for you in your work to communicate with other interested parties in your field regarding subjects that you are researching and to maintain an ongoing dialog with those parties through other means than posting material to the public Internet, isn't that correct?
A. It is true that once I know about someone and once we have established a sort of relationship, I can communicate with them by e-mail. But as I discussed before, it's not the case that there is a small community of people, all of whom know each other, who are interested in this material and who are
771 doing research on it the way that the people working in this field discover each other is to read each other's publications. That's the way science works. You publish openly and many people who you know read what you publish. Some people you don't know read it. The only way to reach that audience, the only way to find those other people out there working on that topic is to publish in such a way that they can read it.
And can I certainly tell you that I read my colleagues', at other universities and companies, I read their website to learn what they're up to.
Q. And if you have a particular interest in any of the areas in which they are involved, you communicate with them directly to get further information, correct?
A. In general, yes, but I don't know that it would be fruitful to ask someone about something until I have seen what is on their website.
And I should add I may be in an unusual position. If this is a person I know and I send them some question, some comment on their research, they are likely to take it seriously, read it, and give me an answer. But if it's someone who doesn't know me, they are going to -- they are going to -- if it's someone who doesn't know me, and I want to comment on their work, they are not necessarily going to be willing to spend an afternoon on the phone with me explaining
772 their work. The reason that stuff is put out there on the web is to be read. It's to be read by a lot of people, and I frankly don't want to have to explain to everyone who asks over the phone or by e-mail all of the details of the research that I've done. It's not efficient. It doesn't make sense.
MR. COOPER: I don't have any further questions at this point, your Honor.
THE COURT: All right. I have one, I guess two.
You've got networks at Princeton?
THE WITNESS: That's correct.
THE COURT: You've got networks for the faculty in the academic buildings, and then is there a separate one for the dormitories?
THE WITNESS: Yes, there is are networks in the dorms.
THE COURT: What are the speeds?
THE WITNESS: The dorm networks are generally ten megabits per second to each desktop. In the computer science department, I can speak to what our network is for the researchers. We generally have within the building 100 megabit per second links. Of course there are links between the buildings and links between the university and the outside world which have to be shared among all those people. So, for example, in the computer science building from point A to point B in the building we might have 10 megabits per second
773 on a really good day, but there is a link going from the computer science department to the outside world which has to be shared with everybody else in the building.
THE COURT: What is the speed of that?
THE WITNESS: I don't recall. I better not guess.
THE COURT: Okay.
THE WITNESS: If that's helpful, my colleague, Professor Peterson is going to testify later. He knows all this stuff much better than I do.
THE COURT: You were last at the University of Washington how long ago?
THE WITNESS: 1993.
THE COURT: I guess any questions about the speed of their network seven years ago is kind of like asking about dinosaurs, right?
THE WITNESS: Well, seven years ago what we had in our research building was 10 megabits per second inside the building.
THE COURT: You are familiar with speeds at any other universities in the last year per se?
THE WITNESS: Not particularly any other university. I know generally what the technologies that are used, but I can't speak to any specifically to any other university.
THE COURT: Generally.
THE WITNESS: Generally the technology within a
774 building is going to be either 10 megabits per second or 100 megabits per second on the ethernet. That's the most commonly used technology.
THE COURT: Okay. Thank you.
Any further examination Mr. Hernstadt?
MR. HERNSTADT: No, your Honor, thank you very much.
THE COURT: Okay. The witness is excused. Thank you.
THE WITNESS: Thank you.
THE COURT: Next witness, please.
MR. HERNSTADT: Our next witness is Mr. Goldstein.
DEPUTY CLERK: Please state your name for the record.
THE WITNESS: My pen name is Emanuel Goldstein.
My given name is Eric Corley.
THE COURT: What is it?
THE WITNESS: My pen name, writing name.
THE COURT: So the record is going to reflect, Steve, that the witness's name is Eric Corley, which is the name he is captioned under.
775
Q. Mr. Corley, tell me something about your background.
A. I'm an English major. I graduated from the State University of New York in 1982. I have worked --
MR. GARBUS: Excuse me. Can we have a small bench conference just for a moment?
THE COURT: Yes. You and Mr. Gold. Is this your witness, Mr. Gold?
MR. GOLD: Yes, sir.
MR. GARBUS: Mr. Corley has, as I understand it, an arrest when he was a child as a juvenile which was dismissed, an ACD case, I have never been able to find the file of it. He testified to it at some length because I permitted it at deposition, but I would make a motion that that be excluded at this time. I don't know whether Mr. Gold intended to get into it or not.
MR. GOLD: In the deposition there was testimony about -- I think it was an indictment, was it not? I think so.
MR. GARBUS: I don't know what it was.
MR. GOLD: I did not get the impression that he was a youthful offender or he was below 18, but the nature of the offense I think is one that reflects --
THE COURT: Let me just find out something. Do you propose to use this?
776
MR. GOLD: On cross, yes, but there was a confidentiality agreement and I --
THE COURT: What in particular do you propose to use on cross? Was there a conviction?
MR. GARBUS: Do you have a record of a conviction?
MR. GOLD: I think there was a plea, wasn't there?
MR. GARBUS: As I understand it, he was treated as a youthful offender and it was an ACD, it was an adjournment in contemplation of dismissal and there is no criminal record.
THE COURT: Is there a conviction?
MR. GOLD: I think there was a plea, your Honor, and I would have to check the transcript. If you give me two minutes. But it was for breaking into a company computer system, and I think it has relevance.
