I've always been confused by how these decisions go. Everybody agrees that the user has the right to make a copy, so when the company puts a
"digital lock" on it, the fight is whether the user has a right to break the lock. But if I have a right to go through my door, and somebody has put a padlock on the door to keep me out, the right question shouldn't be whether I'm allowed to pick the lock, it should be why the padlock is legal.
If customers may legally make a copy of the e-book you sell to them, it should be on you the merchant to ensure customers are able to do so.
The digital lock is a matter of conflicting rights. They have a right to prevent infringement of their copyright; you have a right to make limited copies.
The lock on your door is not -- assuming that they don't in fact have some kind of claim on you, like a landlord to whom you have failed to pay rent. So the situations are not parallel, and it should be no surprise that the decisions would differ.
The job of a court is to decide which right prevails when rights conflict. There's often reasonable disagreement over it, and the distinction is often based on a complex and esoteric set of precedents, and on the specific wording of a law.
They do not have a right to prevent infringement. They have a right to make copies, and I have a right to make copies, and nobody else has a right to make copies, but that does not equate to a right to prevent others from making copies, especially me, a person who has a right to make a copy. That's not to say that copyright protection is illegal, it's just not a right.
It would be interesting if all DRM was mandated to include an expiration date, so that users don't have to worry about what happens if the authentication server (thinking of Kindle books here) goes belly-up.
My personal opinion is that this should have been part of DMCA 1201 from the get-go.
We already have a Copyright Office triennial rulemaking to decide, without having to go through a court, if a particular hypothetical instance of breaking DRM is lawful. But it's still illegal to actually provide the tools needed to break that DRM, and as far as I'm aware that doesn't go away even if you only provide tools to people who need them. So everyone's expected to independently research how to break DRM to build one-off hacks for specific systems. This seems like an extremely high burden when the DRM is implicating fair use, which is part of free speech.
What we should have done was oblige DRM vendors to provide lawful access to protected media. If they don't comply in some way to facilitate the access that was improperly blocked, then we let the Copyright Office march in and strip that DRM system of its legal protections.
Yes, rightsholders should be forced to choose between legal and technical protection. They should not be allowed to use both, because DRM on copyrighted material steals from the future public domain.
No, that won't change while either of us is still drawing breath. The courts continue to maintain that rightsholders are entitled to make their monopoly permanent.
> Yes, rightsholders should be forced to choose between legal and technical protection.
This is not a serious argument because there is no doubt that they would choose legal protection, since the technical protection would never hold. It doesn't even hold as it is, when circumventing it is illegal.
The answer is much simpler: There should be no legal prohibition on circumventing technical protection. It's completely inane. If the circumvention is happening in order to infringe copyright then the infringement is already unlawful and doesn't have to be separately unlawful as a circumvention. Whereas if the circumvention is happening in order to exercise fair use or because the DRM system is restricting a work no longer under copyright, it should certainly not be illegal to circumvent it then.
So it has no legitimate purpose. Either the technical measure holds on its own (unlikely), or the legal protection should be coterminous with any resulting infringement and the technical measure should be irrelevant.
The idea wasn't to make infringement more illegal, it was to take DRM removal tools off the market. There were already theories of secondary liability - i.e. "contributory infringement" - for aiding someone in an infringement, but the courts had refused to apply them to new copying technologies[0]. Copyright owners also hoped that this would make player vendors obedient to them far beyond what the law actually mandated.
In this respect, DMCA 1201 has been fantastically successful at terrorizing basically everyone into overcomplying. There's no concrete definition of what a copy protection scheme actually is[2], so you can point to any undesirable antifeature of a product and call that DRM. This is pure catnip to gaslighting control freak companies like Apple.
For what it's worth, if you put something uncopyrightable under a DMCA 1201 technical protection measure, it holds no legal value[1]. I imagine this would also apply to public domain works, so you can legally decrypt them. Problem is, I struggle to see a legal way to sell the tools necessary to decrypt such works.
[0] I'm specifically referring to the Betamax case, though that one was less "you're selling piracy tools" and more "you're telling people to go pirate movies". The Grokster case would partially overturn this, so you can get contributory liability for advertising infringing use cases of your software (aka "inducement"), independent of DMCA 1201.
