Is It A DMCA Violation To Tell People To Delete Some Files From Their Hard Drive?
from the so-says-one-company dept
One of the worst parts of the DMCA is the “anti-circumvention” law that makes it illegal to help people get around any kind of copy protection. First of all, there are plenty of legitimate reasons why someone might want to get around copy protection — but, more importantly, if someone is violating copyrights by getting around copy protection, then they should be liable, rather than the person who showed them how to get around the copy protection. However, that’s not how the DMCA is written — and because of that, we get ridiculous situations like the following. A guy pointed out that if you delete a few files from your computer, the limitations on how many coupons you can print via coupons.com disappear. Coupons.com is responding by filing a DMCA lawsuit against him. Remember, he’s not hacking their software in any way. He’s just pointing out that their software protection scheme is so poorly designed, that deleting a few files renders it useless. And for that, he may be facing tremendous fines. The problem here isn’t that this guy pointed out that their software was weak — but that their software was weak in the first place.
Filed Under: anti-circumvention, dmca
Companies: coupons.com
Comments on “Is It A DMCA Violation To Tell People To Delete Some Files From Their Hard Drive?”
Copy-protected CDs
So likewise, the guy who suggested that one way to get around one of the ill-fated copy protection DRM schemes on Sony CDs was to run a marker pen around the CD was also guilty of violating the DMCA anti-circumvention law.
Absurd!!!
Re: Copy-protected CDs
I believe there was a site that tried to get sharpie markers branded “illegal” under the DMCA because of that, just to show how ridiculous the DMCA was. I don’t recall what happened to that, though.
This reminds me of the old CueCat issue, where the company Digital Convergence sent out tons of handheld barcode scanners with Windows software, and someone broke their rather pathetic encryption scheme to get it to work on Linux. Part of the argument was, is it really breaking encryption if the encryption sucks? Despite the DMCA, I don’t think anyone but the company suffered more than the typical lawyer-written “you can’t do that with our product, quit it” letter.
Not about copy protection
The should have ignore DMCA, and just go with “fraud”.
Quoting a good Slashdot comment
“I would say yes there is fraud going on here. When using this program you are intentionally misrepresenting yourself to the suppliers of the coupons after already agreeing to their terms for receiving them. “
Re: Not about copy protection
Heh, and from that same comment, it’s not about just deleting files, it’s about deleting files for a program and then continuing to use that program.
I dislike the DCMA as much as anyone, but this case probably isn’t going to bode well for the defendant.
Re: Re: Not about copy protection
> ut this case probably isn’t going to bode well for the defendant.
It won’t bode well for the defendant who actually deletes the files and defrauds the company by using fake coupons but based on everything I was taught in law school and in my practice as an attorney, the guy who merely talked about how to do it is completely protected by the Constitution and the 1st Amendment, which, last time I checked, is superior to the DMCA.
Re: Re: Re: Not about copy protection
You’re delusional if you think your opinion is superior to the US Supreme Court’s. Furthermore, if you really did graduate law school somewhere (doubtful) you should ask for a refund because you obviously didn’t learn much.
Re: Re: Re:2 Not about copy protection
> You’re delusional if you think your opinion
> is superior to the US Supreme Court’s.
I never said my opinion was superior to the Court’s. However the Court has not ruled on this particular issue, vis a vis the 1st Amendment. If you think it has, then please, by all means, provide the case citation.
> Furthermore, if you really did graduate
> law school somewhere (doubtful) you should
> ask for a refund because you obviously didn’t
> learn much.
Rather than engaging in an ad hominem attack (the last resort of the intellectually bankrupt), feel free to explain how I’m wrong– if you can. So far it doesn’t sound like you’re much past the “Nuh-uh!” stage.
Re: Re: Re: Not about copy protection
“It won’t bode well for the defendant who actually deletes the files and defrauds the company by using fake coupons but based on everything I was taught in law school and in my practice as an attorney, the guy who merely talked about how to do it is completely protected by the Constitution and the 1st Amendment, which, last time I checked, is superior to the DMCA.”
Kinda like Osama bin Landen, huh? I mean, he didn’t actually fly any planes into any buildings himself, he just talked about it to people.