THE COURT: How long ago is it?
MR. GOLD: I don't remember.
MR. GARBUS: It was back -- he was I think about in his early 20s.
THE COURT: How old is he now?
MR. GARBUS: I think he is in his mid 40s. I don't remember exactly. I would have to ask him.
THE COURT: He is obviously going to be on the stand more than the next hour, right?
MR. GARBUS: I think so.
THE COURT: Well, you guys figure out what the facts
777 are tonight. Rule 609 governs this as to the conviction, and if memory serves, Rule 608 deals with the prior bad act issue. This is not terra incognita.
MR. GARBUS: Can I hear the last question, please.
A. I will just take it from the top. I graduated from the State University of New York at Stonybrook 1982 with a Bachelors of Arts in English. I have worked in various newspapers, including campus newspapers, community newspapers. I have written numerous opinion pieces and other such articles for newspapers such as Newsday, and since 1984, I have been publishing 2600 Magazine. I have worked in radio since going to the State University of Stonybrook since 1977, and I currently work for WBAI in New York.
Q. How old are you?
A. I'm 40.
Q. Did you work for the Stonybrook Press?
A. Yes, that was one of the newspapers I worked for, one of the campus newspapers.
Q. And have you ever been a broadcast journalist on WUSB?
A. Yes, WUSB is the university station at the State University at Stonybrook.
Q. And how long have you been publishing the Hacker Quarterly?
A. Since 1984, which I guess is 16 years.
778
Q. And do you know approximately the circulation of that?
A. Presently, including newsstands and subscribers together, I would say probably about 60 to 65,000.
Q. And do you have any sense of who your readers are?
A. From meeting them at various gatherings, 2600 meetings, conferences, I would say they are all kinds of different people from 12 year olds to CIA agents, to foreign intelligence to corporate executives, all kinds of people seem to be fascinated with this.
Q. Now, did you serve as the music director for WUSB?
A. Yes, in 1980 to '81 school year, I was music director. The year after that, I was program director of the radio station.
Q. And in 1984, did you organize a Convention of alternative presidential candidates in Stonybrook?
A. That's correct. We invited everybody who had registered to run for president to gather in one place at the same time. There were something like 219 candidates and about two dozen of them accepted.
Q. Did you ever write a play?
A. I have written -- among the things that were publicly, no. I have written a lot of things that haven't been released. But the one major thing that was publicly released was a radio play called Shadow of Long Island.
Q. What did it deal with?
779
A. It was kind of an H.G. Wells type of a thing where in realtime, people dealt with the effects of an accident at a nuclear power plant and since at the time, I believe it was 1985, that was a big controversy on Long Island, it was something that got a lot of attention, a lot of interest.
Q. And with respect to the Hacker Quarterly, why did you create it?
A. Well, I saw the need for information to be spread beyond computer nerds, people who are just simply calling into bulletin boards. Back in 1984, which is when the magazine actually started, in order to take part in this kind of a thing, you would have to call what is known as a BBS system, and they could only handle one caller at a time which means many times you would spend the better part of a day just waiting for a busy signal to go away. You would have to keep trying. There was no repeat dialing function. You would have to keep dialing over and over again, and the speed was very slow, something like 300 baud.
So I thought it would be nice, because these people had so much to say, if there is way a forum for them to say it and actually read it on paper, and since nobody else was doing that, I figured why not.
Q. And has the Hacker Quarterly been quoted or featured in any other newspapers?
A. Yes, we have been quoted quite a bit.
780
Q. Where?
A. I couldn't even begin to tell you all the places. Every major newspaper and magazine I could think of, Time, Newsweek, the New York Times, Wall Street Journal. I'm sure we are in quite a few this week. We are always being quoted for our opinion on various things that are happening in the world of technology, whether it be things like the Melissa Virus, a case like this, a conference like we've just had. There is always something going on in the world of technology, and our view seems to be something that's of interest.
Q. You say a conference you just had. Can you tell me what that was?
A. We just had a conference this past weekend uptown at the Hotel Pennsylvania where we had people gathering from all over the planet to talk about the newest technological issues an just basically to trade information, learn, and I think it was a big success, we had something like 2300 people show up.
Q. This was run which by the hackers? This was sponsored by 2600 --
A. Yes.
Q. Have you also been on a major broadcast and cable network?
A. Yes.
Q. Do you remember which ones?
A. All of them I think. Basically I was on Good Morning America, Nightline, CBS Morning News, Charlie Rose. I can
781 keep going on with lists, but I think most of them I seem to have been on at one point or another.
Q. Do you recall what the Washington Post, back in February of 2000, said about you after were you sued in this case?
A. I think they referred to us as, I might be confusing it with another story, but I think they referred to us as the hacker's bible or something, along those lines.
THE COURT: I hope we are not going to get into an assortment of what various people have said about the defendant, since he has been sued in this case.
MR. GARBUS: We are past it. I don't think so.
Q. And how long have you been at BAI?
A. I first walked into WBAI in 1988 and I haven't left since.
Q. When you were on these various television shows, Charlie Rose and cable, what was the subject of your discussion?
A. Like with the newspaper articles, different things depending on what was happening in the news that particular time, such as the Michelangelo Virus which was in the early 90s, or some panic over some possible security hole in a computer system, or even something like an area code change can, for some reason -- people come to us for explanations on things like that. So depending on what was in the news at that time, we get calls virtually every day from media people wanting us to comment on one thing or another, and depending on my schedule, I try to answer as best I can.