I suspect that if inducement was a valid theory of liability in the 80s, we wouldn't have seen such a huge, cross-industry push to enact DMCA 1201. People selling cracks would be legally liable under the inducement theory, but we wouldn't have a blanket ban on tools that could be used lawfully, like, say, tools that let you defeat parts pairing.
[1] This, oddly enough, had to be proven in court with cases about garage door openers and printer cartridges, which took almost a decade to resolve.
[2] The original law did codify existing DRM schemes (notably Macrovision, which it spends whole pages defining), but none of those are relevant today.
> Copyright owners also hoped that this would make player vendors obedient to them far beyond what the law actually mandated.
> This is pure catnip to gaslighting control freak companies like Apple.
But this is exactly why it needs to be repealed. Its stated purpose is a farce and its true purpose is an injustice.
> The Grokster case would partially overturn this, so you can get contributory liability for advertising infringing use cases of your software (aka "inducement"), independent of DMCA 1201.
Which seems some combination of useless and unreasonable. Okay, so now Bram Cohen is diligent to never advertise BitTorrent for infringement, and then doesn't get sued because it has substantial non-infringing uses. But Grokster had non-infringing uses too, and many people still use BitTorrent for copyright infringement, so it seems like all the decision does is bring about censorship.
For example, what happens if an employee of a tech company wants to come out as a proponent of the Pirate Party, advocate abolishing copyright and describe how advantageous the company's products could be to people without it? Isn't that just core political censorship, since it could get their company sued? Meanwhile the same tool is legal as long as they don't do that, so the only difference is the expression of political speech.
> Problem is, I struggle to see a legal way to sell the tools necessary to decrypt such works.
The other problem is, what does that even mean?
Suppose I put a copyrighted work in a box and screw it shut. Is a screw driver now a circumvention device? It has uses beyond copyright infringement, but as soon as anybody uses CSS on a DVD of a public domain film, so does DeCSS.
So a literal electric door lock would have the right to lock your door if they think you might break the copy right on the door lock you purchased from them.
Analogies are sometimes useful for understanding, but they rarely seem useful in marking an argument. It always seems redirect the argument into the ways that the analogy is different. (If the analogy weren't different, then it wouldn't be any clearer.)
If one goes into it with the intention of using the differences in the analogies to illuminate the domain, it can be helpful. But any argument of the form "X is like Y, and therefore since p(Y) is obvious then p(X) must also be true" is pretty much destined to shed little light but much heat.
I find an analogies useful in argument. They allow me to apply the logic someone is applying in an unfamiliar domain to a domain that is familiar to all, as a way of seeing how the logic holds up. Naturally, if the domains are too dissimilar, that becomes the focus of discussion. Like all tools, analogies can be used poorly.
Yep, I think the analogy would be better understood if it said they would stop the lock from functioning properly if the company had a suspicion that you were circumventing / reverse-engineering the lock.
> The digital lock is a matter of conflicting rights. They have a right to prevent infringement of their copyright; you have a right to make limited copies.
So in this analogy you have a house with two rooms in it, you have a right to one room and they have a right to the other, but now they've put a lock on the door to the whole house. That puts them in the wrong, does it not?
This would probably fix Linux emulation for some games is my understanding, weirdly enough, all the games I hear have DRM / anticheat issues on Linux are the games I avoid, usually they are the more "popular" games that don't interest me.
There is a special law - the DMCA - saying you can't break digital locks that were placed in the name of copyright, ever. Even telling someone how to break a lock is illegal. Even learning how to break a lock is illegal. Even probing at a lock in ways that might reveal how to break it is illegal.
There's a reason that people say corporations own us, or corporations own the law. In some cases, acts that might result in lowered profits are punished worse than murder.
The DMCA does not apply in Canada, so I'm not sure if telling someone how to break the lock is illegal.
Being a Canadian, I really should look this up. That being said, I try to avoid situations where I would want to break a digital lock. There are plenty of alternatives encumbered media, provided that you don't have your heart set on a particular product. For example, many publishers offer unencumbered ebooks. Library books do have DRM, but it is pretty much a given that some sort of access control is needed since the books are on loan.
In practice, though, the real source of this stuff is the WIPO Copyright Treaty, wherein 116 countries around the world agreed to adopt similar laws on this topic. Those "one-world government" conspiracy theorists have a point!
