Does A 27-Second Video Showing How To 'Hack' The NYT Paywall Violate The DMCA?

from the it-certainly-might... dept

Tue, Jun 28th 2011 5:33am — Mike Masnick

We've discussed many times just how easy it is to get around the NY Times' paywall. I've never run up against it because I don't have javascript enabled, and the whole system is javascript based. We have wondered, however, if doing this is technically a violation of the DMCA -- specifically the anti-circumvention clause. After all, I am circumventing technical protection measures. That I have javascript automatically turned off for all sites doesn't much matter.

Of course, now that the paywalls been out for a while, people are finding even more ways to get around the paywall, including merely removing the string at the end of the URL. This is so simple, that someone made a 27-second video showing people how to "hack" the NY Times paywall: Of course, I'm wondering if just this video alone violates the DMCA's anti-circumvention clause. Section 1201 of the DMCA says (in part): "No person shall... offer to the public... any technology, product, service, device, component or part thereof, that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title." Is putting up a video that shows an incredibly easy way to get around the NY Times protection measures a violation?

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: circumvention, dmca, hacking, paywall
Companies: ny times

58 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 28 Jun 2011 @ 5:51am

Not only this.. but I've still got the iPhone app from before the switch to the pay model. I simply ignore the intermittent 'update required' screen and I still get access to all sections of the paper for free.
[ link to this | view in chronology ]
John Doe, 28 Jun 2011 @ 5:55am

Did you just violate the DMCA?
You told us that we can turn off JavaScript to get around the paywall, so did you just violate the DMCA? :)

The phrasing to me reads that you must offer something physical whether it is a device or software/service to violate the DMCA. It seems that advice is not covered.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 5:58am

"technological measure that effectively controls access to a work protected under this title"

I think the key word there is "effectively" The way in which they implemented the paywall doesn't seem effective to me.
[ link to this | view in chronology ]
- Jason, 28 Jun 2011 @ 6:14am
  
  Re:
  Well, the courts have already ruled that "effectively" here does not mean a measure of how effective the control is, but rather as a designation of *that which effects* the control.
  
  However, I wonder if this might be a case where you've got a locked door standing alone without any walls.
  [ link to this | view in chronology ]
  - Richard (profile), 28 Jun 2011 @ 6:19am
    
    Re: Re:
    Well, the courts have already ruled that "effectively" here does not mean a measure of how effective the control is
    
    The word is common to thte laws in several different countries (it is in an international treaty) and I believe that in some countries it has been interpreted to exclude "ineffective" measures.
    [ link to this | view in chronology ]
    - Niall (profile), 28 Jun 2011 @ 9:20am
      
      Re: Re: Re:
      Unless you can interpret this video as a 'service', I don't see how this is a 'technology, product, service, device, component or part thereof'.
      
      You know, lock manufacturers should put microchips in their locks. I bet you could give burglars more of a sentence for breaking the DMCA than for breaking and entering!
      [ link to this | view in chronology ]
Advocate for the dark one, 28 Jun 2011 @ 6:02am

NYT is going to file a mass lawsuit against anyone who bypasses their paywall(they can tell), these dirty hackers, terrorists if you will, are destroying their profits by pirating their news.
[ link to this | view in chronology ]
Cowardly Anon, 28 Jun 2011 @ 6:09am

I don't think that turning off javascript would violate DMCA. My reasoning behind this is that you have a right to allow or deny any application that runs on your computer. Saying that turning javascript off would be like saying you can't run a personal firewall application b/c you can deny any applications access to the internet. Just seems stupid to me.

I almost feel sorry for the NYT. They didn't get what they paid for in this case. There are just so many things wrong with this model that it isn't even doomed to fail...it's just made of fail. It's like they are the QWOP athlete in the 100m dash.
[ link to this | view in chronology ]
- ethorad (profile), 28 Jun 2011 @ 6:47am
  
  Re:
  "you have a right to allow or deny any application that runs on your computer"
  
  Phone for you - it's a Mr Geohot.
  [ link to this | view in chronology ]
  - Cowardly Anon, 28 Jun 2011 @ 7:59am
    
    Re: Re:
    Writing a hack to get around a closed system is not the same a choosing not to run code given by a third party on my hardware.
    