782
Q. Is it fair to say that you are called on those shows as an expert in the computer area and the technology areas?
A. That's what they call me. I don't consider myself a computer expert. I consider myself a journalist. But they -- I've never taken a computer course or anything like that. I majored in English, so I answer the questions as best I can, but there are people with infinite amounts of knowledge in the technical field beyond what I could imagine.
Q. When you posted DeCSS, did you know whether it would work or not?
A. No, I had no idea if it would work. The reason we posted the source code and the accompanying story is because it was already a story. I believe it had already been out a month at that point, and we saw this and the reaction to it, people having their websites shut down, their pro Internet service providers being threatened, their schools being threatened, we saw that as a fascinating story, and we printed that story, we printed what the story was about, which was our source, our primary source, here is what they are talking about, here is the source code.
Honestly, if someone had given me 20 random numbers and said this is the program, we would have printed the 20 random numbers, if that's what everybody was talking about. I have no knowledge if the program worked or not, but that wasn't the story. The story was the reaction it was causing.
783
Q. And as of today, do you know whether DeCSS works?
A. I have heard conflicting things, even in this courtroom. I don't know anybody myself who has gotten it to work, and I don't know very many people who have even tried to get it to work. I believe it can work if you spend a lot of time on it, but I'm sure there are much easier ways to accomplish bad things, if that's what you're trying to do.
MR. GOLD: Your Honor, I move to strike the answer. It was full of speculation and he is not an expert witness as he admits.
THE COURT: Strike everything after "I've heard conflicting things."
Q. Now, have you ever sold a copy of a DVD disk that has been de-encrypted through DeCSS?
A. No.
Q. Have you ever sent out a movie on the Internet as a result of your having used DeCSS?
A. No.
Q. Now, you talked about working on WBAI. How long have you been there?
A. Since 1988.
Q. And is the name of that program "Off the Hook?"
A. I started doing the program later that year in 1988 as a special broadcast. It became a series in 1991, I believe. I have also worked in the news department and as an engineer
784 over there.
Q. What does that program deal with?
A. It pretty much deals with similar things that the magazine deals with, new developments in technology, security holes, Orwellian aspects of today's society, people's privacy being abused from all different angles. And what I like to do with the program is reach people who have absolutely no background in technology as opposed to the magazine. When I go on the radio, anybody could be listening, and I find that many people find it very fascinating to be hearing our perspective, and we believe in explaining things to whoever will listen. So people call into the radio show, we explain exactly what we're talking about, sometimes they feel moved to come to one of our meetings, which are once a month, and we make friends that way. We explain how technology works from our perspective.
THE COURT: When you say you worked at WBAI as an engineer, did you work there as a broadcast engineer who ran a panel or some sort or some other kind of engineer?
THE WITNESS: A broadcast engineer, someone who actually controls the board in the control room.
THE COURT: Thank you. Go ahead, Mr. Garbus.
Q. Now, have you participated in any panel discussions on computers and the Internet-related issues?
A. Yes, numerous ones over the years.
Q. Tell me some of them.
785
A. There are the annual computer freedom and privacy conferences. There was one I believe called Open Source Solutions in Washington D.C. There was -- I don't recall the names of the ones overseas that I attended. I know there was one in Amsterdam and a couple of them in London as well.
Q. Have you also been on NPR, All Things Considered and World News Now?
A. Yes, I have.
Q. Have you ever lectured at any university?
A. I have been a guest, a guest lecturer for various classes at New York University, Seton Hall, the State University of New York at Stonybrook.
Q. Have you ever testified before any committee of the House of Representatives?
A. Yes, I testified before the house committee on technology and finance, I believe, and that was in the early to mid 90s. I don't have an exact date.
Q. Other than the conference you just mentioned before, have you organized any other conferences?
A. Yes, that was our third conference. The first one was in 1994. The second one was in 1997.
Q. And can you tell me the title of the first one?
A. The title of the first one was called HOPE. That stood for Hackers On Planet Earth, and we had -- it was the first time ever that this country actually a conference like that
786 had been organized. I had drawn inspiration from some of the conferences I had seen in Europe where people gathered together and exchanged ideas in a free and open manner and learned from each other and were guided in positive ways, at least in my view, and in 1994, I thought it was a great success as far as that went, and then it takes time to organize these thing so we only do it every three years.
Q. And what was the second one?
A. The second one was a sequel to HOPE and we called it Beyond HOPE and basically it was a continuation, the same kind of a thing. We like to stress international cooperation. We have people come over from different parts of the world and tell us what is your phone system like, what do you dial to make things work and connect to various things, how does your billing system work, do they -- in what ways does the phone company do evil things to you, you know, various things like that as far as technology and privacy invasion and things that we find ordinary people are concerned with increasingly today. So, we just basically get these people together, trade information, invite the public.
Q. And the sponsors of both of these conferences and the third conference was 2600?
A. Yes, that's right.
Q. Where did you get 2600 from?
A. 2600 was a frequency that was used a long time ago back in
787 the 1960s and basically anyone who would transmit a 2600 hertz tone over a long distance trunk connection would find themselves put into what is known as operator mode where they could then explore the entire phone system, and basically route themselves to operators, to all kinds of mysterious things that were out there. It doesn't work anymore, but it's kind of a mystical thing from the past that people still talk about.