The typical area where this comes up is 17 USC 1201(a)(2); "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that" [breaks DRM]. "Otherwise traffic" is a big universe of actions, as is "offer to the public."
The courts that handled the DeCSS cases (code that broke DVD encryption) allowed that code like DeCSS was speech protected by the First Amendment, but basically ruled that the functional aspect of the code meant it gets lesser protection. Posting the code, but even just linking to somewhere else it could be found, were both found to violate the DMCA, and that restriction was found to be permitted by the First Amendment.
Exact source is a bit convoluted, because most US law is convoluted, but is covered in multiple subsections of section 1201 of Public Law 105–304 (the technical name for DMCA). There are exceptions for things like making things interoperable and security research (kinda), but beyond that simply glancing at one of these locks can be a violation of DMCA. Sadly the document is excessivly long (60 pages plus references to other laws), and the available source PDF is so poorly formatted as to be nearly impossible to follow (nothing is aligned correctly, and subsections regularly form a very confusing pattern)
In the US, 17 U.S. Code § 117 (a) gives me the right to make a backup of a computer program. An eBook is...probably not a computer program.
But ALSO, it is legal to make backup copies of non-program media so long as you don't circumvent any non-exempted encryption technologies to do so, and so long as you destroy those copies when you no longer have access to the original, and so long as you use the backup for no purpose other than backup, and so long as you don't access anything besides what's necessary to make a copy. The big problem is the "non-exempted encryption" because nothing's exempt by default, and exemptions given out by the Library of Congress only last for a few years.
Although I agree that your question is important and sensible, I also think that the metaphors involving locks, keys, and doors have added complications rather than subtracting them to every discussion where they've been applied since the beginning of the internet.
* Transit through a door, in meatspace, amounts to tresspass insofar as it creates a physical vulnerability - to violence, vandalism, or larceny. This is true whether my door is locked or unlocked.
* Locks prevent operation of a door (or, in some cases, detachment of objects, such as with a bike lock). To open a lock is to facilitate transit through a door, or independent movement of the detached objects - these are state changes. Compare with copying bytes, where the original bytes are left unchanged.
* (Not central to the current discussion, but still demonstrative and worth consideration) Keys - don't get me started on keys. This metaphor has made it so much more difficult to teach cryptography to students who tend to learn well from other metaphors.... especially for assymetric crypto - keys do not map cleanly whatsoever, and they break the "signature" metaphor, which is otherwise pretty good. You don't sign things with a key; you sign them with a pen.
tl;dr: although perhaps companies adding bugs that prevent copying is a violation of your rights, it's not the same violation as adding a lock to a door.
For those who are unaware, "Fair Dealing" is the Canadian equivalent of "Fair Use".
As a Canadian, I have so much gratitude to Michael Geist and the CIPPIC. Many of these issues don't seem to generate the same amount of public interest in Canada as they do in the States, but it's very important work.
"The Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic (CIPPIC) is Canada’s first and only public interest technology law clinic. Based at the University of Ottawa’s Faculty of Law, our team of legal experts and law students works together to advance the public interest on critical law and technology issues."
Excellent. A user’s rights are determined by social consensus and the law, and cannot be circumvented simply by restricting access technologically. Big win for fair dealing (similar: american fair use)
The case arises from years of litigation between Blacklock’s Reporter, a paywalled news service based in Ottawa, and the Canadian government.
Blacklock’s continued to press ahead with other cases with the latest decision involving 15 articles that were distributed to media personnel at Parks Canada. The department had an individual subscription to the service, but Blacklock’s argued that allowing anyone other than original subscriber to access articles constituted copyright infringement.
Blacklock’s position on this issue was straightforward: it argued that its content was protected by a password, that passwords constituted a form of technological protection measure, and that fair dealing does not apply in the context of circumvention. In other words, it argued that the act of circumvention (in this case of a password) was itself infringing and it could not be saved by fair dealing.
The Federal Court disagreed on all points. It cited with approval CIPPIC’s argument that “the TPM provisions do not apply to restrain fair dealing; using a validly obtained password to access content is not circumvention.” Further, court noted “how the password was obtained is significant as this may prevent a user from invoking the fair dealing provisions of the Act.” In other words, not all password sharing will qualify as fair dealing. This decision is not a licence to simply share passwords with no consequences, but rather affirmation that passwords are not a technological protection measure and that using validly obtained password does not limit fair dealing rights.