Re: Re: Re:2 Not about copy protection
> Kinda like Osama bin Landen, huh? I mean, he didn’t
> actually fly any planes into any buildings himself, he
> just talked about it to people.
No, it’s not like that at all. The actively conspired with those who did and took an affirmative overt act in furtherance of that conspiracy.
Hardly the same thing as pointing out what a deleted file will do on a computer. The person who talked about deleting the files didn’t even know the person(s) who may or may not have taken advantage of the knowledge to defraud the company.
We’re all criminals according to the DMCA.
Is DMCA relevant ?
The DMCA is worded to prohibit circumvention of technical protection measures, but the registry isn’t a technical protection measure it’s purpose is more to do with keeping the OS organised. The delete capability of the OS is intended to do just that so no circumvention there.
The only technical prevention mechanism relevant here seems to be the serial code on the coupons, and that remains inplace along with any protection it provides.
Re: Is DMCA relevant ?
Perhaps the real problem is that the OS allows just anyone to delete files. This violating feature must be removed immediately from all operating systems, and replaced by a mechanism where the user must submit a request for deletion to the RIAA, MPAA, BSA, ASPCA, FBI, CIA, and PETA. Then when they unanimously agree that no violations are possible, the file may be archived for future subpoenas.
Seriously — the above makes as much sense as the current laws.
Re: Re: Is DMCA relevant ?
I like no. 6’s reply, but you forgot to mention that you have to file each request in triplicate, and get it signed by both the OS manufacturer, Processor manufacturer, and hard drive manufacturer. Upon which then you will still only have 30 days from the when you get your first request approval to get the rest of the request approvals and THEN you get to apply for the file archiving permits to finally remove it out of the system.
Is DMCA relevant?, reply to Nasty Old Geezer
You forgot BMI and ASCAP.
If this goes through, it will set a precedent for adware installations. It may become illegal to remove adware and spyware, or little gems like the Sony rootkit, from your own computer, if you looked at the product or used the service that installed it. Spybot S&D, AdAware, rootkitrevealer and other “white hat” defensive programs might not be long for this world…
I don’t like being cast in the role of Chicken Little. Let’s hope someone shows some common sense, out there.
Re: Is DMCA relevant?, reply to Nasty Old Geez
Just what I was thinking. I would imagine that spy/ad/malware makers would jump for joy if a ruling came down that could be interpreted as being illegal to remove files from your own pc. Imagine being sued by Gator (or whatever they are called these days) claiming that by removing their spyware form your pc you broke the law.
Re: Is DMCA relevant?, reply to Nasty Old Geez
BMI & ASCAP? What?
Fraud? Get Serious
Surely you jest…
The point many of you seem to be forgetting is that he hasn’t actually done anything wrong (wrong in the “right and wrong” sense, not the BS DMCA sense). Just because I tell you how to rob a bank or how to kill your neighbor doesn’t make me guilty of anything. This should be exactly the same- defrauding the company and talking about how to defraud the company are 2 entirely separate things…
Re: Fraud? Get Serious
I don’t know what country you’re talking about, but anywhere in the US it probably does.
Re: Re: Fraud? Get Serious
> I don’t know what country you’re talking about, but anywhere
> in the US it probably does.
No, it doesn’t. I’ll be happy to provide you with the 1st Amendment case citations if you like.
If talking about how to commit a crime were a crime itself, authors like Tom Clancy (who wrote about terrorists flying planes into government buildings and setting off nukes at the Superbowl) would be in prison.
Re: Re: Re: Fraud? Get Serious
The Supreme Court has ruled that First Amendment rights are subject to limitation. I think their interpretation overrides yours for legal purposes.
Re: Re: Re:2 Fraud? Get Serious
> The Supreme Court has ruled that First
> Amendment rights are subject to limitation.
But not limitation by the DMCA or under the circumstances being discussed. If you think they have, then please feel free to provide the case citations.
[And before you end up looking stupid by bringing up that tired old “fire in a crowded theater” cliche, I advise you to go read up on the “clear and present danger” standard and why it doesn’t apply in this case.]