Q. And your pen name, Emanuel Goldstein, where does that come from?
A. Emanuel Goldstein was a character in 1984, the book by George Orwell. He was supposedly the leader of the underground, and it was kind of a cool name to take back in the mid 80s, although I should point out in the end of the book, it turned out he is actually a figment of the government and he is entrapping everybody. That's another story.
Q. Did you take the name before you finished the book or after you finished the book?
A. Actually I read the book about four times when I took the name.
Q. Now, tell me some of the people who have spoken at the conferences that you have organized?
A. We have had people like ex-CIA Agent Robert Steele, cryptologist Bruce Snyder. At the most recent conference, we had Jon Johansen who is here from Norway. We have had many,
788 many people. My mind is kind of drawing a blank when I try to call them all up, but we have had journalists, people from major television networks talk about how they cover stories and how they might get misperceptions about what hackers are all about.
And we try and bring these people together, whether they are representatives of the government, people from different countries, 12-year-old kids who are just learning something, we try to bring them all together in the same room so they can share information and bring something out of that, and we find that many relationships are forged from this that last for very long time.
Q. You mentioned Bruce Snyder. Can you tell me who he is?
A. He is an encryption expert. He has written several books. Unfortunately he wasn't at the most recent conference. He was here in 1997. And I understand his knowledge could fill a room as far as what encryption is all about.
Q. Have you seen his affidavit in this case?
THE COURT: At what level of compression?
THE WITNESS: Any level I think.
A. He is one of those people that I'm in awe of, and many of the people who come to the conferences are like gods to me. They are people that just have so much knowledge and have done so much, and I'm just -- I'm honored that they come to my conference and share their information.
789
THE COURT: Mr. Garbus, I think we would save time if we didn't just have testimonials to one's witnesses. I can imagine the rebuttal case.
Q. Now, have you also written freelance pieces for magazines?
A. Yes, I have written pieces occasionally for local newspapers, the New York Times, Newsday, and a couple of foreign magazines as well. I wrote something for a Japanese magazine a few years ago, something for magazines in England and Holland, I believe as well.
Q. Now, do you in your magazine tell your readers about the acts that -- the Hackers Act and the consequences of those acts?
A. I'm sorry. I don't understand the question.
Q. In other words, in the Hacker Quarterly, do you tell your readers the kinds of things they should and shouldn't do?
A. Well, we try not to be too moralistic. What we mostly do is print information. We have an editorial at the beginning of every issue where we expound on various thoughts, which is something that I write, and also in the replies to letters in the magazine, which is also printed every issue. If we give any kind of moral guidance or judgment, that's where it is, but in the actual articles themselves, it is more or less a compilation of material that is already out there, and we kind of present it to the people to show them this is what people are saying, this is the information that's out there, this is
790 how systems supposedly work or don't work. And people write in with corrections, they write in with additions, and we have a dialog going based on that.
Q. Now does the name Mark Trapenhagen mean anything to you?
A. Not offhand.
Q. When did you start to put up the website?
A. Our website I believe first went up in 1995.
Q. Tell me about that. Why did you put it up?
A. Well, back in 1995, websites were just pretty much starting to become popular, and we figured, you know, we are a computer magazine, we really should be doing this. We had just had our first conference the year before, so we had enough money lying around so we could buy a machine and put it up on the net. It was an extremely slow connection, but we realized quickly that a lot of people came to our site to see what we had to say. So we did our best to make it interesting.
Q. Now, can you tell me at the present time how many hits that site receives, how many unique visits?
A. Well, I can only estimate because we haven't kept logs since last summer on that kind of a thing. We have what is known as a counter on the front page and what we would do is run statistics on it once a week, and that would take such massive amount of memory that it would wind up crashing the machine every Sunday night at midnight.
791
So we figured it wasn't that important to know exactly how many people were hitting us. We had a general sense that we had something on the order of 10,000 unique hits a day. That means 10,000 different visitors coming to our site, maybe seeing a few different pages but only being counted once.
Q. Now at some point in time, there was an order entered by this Court that you take down the DeCSS code. Do you recall that?
A. Yes, I do.
Q. Prior to that time, did you print source and object code?
A. Of the DeCSS?
Q. Yes.
A. Yes.
Q. And when the Court ordered you to take it down, did you take it down?
A. Yes, we did.
Q. And after you took it down, did you continue to have links to other site?
A. Yes, the links remained up.
Q. And did you increase -- were the number of links increased after the court order?
A. We had a large number of people submit new links and we tried to keep up with it, but after a while it just became too much and we just kind of left it in whatever state it was in
792 at that time.
Q. Whether you say submit new links, what do you mean by that?
A. Well, we had a facility for people to tell us if they knew other sites or if they were running a site and they wanted to be included on the list, we had that on our main page, and people were submitting that from the very beginning, ever since it first went on line I think back in November or December, and after we took the material off of our website, it increased 20-fold at least and we just didn't have the resources to continuously update things like that, and we felt pretty much if people wanted to find DeCSS, they could easily do it. It wasn't an issue anymore.
Q. Now, by the way, do you own some domain names?
A. I own quite a few domain names, yes.
Q. What are some of those names?
A. Well, gee, all the 2600 possibilities, .net, .org, .com. I also own the WUSB site. I maintain their web page. And there are also some rather humorous ones with some nasty language in it, and I should explain why that is. NSI is the registrar, Network Solutions Incorporated and up until last summer, they were the only registrar in this country. You had to submit your domain names through them. They had a policy on language. They wouldn't allow certain words to be used as domain names and some people objected to that, they thought it
793 was a form of censorship, but what was interesting was late last summer, all of a sudden, there were new registrars. It was opened up to all different companies, and many of those company allowed you to register whatever name you wanted to. So there was kind of a race for about two days, people registering every possible four-letter word they could think of, and I admit I was part of that race, because I basically thought it was kind of interesting. But we never tied it into the magazine in any way. That was more a personal hobby for me.
