End of an affair?

Hackers love their TiVos, and the company is fond of its hackers. But as in any relationship, sometimes one party goes a bit too far.

Published June 20, 2001 7:16PM (EDT)

On June 7, four hackers released a software program that threatens to do for TV shows what Napster did for music and DivX may do for movies. The code, called ExtractStream, allows users of TiVo digital video recorders to move compressed copies of television shows from their beloved TiVo boxes into their computers, and beyond.

Like many hackers, the programmers saw their unauthorized exploit as a boon to society. "Even though TiVo, understandably, can't admit it," says one member of the group who asked to remain anonymous, "this code's good for everybody."

Their optimism is understandable. Previous programmers working in the murky regions where code and entertainment mix -- Napster's Shawn Fanning, or Jon Johansen, the creator of DeCSS (a program that decrypts DVDs for use on computers running Linux-based operating systems) -- have been lionized by their admirers and lavished with praise. Not only is the ExtractStream code extremely useful -- enabling TiVo users to back up and share their digital files of television programs, or start their own TV show libraries -- but it is also subversive, giving consumers yet another way to thumb their noses at entertainment moguls. To the hackers, ExtractStream's place in the pantheon of hackerdom must have seemed automatic.

Not quite. Instead, ExtractStream's release provoked an unexpectedly vituperative outpouring of criticism from precisely those people who once might have been counted on for hotblooded support.

"Why the hell would you do this?" asked "Mike," posting on an Internet message board that's since been removed. "Have you not gotten your mind around the fact that TiVo will NOT be happy about this and will most likely bring the party to a screeching halt? I like my TiVo and I like being able to pick it apart. Guess that's over now. No good will come of this."

"You can scream your 'Information wants to be free' battle cry at the top of your lungs all you want," added another poster, on Slashdot. "It doesn't change the reality that the people who own the rights to that information DON'T want it to be free, and will fight to maintain control. My bet is that the public availability of this software will end up being a lose/lose situation."

For everyone who ever enjoyed tinkering with a TiVo, added another, "it's the end of the world as we know it."

One might expect such fury from Jack Valenti, head copyright cop at the Motion Picture Association of America, or Hilary Rosen, president of the Recording Industry Association of America. But not from people who had already, in their own ways, hacked TiVo's hardware and software for various purposes. Why had they turned against their own?

One reason may be fear. Napster is in full retreat, beaten into submission by RIAA lawsuits. The studios have also been winning on the DeCSS front, and now, suggest some hackers, is not the time to keep pushing the copyright envelope. Giving people the chance to distribute TV shows online will undoubtedly draw unwanted legal attention, hackers argue, and as a consequence, TiVo will be forced to take an adversarial stance toward its users or, worse, go out of business.

But fear offers only a partial explanation. There's also the question of, well, love. Few other commercial hardware products released in the past few years have inspired as much passion as TiVo, particularly within hacker circles. TiVo is not alone in allowing users to play fancy tricks with TV programming -- fast-forwarding through commercials, pausing live-action broadcasts. There are competitors, notably Microsoft's UltimateTV and ReplayTV. But TiVo stands nearly alone in one respect: It has somehow managed to appease the fears of content creators while at the same time seducing hackers.

The Alviso, Calif., company has worked extremely hard to cultivate the geek community. So hard, in fact, that previous to the release of ExtractStream, another hacker who had created his own version of the software declined to release his hack to the general public after discussing it with TiVo. Why? Simply put, says open-source-software programmer Andrew Tridgell, "because TiVo is doing a damn good job."

But can TiVo keep hackers happy indefinitely in an industry where every technical innovation is viewed as an act of war against the established entertainment industry? Tridgell held back, but the ExtractStream hackers did not. The question now is whether their software release will tip the balance and end the love affair between TiVo and the geeks.

TiVo was founded on Aug. 4, 1997, by two Silicon Valley engineers, Mike Ramsay and Jim Barton. Their original idea involved a form of home networking technology, but they soon settled on what for many is the home's most essential appliance: the television.

Their aim was to improve people's experience with the boob tube by giving them more control. Within two years, they had a product. For $399 you could buy a black box that offered 30 hours of recording time. And for a $9.95 monthly fee you received access to a searchable (by actor, channel or subject matter) online directory that allowed you to choose the shows you wanted to watch or record.

TiVo also did something revolutionary: It let you fast-forward through the commercials with split-second speed. Television, as Michael Lewis said in an August 2000 New York Times Magazine article, would never be the same.

