Legal Gymnastics: It's Okay To Circumvent DRM In Europe If It's Circumventable
from the follow? dept
This one is going to throw the entertainment industry lawyers for a loop. Anti-circumvention clauses are some of the most controversial parts of digital copyright laws. Those rules take away certain fair use rights and often criminalize perfectly reasonable things (such as software). However, the anti-circumvention rules in Europe may just have become a lot weaker due to a fascinating interpretation of the EU directive on the topic. Boing Boing points us to the ruling that says that circumventing certain types of DRM is ok if the DRM is “ineffective.” It’s based on a strict reading of the law, which says that the law only protects “effective” DRM. So, as long as you can prove the DRM is ineffective, it’s okay to circumvent it. Of course, how do you prove that DRM is no longer effective? Perhaps by circumventing it. So, basically, you can’t try to circumvent DRM (that’s illegal!), but if you do, you’ve proven it to be ineffective, and therefore, you can circumvent it. Of course, the details in this case involve DVD DRM, which was circumvented in Norway — which is not a part of the EU. So, perhaps the DRM first needs to be circumvented outside the EU before it becomes circumventable in the EU. In the meantime, this was a low level court ruling that will almost definitely be appealed. I’m sure the entertainment industry lawyers will point out that this effectively makes the anti-circumvention directive meaningless as their defense against the ruling, and that might just work. In the meantime, enjoy the circular logic.
Comments on “Legal Gymnastics: It's Okay To Circumvent DRM In Europe If It's Circumventable”
Uh, that makes no sense, but I’ll play..
What is is that point when it’s met critical mass to be considered “ineffective”?
I wonder if they’re misinterpreting the word effective? Perhaps the law was actually referring to DRM that is “in effect” or currently in use. Verbal ambiguity is such fun!
Not quite as simple
If a certain DRM scheme is such that it takes considerable effort for each person to circumvent it, that would still be considered effective. If a simple crack is made public (from wherever) that can be downloaded, the DRM is then considered ineffective.
Re: Not quite as simple
Let’s see. So if one has to consider it, it can be said to be “considerable”. To consider can mean “to think about”. To take any conscious action requires one to think about it. So in that case then, if one has to consciously do anything, even push one key or one button on a remote or load a disc, it would be considered “effective”. In that case then, I can’t think of any examples of DRM that couldn’t be considered “effective”.
Re: Re: Not quite as simple
“considerable effort” I would think should mean like at least 10x the man-hours(sorry if that’s not a politically correct term) taken to create the DRM to be able to create a crack. 100x would be better but it usually seems more like it takes 1/100th of the man-hours to crack it instead so I’ll set the bar fairly low to give them even a slight chance.
Another interpretation
It sounds like this court wanted to make it illegal for the first person to break the DRM, since at that point it would still be considered ‘effective’, but not make every person out there who cracks the protection from then on be subject to litigation.
Re: Another interpretation
Careful! Intelligent, sensible postings could get you banned…
Re: Re: Another interpretation
You’re new around here aren’t you? This isn’t a Fox News blog.
Re: Another interpretation
Logically, it would still be the same DRM it was before. Demonstrating that it could be broken wouldn’t change the fact that it had been breakable all along. By analogy, just because no one has attempted to set fire to some particular open bowl of gasoline doesn’t prove that said bowl of gasoline is “fireproof”.
Now from a practical perspective, how would anyone ever be proved to be the first person to break some DRM? It could well have been broken many times before that just weren’t well publicized.
Good Measure
I think that on a literal point to be “ineffective” would mean extremely easy – ie if an average-jo computer user can Google “copy DVD” and get a program to copy a DVD with DRM then it is ineffective. If however you have to find a code, patch a program’s source code with it and compile the source – assuming such instructions aren’t readily available in a form my 13 year old sister could use – then there MIGHT be an argument that it is actually effective but not otherwise. Maybe it could still be counted as effective if it took over say 2 years of widespread use – or say at least 5-10x the development time of the DRM for it to be cracked then it still could be called effective
On a separate point I do like that argument, more circular logic please!
