(via David Berry) The BBC reports that AACS has vowed to fight against bloggers, aggregators, and all sort of users who have posted the now infamous key online. I must admit that my original scepticism has dissipated, and I cannot possibly believe that AACS would ever dream to take on the Web 2.0 posse.
Assuming that the master key posted all over the Internet actually works (and there is now little doubt that it does), its posting indeed is a very important element of a circumvention device for an effective technological protection measure as defined by legislation all over the world. In the U.S., posters of the key could be in breach of anti-circumvention measures enacted by the DMCA ( s 1201 17 U.S. Code, see Fred Von Lohmann's analysis).
In Europe, anti-circumvention measures are protected by the EU Copyright Directive, which states that:
"Art. 6: 1. Member States shall provide adequate legal protection against the circumvention of any effective technological measures, which the person concerned carries out in the knowledge, or with reasonable grounds to know, that he or she is pursuing that objective.And in the UK, s296ZB of the CDPA applies, as it establishes an offence for knowingly making available to the public a circumvention device.
2. Member States shall provide adequate legal protection against the manufacture, import, distribution, sale, rental, advertisement for sale or rental, or possession for commercial purposes of devices, products or components or the provision of services which:
(a) are promoted, advertised or marketed for the purpose of circumvention of, or
(b) have only a limited commercially significant purpose or use other than to circumvent, or
(c) are primarily designed, produced, adapted or performed for the purpose of enabling or facilitating the circumvention of, any effective technological measures."
So, to put it in vulgar parlance, we're screwed, right?
Not necessarily. Firstly, there may be a case to be made that the actual key, in and by itself, is not a circumvention device in the sense of the law. You cannot break protection with just the key, and I'm pretty sure that not a lot of people would know how to do it right away, as the decoding software is still needed. Secondly, I would argue that many people simply replicated the number not knowing what it did, they simply got caught in the hype sweeping the Net. A lot of the legislation places a requirement of knowledge, there is mens rea required as posting of the circumvention device must be done knowing that it is, indeed, a circumvention device. Thirdly, there is a matter of safety in numbers. Googling the number, there are 1,010,000 hits without hyphens, 908,000 results with hyphens, and even 482 results with underlines. And these are only searchable items. There are hundreds of non-searchable examples!
I guess the more popular your blog, the more likely you're to be prosecuted. Thankfully, that rules me out (famous last words).