But TiVo hasn't always been a geek's best friend. To soften the potential blow against the advertising industry, TiVo offered concessions bound to rile privacy-conscious geeks. First, it only fast-forwarded past commercials, while competitor ReplayTV completely skipped them. Second, TiVo offered a special, ad-friendly carrot: Because TiVo units collect data on every remote-control click that users make -- every saved program, every fast-forwarded commercial -- advertisers could use TiVo to target their campaigns as never before.

Broadcasters bought the pitch. Both NBC and CBS invested. But a privacy foundation slammed the company for failing to clearly disclose its collection policy, and one critic wrote a scathing book on the subject called "Spy TV."

Still, TiVo has managed to keep most critics at bay by offering a product that people like. By spring 2000, many TiVo users were too busy playing with their boxes to care about whether the company knew they loved "Ally McBeal." And hardcore techies, who frequently bought three or four units at a time, took advantage of another feature -- TiVo's relative openness. TiVos were easy to crack open and figure out and, ultimately, improve.

Ron Curry, an early TiVo hacker, said one of the first targets of hackers was the hard drive. After figuring out how the hard drive communicated with the operating system, hackers came up with ways to add space, and thus save more hours of programming. At that time, the TiVo tinkering crowd was small: The company had fewer than 50,000 users, and active hackers made up but a fraction of the group. Discussion of their attempts to add more memory remained limited and largely underground.

But then Richard Bulwinkle, TiVo's director of customer relations, who spends most of his days interacting with the TiVo faithful on Internet message boards, publicly announced that TiVo didn't mind the hacking.

"I essentially made a public statement saying we would not go after people for adding memory to their boxes," Bulwinkle says. "We did not say you can hack us ad infinitum, but we did say we would not prosecute people for putting in more memory."

Suddenly, TiVo stood out from the crowd. Instead of trying to protect one of its revenue streams -- the company sold extra memory at the time -- TiVo embraced hackers' desire to build on what they owned. The company and the hackers began to build a mutually beneficial "nonrelationship," says Marc Chametzky, an engineer and TiVo fan.

"I was surprised, but it made sense when I saw it from their perspective," he says. "In some sense, having a box that can be hacked to have more storage makes their [equipment] more attractive and gains market share. In fact, this was definitely the case, as we saw several staunch ReplayTV supporters switch sides solely because of the ability to increase the capacity of TiVo receivers."

The tolerant attitude, however, immediately led to more hacking. Dozens of people touted the ability to add memory, while others started finding backdoors into TiVo's software. Some found the remnants of a tool that let users fully skip commercials instead of fast-forwarding through them. Others found a code that opened a file listing TiVo's main developers. Some people even found a way to access TiVo's logs -- to see exactly when their boxes dialed into TiVo and what information was sent back upstream.

Again, TiVo didn't complain. "We like hackers," Bulwinkle insists. The backdoors could have been removed, "but they help us with development and they're fun for hackers, so we leave them there," he says. "It's the kind of thing that management said we couldn't put upfront but still wanted to include."

As long as no one found a way to access copyrighted materials -- as long as no one figured out the all-important file system -- hacking would be allowed, said CEO Ramsay in a September 2000 interview with Salon, because "there's no economic downside for us."

TiVo executives believed that the company could attract hackers as long as it stayed one step ahead of them on the copyright front. To achieve this, TiVo used a variety of methods to hide content files, including leaving them unlabeled and creating an elaborate, proprietary file system that split the recordings into multiple small files spread across the hard drive. And with each software upgrade, TiVo hid the content in new ways, Bulwinkle says. Since there didn't seem to be much interest in getting access to the content anyway, TiVo thought any copyright concerns were negligible.

Enter Tridgell, a well-known Australian hacker and the creator of Samba -- an award-winning software program that allows Windows and Linux machines to interact on a network. In November 2000, Tridgell e-mailed TiVo and told the company that he'd figured out the file system.

"It took about a week of evenings," he says.

He didn't hack the TiVo with illegal intentions. TiVo's normal service included a listings guide that was useful only in the United States -- the guide had no information on scheduled programming in Australia. Tridgell unlocked the file system to build an alternative; the software he wrote essentially dialed into his own Web site with Australian programming information rather than into the TiVo servers. Even after bypassing this crucial element of the TiVo package, however, Tridgell says, he still pays TiVo's service fee. "It's the decent thing to do."

Tridgell compounded TiVo's problem with a related hack. He wanted to send shows to other TVs in his house, so he added a way to transmit the copied programs through an Ethernet port that connected his TiVo to his computer network and then to his other TVs.

Tridgell immediately understood the legal and financial ramifications of what he'd done. He had the potential to severely and single-handedly injure TiVo. The Ethernet hack alone could threaten the partnerships that TiVo had struggled to forge with broadcasters in the first place, and the alternative-guide software undermined a key source of revenue.

