The Electronic Frontier Foundation (EFF) last Thursday filed a lawsuit against the U.S. government (the Attorney General, Library of Congress, and Copyright Office), in an attempt to have Section 1201 of the Copyright Act found unconstitutional. Section 1201 is the provision that makes it a violation of copyright law to circumvent (hack) DRMs and other “technical protection measures.”
The nominal plaintiffs in the suit are Prof. Matthew Green of Johns Hopkins University and Andrew Huang, founder of a startup called Alphamax. The suit arose out of the process that DMCA calls for to define exemptions to the law. Every three years, the Copyright Office (a branch of the Library of Congress) defines a new set of exemptions, which are use cases for which someone who circumvents a DRM system is not liable. The Office decides these based on input from the public (though mainly from the “usual suspect” advocacy and lobbying groups).
Exemptions that the Office has granted in the past have included allowing DRM hacks for accessing obsolete software that requires the original media or a dongle, read-aloud functions for e-books, mobile phone jailbreaking, and taking excerpts of DVDs for certain noncommercial purposes. At the end of each three-year period, the granted exemptions expire, and the Office starts from scratch. The law also includes permanent (statutory) exemptions, such as for certain types of security testing or research, that aren’t subject to the rulemaking process.
Both of the plaintiffs in this case do work that could trigger DCMA 1201 complaints: for Green, circumventing various types of systems (including automotive anti-theft devices) for research purposes and publishing the results; for Huang, circumventing the HDCP video encryption for HDMI cables as part of Alphamax’s digital video editing technology. In its most recent rulemaking (2015), the Copyright Office denied requests for exemptions that would have touched on the plaintiffs’ activities.
Most generally, the EFF wants the court to find that the law and the triennial rulemaking process are “facially overbroad in violation of the First Amendment” and “a facially unlawful prior restraint and licensing regime in violation of the First Amendment”, and to prevent the government from enforcing the law. Other counts in the complaint are particular to the plaintiffs and the 1201 exemptions that are relevant to their work.
In other words, the EFF would like the court to cause DMCA 1201 to be completely overturned, but they might settle for forcing the Copyright Office to grant exemptions that enable the plaintiffs to do their work without fear of liability.
The Copyright Office is currently conducting a public review of the 1201 rulemaking process. It was designed so that exemptions expire every three years, to account for constant changes in technology and relevance of particular use cases over time. But many parties have found the process to be unsatisfactory for various reasons — not least the Copyright Office itself, which has complained that it spends inordinate time and resources on it.
That aside, it’s worth pondering what would happen if the EFF succeeds (and the D.C. District Court’s ruling survives the inevitable appeals). How would it affect the commercial content industries if there were no anticircumvention law?
To consider this, start with the premise that all DRMs can be hacked, somehow. The relevant question is whether the hack is what I call a one-click hack: a hack that can be packaged and published so that everyday users can install and apply it easily, without special technical skills or tools, and that results in a DRM-free copy of the content with negligible or no loss in fidelity. Then it helps to divide the digital content world up into three categories: services and formats for which one-click hacks exist, services that use DRM for which (as far as I know) one-click hacks don’t exist, and DRM-free content.
The first category includes major e-book retail ecosystems, DVDs, and Blu-ray discs. The second includes pay TV and many Internet (OTT) video services that handle Hollywood content. The third includes music downloads.
What would change for each of these categories if DMCA 1201 were to go away? The biggest immediate changes would come in the first category. For these services, as far as the user experience is concerned, DRM removal would work like file format conversion — like Microsoft Office to Google Docs, MPEG-4 AAC to MP3, or GIF to JPEG.
To consider how this would affect the market, let’s take Amazon and book publishing as an example. Whereas Microsoft Word offers a menu item for importing WordPerfect files, Amazon Kindle apps could offer a menu item for importing Nook or Kobo e-books. Amazon might be within its rights under copyright law to do this, but it still could risk lawsuits from authors or publishers under the theory of contributory liability if the result of the import is a DRM-free file. This gives rights holders some leverage over Amazon even without 1201.
Some publishers might want to negotiate deals with Amazon (i.e., agree not to sue it) if it implements “import from Nook” or “import from Kobo” so that it re-encrypts the file in Amazon’s Kindle DRM. Amazon would have to offer this on an “opt-in” basis (the way some e-book services offer user-to-user lending) to avoid allegations of contributory liability — i.e., the default would have to be “do not convert.” There are precedents for DRM conversion schemes that have been allowed, or at least not been attacked, by the media industry, such as AACS Managed Copy for video, RealNetworks’ Harmony for music, and Coral.
Book publishers couldn’t all get together (e.g., through the Association of American Publishers) and decide on a rule for their entire industry; that would raise antitrust concerns. So, Amazon would need to examine each file that a user attempts to convert to figure out who the rights holder is and apply the rule for that publisher. The information it would examine would have to be inside the DRM’ed file (i.e., just as secure as the content itself), not in easily alterable cleartext file headers.
Amazon could also display warning messages about infringement during the import process and put terms into its EULA that make it a breach of the agreement for a user to use the feature for infringing purposes. The latter is what ISPs in the U.S. do: they put terms in their Terms of Service stating that they can terminate your account if you use it for copyright infringement.
My suspicion is that some publishers might be willing to grant e-book retailers some latitude on this point — because it would promote interoperablity among e-book ecosystems — while others would not. The publishing industry would really have to make a “fish or cut bait” decision: demand that retailers adopt stronger DRMs that don’t (at the moment) have one-click hacks available, or just go DRM-free?
The reality is that most, if not all, of the major e-book DRMs have one-click hacks available if you know on which offshore websites to find them. They just don’t work seamlessly inside Kindle, Nook, or other retailer-supported e-reader software.
As far as DVDs and Blu-ray discs are concerned, Hollywood has used 1201 to stunt the availability of one-click hacks for many years, with some success (see for example the MPAA’s lawsuit against 321 Studios in the early 2000s). If 1201 goes away, then the studios and networks could go through a process that’s analogous to the above with makers of software video players like Microsoft and Apple.
The fate of systems and services that fall into the second (strong DRM) category is less clear. Would the elimination of 1201 result in more researchers working on developing one-click hacks to those DRMs, with more success? And would that, in turn, cause Hollywood to demand even stronger DRM? It’s possible. But it’s equally possible that there is no one-click hack to Netflix (again, for example and as far as I know) because there isn’t much demand for it. Netflix is a convenient service that offers up a large variety of content instantly on demand for a reasonable price; many people may feel that creating hard drives full of DRM-free files of Netflix video content is just not worth the bother.
The situation is similar for on-demand streaming music services — the Spotifys and Apple Musics of the world. Hacks exist for their DRMs — which I suspect aren’t as strong as Hollywood-approved DRMs — but you don’t hear about them very much; and you don’t hear at all about DRM hacks for less popular interactive streaming services (Tidal, Rhapsody, Rdio, etc.).
In other words, Hollywood studios have already made their fish-or-cut-bait decisions regarding DRM strength, and they have gotten fairly good cooperation from tech vendors and service providers in getting them to adopt stronger DRM. The same is true for the music industry, where I’ve found that going DRM-free had little or no effect on sales of downloads — which are dropping in popularity and should be smaller than on-demand streaming by next year anyway.
The upshot seems to be that while DMCA 1201 has had an impact on the development and proliferation of digital content services since its enactment in 1998, the media industry has had a long time to adjust to the reality of the hacks that have appeared regardless, primarily from places beyond the reach of U.S. law. As far as commercial content distribution goes, as the D.C. District Court considers the fate of DMCA 1201, the law may be at a point of diminishing returns.