November 21, 2024

Archives for January 2003

Are DVDs Copy-Protected?

Maximillian Dornseif at disLEXia wonders why people refer to CSS, the encryption scheme used on DVDs, as “copy protection.” He points out, correctly, that encryption by itself cannot prevent copying, since encrypted bits can be copied just as easily as unencrypted ones. He wonders, then, how CSS can be called an anti-piracy measure. The answer is a bit subtle.

Dornseif is correct in saying that CSS by itself does not prevent copying. The goal of CSS is not to control copying (at least not directly), but to control who can build DVD players. In order to build a DVD player, you need to know how CSS works. If CSS is a trade secret, and if the owner of that trade secret will license it only to parties who agree to abide by certain rules, then all DVD players will abide by those rules. And if those rules make DVDs harder to copy, then the whole licensing scheme acts as a kind of indirect copy control scheme. Indeed, the owner of the trade secret can use this kind of scheme to enforce almost any limitation on use of DVDs, regardless of whether that limitation has any relation to copyright infringement.

The whole scheme breaks down, though, if the details of CSS get out to the general public. If that happens, then anyone can build a DVD player without having to agree to anybody’s rules (other than the legal rules that apply to everybody). Given the way players work, it was inevitable that somebody would reverse-engineer a player and recover the CSS algorithm. Learning a “trade secret” by reverse engineering is legal in many jurisdictions, so the CSS licensing scheme was doomed from the beginning to fail because somebody would legally reverse engineer CSS and publish it.

If you’re the DVD cartel, you want to do something to salvage your trade secret scheme. There are two ways you can do that. The first method is to make reverse engineering illegal (or just claim that it’s illegal), and then sue anybody who reverse engineers a player (e.g., Johansen), or anybody who publishes the results of reverse engineering (e.g. Pavlovich, Bunner, et al.). Alternatively, you can get a law passed that outlaws players that are made without your permission, and then sue anybody who make non-authorized DVD player or extractor products (e.g. Corley).

Both rules – banning reverse engineering, and banning unauthorized interoperation – are very dangerous from a public policy standpoint, as many of us have argued. But that hasn’t stopped vocal advocates from endorsing them, and even getting limited versions passed.

Google Responds to SearchKing Suit

Google has filed a response to SearchKing’s lawsuit against it. James Grimmelmann at LawMeme has the definitive analysis of this lawsuit.

Compulsory Licenses, and the Measurement Problem

At this week’s Future of Music conference, Terry Fisher of Harvard suggested yet another variation of compulsory licensing for online music. The basic idea is to slap a tax on computers, or on Net access, or on something else you need to get music online. Then the taxpayers can listen to all of the online music they want.

Seth Finkelstein points out, correctly, that the devil is in the details. These schemes don’t seem nearly so elegant when you flesh them out fully. Still, as I have written before, the compulsory licensing meme is so persistent that it deserves serious analysis.

Nearly all compulsory license plans split up the revenue among different copyrighted works, according to the size of the audience for each work. The audience sizes are estimated by random sampling. Fisher’s plan, for example, would embed a watermark in each work, and then use the watermarks to tabulate usage.

Finkelstein objects that this kind of scheme would require a ban on non-watermark-compliant music players, to make sure that usage is properly counted. I’m not sure this is right. As Neil Netanel has pointed out, most people are likely to want their usage counted, so that the artists they listen to get a bigger share of the pie. Because of this, most users won’t want noncompliant players. And if the watermark doesn’t try to be nonremovable, the engineering cost of reading it will be low. So it seems that most players will participate in the counting process, even if it isn’t required.

There are at least two problems relating to this kind of measurement, though. First, users will have an incentive to over-report or mis-report what they listen to. Sure, I would like to see money go to my favorite artists. But I would like even more to see it go to my brother, so I have an incentive to claim that I listened fifty times to my brother’s off-key rendition of “Feelings.” Worse yet, I have an incentive to erase the watermark from a Britney Spears song, replace it with the Peter-Felten-sings-Feelings watermark, and then distribute the Britney song like crazy, so that Britney-lovers boost my brother’s income.

In some ways, music usage data would resemble TV ratings, which also try to estimate home media-usage habits of ordinary people.

