Another user of the Doom9 Forum, whose members have been actively working to develop a system to subvert AACS copy protection, has apparently discovered in a memory dump a legitimate device key - the cryptographic element licensed to components in order to obtain the volume key automatically from high-definition HD DVD discs, according to a post yesterday. The source of the key appears to be CyberLink PowerDVD; and another forum user was able to use a published AACS formula to validate its authenticity.

At this rate, it may only be an academic matter before programmers there refine a method by which an independent program uses this or some other device key to decrypt and even play high-def content on computers, without the intervention of a licensed program.

In the DVD world, independents can develop software like ZoomPlayer that use published methods for invoking codecs and playing content, without developers fearing that the creation of such programs might be illegal or a violation of copyright.

In the high-def DVD world, content is encrypted, and content providers currently consider it a violation of copyright for individuals to subvert copy protection, even if they have no motive to distribute copied material to others.

A bill re-introduced in the US House of Representatives would make exceptions to the law so that individuals could subvert copy protection for personal purposes only, which would make it impossible for studios to prove copyright infringement violations against individuals unless they could prove their copying falls outside of fair use provisions.

With legislation such as the FAIR USE bill having a better chance of passage than ever before, content providers will certainly be searching for new legal precedent for charges against suspected violators. So yesterday's discovery of a real AACS-licensed device key lurking in memory could actually have some ominous portent, especially as Doom9 Forum users discuss the possibility of discussing the creation of freely distributed high-def disc players: Are device keys provided by the AACS Licensing Authority private property?

It will be difficult to prove they're not. After all, content providers are redistributing a segment of code for which they paid a fee. But an examination of the AACS LA Interim Content Provider Agreement indicates that the licensing authority considers the fee to be in exchange for the rights of so-called "adopters" to use the keys; they don't appear to be considered owners of the keys themselves, and the intellectual property foundation for their creation is certainly considered the property of AACS LA.

A device key may very well be someone's private property; the AACS LA would probably be first to lay claim to it.

Still, in the absence of a legal foundation for copyright infringement -- assuming the FAIR USE bill passes and is signed into law -- content providers may still attempt to make the case that the use of someone else's pilfered device key in an unauthorized freely distributed high-def media player could constitute a misappropriation of stolen property - even if it's not their own, and even if the end use of that property is exempt from legal infringement.

It would be uncharted waters for both plaintiffs and defendants in this hypothetical situation. Yet given that legislators may be on the verge of removing from the content industry's reach the most potent prosecutorial tool it has ever been given -- the far-reaching language of the Digital Millennium Copyright Act -- even the most well-meaning reverse-engineers cannot expect the content industry to respond by just shrugging its shoulders and walking away from the fight.

Other members of the Doom9 Forum over the past few days have expressed concern over whether AACS LA would invoke its revocation key to render devices whose keys have been exposed - including software using those keys to pretend to be those devices - incapable of playing discs. While knowledgeable members of the forum state that this is indeed possible, the makers of the popular shareware AnyDVD are reassuring users that its software has somehow been immunized by any revocation that AACS LA attempts, though the authors are not divulging how.

A new revision of AnyDVD now claims to be able to back up Blu-ray discs in addition to HD DVD, when the volume keys of those discs have been located.