Q. Can you give us some of the domain names, because they will ask you on cross, we may as well get rid of it now. Go ahead.
A. Well, gee, many of these I haven't even looked at in several months, but I know fuckingmorons.com is one of them. We put some -- before the names of various famous corporations, I think Microsoft might have been one of them, but I'm not sure, somebody beat us to that one, there were a few others. I really have to look at the list because I don't want to misspeak and say somebody else's name is mine, but there are quite a few. There were maybe a dozen or so.
Q. Now, let me show you, if I can, documents marked as Plaintiffs' Exhibits 113, 114, 115, 116, this looks like 1.11, 1.1, 1.2, 1.4, 1.6, 1.8, 1.7, 1.5, 1.3 and 1.12. I don't think that there are other copies around. Are there? I think
794 these are the only copies.
And I would ask you to just briefly go through the magazines, look at the green tags and tell me what those relate to.
THE COURT: Are you offering them in evidence?
MR. GARBUS: I would, your Honor, yes.
MR. GOLD: I have no objection.
THE COURT: They are not offered for the truth, I take it.
MR. GARBUS: They are offered -- right.
THE COURT: They are offered as examples of the magazine.
MR. GARBUS: Yes.
THE COURT: They are received on that basis.
(Plaintiffs' Exhibits 113, 114, 115, 116, 1.11, 1.1, 1.2, 1.4, 1.6, 1.8, 1.7, 1.5, 1.3 and 1.12 received in evidence)
A. Do you want me to go through all of these?
Q. Just briefly go through where the green stamps are. Those are the places where you discuss things at your deposition. By the way, are real names or true names used in the magazine?
A. That's entirely up to the author. If the author want to submit their real name, we will print their real name. If they want to submit an alias of some sort, we will print that. It's not our decision to make. It's entirely up to them.
795
Q. Whether they submit letters to you and articles, is that the same thing?
A. Yes.
Q. Do you in any way check out the accuracy of the information?
A. Only to the point of if they are talking about a particular operating system, does that operating system exist, is the theory that they are expounding somewhat sound. It's impossible with our staff to test out every single theory we get, which is why a lot of what is printed is theoretical in nature. It's something that this is how I believe the system works and we present it. Invariably, we get people writing back saying, no, this is really how the system works and then we have a dialog going on different theories as to operating systems, computer networks, telephone systems, whatnot.
Q. When you say -- who is the 2600 staff -- by the way, you are located out in Long Island?
A. Yes.
Q. Who is the staff out there?
A. Well, we actually -- I am the editor and publisher.
THE COURT: Mr. Corley, can you back away from the mike a couple inches. Thank you.
A. I am the editor and publisher. I have an office manager, and I have someone who works on technical things on the system occasionally.
796
Q. Is it fair to say this is basically a one-man operation?
A. I wouldn't say it's entirely a one-man operation, but me being in the city actually has made it slow down to a trickle, so I'm definitely the person that does things out there, and everything else kind of is part of that in one degree or another.
Q. And are you one of the people who write the materials that goes up on the website?
A. The website, yes. I write some of the material that goes up on there.
Q. Tell us just now by looking at the green tabs some of the stories that are in the Hacker Quarterly?
A. There is a story called Cellular Interception Techniques which basically goes into how cellular telephones work, how cellular calls can be intercepted. It goes into the Electronic Communications Privacy Act which makes such interception illegal. It goes into how anyone with a television set from the 1970s can use that television set to intercept cellular phone calls. It's not exactly an advocacy piece in any way. It's very technical in nature, and I think you come out of this with an understanding of the law and the understanding of the technology and an understanding of the risk if you choose to use this particular type of cellular phone. This is from 1995. It's not used very frequently anymore. I like to think maybe this had something to do with
797 it, because the way cellular phone calls had been made in the past was extremely insecure, and there wasn't enough being done to protect people's privacy.
Q. And by the way, with respect to companies or utilities that you have written about, have officers from those companies ever contacted you concerning the materials that have been written?
A. Well, I would have to say I've gotten more personal contact such as at conferences and meetings with people who say they love our magazine and they read it to find out all the latest possible problems with their systems. Occasionally we get people that threaten us and say you can't print this, but upon challenging them, they have always backed down.
Q. And have any corporate executives ever told you that they read your magazine for the first time and found out about flaws in their product?
A. Yes, but also a lot of network engineers and they are the ones who actually make the changes.
Q. Go ahead, continue.
A. I'm not sure if this is the article you wanted me to read. It's entitled Imaginary Friends, and I'm not really sure -- is this from 1996?
THE COURT: It's very high tech.
THE WITNESS: Yeah.
A. I think this is going into how to tell the phone company a
798 different name to list on your account. Basically this is for people who are paranoid about being on any kind of a list, and this is a way that you can make up a fake name, not for purposes of fraud but for purposes of privacy, so that when people call you on the phone, they ask for the fake name and you know because they do that that they are looking at a list of names and they are not really trying to call you. So this article goes into how TRW compiles information, what the phone company does when they open up an account for you, how to have an unlisted phone number be really unlisted so your name isn't on any list anywhere.