    Case in point: I have a ps3. It is not connected to the internet. I choose not to run Sony's firmware on my system.
    
    At such a point when I can't play a game I want to, I will have to make the choice to run Sony's firmware update or crack my system.
    
    But, until I actually run the code to crack my system, you can't say I'm violating DMCA.
    
    Choosing not to run javascript is the same thing. I have not cracked or hacked the system, I have just chosen not to run code from a third party.
    [ link to this | view in chronology ]
    - Anonymous Coward, 28 Jun 2011 @ 8:27am
      
      Re: Re: Re:
      You're splitting hairs. I doubt any court would find your argument convincing. By the same token, I could legally bypass the DRM on video games and movies I have purchased by saying I simply declined to run the code that enforced the control. In some cases this can be done with the same ease as disabling javascript. Selectively bypassing parts of a package when those parts have been designed to restrict access to parts of that package is precisely what the DMCA disallows.
      
      You're also making an artificial distinction between "running the code to crack something" and "declining to run something". Disabling javascript runs code that alters the flow of your browser. "Running a hack" could be as simple as a few instructions to set EAX to 0 at one point. You think that you are "running code" in one instance, and "not running code" in another, but that's not correct. And if your distinction were correct, it would still be irrelevant because the US courts haven't recognized such distinctions as relevant.
      [ link to this | view in chronology ]
      - Niall (profile), 28 Jun 2011 @ 9:25am
        
        Re: Re: Re: Re:
        The difference is that Javascript is a (default) add-on to your browser, one which you may choose not to engage. And good luck finding a browser that doesn't already have it as part of it (now, what happens if you code a browser without Javascript?) That's not the same as installing/downloading/actively actioning a program that removes/suppresses existing DRM.
        
        Fun thought: Make your on-site DRM Flash-based. Then SUE those iFanboi devices for bypassing it!
        [ link to this | view in chronology ]
      - DogBreath, 28 Jun 2011 @ 9:37am
        
        Re: Re: Re: Re:
        If some website uses javascript to enforce their "viewing protection" but you can still view the pages without JavaScript, that is a fail on their part, not on yours. Otherwise the NoScript add-on in Firefox is in violation of the DMCA (as it allows selective running or disallowing of various javascripts) and is a circumvention device and must be taken down (can't wait for DHS and ICE to seize their domain).
        
        Next, it will be illegal to block ads because of the advertisers First Amendment rights being violated, and the AdBlock plugin will have to go. That will known as the day the internet died.
        [ link to this | view in chronology ]
taoareyou (profile), 28 Jun 2011 @ 6:20am

However
Even with this savvy bit of tech knowledge, I'm still not interested in going to their website.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 6:23am

Everyone pretty much knows that these laws are a joke written by big corporations. Even the government now seems to be realizing it and the corporations don't seem to be doing as much to go after those who violate them because doing such is not effective and only makes the corporations look like jerks. It's a PR nightmare for them.

What the government needs to do is pass a law that gives the corporations everything they want while making it the law that they do not look like jerks and that they are not jerks. That way no one would think of them as jerks every time they act like jerks and they can go on about acting like jerks without the negative PR involved.

Also, presidential elections are coming up somewhat soon and the government (and the courts) often pretends to act more consumer friendly around this time. After presidential elections are over, they will go back to acting like jerks again. It's why we need shorter election cycles.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jun 2011 @ 6:24am
  
  Re:
  (though I think, in addition, presidents should be allowed to stay in office for longer periods of time if they keep getting re - elected. Maybe 10 years in opposed to 8, with presidential election cycles every two years).
  [ link to this | view in chronology ]
  - Anonymous Coward, 28 Jun 2011 @ 8:08am
    
    Re: Re:
    The problem here is that with how much time money and work going into those elections, when would the president actually get the time to do his job if he gets one year (adjustment period) and then one more year where hes only working half the time and campaigning the other half.
    [ link to this | view in chronology ]
    - Anonymous Coward, 28 Jun 2011 @ 8:33am
      
      Re: Re: Re:
      You should not be allowed to use any money to run for president. The president should stand on his or her two feet alone. Why not hold a series of debates/ conferences where anyone who wanted to be (and qualified to be) president could join the conversation? This would level the playing field and allow the person with the best ideas and character to be elected versus the person with the most $$$.
      [ link to this | view in chronology ]
      - Niall (profile), 28 Jun 2011 @ 9:28am
        
        Re: Re: Re: Re:
        It is quite scary how much money you need to run for President in the US. I guess it's true in France, Italy etc as well though.
        
