DeCSS was devised by persons unknown and released to the Internet by a number of people, allegedly including Norwegian teenager Jon Johansen, whose home was raided in 2000 by Norwegian police. He was put on trial in a Norwegian court and faced a possible jail sentence of two years and large fines, but was acquitted of all charges in early 2003. However, on March 5, 2003, a Norwegian appeals court ruled that Johansen would have to be retried on charges that he violated Norwegian Criminal Code section 145 (the hacker law). The court said that arguments filed by the prosecutor and additional evidence merited another trial. On December 22, 2003, the appeals court agreed with the acquittal, and on January 5, 2004 Norway's Okokrim decided not to pursue the case further.
The program was first released on October 6, 1999 when Johansen posted an announcement of DeCSS 1.1b on the livid-dev mailing list. Initially, the source code was not available, but it was leaked before the end of the month. The first release of DeCSS was preceded by a few weeks by a program called DoD DVD Speed Ripper from a group called Drink or Die, which didn't include source code and which apparently did not work with all DVDs. Drink or Die reportedly disassembled the object code of the Xing DVD player to obtain a player key. The group that wrote DeCSS, including Johansen, came to call themselves Masters of Reverse Engineering and may have obtained information from Drink or Die.
The CSS decryption source code used in DeCSS was mailed to Derek Fawcus before DeCSS was released. When the DeCSS source code was leaked, Fawcus noticed that DeCSS included his css-auth code in violation of the GNU GPL. When Johansen was made aware of this, he contacted Fawcus to solve the issue and was granted a license to use the code in DeCSS under non-GPL terms.
Johansen was involved in a flamewar with another member on livid-dev over the GPL violation issue. Johansen was a FreeBSD supporter and criticized Linux. The main point of the dispute was that Johansen claimed that he had been granted a non-GPL license by Fawcus for the css-auth code, while the other party claimed that he was lying. The flamewar ended when Fawcus confirmed Johansen's side of the story.
At the end of 2000, a document written by an anonymous author surfaced on the Internet [1]. It accuses Johansen of being a liar, slandering Linux and violating the GPL. The accuracy of the document is in dispute: Johansen's lawyer was a public defender paid by the Norwegian state and Matthew Pavlovich, LiViD project leader, testified in MPAA v. 2600 that UDF under Linux was an issue [1].
DeCSS was used as a guide by programmers around the world to create hundreds of equivalent programs, some merely to demonstrate the trivial ease with which the system could be bypassed, and others to implement an open source DVD player (the licensing restrictions on CSS would have made it impossible for an open source implementation through official channels). Since no commercial DVD drivers have been made available for some open source operating systems, users of those operating systems require an open source implementation simply in order to play a legally purchased DVD using their legally purchased hardware and software. But, once the unencrypted source video is available in digital form, it can be copied without degradation; thus it is also possible to use DeCSS as part of a scheme to copy DVD videos to another medium with no loss of quality, a facility that bodies such as the MPAA argue encourages mass copyright infringement. It should be pointed out that commercial-scale pirating of CSS encrypted DVDs was widespread in east Asia and elsewhere without use of DeCSS by individuals or by any similar techniques. It is believed that these discs were simply bit-for-bit copies of the original DVD, with no need for any decryption of the CSS-encrypted content. CSS does not and cannot protect against this copying, which is required to produce a good quality counterfeit of a legitimate CSS protected DVD.
To emphasize - it is impossible to encrypt digital information so that it cannot be copied precisely by any device capable of reading and writing the medium in question. Internet mail servers make exact copies of (but cannot comprehend the content in) encrypted messages many times a minute. One could post an encrypted message on Wikipedia, and Google, the Internet Archive and many others would make copies of it without any human intervention, and without even knowing which encryption scheme was used.
At this time, it is reasonable to assume that DeCSS (and several copycat programs which have not been specifically brought to court) can be obtained by anyone who is willing to spend half an hour looking for a copy. Some Linux distributions are able to install a DVD player incorporating a CSS implementation with a single command.
The first legal threats against sites hosting DeCSS, and the beginning of the DeCSS mirroring campaign, began in about early November 1999. As a response to these threats a program also called DeCSS but with an unrelated function was developed [1]. This program can be used for stripping Cascading Style Sheets tags from an HTML page. In one case, a school removed a student's webpage that included a copy of this program, mistaking it for the original DeCSS program, and received a great deal of negative media attention which even reached Slashdot.
