April 24, 2014

avatar

CBS Tries DRM to Block Criticism of Rathergate Report

Last week the panel investigating CBS’s botched reporting about President Bush’s military service released its report. The report was offered on the net in PDF format by CBS and its law firm. CBS was rightly commended for its openness in facing up to its past misbehavior and publicizing the report. Many bloggers, in commenting on the report and events that led to it, included quotes from the report.

Yesterday, Ernest Miller noticed that he could no longer copy and paste material from the report PDF into other documents. Seth Finkelstein confirmed that the version of the report on the CBS and law firm websites had been modified. The contents were the same but an Adobe DRM (Digital Restrictions Management) technology had been enabled, to prevent copying and pasting from the report. Apparently CBS (or its lawyers) wanted to make it harder for people to quote from the report.

This is yet another use of DRM that has nothing to do with copyright infringement. Nobody who wanted to copy the report as a whole would do so by copying and pasting – the report is enormous and the whole thing is available for free online anyway. The only plausible use of copy-and-paste is to quote from the report in order to comment, which is almost certainly fair use.

(CBS might reasonably have wanted to prevent modifications to the report file itself. They could have done this, within Adobe’s DRM system, without taking away the ability to copy-and-paste material from the file. But they chose instead to ban both modification and copy-and-paste.)

This sort of thing should not be a public policy problem; but the DMCA makes it one. If the law were neutral about DRM, we could just let the technology take its course. Unfortunately, U.S. law favors the publishers of DRMed material over would-be users of that material. For example, circumventing the DRM on the CBS report, in order to engage in fair-use commentary, may well violate the DMCA. (The DMCA has no fair-use exception, and courts have ruled that a DMCA violation can occur even if there is no copyright infringement.)

Worse yet, the DMCA may ban the tools needed to defeat this DRM technology. Dmitry Sklyarov was famously jailed by the FBI for writing a software tool that defeated this very same DRM technology; and his employer, Elcomsoft, was tried on criminal charges for selling fewer than ten copies of that tool.

As it turns out, the DRM can apparently be defeated easily by using Adobe’s own products. A commenter on Seth’s site (David L.) notes that he was able to turn off the restrictions using Adobe Acrobat: “The properties showed it set to password security. I was goofin around and changed it to No Security adn it turned off the security settings. I then saved the pdf and reopened it and the security was gone…. Apparently forging documents is not all that CBS sucks at.”

UPDATED (12:35 PM) to clarify: changed “cut-and-paste” to “copy-and-paste”, and added the parenthesized paragraph.

Comments

  1. Boing Boing says:

    CBS uses DRM to “secure” Rathergate documents

    Ed Felten’s just blogged a good piece reflecting on the news that CBS has pulled its original “Rathergate” PDFs and replaced them with versions that have Adobe’s DRM turned on so that you can’t copy their text, presumably to make it harder for critics …

  2. EdM says:

    Could it be that the purpose of ‘locking’ the document is not to prevent extraction, but to prevent insertion? Insertion, that is, of comment, or ‘clarification’, or more bluntly, inflammatory material, the purpose of which is to create a false ‘source’ after the edited document is re-distributed?

  3. Ed Felten says:

    EdM: Based on the online documentation, it looks like they could have (but didn’t) give permission to copy-and-paste from the document, while withholding permission to modify the document. But they didn’t do that.

  4. alkali says:

    This is a red herring. CBS has a reasonable interest in preventing dissemination of modified versions of the report, and should have encrypted the document to prevent modification before posting it. I understand that Adobe PDFs that are encrypted to prevent modification are by default set to copy-not-permitted, but that setting that can be changed (or, if you like, “defeated”) by readers. I suppose it would have been polite for CBS to change the setting before posting, but there is no basis for inferring some malign intent from the fact that they didn’t.

  5. SIVACRACY.NET: Siva Vaidhyanathan's Weblog says:

    CBS Abusing DRM to Stifle Commentary

    Ed Felten reports that CBS has re-issued its report with stronger DRM around the PDF, preventing copying and pasting text from the document. This is yet another use of DRM that has nothing to do with copyright infringement. Nobody who…

  6. Neo says:

    The correct way to deal with the possibility of modified copies being distributed that seem to be from “you” is to digitally sign them, publish an md5 sum on your Web site, or similar, so that people can authenticate a copy as to whether it is an unmodified copy. Alternatively, just invite people unsure if a copy they received is genuine to download a copy from your Web site directly and use that, instead.

    Of course if the website is hacked or some sort of DNS spoofing occurs that won’t help, but if someone is that determined, DRM won’t help either. Avoid using IIS and the odds are you won’t have your site hacked.

  7. Ed Felten says:

    alkali: This is not a red herring. Certainly CBS could reasonably have forbidden modifications to the document. But they went beyond this, to also forbid extraction of the document contents via copy-and-paste. (In Adobe’s DRM system, no-modification and no-copy are separate permissions that the publisher can grant.)

  8. Steve says:

    The real question: If you view and document onscreen and type or write what you see, are you guilty of a DMCA violation for circumventing the restriction on copy and paste?

  9. Chris Granade says:

    Hm. If CBS wanted to verify that no insertions were made, they could have GPG signed it, or told people to only download from CBS servers. DRM is not at all needed for this. I think we need an anti-DMCA that makes DRM tech illegal. There is no excusing this kind of idiocy.

  10. Cypherpunk says:

    From the DMCA:

    “No person shall circumvent a technological measure that effectively controls access to a work protected under this title.”

    “No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that… is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;”

    “a technological measure `effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.”

