Of course the question of posting hacks publicly brings up another issue: If the hacks are public, everyone knows about them and the "security" provider improves security. If the hacks are kept secret, on the other hand, only the hackers know them, the providers never improve security and increased theft can then ensue. Which is worse?
A note posted yesterday by EFF legal director Cindy Cohn points out that one of the ways that this situation differs from DeCSS is that, in the case of DeCSS, the thing leaked was executable code - which got classified as a "machine" rather than as simple data. The AACS key being posted is just a string of numbers, fairly short. Numbers, like letters and words, ought to fall well within the bounds of free speech.... shouldn't they? p.s. - http://digg.com/tech_news/Hilarious_AACS_publishes_HD_DVD_DRM_process_key_in... p.s.s - 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63 --elijah