Live by the community, die by the community.

Digg founder Kevin Rose's decision this week to bow to the unyielding demands of his site's members – rather than the unyielding demands of copyright law – sets the stage for a bet-the-company legal battle between the popular social-networking news site and Hollywood.

After initially complying with a cease-and-desist order to remove posts citing the encryption key for the HD DVD format, the site was deluged with protests and Rose quickly reversed course. But the outpouring of nerd outrage has continued, and Digg has suddenly found itself leading the charge against the full might of the movie studios, even as it fends off sellout charges from its own members. (For the latest news on the great Digg/HD DVD fight, check the Epicenter blog.)

The battle highlights both the futility of digital rights management, or DRM, schemes espoused by movie studios as a bulwark against piracy, and the divided allegiances of geek insider community sites like Digg, which stand to lose as much by alienating giant media companies as they do by bowing to their demands, particularly in the hot-button arena of copyright law.

Posts citing the offending code, the hexadecimal series "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" that unlocks AACS encryption used on HD DVDs, have multiplied across the web. Widespread acts of civil disobedience have seen parody posts featuring the code in Photoshopped images, a song and in the answers to a series of questions posed as a riddle.

"This is the revenge of user-generated content," said Fred von Lohmann, a senior staff attorney with the Electronic Frontier Foundation.

At issue in the showdown are broad prohibitions on circumventing copyright-protection schemes that make it illegal to bypass technical restrictions wrapped around movies and music, even if users do so simply to play the media on the device of their choosing, make a backup copy or otherwise use the content legally. These rules were enshrined in federal law by the Digital Millennium Copyright Act in 1998.

The showdown started when AACS Licensing Administrator, a media consortium that created and licenses the AACS disc-encryption scheme, sent notices to a selection of hosting providers and websites over the last two weeks, informing the sites they were hosting content that violated the DMCA's prohibition on sharing circumvention technology.

(Disclosure: Reddit, which along with Wired News is owned by Wired Digital, received and attempted to comply with a cease-and-desist order from an attorney representing AACS Licensing Administrator more than a week ago.)

By refusing to pull posts disclosing the AACS encryption key, Rose has opened the door to charges of trafficking in circumvention technology. That's a civil violation that allows a judge to set damages between $200 and $2,000 per instance, raising the possibility of a crippling court judgment.

Legal experts interviewed for this article said Digg stands almost no chance of winning this contest in court.

The circumvention provision was first tested in 1999 when young Norwegian hacker Jon Johansen posted code -– called DeCSS – that also unlocked DVDs. While Johansen triumphed in two suits against him, hacker magazine 2600 lost a trafficking lawsuit when an appeals court upheld a ruling that even links to the code on other websites violated the law. 2600 eventually removed the links from its website, but never faced a fine.

Digg's potential liability is unclear. An exact Google search Wednesday afternoon on the hexadecimal code revealed 45,800 hits on the internet at large. A site search on Digg, by contrast, revealed 1,340 hits. Assuming that number and violations at the top of the damages range, the bill would reach $2.68 million.

One question that has received scant attention so far is the validity of the cease-and-desist orders themselves. According to the DMCA, trafficking in a "circumvention device" is banned. If the hexadecimal code is determined to be merely instructions, and not a device, then the AACS Licensing Administrator's claims of violations could fail.

Stanford University law professor and intellectual property expert Mark Lemley said he believes Digg will lose the case, but would face significantly greater legal risks if the Justice Department stepped in to file criminal charges based on the notion that Digg allowed the posts for purposes of commercial advantage or private financial gain. In that case, the violations would be criminal and the damages could go as high as $1 million each.

"I could imagine a court reaching to extend liability based on the argument that you are doing this to build loyalty and make more money," Lemley said. "That argument carried the day in the case against Napster, but even then it's not clear this is a bet-the-farm situation."

Wendy Seltzer, a fellow at Harvard Law School's Berkman Center for Internet & Society who founded the Chilling Effects Clearinghouse, which collects and posts take-down notices, added that it's possible that posters would be individually targeted and that Digg has a good argument that it couldn't keep up with the torrent of offending posts.

"A court might take some cues from the safe-harbor provisions for copyright violations and let web hosts provide content without screening it," Seltzer said. "The law shouldn't be read to force site providers into the binary options of either shutting down or facing liability."

The take-down letters came more than two months after the HD DVD crack first hit the net in February, when a hacker posted it to the Doom9 anti-DRM forums. That key, combined with the right software and disc title information, enables technically savvy users to do what they will with HD DVD content.

The AACS consortium began updating encryption keys in April to stop the hack from working on discs produced in the future, though any new keys are likely to be comprised quickly.