Common Sense & Privacy rules
If the judge who hears this has half of a brain, they will rule in favor of the defendant.
Saying it is illegal to delete files off of our own computers would be the most stupid thing possible.
I don’t care what program it is, just deleting it from your machine is your right. If their program is based on one external file like that, too bad, its their fault for designing it that way.
The judge better be at least semi smart.
Smart has nothing to do with it.
The judge could be one of the most esteemed legal minds of the century but that wouldn’t change the fact that he probably doesn’t understand the workings of an OS vs. program vs. “protection method”, much less what the registry is and isn’t, and will require both education and guidance in the matter. A few amicus briefs might help.
The claim from koopons.kom is that the use of the registry is somehow a “protection scheme”; the defense needs to explain to the judge that the registry is nothing more than an open repository of information about programs and methods installed on and/or run by that machine. Had koopons.kom built some sort of encrypted file which was tampered with they’d have a case but the registry is unencrypted and the information therein is, for the most part, available to all users. Deleting any information is no “technical measure” but the judge has to be made to understand this concept.
Koopons.kom has this guy by the short and curlies for fraud; why in the hell they’d choose to go for the utterly ridiculous DMCA claim is beyond me.
Re: Smart has nothing to do with it.
No, they don’t have him by the short and curlies for fraud – becuase all he’s done is described how to commit (in your eyes) the fraud. That is not the same as actually commiting the fraud..
AHHH What!
They should be paying this man for pointing out there software flaws. There is a title for this job it is called “Quality Control” Don’t wine about it just fix it. F*!#@ing idiots.
Re: AHHH What!
Actually, when I read this story on a different site the defendant was quoted saying that he was trying to get a job with the company by pointing out the security flaw.
Sound Crazy
That sounds just crazy…
Something must be wrong in the system when this kind of things happens…
But, it is also true, in this case, the guy is pointing out how to commit fraud by using the weaknesses of a poorly developed software which allows to do that, so, in fact, there’s a sort of liability (don’t know how much, but there is )…
Anyway, it’s something to be discussed ’cause, in this case, truth is the software is poorly designed.
Regards from Spain,
Paquito.
http://paquito4ever.blogspot.com
Idiotic Responses.
Seriously, go to Slashdot, and read from people that actually understand security and legal issues, and this is a case of fraud.
It is idiotic to even mention the registry/files issue. It doesn’t matter how, this person is stealing coupons from a company, after agreeing to their Terms.
Re: Idiotic Responses.
Just because he knows how to steal coupons does not mean he is. The ones that found out how to do it AND are stealing coupons are the people committing fraud. Knowing how to hot wire a car does not make you guilty of stealing one.
Re: Idiotic Responses.
Seriously, go to Slashdot, and read from people that actually understand security and legal issues
Slashdot: home of the twelve year old lawyers.
Re: Idiotic Responses.
It is idiotic to even mention the registry/files issue. It doesn’t matter how, this person is stealing coupons from a company, after agreeing to their Terms.
But that’s NOT what he’s being sued for. If he were, it’s a different story. He’s being sued for deleting the files, and that’s a problem.
If he was using this to get free coupons, then they should be suing him for that. But just for explaining that you can get free coupons by deleting certain files doesn’t mean he did it (and that’s not what they’re suing him for, anyway).
Is it that difficult to understand the difference between explaining how the crime is done and actually doing the crime?
Information != the crime
If I tell someone that shooting someone else in the head will kill them, am I then responsible for that murder? If I tell someone that pushing the accelerator in their car will make the car go faster than the speed limit, am I legally responsible for them speeding? If I tell someone that there’s a key to another person’s house underneath the mat, and then they rob that house, am I responsible for that? Of course, the answer to all these questions is no, I’m not. So why then is the DMCA allowed to exist in its current form? Lobbyists.
If you don’t like the law, punish the lawmakers (with your votes) and punish the companies who pushed for the legislation (with your dollars) and act to get it changed. Just bitching about it on some website doesn’t do a damned thing.
Re: Information != the crime
Craig — I agree with all of your points, and I have been in implementation for some time. As word spreads about how pporly written the DMCA rules are, maybe we can get some new rascals that will vote opposite the old rascals.