Back when the Nielsen TV rating service asked homes to keep TV-watching diaries on paper, there were persistent reports of people writing down what they wished they had watched instead of what they did watch. They might claim to have watched their favorite show every week, even when they didn’t; or they might omit lowbrow or unfashionable shows. They might claim to have watched a show if their friends liked it and it was in danger of being cancelled. (You might argue that these biases improved the overall quality of TV. That may be true, but there is no doubt that they caused the ratings to reflect something other than the actual audience size of the shows.)

I realize that some existing compulsory license regimes rely on sampling. But it’s one thing to sample what is played in a public setting, and another thing entirely to sample what happens in people’s homes. The measurement problem for compulsory net-music licenses is not insurmountable, but I think it needs more thought than it has gotten so far.

DMCA Used to Prevent Interoperation

Declan McCullagh at CNet news.com reports on a lawsuit filed by printer manufacturer Lexmark against Static Control (SC), a maker of toner cartridges for Lexmark printers. Lexmark wants to stop SC from making toner cartridges that work in Lexmark printers. The suit makes a novel and disturbing use of the DMCA anti-circumvention law.

Here are the facts, as gleaned from Lexmark’s complaint. Lexmark-brand printers and Lexmark-brand toner cartridges use a cryptographic “secret handshake” to recognize each other. Lexmark printers refuse to work with toner cartridges that don’t know the secret handshake. SC figured out the secret handshake and built cartridges that can do it; so SC-brand cartridges now work in Lexmark printers.

Lexmark’s DMCA theory is as follows. The secret handshake is a “technological measure” that “effectively controls access” to the copyrighted printer software. By doing the secret handshake, SC-brand cartridges circumvent that technological measure. So the SC cartridges are circumvention devices that are illegal under the DMCA.

(Lexmark also accuses SC of old fashioned copyright infringement. I’ll ignore the infringement accusation here, since it is less novel legally and since the right decision on it might be obvious one way or the other once the evidence is in.)

There are at least two interesting issues here.

First, Lexmark claims that the secret handshake “controls access” by the cartridge to the printer’s copyrighted software. It follows from this that the cartridge must be “accessing” the printer software. But the cartridge does not “see” any copyrighted material, all it does is to send messages to a program whose code is copyrighted.

A web server program sent you this page, and the code for that program is copyrighted. When your browser downloaded this page, was the browser “accessing” the copyrighted text of the program that sent the page? It seems like a stretch to argue that it was; but that’s essentially what Lexmark is saying.

The second interesting claim is that the SC cartridge is “circumventing” the secret handshake. In fact, it is carrying out the secret handshake exactly as the handshake was designed. Is this a circumvention?

Suppose I build a special door on my house that opens only for people who are wearing blue shirts; and suppose that you walk up, wearing a blue shirt, and open the door. Did you “circumvent” my blue shirt requirement? It seems hard to argue that you did; yet that is essentially what Lexmark is claiming.

Clearly, Lexmark is being creative in their interpretation of the DMCA. But their arguments are not ridiculous. The purpose of the DMCA was to ban certain types of interoperation. And the DMCA intentionally did more than just to strengthen the traditional rights of copyright holders – it created new categories of rights. Lexmark will not be laughed out of court.

This is a scary case. If Lexmark wins, many, or even all, makers of interoperable products will be at risk, and end users will lose even more control over their technological devices.

Hot Legislative Action

Declan McCullagh at news.com gives a rundown of the tech-regulation bills that are likely to be on the table in the new congressional session.

Many familiar bills will be back. At least one anticopying technology mandate like the Hollings CBDTPA is likely to be proposed. Changes in committee membership may make a CBDTPA-like bill more viable than it was before. (Fritz’s Hit List is warming up in the bullpen, ready to resume if necessary.) Congressional staffers also also predict a new and improved version of the Berman peer-to-peer hacking bill. And the pro-consumer and pro-fair use bills from Boucher, Lofgren, and others will be back too.

Declan predicts that anti-spam legislation will be a hot area, since the Direct Mail Association now backs anti-spam measures. This just increases the odds that Larry Lessig lose his bet and will be looking for work. (I’ll write more about Lessig’s bet in coming days.)