A court in Finland ruled last week that it is not a violation of that nation’s anticircumvention law to circumvent CSS, the copy protection system in DVDs. Mikko Välimäki, one of the defense lawyers, has the best explanation I’ve seen.
Finnish law bans the circumvention of “effective” DRM (copy protection) technologies. The court ruled that CSS is not effective, because CSS-defeating tools are so widely available to consumers.
The case is an interesting illustration of the importance of word choice and definitions in lawmaking. The WIPO copyright treaty required signatory nations to pass laws providing “effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of the rights …” Reading this, one can’t help but notice that the same word “effective” describes both the remedies and the measures. The implication, to me at least, is that the legal remedies only need to be as effective as the technological measures are.
The Finnish law implementing the treaty took the same approach. In language based on an EU Copyright Directive, the Finnish law defined an effective technology as one that “achieves the protection objective” (according to Mr. Välimäki’s translation). The court ruled that that doesn’t require absolute, 100% protection, but it does require some baseline level of effectiveness against casual circumvention by ordinary users. CSS did not meet this standard, the court said, so circumvention of CSS is lawful.
U.S. law took a different approach. The Digital Millennium Copyright Act (DMCA), the U.S. law supposedly implementing the WIPO treaty, bans circumvention of effective technological measures, but defines “effective” as follows:
a technological measure `effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work
Some courts have read this as protecting any DRM technology, no matter how lame. It has even been held to protect CSS despite its notoriously weak design. It’s even possible that the structure of the U.S. DMCA helped to ensure the weakness of CSS – but that’s a topic for another post.
One of the tricks I’ve learned in reading draft legislation is to look closely at the definitions, for that’s often where the action is. An odd or counterintuitive definition can morph a reasonable-sounding proposal into something else entirely. The definition of a little word like “effective” might be the difference between an overreaching law and a more moderate one.