"Their business model is somewhat shaky because they're selling something that's already available," Tridgell explains. "What you buy for $9.95 is the ability to do a daily callback [to TiVo's servers] where you get the guide data. That's what makes a TiVo different from a regular VCR. So if I released [the source code that lets people build their own guide] there would be no reason to subscribe to TiVo."

Tridgell wouldn't normally care much about the business model of a company whose product he hacked. When he decided to develop Samba, for instance, he didn't ask Microsoft for permission, nor did he go to Sony when he developed Linux drivers for Vaio video cameras.

But TiVo didn't act like Microsoft. It used a Linux-based operating system in its boxes and encouraged tinkering, so Tridgell decided to "do the decent thing" and talk to TiVo about the hack. He visited the company's Alviso offices in February. After some discussion, he decided to keep the hacks under wraps -- although he did reveal their existence to the TiVo community.

"They requested that I delay the release, for all sorts of reasons," he says. "I didn't need permission to release what I'd built, but I went to them because I thought they were doing right by the community. So the main thing I said was that I wouldn't release the guide system. And I agreed to postpone the video extracting software."

Tridgell never said how long the postponement would last, nor did he bother making any public announcements about the deal. Busy moving and changing jobs, he just used the TiVos as he saw fit, and gave the code to a few friends, who also agreed not to release it.

But members of the ExtractStream group soon caught wind of Tridgell's bargain, and they didn't like it. After learning about the possibility of routing TiVo content via Ethernet, they got $100 TiVoNet Ethernet cards that could be physically attached to TiVos. Now they wanted the software to make those cards work. They waited, but never heard from Tridgell. So without knowing if Tridgell would ever release the software they needed to send TiVo files over networks, they decided to build their own.

"The ExtractStream team basically came together over frustration," says the British member of the group. "A select few who did have Tridge's code taunted the rest of the TiVo hackers with it. These people did not have the skill to create the program for themselves; instead many were 'script kiddies' with elitist attitudes. That really consolidated our group."

Before releasing the code, ExtractStream consulted a lawyer, who told the group that it had a good case. If TiVo or the Hollywood studios tried to sue, ExtractStream could simply argue a "fair use" exemption for its activities. It could also point out that similar products already existed.

What ExtractStream did is probably not illegal, says Eben Moglen, a professor at Columbia Law School and counsel to the Free Software Foundation. "They're in the land of contributory copyright infringement," he says. "And it's not Napster because they don't have control over how people use the software. It's in the domain with copy machines, technologies that can be used to break the law but which are generally allowed."

ExtractStream didn't answer questions about the number of downloads, but TiVo isn't welcoming the consequences of this hack. "We don't know what our legal responsibility is, but we don't want to get our partners up in arms," Bulwinkle says. In today's conservative copyright environment, "it's the look of impropriety that matters."

So far, no studios have come knocking, and the MPAA didn't even know about the hack as of last week. TiVo, however, already has a defense in place. Encryption is on the way: Everyone who buys a new TiVo or upgrades the software this summer when release 2.5 comes out will discover that TiVo content is locked up with "military grade" encryption.

Bulwinkle wouldn't go into details about how the encryption works, but said that the company is "confident that no one is going to get through this."

Tridgell disagrees. Like most hackers, he's confident that someone will find a way to pick TiVo's lock. Ultimately, he says, the recordings have to play unencrypted on a television, "so if the device can do it, then the keys must be on the system," he says. "That means that someone can find it."

In the meantime, TiVo may have other problems to face. Pirated-movie traders will soon be flocking to buy TiVos, says Shawn Reimerdes, founder of Yo!NK, a file-trading service. "People will now have the ability to make perfect captures from their digital satellite systems, which will cause an explosion in available digital video content online," he says. "Finally we have the key to the TV content."

Lawyers likely won't be far behind.

And even if TiVo extracts itself from the legal quicksand, the company's decision to employ encryption may alienate its hacker fan base and, perversely, encourage even more attacks on its software. Some of the most diehard fans may stick by the company -- people like Curry who appreciate the reasons behind TiVo's plans. But others will surely set their sights on the guide. Knowing that someone already successfully hacked it will only push them harder.

"I hope it doesn't come to this," says the British ExtractStream member. "The relationship with TiVo's been good, for both sides. I don't want to see TiVo lose out on subscriptions."

To which TiVo might respond: A relationship is good only if neither party abuses it. If the hackers keep breaking TiVo wide open, they could easily turn a friend into a foe. And no one wins from a bad breakup.

By Damien Cave

Damien Cave is an associate editor at Rolling Stone and a contributing writer at Salon.

MORE FROM Damien Cave

Related Topics ------------------------------------------