        How that compares with an essentially unelected leader like we have in Britain, I'm not sure.
        
        (For information, the only people who get to vote on who is the Prime Minister are the members of his/her constituency and members of his/her political party.)
        [ link to this | view in chronology ]
      - Any Mouse (profile), 29 Jun 2011 @ 3:03am
        
        Re: Re: Re: Re:
        Do you know what the qualifications are for the job? It's a pretty low bar...
        
        Natural born citizen, and lived in the country 14 years, and at least 35 years of age.
        
        That's it.
        
        Add to this that pretty much anyone who wants the job should never have it.
        [ link to this | view in chronology ]
James Letcher, 28 Jun 2011 @ 6:25am

GET variables
ROFLOL... you have to be kidding me. Their security lies in passing a GET variable, I guess they don't know the difference between GET and POST. Maybe they should hire me and I can explain it to them!
[ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 6:39am

Finally I have legal protections from all the theives out there. Now every IP address that visits my bajillion popup window website and vandalizes my "sponsers" ads by not letting them load and steals my revenue can be targeted with a DMCA violation.
[ link to this | view in chronology ]
Nicedoggy, 28 Jun 2011 @ 6:42am

http://www.google.com/transparencyreport/governmentrequests/US/?p=2010-12&t=CONTENT_REMOVAL_REQU EST

Anybody saw the Google Transparency Report?

Apparently they now show why the request was made :)

Source:
http://www.physorg.com/news/2011-06-google-content.html
[ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 6:52am

Whether or not it actually violates the DMCA, the video will get taken down when the relevant people notice it. That's just the way these things work. This action will prevent exactly 0 (zero) people from "hacking" the paywall.
[ link to this | view in chronology ]
- Niall (profile), 28 Jun 2011 @ 9:29am
  
  Re:
  Which means it will just get posted up elsewhere, especially on a video site not within the reach of ICE.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 6:56am

Does it violate DMCA? It does. None of the actions inside of it, performed by an individual would be considered illegal (you can turn off javascript if you like good luck enjoying the last 20% of the internet that doesn't need it). However, showing people how to perform those acts *in context of this website* could be considered illegal.

More than anything, it shows the NYT firewall to be ineffective, and shows the video poster to by a whiny child who doesn't understand what it means when someone says "you are not welcome".
[ link to this | view in chronology ]
- Rekrul, 28 Jun 2011 @ 7:10am
  
  Re:
  (you can turn off javascript if you like good luck enjoying the last 20% of the internet that doesn't need it)
  
  A large majority of sites work just fine with Javascript disabled. In most cases, it's only used for ads and non-critical, incidental things, like the voting buttons on posts here, or hiding posts that have been flagged as spam.
  
  In most cases, turning it off makes the page load much faster. And in a few cases, disabling it will get rid of annoying "features", like the IMDb's auto-complete suggestions for the search box, which sends you to the last thing the mouse touched, rather than what you typed.
  [ link to this | view in chronology ]
- el_segfaulto (profile), 28 Jun 2011 @ 8:15am
  
  Re:
  JavaScript has been abused far beyond its original intention. It is used as a malware vector and as a means to track web usage.
  
  Anybody who makes a site that breaks with JavaScript disabled has no business designing anything for the web. I use JavaScript (with jQuery) and every site I've ever developed gracefully degrades if JavaScript is disabled with a friendly banner informing the user that for the full experience it should be disabled as well as a link to a page describing what the script does and does not do. And that is how you do it right.
  [ link to this | view in chronology ]
  - Anonymous Coward, 28 Jun 2011 @ 1:31pm
    
    Re: Re:
    Many of the World's top 200 sites completely break or lose their core functionality without JS.
    [ link to this | view in chronology ]
    - Rekrul, 29 Jun 2011 @ 4:16pm
      
      Re: Re: Re:
      Many of the World's top 200 sites completely break or lose their core functionality without JS.
      
