Legal Gymnastics: It's Okay To Circumvent DRM In Europe If It's Circumventable

from the follow? dept

Fri, May 25th 2007 8:07pm — Mike Masnick

This one is going to throw the entertainment industry lawyers for a loop. Anti-circumvention clauses are some of the most controversial parts of digital copyright laws. Those rules take away certain fair use rights and often criminalize perfectly reasonable things (such as software). However, the anti-circumvention rules in Europe may just have become a lot weaker due to a fascinating interpretation of the EU directive on the topic. Boing Boing points us to the ruling that says that circumventing certain types of DRM is ok if the DRM is "ineffective." It's based on a strict reading of the law, which says that the law only protects "effective" DRM. So, as long as you can prove the DRM is ineffective, it's okay to circumvent it. Of course, how do you prove that DRM is no longer effective? Perhaps by circumventing it. So, basically, you can't try to circumvent DRM (that's illegal!), but if you do, you've proven it to be ineffective, and therefore, you can circumvent it. Of course, the details in this case involve DVD DRM, which was circumvented in Norway -- which is not a part of the EU. So, perhaps the DRM first needs to be circumvented outside the EU before it becomes circumventable in the EU. In the meantime, this was a low level court ruling that will almost definitely be appealed. I'm sure the entertainment industry lawyers will point out that this effectively makes the anti-circumvention directive meaningless as their defense against the ruling, and that might just work. In the meantime, enjoy the circular logic.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

35 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 25 May 2007 @ 8:26pm

Uh, that makes no sense, but I'll play..

What is is that point when it's met critical mass to be considered "ineffective"?
[ link to this | view in chronology ]
Anonymous Coward, 25 May 2007 @ 9:27pm

I wonder if they're misinterpreting the word effective? Perhaps the law was actually referring to DRM that is "in effect" or currently in use. Verbal ambiguity is such fun!
[ link to this | view in chronology ]
Matt, 25 May 2007 @ 9:51pm

Not quite as simple
If a certain DRM scheme is such that it takes considerable effort for each person to circumvent it, that would still be considered effective. If a simple crack is made public (from wherever) that can be downloaded, the DRM is then considered ineffective.
[ link to this | view in chronology ]
- Anonymous Coward, 26 May 2007 @ 4:17pm
  
  Re: Not quite as simple
  If a certain DRM scheme is such that it takes considerable effort for each person to circumvent it, that would still be considered effective.
  Let's see. So if one has to consider it, it can be said to be "considerable". To consider can mean "to think about". To take any conscious action requires one to think about it. So in that case then, if one has to consciously do anything, even push one key or one button on a remote or load a disc, it would be considered "effective". In that case then, I can't think of any examples of DRM that couldn't be considered "effective".
  [ link to this | view in chronology ]
  - Shaun, 28 May 2007 @ 7:49am
    
    Re: Re: Not quite as simple
    "considerable effort" I would think should mean like at least 10x the man-hours(sorry if that's not a politically correct term) taken to create the DRM to be able to create a crack. 100x would be better but it usually seems more like it takes 1/100th of the man-hours to crack it instead so I'll set the bar fairly low to give them even a slight chance.
    [ link to this | view in chronology ]
Brian, 25 May 2007 @ 10:04pm

Another interpretation
It sounds like this court wanted to make it illegal for the first person to break the DRM, since at that point it would still be considered 'effective', but not make every person out there who cracks the protection from then on be subject to litigation.
[ link to this | view in chronology ]
- R3d Jack, 26 May 2007 @ 12:03pm
  
  Re: Another interpretation
  Careful! Intelligent, sensible postings could get you banned...
  [ link to this | view in chronology ]
  - Anonymous Coward, 26 May 2007 @ 4:55pm
    
    Re: Re: Another interpretation
    Careful! Intelligent, sensible postings could get you banned...
    You're new around here aren't you? This isn't a Fox News blog.
    [ link to this | view in chronology ]
- Anonymous Coward, 26 May 2007 @ 4:54pm
  
  Re: Another interpretation
  It sounds like this court wanted to make it illegal for the first person to break the DRM, since at that point it would still be considered 'effective'
  Logically, it would still be the same DRM it was before. Demonstrating that it could be broken wouldn't change the fact that it had been breakable all along. By analogy, just because no one has attempted to set fire to some particular open bowl of gasoline doesn't prove that said bowl of gasoline is "fireproof".
  
