The chairman of the AACS Licensing Authority (AACS LA, for short) is neither intimidated nor impressed by the Internet "revolt" of sorts that took place earlier this week on sites like Digg. When the AACS used cease-and-desist letters to encourage scores of Internet sites (including Google) to remove an unencrypted HD DVD key, users responded by posting it everywhere. Now the AACS LA is out there talking tough, and it's as if we haven't seen this scenario played out once already before.

What is it they say about history? Those that don't know it are going to look really clueless when they repeat it? Something like that. AACS, meet DeCSS. DeCSS, meet your latest imitator.

Such is the lesson that hasn't been learned by Michael Ayers, the chairman of the AACS LA. Ayers told the BBC that the AACS LA will nevertheless use technical and legal means to stop the distribution of the key, apparently ignoring exactly what happens when you attempt to increase your grip on situations like this: keys start flying out everywhere. And we do mean everywhere: they're now on t-shirts, one group wrote a song about the key, and I've had more than a few pictures of new tattoos sent to me (boy, do I hope those aren't permanent).

Ayers' position on the free speech angle is clear. "A line is crossed when we start seeing keys being distributed and tools for circumvention. You step outside of the realm of protected free speech then," he said. And Ayers may have the law on his side, at least in the US, as the EFF's Fred von Lohmann explains clearly. AACS LA isn't claiming copyright protections for the key. Rather, the key could constitute a circumvention device, which makes it illegal per the DMCA. Until a court has ruled, it's all speculation of course.

Yet even if the law is on his side, Ayers can hope for nothing more than a pyrrhic victory. His misunderstanding of the situation was made clear in a comment he gave to the EE Times in which he characterizes Digg users as vandals. "If the local neighborhood gang is throwing rocks at your house, some people might tell you not to call the police because they will just throw bigger rocks," Ayers said.

But the bigger point is what happens when you "call the police," to continue with his metaphor. Yes, the cops can stop people from throwing rocks at your house, so you've got to take that risk knowing that those same kids might retaliate next week. But AACS isn't a house, and encryption keys aren't rocks. Can "the cops" stop a 16-byte number from existing online? We can peer into the future and see the answer because history is, in fact, repeating itself.

Current-generation DVDs are protected by CSS, which is really the father of AACS in so many ways (except that AACS was supposedly so much more secure). And like father, like son, CSS was cracked, and the code used to do so was spread around the 'net. When Hollywood came running with lawyers and threats, the code just spread faster. That was 1999. Lawsuits abounded; lots of money was spent. It's now 2007: guess how many days there were between now and then in which the DeCSS code couldn't be easily found online. If you guessed zero, you're right!

Such is the effect of "calling the police" in this situation. The issue becomes that much more noticeable, tensions and emotions start running high, and no solution will be found.

The AACS LA has missed the lesson of DeCSS: the Internet holds no secrets. While one might sympathize with their predicament, the larger lesson to be learned here is that security based on secrets is truly no more secure than any other form of security. Once that secret is out, it's game over. The more you try to stop that secret from spreading, the more likely it is to spread. The more coveted that secret is, the worse it gets.

When "DVD Jon" was targeted for his involvement of DeCSS, geeks around the world rallied around him and the idea of DeCSS. If the AACS isn't careful, they'll simply make another generation of hero out of a problem they created. What makes it even more deplorable this time is that it's now 2007, and the writing is on the wall: DRM is a failed idea, and a waste of time and money.