Re: Good Measure
Fun with ambiguity. First, what constitutes “average-jo”? I would imagine there are plenty of 13-year-olds who could patch and recompile code with minimal instruction. How do we measure when the “average” 13-year-old could succeed at a given task? (I suppose we could add this to the standardized school tests. 😀 ) Besides, it’s only a matter of (usually very little) time that someone will take the fix and wrap it up in a nice, simple, stand-alone package.
I think this post, interestingly, proves one of the arguments against DRM: it only keeps honest people from doing what they could or should be able to do in the first place; it does nothing to keep out the determined. Only the “average-jo” suffers…
Re: Re: Good Measure
What I mean here is someone who can use a computer in terms of internet etc and possibly install a program by double clicking the exe as long as there arn’t many options to select (mainly these are windows users)
That’s pretty much what I was getting at. It might be “effective” for only a couple of weeks, couple of months at most if they’re lucky.
Re: Re: Re: Good Measure
I see. So you are saying that Linux or BSD or Mac users should be exempt from the DMCA anti-circumvention provisions.
Using is not Breaking
It’s a sensible decision, *breaking* DRM is one thing. *Using* the break is another.
The DRM companies are arguing the ‘instance’ of the DRM counts individually, i.e. every time you rip your DVDs to your laptop you are breaking DRM. But that’s rubbish.
The court has decided this is not true, the guy who broke CSS did the break, everyone else is just *using* the ripper.
Then again why should bad lock makers be able to get legal protection for their bad locks? Why is this stupid law in anyway. (Well apart from it was slotted into a treaty after being rejected both by the US and EU governments).
It’s legal and moral to rip DVDs to your media centre PC. It’s legal to publish information on locks:
http://home.howstuffworks.com/lock.htm
So why should there be this exception, where bad lock makers get legal protection for their bad locks? Why does DRM get special protection? If it works it doesn’t need it, if it doesn’t work, pretending it does doesn’t change the reality!
Physical locks protecting *Real* Property have to be *really* secure, not pretend secure.
If ‘IP’ really is property as lobbyists like to pretend, then how can they pretend the locks don’t need to be secure!
Why can we study any area of technology, except how some crap little companies crappy DRM works.
the DMCA has the same type of clause..
Just a couple of days ago I was in a discussion about how DRM can be legally circumvented if it’s ineffective. The discussion was about how someone was being harassed(sued?) over how they published a workaround for some javascript “protection” on a website; the website’s owners didn’t take kindly to it and gave him a cease and desist or the like. The problem is that the DMCA states that if a form of protection isn’t effective then circumventing it isn’t a violation, and javascript content protection has never been shown to be effective.
Re: the DMCA has the same type of clause..
If the purpose of DRM is to prevent unauthorized copying, then no form DRM has ever been shown to be effective. However, this fact is politically incorrect so judges just ignore it. It’s like Alice in Wonderland.
Let me understand this: To play an encryption-encumbered DVD, I need a player that can play it. To do this, I need a player that has the decrypter and the key to decrypt it. So, unlike public/private RSA encryption, I have material to be decrypted, the decrypter and the key. (It just occurred to me that adds cost to the product, but no value.)
Anyway, doesn’t that by definition make all types of DRM circumventable?
Re: Re:
Actually, as I understand it RSA and the CSS encryption used on DVD’s are both asymmetric-key cryptosystems. In other words, the decryption key stored on the player is different than the encryption key. But that still doesn’t invalidate the rest of your statement, i.e. the player contains both a decryption system and a key to go along with it.
Suicide crackers?
Is this like how attempted suicide is illegal, but succeeding is not?
Re: Suicide crackers?
Not really. This means attempts are illegal only if there have been no previous successes. With suicide it is usually easy to tell if there has been a prior success. With DRM cracking prior successes may not be known except to a few.
is this mean it’s ok for me to circumventing ineffective virus?
Simple logic, really
Actually, it makes perfect sense. If the FUV* technology were effective, it wouldn’t need legal sanction to enforce it.
So the laws you would be breaking by circumventing it would actually be laws of physics. Or information theory. Or something.