  ...not make every person out there who cracks the protection from then on be subject to litigation.
  Now from a practical perspective, how would anyone ever be proved to be the first person to break some DRM? It could well have been broken many times before that just weren't well publicized.
  [ link to this | view in chronology ]
Shaun, 25 May 2007 @ 10:06pm

Good Measure
I think that on a literal point to be "ineffective" would mean extremely easy - ie if an average-jo computer user can Google "copy DVD" and get a program to copy a DVD with DRM then it is ineffective. If however you have to find a code, patch a program's source code with it and compile the source - assuming such instructions aren't readily available in a form my 13 year old sister could use - then there MIGHT be an argument that it is actually effective but not otherwise. Maybe it could still be counted as effective if it took over say 2 years of widespread use - or say at least 5-10x the development time of the DRM for it to be cracked then it still could be called effective

On a separate point I do like that argument, more circular logic please!
[ link to this | view in chronology ]
- Yakko Warner, 26 May 2007 @ 10:59pm
  
  Re: Good Measure
  Fun with ambiguity. First, what constitutes "average-jo"? I would imagine there are plenty of 13-year-olds who could patch and recompile code with minimal instruction. How do we measure when the "average" 13-year-old could succeed at a given task? (I suppose we could add this to the standardized school tests. :D ) Besides, it's only a matter of (usually very little) time that someone will take the fix and wrap it up in a nice, simple, stand-alone package.
  
  I think this post, interestingly, proves one of the arguments against DRM: it only keeps honest people from doing what they could or should be able to do in the first place; it does nothing to keep out the determined. Only the "average-jo" suffers...
  [ link to this | view in chronology ]
  - Shaun, 28 May 2007 @ 7:42am
    
    Re: Re: Good Measure
    First, what constitutes "average-jo"? I would imagine there are plenty of 13-year-olds who could patch and recompile code with minimal instruction.
    What I mean here is someone who can use a computer in terms of internet etc and possibly install a program by double clicking the exe as long as there arn't many options to select (mainly these are windows users)
    Besides, it's only a matter of (usually very little) time that someone will take the fix and wrap it up in a nice, simple, stand-alone package.
    That's pretty much what I was getting at. It might be "effective" for only a couple of weeks, couple of months at most if they're lucky.
    [ link to this | view in chronology ]
    - Anonymous Coward, 28 May 2007 @ 10:20pm
      
      Re: Re: Re: Good Measure
      What I mean here is someone who can use a computer in terms of internet etc and possibly install a program by double clicking the exe as long as there arn't many options to select (mainly these are windows users)
      I see. So you are saying that Linux or BSD or Mac users should be exempt from the DMCA anti-circumvention provisions.
      [ link to this | view in chronology ]
SensibleMan, 26 May 2007 @ 2:02am

Using is not Breaking
It's a sensible decision, *breaking* DRM is one thing. *Using* the break is another.

The DRM companies are arguing the 'instance' of the DRM counts individually, i.e. every time you rip your DVDs to your laptop you are breaking DRM. But that's rubbish.

The court has decided this is not true, the guy who broke CSS did the break, everyone else is just *using* the ripper.

Then again why should bad lock makers be able to get legal protection for their bad locks? Why is this stupid law in anyway. (Well apart from it was slotted into a treaty after being rejected both by the US and EU governments).
It's legal and moral to rip DVDs to your media centre PC. It's legal to publish information on locks:
http://home.howstuffworks.com/lock.htm

So why should there be this exception, where bad lock makers get legal protection for their bad locks? Why does DRM get special protection? If it works it doesn't need it, if it doesn't work, pretending it does doesn't change the reality!

Physical locks protecting *Real* Property have to be *really* secure, not pretend secure.
If 'IP' really is property as lobbyists like to pretend, then how can they pretend the locks don't need to be secure!

