EFF: DMCA DocketBy Ericka Chickowski | Posted 2008-10-02 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
From fighting patent trolls to establishing a coder's rights policy to protecting online civil liberties, the Electronic Frontier Foundation (EFF) is an organization dedicated to helping to define the gray area between the law, the rights of individuals and technology practices. This nonprofit has gained admiration across the board, from workaday admins and tech-savvy executives to rank-and-file geeks, for its 18-year-long crusade to protect individual rights to privacy and free speech on the Internet. What these supporters might not be aware of is that the EFF has its own business interests in mind, as well.
Passed in 1998, DMCA makes it illegal for anyone to circumvent mechanisms put in place to control access to copyrighted works or other computerized intellectual property. This wide -ranging law has been used by dozens of companies as a big club to beat back a number of different activities, from the actual circumvention of controls to steal copyrighted material, to the more likely scenario of circumvention in order to reverse-engineer hardware or software to improve interoperability or get fair use out of a product that the customer bought in the first place.
According to von Lohmann, DMCA is often used to hamstring enterprises and small businesses from getting full use out of software or hardware they have purchased. These organizations are locked into technological ecosystems closed by burdensome digital rights management (DRM), often without legal recourse that would allow IT staffs to improvise solutions.
Von Lohmann explains that a few years ago, for instance, the EFF brought a case to trial in which a digital-storage vendor had installed maintenance code on its systems that was locked down by a DRM mechanism so only that vendor’s authorized repair and maintenance people could access it. The defendant in the case chose to hire an outside party to develop a little hack to get around this mechanism so his staff could fix the system that it had bought from the vendors.
“The maintenance code was running already; they just needed to do some reverse engineering to figure out what the protocol was,” von Lohmann says. He notes that the vendor sued its customer based on DMCA charges, but the EFF managed to get the court to rule that this was not a true DMCA violation because no copyright infringement took place.
“That is exactly the kind of anticompetitive use of the DMCA we think isn’t legitimate,” he says. “Bans on reverse engineering, I think, are particularly problematic, because this bans not only bad reverse engineering, but also the kind of legitimate compatibility and interoperability work that the courts have repeatedly said is legitimate.”
In that particular case, the EFF prevailed because the customer never signed an end-user license agreement (EULA), which specifically forbids reverse engineering. The issues are a lot more unsettled in the court’s eyes in these cases.
“I don't think there is an easy way to explain [DMCA interpretation],” says von Lohmann. “That is part of the problem, and it’s part of the reason you have people who are trying to do legitimate interoperability work spending more time talking to lawyers than they actually spend doing the work. Once there is an end-user license agreement that has a ban on reverse engineering in it, the [situation] gets very murky. If you've ever clicked on ‘yes’ in an agreement, you do your own reverse-engineering work at your own peril.”
Sadly, that leaves the business world saddled with a much less interoperable system than it needs—which is why the EFF keeps an eye on [such] cases to better define this area of the law and, further, acts as an advocate for businesses that just want some flexibility [in] their technology investments.
“I think a lot of customers in these circumstances feel like they're over a barrel--they don't really have any choices,” von Lohmann explains. “Often, these tools don't provide them with any good migration path, any way to switch vendors. And you also see other anticompetitive lock-in efforts.”