My reading (grain of salt, I'm not a lawyer) is that receiving a password from the person who owns that password is likely to always fall into "validly obtained" and be considered fair dealing
However the ruling leaves open the possibilty to find other forms of password sharing to be considered invalid. We'd have to see if something like a "My friend shared his friend's password with me without his friend knowing" would continue to be "valid"
Stolen passwords are almost certainly "invalid
If we think about it like house keys, entering someone's home with a stolen key is likely illegal. Entering a home with a key they lent you is fine. Entering a key that you obtained from someone who is allowed to have the key but not explicitly allowed to share the key is a grey area
Interesting. You're probably right, and it makes me think of some similar but slightly different situations
For instance what about cafes having magazine subscriptions that they give you a password for when you buy from them, much like they might have a couple of newspapers lying around (or daily coffee news prints)
I wonder if that would count as fair dealing... Not "selling password access" but "giving password access to paying customers of our business"
I also wonder how it's really any different than bars doing big pay per view events where they charge a cover to get in so you can watch
Bars (in UK) pay enormous sums of money to present PPV broadcasts and such. They are charged, usually, according to floorspace; sometimes size of screens is factored in, sometimes there are maximum numbers of attendees.
It's similar to libraries having to buy a book along with a license that bypasses the usual imprint that says "not for lending"; they don't just buy a book from a bookstore.
A license for a live event stream makes sense, but libraries having to buy special licenses to loan out physical books seems completely nuts to me. Does the UK not have an equivalent to first sale doctrine for physical goods?
Yeah. I'm thinking the shared password falls into the category of being able to share a copy of a magazine in your office, either directly, handing someone an article to read, or indirectly, by putting the magazine in a communal table or rack so anyone in the office can read an article they're interested in.
Just because the article is digital shouldn't mean it's now suddenly for your eyes only, and everyone needs to buy their own.
The question the article didn't cover is how far that password sharing can go. Obviously publicly sharing the link and password to anyone on the web goes well beyond traditional sharing. Even making it available to everyone you know goes well beyond normal. The trick will be determining exactly how far the sharing is allowed to spread.
This is a positive ruling, but it seems to be a little ridiculous to be applying anti-circumvention claims to something as trivial as a website password.
What I am more interested in is if a similar precedent would apply to fair-use of legitimately obtained content or hardware (e.g backing up a Blu-Ray disc, obtaining and installing a mod-chip in a video-game console to utilize third-party applications, etc.)
We can’t fight the right to break the digital lock. They are getting increasingly unbreakable. We must void the right of the vendor to apply such a lock in the first place.
For example, Google uses "Android Integrity" (remote attestation) to lock out competitors to Android and Google Play. If you want to create a competitor, you need it to be compatible with existing apps or you can't get off the ground. The customer who adopts your alternative system wants to install the app for their bank and if it doesn't work they regard your system as broken and stop using it. That's fine, Android is open source. You can implement compatibility with existing apps.
Only now Google's servers tell the bank's app not to run on your competing system, because it isn't Google's. But the apps aren't going to specifically target your new system until you have users -- which you can't get without apps.
This is a very different problem than DRM, because people variously find ways to break the DRM, and they only have to do it once to unlock everything. Even if the vendor patches it, it's too late, all the content is already on the pirate sites.
Whereas with attestation, it often gets cracked, but then it's only cracked most of the time. Every once in a while, at random, your competing device breaks and you have to wait a few days for someone to crack the attestation again. Which normal users are not going to put up with, so an alternative competitor can't gain a foothold. That is a serious antitrust problem.
I agree that the locks shouldn’t be allowed. At the minimum, it should be false advertising to describe exchanging money for a DRM-infected product as a “sale”.
That said, I’ve watched an endless parade of unbreakable encryption being broken. I don’t expect that to change any time soon.
The manner in which a legal decision is interpreted by the masses is often more important than the decision itself because it influences decision making and how people communicate.
If customers may legally make a copy of the e-book you sell to them, it should be on you the merchant to ensure customers are able to do so.