Why can we study any area of technology, except how some crap little companies crappy DRM works.
[ link to this | view in chronology ]
ehrichweiss, 26 May 2007 @ 6:22am

the DMCA has the same type of clause..
Just a couple of days ago I was in a discussion about how DRM can be legally circumvented if it's ineffective. The discussion was about how someone was being harassed(sued?) over how they published a workaround for some javascript "protection" on a website; the website's owners didn't take kindly to it and gave him a cease and desist or the like. The problem is that the DMCA states that if a form of protection isn't effective then circumventing it isn't a violation, and javascript content protection has never been shown to be effective.
[ link to this | view in chronology ]
- Anonymous Coward, 26 May 2007 @ 5:03pm
  
  Re: the DMCA has the same type of clause..
  The problem is that the DMCA states that if a form of protection isn't effective then circumventing it isn't a violation, and javascript content protection has never been shown to be effective.
  If the purpose of DRM is to prevent unauthorized copying, then no form DRM has ever been shown to be effective. However, this fact is politically incorrect so judges just ignore it. It's like Alice in Wonderland.
  [ link to this | view in chronology ]
Gary, 26 May 2007 @ 11:19am

Let me understand this: To play an encryption-encumbered DVD, I need a player that can play it. To do this, I need a player that has the decrypter and the key to decrypt it. So, unlike public/private RSA encryption, I have material to be decrypted, the decrypter and the key. (It just occurred to me that adds cost to the product, but no value.)

Anyway, doesn't that by definition make all types of DRM circumventable?
[ link to this | view in chronology ]
- Anonymous Coward, 26 May 2007 @ 10:33pm
  
  Re:
  So, unlike public/private RSA encryption, I have material to be decrypted, the decrypter and the key.
  Actually, as I understand it RSA and the CSS encryption used on DVD's are both asymmetric-key cryptosystems. In other words, the decryption key stored on the player is different than the encryption key. But that still doesn't invalidate the rest of your statement, i.e. the player contains both a decryption system and a key to go along with it.
  [ link to this | view in chronology ]
Yakko Warner, 26 May 2007 @ 10:52pm

Suicide crackers?
Is this like how attempted suicide is illegal, but succeeding is not?
[ link to this | view in chronology ]
- Anonymous Coward, 27 May 2007 @ 1:04am
  
  Re: Suicide crackers?
  Is this like how attempted suicide is illegal, but succeeding is not?
  Not really. This means attempts are illegal only if there have been no previous successes. With suicide it is usually easy to tell if there has been a prior success. With DRM cracking prior successes may not be known except to a few.
  [ link to this | view in chronology ]
Anonymous Coward, 27 May 2007 @ 3:42am

is this mean it's ok for me to circumventing ineffective virus?
[ link to this | view in chronology ]
Lawrence D'Oliveiro, 27 May 2007 @ 4:42am

Simple logic, really
Actually, it makes perfect sense. If the FUV* technology were effective, it wouldn't need legal sanction to enforce it.
So the laws you would be breaking by circumventing it would actually be laws of physics. Or information theory. Or something.

*FUV = Fair Use Violation. "DRM" is so last century, isn't it.
[ link to this | view in chronology ]
Anonymous Coward, 27 May 2007 @ 6:46am

Mike, are you still around? Mommy hasn´t pulled the plug on your internet access. Still bashing xG??? You moron, I´m up fucking huge and Telefonica is about to come on board. If you had ANY BALLS at all, you would print a retraction to your bullshit garbage about xG. I´m not expecting that, as I know those that blog cannot do a damn thing other than blog.
[ link to this | view in chronology ]
Michael McMannus, 27 May 2007 @ 3:05pm

Re: #19-- by the Coward
Dude, I have no idea what your talking about but TechDirt is like talking around the watercooler, man. Leave Mike alone, he has some good ideas and also some bad, just like I have good stuff and some bad. TD is that place where you can put your ideas on the back burner and let it bake a bit.

What's cool is that he created something of a community where we can collaborate share, add, and discuss. Everyone's equal. Spill it or else your just as worthless as hiding behind the Anon Coward name.