Q. Did you write either of these two articles?
A. No, I didn't. If I wrote them, I would remember them, but I just remember them vaguely.
Q. Is it fair to say that the magazine is basically an anthology of articles that you received?
A. Yes, I was looking for that word before. Anthology is probably the best way. Probably the Readers Digest of the hacker's world. We don't say that everything that is in these articles is 100 percent correct. We have guidelines for the articles, such as we don't print articles that espouse destruction or immature acts or just various bad things.
MR. GOLD: Your Honor, I am having a lot of trouble finding out what question the witness is answering in most of these. There are long speeches going on. I was wondering if
799 the Court would request that the witness answer the question that was asked.
MR. GARBUS: Let me see if we can help.
Q. Have you described the article that -- are we still on the same article?
A. I had put that one down, but can I go back to it more in a moment.
Q. Let's go to the next article. Tell me what the next article deals with?
A. Snooping Via MS Mail. This is from 1996 as well. I believe what this does, this describes a product known as MS Mail which various companies use, and how people's mail can be intercepted on that and spied upon. And this is an example of an article that can be used in two ways. We print the information. It can be used in a good way; that is, users can learn about privacy, they can figure out ways to prevent them from happening. Or it can be used in a bad way, someone can take this an actually start spying on people.
We don't have a big moral discussion about what is going to happen with the information we print, because the information is already out there. As I said, we are more or less an anthology of what is being distributed and we like to think that by printing this information, we wake people up.
Q. Let's go to the next article.
A. This is similar to one before, Tips on Generating Fake ID.
800 This more or less goes a little bit outside the boundaries of what we usually talk about because it's not really related to computers or telephones, but it does have relevance in that it talks about how people fool the system, how people get around restrictions, and the article is written in kind of an interesting tone.
It starts off, so you want to get drunk this weekend or buy some cigarettes, etc., like that. This kind of is on the boundary of what we print, the guidelines I mentioned. I saw this as rather humorous, as a person being somewhat sarcastic because, yeah, the only thing can you possibly do with fake ID is buy cigarettes and get drunk. But I also saw a lot of really good technical information here, websites that are referenced, and if you are looking for somebody who is doing this, this article will tell you what they're up to and how it works. And I think it's something that is widespread enough that you can't just ignore it and pretend it's not out there. So that's the reason we printed that.
Q. Go to the next one.
A. This is more recent, so I should remember this one. Okay. This is an editorial entitled, The Next Chapter from our Spring 2000 issue. This basically deals a lot with the MPAA case. I'm not exactly sure if you want me to read the entire thing. It's rather large.
Q. Just tell me what it's about.
801
A. It's an editorial that I wrote and it kind of brings together various issues that were going on at the time, including the case of Kevin Mitnick who was a computer hacker who was in prison for five years. That has drawn to a close at almost the exact same time as this case has started.
We also touch upon various other laws that are being passed that we see as being a bad thing, such as California's three strikes laws which allows people who have committed three crimes, even if they are not violent crimes, to be imprisoned for life. So the piece is kind of more of an editorial which covers it all and ties it together in a nice, neat little package.
Q. Turn to the cover of the magazine.
A. Oh, yes, this is our kind of spoof cover of the MPAA screen.
Q. Do you sell T-shirts?
A. Yes, we have T-shirts that are similar to this. In fact, we used them to raise money for the defense, and we don't mean any offense by it, it's just kind of a political cartoon that we came up with, and I think most people see the humor in it.
Q. Can we go to the next one.
A. I think there is another one in the same issue.
THE COURT: How many more, Mr. Garbus?
MR. GARBUS: Do you want Mr. Goldstein to hand it to the Court so the Court can see it after he has been describing
802 it?
THE COURT: When he is all done, the clerk will take them.
MR. GARBUS: Go ahead.
THE COURT: How many more, Mr. Garbus?
MR. GARBUS: About half a dozen. These are the ones that he was cross-examined on in the deposition, so we are going to deal with it now.
A. I'm not sure if there is a green tag here, but these are two articles. It's either AT&T's Gaping Hole or a Cellular Network Detailed. I'm going to guess it's Gaping Hole, where basically someone outlines a glitch in AT&T wireless service that allows a user to receive free phone service. I remember this particular article was something that the article -- that the person had notified AT&T about and nothing had happened, and the result was they sent us this article with the details of exactly how it worked. And I understand that it doesn't work anymore, so I think that speaks for itself.
Q. By the way, if the Court orders you to take down the links to other sites, would you do that?
A. Absolutely, if the Court orders it, yes.
Q. Were you in Court, by the way, when the Court said it would consider linking at a different time? Did you read the transcript?
A. I read the transcript. I don't believe I was in court
803 that day.
This article is called How Domains Are Stolen, and this is of particular interest to anyone who operates a website. It's possible for people to go and hijack your site. In fact, it happened to us only two weeks ago where someone took advantage of a security hole in Network Solutions and took our domain name, 2600.com and registered it to a site somewhere overseas, and that would have been a real pain to deal with to get back if we hadn't caught it. This article gives one method of how such things are possible, and I would like to think that this article coming out will wake up the people at NSI so that it doesn't happen anymore.
Q. By the way --
THE COURT: Excuse me, Mr. Garbus. You do understand, do you not, that this is the time when the Court is considering the linking issue, this trial?
MR. GARBUS: I understand that.