*FUV = Fair Use Violation. “DRM” is so last century, isn’t it.
Mike, are you still around? Mommy hasn´t pulled the plug on your internet access. Still bashing xG??? You moron, I´m up fucking huge and Telefonica is about to come on board. If you had ANY BALLS at all, you would print a retraction to your bullshit garbage about xG. I´m not expecting that, as I know those that blog cannot do a damn thing other than blog.
#19-- by the Coward
Dude, I have no idea what your talking about but TechDirt is like talking around the watercooler, man. Leave Mike alone, he has some good ideas and also some bad, just like I have good stuff and some bad. TD is that place where you can put your ideas on the back burner and let it bake a bit.
What’s cool is that he created something of a community where we can collaborate share, add, and discuss. Everyone’s equal. Spill it or else your just as worthless as hiding behind the Anon Coward name.
Whats your beef.. Let’s discuss.. Or go away.
An example
Here’s an example of circumventing an effective DRM scheme:
A company sells a special camcorder with a box-shaped lens. You place it right up against your monitor and start the DVD. The camcorder would then record the movie content as it plays and store it in a DRM free digital format. Perhaps the captured video image could be of high quality if it could capture at a high enough frame rate at a high enough resolution, and could then be distributed. But selling of such a device would be considered illegal under this law, because the DRM is still intact and effective.
However, if a group creates an encryption scheme and they claim that the encryption can’t be broken, but is then defeated within a couple of months by a teenager, then your encyption scheme is too weak to be considered effective.
D.R.M. (Doesn't Really Matter!)
DRM is a bit of a joke, it doesn’t take long for popular content to be available with the DRM stripped off like a cheap bumbersticker. This is especially true today, since people can exchange files in complete safety with encrypted file sharing methods (such as Europe’s GigaTribe: http://www.gigatribe.com )
Well the RIAA will simply paint over that line with a black marker like the we used to do with their CDs.
Don't not overstretch this...
The decision does not apply to the whole EU. This was a decision of a Finnish lower court applying the Finnish copyright law solely on this specific case of circumventing DVD CSS. It does not as such bind other EU member states that may have a different wording in their law for the purposes of implementing the EU copyright directive. Also, the extent to which it is generalizable to other similar cases even in Finland is debatable.
An interesting aspect of the decision was that none of the copyright organizations took any part in it. This was a criminal trial, started by the defendants themselves when they turned themselves in for violating the copyright law.
And don't use no double negatives either!
Scratch one “not” from previous subject line.
Site problems?
The site hasn’t been updated in close to 72 hours. What gives? This is usually a very active blog, particularly on Mondays.
Re: Site problems? ...Blither
This Monday is a National Holiday; Memorial Day: a day we honor those who serve our country to maintain our freedom.
There is no excuse or explanation necessary.
Patience, my boy. You will be addressed directly, assuming you have something Worthwhile to communicate….
Effective DRM does not need to make copyright violation impossible, it simply needs to make such violation more difficult than legally licensing the content for the relevant purpose (ie if it costs $500 to copy a dvd and $25 to buy it then the DRM is effective even if some fool might waste money circumventing it).
This applies to USA too
This is a reasonable interpretation of all circumvention laws including the DMCA. How can it be that the person who circumvents a DRM is treated as the same as someone who uses the resulting crack?
The interpretation makes sense.
USING AN EXISTING CIRCUMVENTION IS NOT THE SAME AS MAKING THE CIRCUMVENTION!
So this should be applied to the USA too, not just Europe. A sensible interpretation applies wherever common sense prevails.
That law makes about as much sense as the entertainment industry’s “War on the Consumer”.
site problem?
That’s funny. I don’t remember this past weekend being a long weekend. Seems to have been business as usual Monday. I also don’t recall that bloggers have particular business hours or holidays anyway; they write when they have something new to write. Most of the blogs I follow only have a hiatus maybe once a year, generally when something major happens to the blogger, such as a move or a death in the family or something. NONE of the other multi-blogger blogs I follow has any lulls in activity at all (save one that was hosted in New Orleans that went down for days when Katrina hit). What should make this blog so special?