Earlier this week a key claiming to be the HDCP master key was posted to the Internet. If real, the key would allow anyone to construct hardware to decrypt HDCP-protected content. Intel, inventors of HDCP, has confirmed that the key is indeed real, and can be used in just this way.

HDCP is used to protect the digital outputs of set-top boxes, Blu-ray players, and similar devices, to ensure that bit-perfect digital dumps of the audio and video streams cannot be made; these source devices should only send the data to sink devices (TVs and monitors) that can properly negotiate the HDCP encryption. Prior to the key being leaked, the encryption keys that source and sink devices used could only be obtained by paying for an HDCP license; in this way, HDCP can be restricted to "approved" uses.

The key leak means that approval is no longer needed. The most interesting possible use is not for decrypting optical discs—their output can be decrypted through more direct means already—but for making perfect digital copies of digital cable feeds, including pay-per-view content. A few HDCP strippers have been marketed before; however, they typically have analog outputs. With the master key leaked, full fidelity digital HDCP strippers are a practical reality.

The question of who leaked the key or how they obtained it remains unanswered. It has been known since 2001 that the key can be recovered mathematically given the encryption keys of 40-50 HDCP devices; it's also possible that someone obtained access to the master key directly, and leaked that.

Intel, unsurprisingly, said that it expected HDCP to remain effective. The spokesman told CNET, "There's a large install base of licensed devices including several hundred licensees that will continue to use it and in any case, were a [circumvention] device to appear that attempts to take advantage of this particular hack there are legal remedies, particularly under the DMCA [Digital Millennium Copyright Act]."

In other words, Intel and the media companies don't care that their encryption systems offer only token protection and consumer inconvenience; all that matters is that the encryption systems are sufficient to meet the DMCA threshold for a content protection system: the threat of legal action, rather than cryptography, is their real tool against unapproved uses of digital content.

While sink devices would be susceptible to DMCA claims, it's not obvious that the same would be true of source devices. Until now, manufacturers of source devices had to purchase keys in order to enable HDCP protection of their outputs. Now it looks like they could save some money and just generate their own.