THE COURT: Okay. It wasn't clear from the way you made your comment.
Q. Go ahead.
A. This is another article on cellular service, spoofing cellular service. This is from 1996, before the onset of digital cellular, so it was a much bigger issue then for the electronic serial number to be grabbed literally as you were driving down a highway by a cellular thief, I guess is the
804 best way to describe him, someone sitting on the side of a road with a particular type of scanner who would simply grab your numbers and just by grabbing your numbers, that would be enough for them to become you and start making phone calls under your phone number, and this is another gaping security hole that we felt needed to be known, and I understand that this kind of system is increasingly rare and is probably not going to be around much longer at all.
Q. Are there other individuals who use the name 2600.com other than you?
A. We are the only people who can use 2600.com. There are other 2600 names in other countries. There is really no way for us to register every single country name, nor would we want to. And it is also possible for somebody to register a machine as 2600. They could register 2600.Microsoft.com for instance, so basically we are happy with having our website 2600.com and making sure that people know that's us.
Q. Are there other websites out there using a name or something like that which people to your knowledge think are associated with you?
A. Yeah, the only site associated with us are the sites we run. The other types of association, it's more of an emotional type of association where they may support the magazine or agree with our basic philosophy and them might put 2600 in their name and that's something that really doesn't
805 concern us. We don't see that as a copyright issue or something that's necessarily evil. The only time it would concern us if they were doing something in our name that we considered to be wrong.
Q. But you have no control over it?
A. We have no control over it.
Q. There are separate people using 2600?
A. Right, in that context, it would be an incredible waste of time to try and control everybody who used that.
Q. Go ahead.
A. This article is entitled the Backyard Phreaker,
And this goes into some detail on people who literally climb telephone poles and hook into phone lines and make phone calls. This happens quite a bit in unsecured locations. It happens in New York City in the basements of apartment buildings where the phone lines come into the building and are left unsecured. What we find in many cases is that unsuspecting people get these large phone bills and the phone company says it was dialed from your phone number, therefore, you had to have done it. We are showing here that there are many ways people can make these phone calls on your phone line without you ever knowing about it. And many people, including a lot of the WBAI listeners, have used this kind of information to battle the phone company and say, you
806 know, there are many other ways somebody could have used this phone number to place this fraudulent call. And we also like to think that this might encourage people to lock those boxes so that everybody in the world can't get access to them.
Q. Continue.
A. This is actually --
THE COURT: Mr. Garbus, I think we have heard enough. You have the magazines in evidence. I can look at the magazines. I don't need anymore summaries.
MR. GARBUS: I have no more questions of this witness.
THE COURT: Okay. Mr. Gold?
Just so we are clear, Mr. Garbus, if you had other questions, you are welcome to continue. I just don't need more summaries of magazine articles. Do you understand?
MR. GARBUS: Yes.
THE COURT: Mr. Gold?
MR. GOLD: May we have the exhibits, the magazines?
THE COURT: Yes.
MR. GOLD: May I approach the witness for that purpose?
THE COURT: Yes.
MR. GOLD: Thank you, sir.
807
Q. Good afternoon, Mr. Goldstein.
A. Good afternoon.
Q. Nice to see you again. Mr. Goldstein, in 1999, did your 2600.com site mirror DeCSS?
A. That's correct.
Q. When did you start?
A. I believe we started in late November. I don't have the precise date.
Q. The posting that you've just referred to was done by who?
A. Who specifically posted the -- it was either myself or my webmaster.
Q. And was this a webmaster you preapproved?
A. Yes, I take responsibility for everything that's on the site.
Q. Is it true that prior to the preliminary injunction, any member of the general public was able to download DeCSS directly from the 2600.com website?
A. Any member who had a computer and a net connection could do that, yes.
Q. Is it true that 2600.com is currently linking to other sites that post DeCSS?
A. Yes, we have been linking from the beginning.
THE COURT: Let me ask this, I think I know the answer to this, but I think it ought to be in the record.
What does mirror mean as you understood it when you
808 answered Mr. Gold's question?
THE WITNESS: Mirror is basically a link to another site. Actually, mirror is a duplicate of your site, so it's not entirely correct. I think Mr. Gold is referring to links. A mirror is, say, our site goes down, you go to a site B and it's the exact same thing, so in that particular case, it's not the same. I believe you're referring to links.
THE COURT: But he asked you right at the beginning of his examination whether in 1999 your site was mirroring DeCSS and you said it was. What did you mean by that?
THE WITNESS: That refers to the specific program DeCSS, so that, yes, that program was mirrored on our site. The site itself, we were not mirroring the entire other site, just the program.
THE COURT: Yeah, but I asked you what mirroring means.
THE WITNESS: Mirroring means duplicating material that's on another website, whether it be one file or an entire site.
THE COURT: Thank you.
Q. In 1999, on the 2600.com site, did you encourage people who were interested in supporting you to mirror DeCSS?
A. We gave people various constructive ways of expressing themselves and that was one of them, yes.
Q. And did you continue to do that in 2000?
809
A. Yes, it's still up to this day.
Q. Is it true that with the links you have provided and you do provide on the 2600.com site, someone, anyone, can go to the 2600 site, click once on a mouse, which takes you directly to another site that is posting DeCSS?
A. Yes, they could do that. They could do it in many other ways as well.
Q. In all the time that you were posting and all the time that you have been linking, did you know that DeCSS is designed to circumvent the encryption technology that protects the digital content stored on a DVD?