    The main question is whether stopping people from copy-and-paste, but allowing manual copying and re-typing, prevents people from “gaining access” to the work within the meaning of the DMCA. I don’t think it does, because the original intention of the DMCA was to apply to encryption and similar protection measures that stopped people from viewing or hearing content. This Acrobat feature does not stop people from gaining access to the document, so I don’t think that circumventing it would violate the DMCA.

  11. J Greely says:

    The Skylarov case appears to have been about a completely different form of Adobe DRM, the one used to secure their ebook format. What CBS did with this report was the same thing done to many corporate PDF files (usually before they’re released the first time…), which is turn on a flag that politely asks your PDF viewer not to permit certain actions. PDF viewers that do not implement this section of the PDF standard will have no restrictions on copying, printing, etc. Essentially, the way to circumvent the restriction is to not write code. I don’t think the DMCA outlaws this method.

    Note that turning it off via Acrobat was a feature that Adobe removed with versions 6 and above. They added new code that insists on the correct password before modifying the flags. CBS didn’t “goof” here; they simply believed Adobe’s claims that this flag actually added some meaningful protection to the document.

    Finally, for a free method of disabling this flag, download the open-source package Multivalent, which does lots of nifty things to PDF files.

    -j

  12. Eric Smith says:

    No fair use exception? What about section 1201 (c): “Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.” That sounds to me like it is intended to permit fair use; the anti-circumvention portions of section 1201 would “affect rights [...] including fair use”.

  13. Eric Smith says:

    No fair use exception? What about section 1201 (c): “Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.” That sounds to me like it is intended to permit fair use; the anti-circumvention portions of section 1201 would “affect rights [...] including fair use”.

  14. Copyfight says:

    On Rathergate, DRM, and Fair Use

    Ernest, Ed, and Seth have kicked up a storm about CBS using DRM presumably to stop critics from copying and pasting portions of its report on the “Rathergate” scandal. I’ve now added a few more thoughts over at Deep Links,…

  15. Alex says:

    I have to say I was impressed with the latest version of the New York Times’ Newsreader software. For those of you who’ve never tried it, they offer a basic trial for $0.75 for a single issue (actually you spend $5.00, but that’s a minor point.)

    You can find it on their website, under “Electronic Edition.”

    I tried an early version of it about a year ago, when selecting parts of the page was very pretty tough. This version, which I installed tonight, allows you to select parts of the page to be copied to the clipboard, as images, however — not as text. Still, since the Times also makes most of its content available in HTML, that’s not a bad tradeoff. I was impressed that they’ve done more to accomodate fair use — in combination with the online HTML, that’s about as easy as I could reasonably expect.

  16. Copyfight says:

    On Rathergate, DRM, and Fair Use

    Ernest, Ed, and Seth have kicked up a storm of controversy about CBS using DRM evidently to discourage critics from copying and pasting portions of its report on the “Rathergate” scandal. I’ve now added a few more thoughts over at…

  17. Privacy Digest: Privacy News (Civil Rights, Encryption, Free says:

    Felten on Rathergate, DRM, and Fair Use.

    Felten on Rathergate, DRM, and Fair Use .

  18. Rod Stanton says:

    The Fake Meisteren did not want a Rathergate pulled off on them.

  19. Rod Stanton says:

    Viacom knows all about making fake documents for other docs. They do not want a Rathergate pulled on them.

  20. MichaelR says:

    In Adobe Acrobat it is easy to check a box to “require a password for copying of text, images and other content.” This does nothing to enhance the document’s security. One can simply print the document, scan it and use the OCR feature in Adobe Acrobat to recover the text in a form that can be copied. (Unfortunately, this must be done using physical paper; Adobe Photoshop prevents rasterization of protected documents.)

    On the other hand, checking this box can be a significant irritation for the document’s recipient. As a scholar, I often wish to copy small sections of scholarly articles for my own notes. Most journals provide PDFs that permit copying but once in a while a PDF will have been created to prevent copying. It is a mystery to me what the creator was hoping to accomplish.

    It would be nice if Adobe decided that this is a “feature” which is better not included in Acrobat. Or perhaps they could at least warn users that checking the box won’t actually prevent copying, but does have the potential of making the document less useful for legitimate users.

  21. Anonymous says:

    You could just use a pdf to postscript converter that doesn’t care about the restrictions and then convert the postscript file back to pdf. I did this by modifying xpdf so that it ignored the restrictions and then used xpdf’s pdftops to convert it to a postscript file. After that it was a simple matter to use ghostscript’s ps2pdf14 to convert it back to a PDF file. Modifying xpdf to ignore those flags is trivial, it is just a matter of opening XRef.cc, finding the okToCopy function, and making it return gTrue, and repeating for the other three restrictions. I actually have an unrestricted version of the PDF on my hard drive that I made just to see if it would work and it did.

  22. MichaelR says:

    Anonymous, thank you for the tip. While we are discussing pdfs and Adobe, I am wondering if anyone has thoughts on the new Adobde activation policy for Photoshop CS and Acrobat 7? Adobe is strictly enforcing its user license. It will not permit a purchaser of these products to install the software on anything other than one desktop machine and one laptop machine. For example, I am not permitted to install the software on two desktop computers, even if I am the only person who will use the software on the two machines. Adobe will not knowingly permit activation on two desktops and there are fines, of the order of $10K according to the tech support person I spoke with, for violating the license. Note that there are many legitimate users who work on several computers. Adobe seems to be going back to the old license idea which ties the software to a specific machine, rather than the more modern concept that the software is licensed to a single user. Adobe states that their activation policy is designed to thwart global piracy. However, the policy interferes in a significant way with an individual user’s ability to use the software as he or she would like. Adobe seems to be pushing users to purchase multiple copies of the software for each of their multiple machines, even if they can only use one copy of the software at any specific time. Can Adobe get away with this because they now have a virtual monopoly on professional photo editing and PDF generation software?