By Bill Rosenblatt
Copyright and Technology
President Obama recently signed into law a bill that allows people to “jailbreak” or “root” their mobile phones in order to switch wireless carriers. The Unlocking Consumer Choice and Wireless Competition Act was that rarest of rarities these days: a bipartisan bill that passed both houses of Congress by unanimous consent. Copyleft advocates such as Public Knowledge see this as an important step towards weakening the part of the Digital Millennium Copyright Act that outlaws hacks to DRM systems, known as DMCA 1201.
For those of you who might be scratching your heads wondering what jailbreaking your iPhone or rooting your Android device has to do with DRM hacking, here is some background. Last year, the U.S. Copyright Office declined to renew a temporary exception to DMCA 1201 that would make it legal to unlock mobile phones. A petition to the president to reverse the decision garnered over 100,000 signatures, but as he has no power to do this, I predicted that nothing would happen. I was wrong; Congress did take up the issue, with the resulting legislation breezing through Congress last month.
Around the time of the Copyright Office’s ruling last year, Zoe Lofgren, a Democrat who represents a chunk of Silicon Valley in Congress, introduced a bill called the Unlocking Technology Act that would go considerably further in weakening DMCA 1201. This legislation would sidestep the triennial rulemaking process in which the Copyright Office considers temporary exceptions to the law; it would create permanent exceptions to DMCA 1201 for any hack to a DRM scheme, as long as the primary purpose of the hack is not an infringement of copyright. The ostensible aim of this bill is to allow people to break their devices’ DRMs for such purposes as enabling read-aloud features in e-book readers, as well as to unlock their mobile phones.
DMCA 1201 was purposefully crafted so as to disallow any hacks to DRMs even if the resulting uses of content are noninfringing. There were two rationales for this. Most basically, if you could hack a DRM, then you would be able to get unencrypted content, which you could use for any reason, including emailing it to your million best friends (which would have been a consideration in the 1990s when the law was created, as Torrent trackers and cyberlockers weren’t around yet).
But more specifically, if it’s OK to hack DRMs for noninfringing purposes, then potentially sticky questions about whether a resulting use of content qualifies as fair use must be judged the old-fashioned way: through the legal system, not through technology. And if you are trying to enforce copyrights, once you fall through what I have called the trap door into the legal system, you lose: enforcement through the traditional legal system is massively less effective and efficient than enforcement through technology. The media industry doesn’t want judgments about fair use from hacked DRMs to be left up to consumers; it wants to reserve the benefit of the doubt for itself.
The tech industry, on the other hand, wants to allow fair uses of content obtained from hacked DRMs in order to make its products and services more useful to consumers. And there’s no question that the Unlocking Technology Act has aspects that would be beneficial to consumers. But there is a deeper principle at work here that renders the costs and benefits less clear.
The primary motivation for DMCA 1201 in the first place was to erect a legal backstop for DRM technology that wasn’t very effective — such as the CSS scheme for DVDs, which was the subject of several DMCA 1201 litigations in the previous decades. The media industry wanted to avoid an “arms race” against hackers. The telecommunications industry — which was on the opposite side of the negotiating table when these issues were debated in the early 1990s — was fine with this: telcos understood that with a legal backstop against hacks in place, they would have less responsibility to implement more expensive and complex DRM systems that were actually strong; furthermore, the law placed accountability for hacks squarely on hackers, and not on the service providers (such as telcos) that implemented the DRMs in the first place. In all, if there had to be a law against DRM hacking, DMCA 1201 was not a bad deal for today’s service providers and app developers.
The problem with the Unlocking Technology Act is in the interpretation of phrases in it like “primarily designed or produced for the purpose of facilitating noninfringing uses of [copyrighted] works.” Most DRM hacks that I’m familiar with are “marketed” with language like “Exercise your fair use rights to your content” and disclaimers — nudge, nudge, wink, wink — that the hack should not be used for copyright infringement. Hacks that developers sell for money are subject to the law against products and services that “induce” infringement, thanks to the Supreme Court’s 2005 Grokster decision, so commercial hackers have been on notice for years about avoiding promotional language that encourages infringement. (And of course none of these laws apply outside of the United States.)
So, if a law like the Unlocking Technology Act passes, then copyright owners could face challenges in getting courts to find that DRM hacks were not “primarily designed or produced for the purpose of facilitating noninfringing uses[.]” The question of liability would seem to shift from the supplier of the hack to the user. In other words, this law would render DMCA 1201 essentially toothless — which is what copyleft interests have wanted all along.
From a pragmatic perspective, this law could lead non-dominant retailers of digital content to build DRM hacks into their software for “interoperability” purposes, to help them compete with the market leaders. It’s particularly easy to see why Google should want this, as it has zillions of users but has struggled to get traction for its Google Play content retail operations. Under this law, Google could add an “Import from iTunes” option for video and “Import from Kindle/Nook/iBooks” options for e-books. (And once one retailer did this, all of the others would follow.) As long as those “import” options re-encrypted content in the native DRM, there shouldn’t be much of an issue with “fair use.” (There would be plenty of issues about users violating retailers’ license agreements, but that would be a separate matter.)
This in turn could cause retailers that use DRM to help lock consumers into their services to implement stronger, more complex, and more expensive DRM. They would have to use techniques that help thwart hacks over time, such as reverse engineering prevention, code diversity and renewability, and sophisticated key hiding techniques such as whitebox encryption. Some will argue that making lock-in more of a hassle will cause technology companies to stop trying. This argument is misguided: first, lock-in is fundamental to theories of markets in the networked digital economy and isn’t likely to go away over costs of DRM implementation; second, DRM is far from the only way to achieve lock-in.
The other question is whether Hollywood studios and other copyright owners will demand stronger DRM from service providers that have little motivation to implement it. The problem, as usual, is that copyright owners demand the technology (as a condition of licensing their content) but don’t pay for it. If there’s no effective legal backstop to weak DRM, then negotiations between copyright owners and technology companies may get tougher. However, this may not be an issue particularly where Hollywood is concerned, since studios tend to rely more heavily on terms in license agreements (such as robustness rules) than on DMCA 1201 to enforce the strength of DRM implementations.
Regardless, the passage of the mobile phone unlocking legislation has led to increased interest in the Unlocking Technology Act, such as the recent panel that Public Knowledge and other like-minded organizations put on in Washington. Rep. Lofgren has succeeded in getting several more members of Congress to co-sponsor her bill. The trouble is, all but one of them are Democrats (in a Republican-controlled House of Representatives not exactly known for cooperation with the other side of the aisle); and the Democratically-controlled Senate has not introduced parallel legislation. This means that the fate of the Unlocking Technology Act is likely to be similar to that of past attempts to do much the same thing: the Digital Media Consumers’ Rights Act of 2003 and the Freedom and Innovation Revitalizing United States Entrepreneurship (FAIR USE) Act of 2007. That is, it’s likely to go nowhere.