      That's because they were designed by idiots.
      
      Those same sites probably don't work with Flash disabled either.
      [ link to this | view in chronology ]
- Niall (profile), 28 Jun 2011 @ 9:31am
  
  Re:
  You were doing so well right up until the whiny childish comment about the video poster.
  
  If the NYT really means "you are not welcome on my lawn" it should put up a decent fence and gate, not a pathetic little sign that can only be seen from one direction, and which is hidden behind the hotdog and lemonade concession.
  [ link to this | view in chronology ]
- G Thompson (profile), 29 Jun 2011 @ 2:43am
  
  Re:
  Actually that is not correct.
  
  Javascript is what is classified as a client side application. ie: It ONLY runs on the viewing computer after the server has sent a request to it to do something.
  
  It is run at the whim of the owner of the client, NOT at the request or legal ability of the owner of the server. In fact the servers owner has no legal obligation to make you use it to visit their site since if they do force you under the duress of quoting the DMCA or other torts they very much could be liable under the criminal sanctions of the Computer Fraud and Abuse Act.
  
  Whether yourself or the NYT like it or not it is the owner of the computer who states what is run or not on their own system, and more specifically what has authority to access or not.
  
  I can guarantee you (since this has happened once) if some organisation tries to access or run some programme/script on my computer which I have not given them the legal authority to, then that organisation will be in for a very nasty shock when criminal warrants are served on them.
  
  As for this video, It shows people how to legally disallow authority to the NYT on their system and therefore is not showing circumvention of anything, especially when circumvention implies the bypassing of something fully controlled by someone else, in this case the NYT, which is incorrect.
  [ link to this | view in chronology ]
Overcast (profile), 28 Jun 2011 @ 6:58am

The DMCA is like the Patriot Act. They are both designed with the intent that they are laws that provide *CONTROL* to the 'government' and it's police state mentality.

It has little to do with anything else.

Chairman Mao would be proud.
[ link to this | view in chronology ]
- Unknown Coward, 28 Jun 2011 @ 11:22am
  
  Re:
  Very well said!
  [ link to this | view in chronology ]
Michael Lockyear, 28 Jun 2011 @ 7:05am

I don't click on NYT links...I don't think that their content is worth the effort it would take to disable javascript or fiddle with the URL.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jun 2011 @ 7:12am
  
  Re:
  Try NoScript.
  [ link to this | view in chronology ]
Rekrul, 28 Jun 2011 @ 7:16am

This reminds me of the time years ago, when I discovered that a subscription based adult site's only protection was that non-members weren't shown the URL to the paid content. The samples on the front page were linked to files in the members section, so it was a simple matter to copy the URL and delete the filename in order to access the raw directory listing. At which point, you had access to anything on the site for free. :)
[ link to this | view in chronology ]
- techflaws.org (profile), 29 Jun 2011 @ 4:42am
  
  Re:
  Raw directory listings are so 90s ;)
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jun 2011 @ 7:36am

Would you trust them with your credit cards?
If they can't protect their own content, how do they expect customers to believe they'll protect consumer information? Do we have any clue how secure their subscriber information is?

What does poor security of their own content do to the NY Times reputation for security overall?
[ link to this | view in chronology ]
- The Devil's Coachman (profile), 28 Jun 2011 @ 11:21am
  
  Re: Would you trust them with your credit cards?
  Like most businesses, they don't really think computer security has much ROI, so why would they spend money on it? Having been in IT for over 40 years, I think I can speak with some authority on this. The pointy-haired boss is the norm, and the exceptions to that are rare, and they are usually hunted down and punished or laid off for having the temerity to suggest that spending funds on anything that does not produce immediate and huge profit is foolish and shows poor business sense. Plus, it has a negative impact on the executive bonus pool.
  [ link to this | view in chronology ]
- The Devil's Coachman (profile), 28 Jun 2011 @ 11:21am
  
  Re: Would you trust them with your credit cards?
  Like most businesses, they don't really think computer security has much ROI, so why would they spend money on it? Having been in IT for over 40 years, I think I can speak with some authority on this. The pointy-haired boss is the norm, and the exceptions to that are rare, and they are usually hunted down and punished or laid off for having the temerity to suggest that spending funds on anything that does not produce immediate and huge profit is foolish and shows poor business sense. Plus, it has a negative impact on the executive bonus pool.
  [ link to this | view in chronology ]
Dan (profile), 28 Jun 2011 @ 7:48am

Techdirt java bloat
"I've never run up against it because I don't have javascript enabled, and the whole system is javascript based."