A. I knew that it did one thing and that it was --
MR. GARBUS: I object.
THE COURT: Ground?
MR. GARBUS: Use of the word "circumvent."
THE COURT: I take it in the colloquial rather than the legal sense.
A. We knew that DeCSS basically got around CSS, got around the encryption that was not holding up to the stress.
Q. Is it true, Mr. Goldstein, that DeCSS exists to decrypt
A. That's what it was written to do, yes.
Q. Is it true that in a write-up or article that appeared on the 2600.com site, DeCSS was described as a free DVD decoder that allows people to copy DVDs?
810
A. Yes, that was on our site, and I have since said that part of that statement is inaccurate, that it was not written solely to copy DVDs. It was written to decrypt CSS. I wasn't aware of the difference myself. I didn't write that piece at the time that it came out. I believed that was completely accurate, but it turns out that it's a bit more complicated than I had at first thought. It's not simply about copying. It's about access control.
Q. You recall that you made that statement in your deposition, sir?
A. I'm sorry?
Q. You recall, sir, that you made that statement in your deposition?
A. Yes, I believe I clarified that.
Q. And when you say you have just gotten some other evidence, when did you get that?
MR. GARBUS: I object if we are going to the deposition. If he wants to read in the question and the answer, he can do that.
THE COURT: I will sustain the objection as to form, because I think the question is muddy. But let's see if we get another question.
Q. You indicated that you got some new information since the time of your deposition about your last answer, the one that you --
811
A. No, that's not what I said.
MR. GARBUS: I object.
Q. Could you tell me what was you said?
THE COURT: The objection is overruled. He said he thought the statement was accurate when made it and now he thinks it's inaccurate.
MR. GARBUS: No, no, I think there are two different time frames we are talking about.
THE COURT: Obviously. The deposition and now.
MR. GARBUS: No, no. From the writing of the article, the deposition and now are three different time frames.
THE COURT: We are going to break for the day at this point anyway. I will see you all at 9 o'clock tomorrow morning.
MR. HERNSTADT: Your Honor, could we address a scheduling matter?
THE COURT: Sure. Address it.
MR. HERNSTADT: May we approach?
THE COURT: No.
MR. HERNSTADT: Fair enough. Tomorrow, your Honor, we have one witness. I know your Honor said that we have to keep the witnesses coming. Unfortunately, every other witness we have, one of them has informed us that he couldn't come at all, and all the other ones are out of state. We've got them
812 lined up for Tuesday and Wednesday. Depending on cross-examination we expect, if you permit us to continue, we expect to complete the witnesses by the end of Wednesday.
MR. GOLD: Your Honor, I was hoping that we would be finished with this case before Wednesday, and I would like to go to San Francisco Wednesday to try to present a part of the argument being made in court that day on Napster.
THE COURT: You better get your people here.
MR. HERNSTADT: Your Honor, unfortunately it's not possible.
THE COURT: I gave you a lot of advanced warning of this. Do your best.
MR. GARBUS: Can I get some kind -- can Mr. Gold tell me how long he expects the cross-examination to be?
THE COURT: Tell them what you think.
MR. GOLD: I can't imagine it would take as long as as an hour and a half, and I think it will be shorter, but something like that, best guess.
THE COURT: Okay. 9 o'clock.
MR. COOPER: Your Honor, what we have been told, so that we are all clear, is that Mr. Peterson is available for tomorrow. The other names we have been given are for Tuesday.
THE COURT: Who were the other people?
MR. GARBUS: Can I just say one thing?
MR. HERNSTADT: Your Honor, we have on Tuesday
813 Olegario Craig.
THE COURT: Say the name again.
MR. HERNSTADT: Olegario Craig. He is a systems administrator at the University of Massachusetts. He can't get off from his job until then. He is taking two days of vacation to come down for it. Matthew Pavlovich who is the director of the LiViD project lives in Dallas, Chris DiBona who works with Linux and he is addressing the Linux operating system, he is in Palo Alto. Peter Ramadge who is at Princeton, but he is going to do a demonstration and we were unable to get the monitors to do the demonstration until Monday. Michael Einhorn who is in New Jersey. Dave Touretzky is in Holland and Andrew Appel is in Hawaii.
MR. GOLD: I think none of our witnesses were from this area and they all disturbed their plans to meet their obligations to be in court.
MR. HERNSTADT: Your Honor, all of our witnesses are volunteers, pro bono, coming at their own expense. We are doing the best we can to get them here. We don't have -- we don't control them. I apologize.
THE COURT: Look, Princeton, New Jersey, the last time I looked was about an hour from here. Dallas is a three- and-a-quarter-hour airplane ride. And there are planes this evening. You do what you can. I'm not making any ruling now, but I remind you that you were told there would be no gaps,
814 both sides were told, you were warned about it, you were told that the plaintiff expected to rest on Thursday. They did rest on Thursday. There have been no surprises.
Thank you, folks.
815
INDEX OF EXAMINATION Witness D X RD RX JON JOHANSEN.............616 627 641 MIKHAIL REIDER...........646 676 EDWARD FELTEN............731 763 ERIC CORLEY..............774 806
PLAINTIFF EXHIBITS Exhibit No. Received 113, 114, 115, 116 1.11, 1.1, 1.2, 1.4, 1.6, 1.8, 1.7, 1.5, 1.3 and 1.12 ................... 794
DEFENDANT EXHIBITS Exhibit No. Received BBP .........................................735 B to Exhibit BBS ............................755