See my full write-up of all of the other DMCA requests here.
When a digital rights management-based music, video, or software product shuts down, as has happened in the past with Microsoft, Google, Yahoo and Wal-Mart Stores, one thing is guaranteed: customers lose legal access to works for which they paid.
Existing copyright law makes it a crime to attempt to circumvent DRM protections, even on legally purchased music, and so consumers are generally dependent upon the failing media store to provide some remedy--perhaps a refund, or a temporary delay of a few months in the death of the DRM-authenticating servers that are necessary for full use of the music. However, the store instead may simply choose to say "bah humbug," shut down, and leave consumers high and dry.
What if, instead, consumers had a legal right to circumvent the DRM protecting those legally obtained but now useless songs, videos, software, and video games? If this blogger and a legal team from Harvard University are successful, this just might be possible.
The Digital Millennium Copyright Act makes it illegal for users to break or reverse-engineer the DRM that protects music, video, software, and consumer electronics. However, every three years, the Copyright Office asks the public to submit requests for new exemptions to the law.
In years past, consumers were given the right to hack region-locked mobile phones, and security researchers were allowed to circumvent the DRM protecting malware-infected music CDs (such as in the famous Sony rootkit fiasco).
The deadline for this year's requests was Tuesday afternoon.
A team from Harvard's Berkman Center for Internet and Society has requested an exemption that, in the event that a central server-based DRM scheme fails in the future, would permit consumers to circumvent and evade the DRM protecting the music, movies, software, and games that they have previously purchased, in order to maintain their existing lawful right to access those works.
The team is made up of myself, Phil Malone, a clinical professor of law at Harvard Law School and director of the Cyberlaw Clinic, and Arjun Mehra, a law student in the clinic. Our full submission can be downloaded here.
In just the past few years, a number of DRM-based music and video stores have gone kaput, leaving their customers without a lawful way to access works for which they paid good money. These include Microsoft's MSN Music Store, Google's Video store, Yahoo Music, and Wal-Mart.
In some cases, consumers could keep listening to media on the same computer, after the shuttering of the authentication server, but they were unable to transfer the songs and videos to new MP3 players or other computers, or even to reactivate them on their original devices, in cases where they had a hard drive crash or needed to reinstall the operating system.
While we're not aware of examples so far of shutdowns or failures of similar DRM systems protecting software and games, this sort of consumer harm is likely in the next few years. For example, were Electronic Arts to go bankrupt, the millions of customers who had purchased a copy of the game Spore would be unable to reinstall that lawfully purchased copy after a hard-disk crash or virus infection.
Under a plan floated by Electronic Arts this past May, some of its games would need to contact a DRM server every 10 days to continue functioning. Such a regime would lead to the instant orphaning of every installed copy of the game, if the company later shut its doors or shut down its authenticating servers.
Luckily for angry EA fans, the company abandoned the 10-day authentication plan after massive consumer backlash, but the likelihood that other game or software vendors will use similar measures in the near future is high.
A researcher exception too
If researchers have to wait until the central authenticating DRM servers have been switched off before they can begin the reverse-engineering process, they might never be able to learn how the DRM works and how it might be lawfully evaded, if a DMCA exemption permitted it.
To understand how to effectively circumvent a DRM system, researchers need to be able to watch authentication messages flowing back and forth between a legitimate client and the master DRM server. Once the server has been turned off, there are no authentication messages being transmitted that the researchers can observe and study.
As a simplistic example, consider that Ali Baba needed to sit outside the 40 thieves' cave in order to overhear the correct password ("open sesame"). Had the thieves vanished, and Ali Baba been left outside the cave, trying random passwords, it is likely that he never would have been able to get inside.
To solve this problem, we have asked the Copyright Office for a second exemption to the DMCA's anticircumvention provisions. We have asked that technologists and researchers be allowed to circumvent such DRM stores in the course of good-faith research before the death of the server, for the purpose of documenting the inner workings of the DRM system.
This way, for example, researchers would be able to legally circumvent the DRM in iTunes or Spore, even while the services are still functioning, in order to understand and document how the DRM software functions.
This would give legitimate researchers (both professional and amateur) the legal protections necessary in order to safely tinker with and take apart existing DRM systems so that, should the services ever be shut down, it wouldn't be too late to gather vital circumvention information.
Of course, it would still be illegal for the general public to use that information to circumvent a DRM store, until the service was shut down and the DRM servers stopped functioning.
