> And also, in my mind, a decryption key is not copyrightable - it's a utility number.

This is not about copyright, this is about circumventing a copy protection. See https://en.wikipedia.org/wiki/Illegal_number, which is also cited in the above video. Therefore, it also makes no difference from where this number actually comes from, "clean room approach" makes no difference here.

fair point.

I think this is where DMCA has overreach imho. It's one of the worst pieces of legislations to have been created regarding copyright and intellectual property.

The DMCA still can't override actual reality, fortunately. Given enough scale, the DMCA is powerless to combat the overall distribution of such "in-demand" encryption keys. Look at what happened with the AACS key (09 F9... anyone?). Even if you are able to snag a few people for spreading the number, or intimidate them into ceasing doing so, the overall effect will be negligible.

This is US-only though, in most the EU, it's explicitly allowed

Valve is, unfortunately, a US based entity, and thus bound to US laws.

Corpos have in the past attempted to claim otherwise. The safest bet for the Dolphin team would've been to ask the user for the key.

This would probably work. You could even get cute store it in the form of a silly math problem.

Way back in the early days of emulation, I recall that PS1 emulators (before a workable reverse engineered BIOS was available) would be distributed, but you had to find a bios dump and provide it to the emulator to actually load a game. This helped avoid infringement but of course was a 'hurdle' in getting things running. TBF, it wasn't that bad if you knew how to search right or had a buddy in the scene that knew a good place to download one [0].

On an unrelated note, is it bad that (most of) those early emulation sites seemed less intrusive with popups/adverts than the legitimate news sites of today?

[0] - There was a period where anyone brave enough to distribute a BIOS but allow their page to get indexed by a search engine, stood a good risk of getting a C&D/DMCA.

I've really only learned how stupid the DMCA is recently. I have no idea how a private decryption key is treated any different from a trade secret.

IF KFC dropped a recipe card and you found it with 5 of the 7 spices and you cracked the final 2, can KFC come after you? How is that any different from Nintendo being sloppy and dropping their decryption key in memory for someone to find?

Say you found all but the last 4 bytes of the key on the ground and you cracked the last 4 yourself? What if Nintendo published the entire key by accident on Github?

What is the point of keeping a private key private if it's illegal to use it if it's not yours? None of it makes sense.