Re: Information != the crime
No, but if you help them plan it then that’s another story.
Not if your purpose is to warn them not to do it. If, on the other hand, you are organizing an illegal street race then maybe so.
To some extent, probably so.
Here’s another one for you: If I tell a terrorist how to get around airport security by exploiting some hidden weakness I know about, am I responsible for that?
Re: Re: Information != the crime
> If I tell a terrorist how to get around airport security by
> exploiting some hidden weakness I know about, am I
> responsible for that?
No more so than Tom Clancy was responsible for 9/11 for explaining in great detail in one of his books how to fly a jumbo jet into the U.S. Capitol.
Or Stephen King was responsible for Columbine and Virginia Tech for writing a story describing how a kid could bring a gun to school and commit murder.
Re: Re: Re: Information != the crime
If you don’t understand the difference then go ahead try it. You’ll have a long time to figure it out afterwards in Gitmo.
Re: Re: Re:2 Information != the crime
> If you don’t understand the difference then
> go ahead try it. You’ll have a long time to
> figure it out afterwards in Gitmo.
Well, why don’t you explain the difference, then, chief? Complete with citations to code and precedent to back up your position.
This ought to good…
Re: Information != the crime
You’ve confused the types of information. To point out that someone has a key under the mat or that shooting someone will kill them is to point out something obvious. There is nothing obvious (except to techie folks) about deleting files from the registry of an OS. If you don’t know that shooting someone in the head will kill them, you probably will be found unfit to stand trial after you do so. It’s apples and oranges. The Anarchist Cookbook, which someone mentioned in another of the topics, is illegal, because it provides instructions on how to make dangerous things. This is not nearly the same type of danger, but instruction on how to defraud someone will provide a method for someone who might otherwise not defraud someone. There is some amount of liability.
Of course, I agree that controlling which files we may delete from our own OS’s is absurd, but if you’re working with Microsoft, you’ve already given up a laundry list of rights to privacy and personal choices. There are no either/or’s in this type of stuff. It’s all one big grey area.
It's all about potential losses for the company
The issue with this case has nothing to do with *just* the fact that this Stottlemire guy deleted files from his computer, it’s about unfairly revealing to everyone how to circumvent the system Coupon.com has in place to prevent one user from printing unlimited coupons. If this guy really did post details on the web on how to circumvent the system, then he (either intentionally or unintentionally) caused the potential for great losses for Coupon.com and affiliates. Stottlemire says that he wanted to hopefully gain employment by revealing the limitation in Coupon.com’s proprietary software, but instead of coming to the company in private to reveal the flaw, he posts the flaw online publicly for everyone to see and circumvent if they wanted to. Honestly, if you were Coupon.com, how would you react? This guy just uncovers a problem with your software and instead of telling you about it, he just spreads it out in the world for all to see without giving you a chance to fix it yourself. It has nothing to do with hacking or deleting files from one’s own computer. We all have that right (except hacking someone else’s own computer). But whenever someone causes financial losses to a company by circumventing (or telling others how to circumvent) a system in place to enforce copyrights you’ll probably see a lawsuit arise. If Stottlemire would have just came to Coupon.com and told them in private something like “Hey, I found a flaw in your code, it allows anyone to print unlimited coupons…here’s how I did it…it allowed me to print as many as I want after I made the modification…I’m willing to help you fix this.” He may very well have been offered a job and probably would have been viewed as an overall respectable person. But instead what he did was unwise and not well thought out…he didn’t think about the consequences of his actions. I’m not necessarily an advocate for the DMCA, I just understand why it’s here…to protect companies and consumers. It’s not meant to just make companies rich (all companies are responsible for fair pricing), but our economic system can’t work if people get everything for free.
Re: It's all about potential losses for the compan
It’s all about potential losses for the company
No. No, it’s not. Potential losses is not an actionable cause. Potential losses are meaningless. If I open a sandwich shop next to a pizza place, every person who goes into the pizza place is a “potential loss” of revenue to my sandwich shop. However, I can’t sue them for doing something different.