Thanks
I'd like to thank Phil Malone and Arjun Mehra, who donated their time to work on and draft this request with me. I'd also like to thank Ed Felten, Tim Lee, Nicole Ozer, Chris Riley, Pam Samuelson, Wendy Seltzer, and Fred von Lohmann, all of whom provided us with valuable feedback during the drafting process.
For copyright activists, Christmas comes but once every three years: a chance to ask Santa for a new exemption to the much-hated Digital Millennium Copyright Act's prohibitions against hacking, reverse engineering, and evasion of digital rights management (DRM) schemes protecting all kinds of digital works and electronic items.
Judging from the list of 19 exemptions requested this year, some in the cyberlaw community are thinking big. (Disclosure: One of the DMCA exemption requests was submitted on behalf of this blogger by Harvard University's Cyberlaw Clinic.)The requests include the right to legally jailbreak iPhones to use third-party software, university professors wishing to rip clips from DVDs for classroom use, YouTube users wishing to rip DVDs to make video mashups, a request to allow users to hack DRM protecting content from stores that have gone bankrupt or shut down, and a request to allow security researchers to reverse-engineer video games with security flaws that put end users at risk.
Electronic Frontier Foundation uber-lawyer Fred von Lohmann told Wired News earlier this week that the government "has repeatedly dismissed any consumer-oriented fair uses, such as making backup copies of DVDs or video games, as well as requests for exemptions to enable copying DVDs to laptops and portable devices." He also told them that the DMCA exemption process is "hopelessly broken."
That depressing outlook doesn't seem to have stopped Lohmann from co-authoring two significant requests (PDF) to the copyright office for exemptions squarely targeted at members of the public.
The highlights
The 19 requests are too lengthy to blog, and so only the most noteworthy (to this blogger) have been presented here. Those wishing to read through the others can find all of the submitted exemption requests at the Copyright Office's Web site.
First, the EFF has asked that consumers be allowed to jailbreak or hack smartphones to run lawfully obtained third-party software on the devices. Such an exemption, if granted, would be great news for the estimated 1 million users who have hacked their iPhone, and risked the wrath of Steve Jobs as his engineers played cat-and-mouse to stop the jailbreaking. Such an exemption would also be fantastic news for Mozilla, which is currently prohibited by Apple's terms of service from bringing the popular Firefox browser to iPhone.
In the EFF's second request, the group has asked the Copyright Office to permit end users to circumvent the DRM protecting DVDs, for the purpose of creating noncommercial videos that fall squarely within the protections of fair use. While such circumvention is already trivially easy to do with tools such as Handbreak, it is technically illegal to do so. For the millions of YouTube users who remix and mash up snippets of copyrighted works (including Sen. John McCain), such an exemption would mean digital freedom.
In complementary filings, representatives from Duke University (PDF), the University at California at Berkeley (PDF), Middle Tennessee State University (PDF) and the Library Copyright Alliance (PDF) asked for a similar exemption for DVD ripping, but solely for professors who wish to create compilations of digital film clips for classroom use. A more limited professor exemption was granted back in 2006, but only for those teaching film studies. Both groups would like to see that exemption expanded to professors and K-12 teachers from all fields.
The Cyberlaw Clinic at Harvard University, representing this blogger, has asked (PDF) the Copyright Office to allow end users to circumvent the DRM protecting music, video, software, and games in the event that a central authenticating server is shut down. This has happened several times in the past few years, including Microsoft's MSN Music Store, Google's Video store, Yahoo Music, and Wal-Mart. The team also asked that researchers be permitted to reverse engineer functioning DRM stores (such as Apple's iTunes) before any shuttering is announced, for good-faith documentation purposes.
Finally, Professor J. Alex Halderman has expanded his successful "Sony Rootkit" 2006 request, and has asked (PDF) that security researchers be allowed to circumvent the DRM in digital works, software or games that create or exploit security vulnerabilities on the computers of end users. While his request is broad, the main focus is on DRM schemes such as SafeDisc and SecuROM, which are widely used in the video game industry (such as in Electronic Arts' Spore).
Next steps
During the next few months, the Copyright Office will allow members of the public to submit comments on the exemptions requested during this cycle. Later, in March, two public hearings will be held, in Washington, D.C., and California. There will likely be appearances by several public-interest groups and law school clinics speaking in support for their exemptions requests, while representatives from the recording, motion picture, and software industries are likely to show up to fight against such efforts to weaken the DMCA. At the very least, the hearings promise to be quite a spectacle.
- prev
- 1
- next