Whats your beef.. Let's discuss.. Or go away.
[ link to this | view in chronology ]
Kevin, 27 May 2007 @ 11:06pm

An example
Here's an example of circumventing an effective DRM scheme:

A company sells a special camcorder with a box-shaped lens. You place it right up against your monitor and start the DVD. The camcorder would then record the movie content as it plays and store it in a DRM free digital format. Perhaps the captured video image could be of high quality if it could capture at a high enough frame rate at a high enough resolution, and could then be distributed. But selling of such a device would be considered illegal under this law, because the DRM is still intact and effective.

However, if a group creates an encryption scheme and they claim that the encryption can't be broken, but is then defeated within a couple of months by a teenager, then your encyption scheme is too weak to be considered effective.
[ link to this | view in chronology ]
John, 28 May 2007 @ 2:40am

D.R.M. (Doesn't Really Matter!)
DRM is a bit of a joke, it doesn't take long for popular content to be available with the DRM stripped off like a cheap bumbersticker. This is especially true today, since people can exchange files in complete safety with encrypted file sharing methods (such as Europe's GigaTribe: http://www.gigatribe.com )
[ link to this | view in chronology ]
Matthew, 28 May 2007 @ 5:30am

Well the RIAA will simply paint over that line with a black marker like the we used to do with their CDs.
[ link to this | view in chronology ]
J, 28 May 2007 @ 1:00pm

Don't not overstretch this...
The decision does not apply to the whole EU. This was a decision of a Finnish lower court applying the Finnish copyright law solely on this specific case of circumventing DVD CSS. It does not as such bind other EU member states that may have a different wording in their law for the purposes of implementing the EU copyright directive. Also, the extent to which it is generalizable to other similar cases even in Finland is debatable.

An interesting aspect of the decision was that none of the copyright organizations took any part in it. This was a criminal trial, started by the defendants themselves when they turned themselves in for violating the copyright law.
[ link to this | view in chronology ]
J, 28 May 2007 @ 1:01pm

And don't use no double negatives either!
Scratch one "not" from previous subject line.
[ link to this | view in chronology ]
Blither, 28 May 2007 @ 3:13pm

Site problems?
The site hasn't been updated in close to 72 hours. What gives? This is usually a very active blog, particularly on Mondays.
[ link to this | view in chronology ]
- Blather, 28 May 2007 @ 9:05pm
  
  Re: Site problems? ...Blither
  This Monday is a National Holiday; Memorial Day: a day we honor those who serve our country to maintain our freedom.
  
  There is no excuse or explanation necessary.
  
  Patience, my boy. You will be addressed directly, assuming you have something Worthwhile to communicate....
  [ link to this | view in chronology ]
Anonymous Coward, 28 May 2007 @ 9:26pm

Effective DRM does not need to make copyright violation impossible, it simply needs to make such violation more difficult than legally licensing the content for the relevant purpose (ie if it costs $500 to copy a dvd and $25 to buy it then the DRM is effective even if some fool might waste money circumventing it).
[ link to this | view in chronology ]
SensibleMan, 29 May 2007 @ 1:58am

This applies to USA too
This is a reasonable interpretation of all circumvention laws including the DMCA. How can it be that the person who circumvents a DRM is treated as the same as someone who uses the resulting crack?

The interpretation makes sense.

USING AN EXISTING CIRCUMVENTION IS NOT THE SAME AS MAKING THE CIRCUMVENTION!

So this should be applied to the USA too, not just Europe. A sensible interpretation applies wherever common sense prevails.
[ link to this | view in chronology ]
Overcast, 29 May 2007 @ 7:29am

That law makes about as much sense as the entertainment industry's "War on the Consumer".
[ link to this | view in chronology ]
Blither, 29 May 2007 @ 4:43pm

Re: site problem?
That's funny. I don't remember this past weekend being a long weekend. Seems to have been business as usual Monday. I also don't recall that bloggers have particular business hours or holidays anyway; they write when they have something new to write. Most of the blogs I follow only have a hiatus maybe once a year, generally when something major happens to the blogger, such as a move or a death in the family or something. NONE of the other multi-blogger blogs I follow has any lulls in activity at all (save one that was hosted in New Orleans that went down for days when Katrina hit). What should make this blog so special?
[ link to this | view in chronology ]