Potential losses isn’t a legal issue, it’s a marketing one. It just means that the company failed to capture some revenue.
But whenever someone causes financial losses to a company by circumventing (or telling others how to circumvent) a system in place to enforce copyrights you’ll probably see a lawsuit arise.
Indeed, you’ll see a lawsuit arise, but that doesn’t mean it’s right — especially when the “circumvention” is something so minor as deleting some files.
I’m not necessarily an advocate for the DMCA, I just understand why it’s here…to protect companies and consumers. It’s not meant to just make companies rich (all companies are responsible for fair pricing), but our economic system can’t work if people get everything for free.
Um. First of all, you jump to the completely wrong conclusion that “people get everything for free” without the DMCA. That’s not the case at all. No one is saying everyone gets everything for free. So, perhaps try to make an argument for what the DMCA is actually doing, which is granting way too many protections for companies, taking rights away from consumers.
Re: It's all about potential losses for the compan
I’m not necessarily an advocate for the DMCA, I just understand why it’s here…to protect companies and consumers
dude, I want whatever you are on…
sure you are an advocate for the DMCA if you claim it’s there to protect consumders
ive heard something similar b4.
when a group of ppl found vulnerabilities on a UK ISP’s network he got sued.
look in the archives it was posted on techdirt a few month back
common sense has been replaced by common stupidity
why did he just delete a file and not the whole proggie ???
Fraud
If the defendant in this case is a good “quality control” person like some posters have pointed out then this would fall under fraud because he has obviously tested what he says to do so he has downloaded more than the two coupon per product limit.
Re: Fraud
You failed to ask the second part of the question. Did he actually use the coupons while he was testing his hypothesis? If all he did was see if his idea would work, then tore up the printouts, no fraud was committed. I have no doubt someone with a better legal mind then I have will define what is and what isn’t fraud.
For the love of Christ, stop using the term “copy protection.” Use the correct term: “copy restriction.”
You would think a web site like this that promotes that which benefits the consumer (and therefore, ultimately, the producer) of content, and seeks to educate the masses about how makers of plastic-disks-with-music need to change their business model would also enlighten its readers by using better terms that don’t obfuscate reality.
Whew. I feel better now.
What about...
what about if someone really wanted to do bad? All they would have to to is write a virus to download & install the “koopons.com” (or whatever it is), delete the registry, and report it.
Even better, one could just write a virus that is missing registry keys and sue everyone for not having a complete version of the application installed.
Now we are talking!
Heh, and from that same comment, it’s not about just deleting files, it’s about deleting files for a program and then continuing to use that program.
I dislike the DCMA as much as anyone, but this case probably isn’t going to bode well for the defendant.
*IF* – the software vendor made that clear in the EULA, yes – I would have to agree. You are using their software, afterall.
It’s your computer, afterall and you should be able to delete whatever you want, but at the same time – if you install a particular piece of software you should have to bide by the terms of it’s use.
But also… all the protection is on the corporate side, DMCA needs to be coupled with *responsible and clear* instructions from the company. Not a bunch of confusing legal jargon. A Standard needs to be established, like the labels on foods, something standard, clear, and concise.
Fraud vs DMCA
If an individual actually took steps and printed duplicate coupons, used those coupons, and gained financial rewards above those in the offer — then they have committed old fashioned fraud. Fines and/or jail would be appropriate.
If an individual finds a method to produce those duplicate coupons, but does not use them for financial gain, then no fraud exists.
Perhaps the Chinese maunfacturers of toothpaste, dog food, and toys should have implemented some software security around thier products and included a EULA that was automatically invoked by opening the package. They would have full protection of the DMCA to continue selling their wares, free of interference from pesky media snoops and consumer protection groups.
My 2 Cents
1) There are no “Terms of Use” on the Coupons.com website.
2) There is no “End User Licensing Agreement” on the Coupons.com website
3) The software in question was an embedded activex control and did not come with an EULA
4) Do coupons meet the “de minimis quantum” test for copyright protection (funny you never see the (c) on a coupon) and therefore fall under DMCA protection.