On April 16, the organization announced that "it has taken action, in cooperation with relevant manufacturers, to expire the encryption keys associated with the specific implementations of AACS-enabled software. Consumers can continue to enjoy content that is protected by the AACS technology by refreshing the encryption keys associated with their HD DVD and Blu-ray software players. This refresh process is accomplished via a straightforward online update."

Ostensibly, the key expiration would happen through the inclusion of new keys on new discs. In order to play them, HD DVD player owners would need to download a firmware update to their players. The AACS Licensing Administrator claims that even though this latest leaked key is a processing key (that works on all AACS-protected HD DVD discs), as opposed to a title key (unique to a specific disc), it will still be possible to update players with the new key using the normal update process.

The AACS Licensing Administrator did not respond to requests for comment.

Digg isn't the only major website pulled into the HD DVD hex-code controversy.

On April 27, an unnamed user received a take-down notice from Google stating that one of his publicly available Google Notebook pages contained the sequence of hex codes used for decrypting HD DVD movies. His notebook item linked to a Digg page covering the banned code.

Google's note stated that it would delete the user's entire notebook if the offending entry was not removed by April 30. Google also noted that it was doing this in compliance with the Digital Millennium Copyright Act, in response to a take-down notice it had received. Interestingly, the Google e-mail stated that the notice the company received would be posted to ChillingEffects.org. (The cease-and-desist notice appears to be this one.)

The user started a WordPress blog and posted the take-down notice, along with the offending code. As of Wednesday, that blog was gone, with a note saying that the authors of the blog have deleted it.

In the meantime, it appears that Google has not yet made good on its threat. As of Wednesday afternoon, the offending notebook page – including the banned code – was still online.

On Tuesday, Wikipedia deleted and locked a page referencing the encryption key to prevent the former secret from being posted again, though the number is still visible as the page name.

The Wikipedia page on HD DVD was also locked.

While Digg would seem to have a mass of support from rank-and-file web surfers, many would-be allies are begging off the fight.

Fark founder Drew Curtis, whose humor site seems the natural place to look for Photoshopped images of the cracked HD DVD processing key, has posted an explanation of why, unlike Digg, Fark has complied with take-down notices and removed posts that contained the key:

"We're not a Silicon Valley venture-capital funded behemoth startup," he wrote. "Fark is self-funded and run out of my living room.... Fark isn't in a financial position to stand up and take on the MCA/MPAA/WTFOMG in a head-to-head legal battle, they'll crush us into fine paste."

Rose's actions are anything but selfless. After taking down a Digg user's post that contained the HD DVD key, the Digg community made its displeasure felt. At several points the Digg homepage contained nothing but posts with titles that included the code.

James Dee, 27, an ad agency manager from Toronto, said he was banned from Digg after he made about four posts with the code, and was blocked from using the site even after Rose announced his reversal.

"My issue is with the arbitrary enforcement of some rules with no oversight," Dee said. "I find it amusing that they can reverse their position but leave users in the cold."

Faced with a spiraling rebellion, Rose saw the writing on the wall. Rather than fight his enormous (and uncontrollable) user base, Digg threw in the towel.

"But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear," Rose write on the Digg blog. "You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be."

"If we lose, then what the hell, at least we died trying."

Although legally dangerous, the reversal in some ways is a return to Rose's roots.

Just months ago, he was distributing hacking demonstrations freely to all on his video show, thebroken. Part of the video podcast network Rose started after his G4TV days, Revision3 still offers free downloads of thebroken, as well as his more popular show, Diggnation.

Thebroken only lasted four episodes, but the amount of hacker tips and social-engineering guides contained within those shows have made the show a classic piece of internet video history. Rose and his associate Dan Huard traded 40-ounce malt liquor bottles, played gangsta rap and hacked computers and humans with glee.

Just before the hi-jinks began, a warning would appear on screen: "The following depicted acts may be illegal in some states/countries and is intended for informational use only. Never break the law." After that, most of what viewers are shown could be termed illegal, or at least inadvisable.

At one point during the last episode, co-host Ramzi showed viewers how to break the DRM on a music CD using QTFairUse6. After successfully breaking the DRM, Ramzi says, "The DRM is destroyed!" Later in the episode, Rose and Huard showed viewers how to illegally copy a game for use on the Xbox 360 using hacked firmware.

Finally, in a scene that is possibly the most ironic considering yesterday’s HD DVD event on Digg, Rose and Huard are shown standing in front of a Blockbuster store. Rose says, "Hello, welcome to Blockfister, the easiest way to get DVDs absolutely free."

Then they instruct viewers to take the DVDs Blockbuster sends you in the mail, decrypt them (a screenshot is provided showing the decryption process), copy them and then send the illegal copy back to Blockbuster.

Additional reporting by Paul Boutin, Mat Honan, Adario Strange, Dylan Tweney and Eliot Van Buskirk.

Comment on this article.