While a DMCA lawsuit is a bit extreme, I agree that the individual who deleted the files was in the wrong. To clarify, he was not wrong in deleting the files and discovering the weakness, but rather he was wrong by taking advantage of it, and especially be telling others about the weakness. I don’t care how weak the software was, the fact was that he circumvented its intended use and then shared that knowledge with others. That is morally wrong, if not legally. Again, I think the DMCA is being abused a bit here again, but the fact is that the company had every right to enforce some sort of punishment.
i assume this coupons site provides a _full_ list of every file it installs, in a way that is easy to find.. you know so you know what not to delete?
its something i hate about windows, a program is installed, and bits end up everywhere. c’mon its not hard to write a program to look in its own directory for its support files, or a ‘common’ folder one level up so a company has a folder they install stuff in. but preferably all in the application directory.
makes moving stuff easy, makes uninstalling easy, makes installing a case of copying files. then adding a menu shortcut maybe.
if I delete a file from one of my system directories, a file that a program maker didn’t tell me they had put there, its a bit rich to complain i did some house keeping.
publishing this *specifically* to get round a restriction may be a bit iffy with DMCA, but what if it was published as a file you could delete to save space?
it looks like if you delete it to get round some drm type stuff its illegal, if you just remove it because you feel like it thats fine yes?
isn’t this yet another case of some crappy ‘protection’ system failing?
1st Amendment
Exactly when did the DMCA become superior to the 1st Amendment and the 200+ years of free speech jurisprudence stemming from it?
Re: 1st Amendment
When Bill Clinton signed it.
DMCA shouldn't even exist....
The problem is that standard economics do not exist when in reference to software. Software is just information. Once it is released it become infinate. Why should people pay for something that is infinate? Creating artificial markets for infinate products is reduculous when you step outside of the box and look within. I’m sorry Mr. Programmer that your company spent a million man hours making that software but the result is a infinatly reproducable string of 1s and 0s. Maybe coupons.com should have invested its time and money into placing ads in a newspaper or magazine. At least then there would be a finite market to capitalize upon. Its the same for music. If you want to sell music then have that music imprinted upon a device that cannot be copied infinatly, like a speaker box that contains only one album which cannot be linked with a computer.
details
Read through this long thread.
Posted instructions have existed on which files & registry keys to delete. Coupons Inc then issues a revision changing keys & file names and locations. Average people unknowingly following old instructions disable their ability to use or reinstall the coupon printer unless they’re able to reformat or image back to the right point in time. No lawsuit.
I doubt Coupons Inc is very concerned with the few who can use the more technical measures vs someone who automates a solution for public use possibly with commercial reasons?
I understand how many see this guy as a DVD John type hero when the Wired story lacks all the information & can leave the impression it’s just about deleting a registry key or file on your own computer.
Think about what might be unique & cumalative about this time to draw a lawsuit from Coupons Inc? Was there hacking of their software installer to determine which FILES & registry keys to delete to bypass security measures? What was the intent in posting instructions & providing an automated download? Was it a commercial profit intent to draw site visitors, build site value, & sales of items on that site? Was it an attempt to sell a solution to Coupons Inc vs the claim he made in the Wired news interview of seeking employment? I’m not an Attorney. Is that by intent or law equal to extortion? I don’t know.
Was he also commercially offering Coupons Inc internet printed coupons on his site using language like he wasn’t selling coupons but charging a handling fee? Did he previously hack programs in the flightsim community & feign his death when issues arose there? Does a Google search on his name yield more information?
Is he now posting on many blogs sometimes directly & sometimes anonymously with links to his site including claiming financial need & seeking paypal legal donations? Is he the same person who claimed to have sold an early ISP in Florida for millions of dollars? How many websites has he had with commercial offerings & what happened to those sites? Does he claim to support free speech while threatening to sue others who speak out in blogs? What’s his history of lawsuits?
I join most readers here in their disdain of many aspects of DMCA & it’s application. I suggest waiting to know all the facts that hopefully will be reported as the case progresses. Perhaps it might have been better for Coupons Inc to use a law other than DMCA. What if Coupons Inc were your business being affected? Might you not use the law that might deliver the quickest result for you?
what is the common activity or practice in which many computer users engage that is in violation of the act?