Now I understand why Mike doesn't care that Techdirt is bogged down with so much Java script. He never sees it. This site loads a lot faster with Java off.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jun 2011 @ 12:09pm
  
  Re: Techdirt java bloat
  Javascript =/= Java
  [ link to this | view in chronology ]
  - G Thompson (profile), 29 Jun 2011 @ 2:46am
    
    Re: Re: Techdirt java bloat
    Though Java == Coffee
    
    and every Java programmer will absolutely agree with that ;)
    [ link to this | view in chronology ]
el_segfaulto (profile), 28 Jun 2011 @ 8:19am

This! A million times this! I'm all for helping to support sites and I do turn AdBlock off for Techdirt. But for the love of all that is holy, do we need all these idiotic widgets? Using Firebug (a must have for any developer) you'll find that the page size is 758 KB (for this article as of 8:18 PST) and the page load time is 24.14 seconds. This is completely unacceptable and the reason why Techdirt has JavaScript all but disabled on my browser.
[ link to this | view in chronology ]
- el_segfaulto (profile), 28 Jun 2011 @ 8:43am
  
  Re:
  Meant to be a response to Dan.
  [ link to this | view in chronology ]
- G Thompson (profile), 29 Jun 2011 @ 2:51am
  
  Re:
  Wow.. I'm getting
  Documents (5 files) 15 KB (123 KB uncompressed)
  Images (43 files) 54 KB
  Objects (1 file) 180 KB
  Scripts (27 files) 239 KB (511 KB uncompressed)
  Style Sheets (7 files) 51 KB (84 KB uncompressed)
  Total 538 KB (952 KB uncompressed)
  
  and I have ads turned off totally, Its the scripts and 1 object (flash swf file of some weirdness) that makes this site very slow sometimes.
  [ link to this | view in chronology ]
out_of_the_blue, 28 Jun 2011 @ 8:37am

Techdirt has at least 13 sites running about 36 scripts,
by my quick count. Then, if finds the noscript extension, still rats you out to be counted by "b.scorecardresearch.com". (I've long had the latter in my hosts file.) So while /appearing/ to be a libertarian, Mike is in fact a /commercialist/; I don't find that either honest or in the long term interest of maintaining freedom. He sells himself -- and YOU too if you let him -- every day.

If only to deny these commercial entities information that they -- or some /national/ spy agency -- will eventually use against you, everyone should use Noscript and a hosts file. It's not merely that you've nothing to hide, it's just plain none of their business. They're only /looking/ for ways to annoy you at best, and the possibilites of /doing evil/ are enormous. By selling your personal data to whoever (last I heard Google gets $25 for it), they get around what's left of the 4th amendment. -- And most are again saying so what? Well, the full explanation is in Orwell's "1984". The goal is to spy on everyone /all/ the time, because that's what gov'ts /like/ to do, and along with bank and credit card reporting, it means TOTAL CONTROL. -- Just say no now while you still can.

As for sites that require javascript, with Noscript it takes only right click and allow. -- BUT there's a poison pill even in Noscript, as it comes set to allow the worst offenders access on every site: you should remove its entire white list.
[ link to this | view in chronology ]
- BeeAitch (profile), 28 Jun 2011 @ 12:45pm
  
  Re: Techdirt has at least 13 sites running about 36 scripts,
  "So while /appearing/ to be a libertarian, Mike is in fact a /commercialist/; I don't find that either honest or in the long term interest of maintaining freedom. He sells himself -- and YOU too if you let him -- every day."
  
  I, for one, am glad that Mike makes enough money (off of me and other techdirt readers) to keep this site going. Keep up the good work Mike!
  
  As for you, if you don't like it, don't visit the site. You won't be missed.
  [ link to this | view in chronology ]
David Good (profile), 28 Jun 2011 @ 9:07am

First ammendment
I think the bigger issue here is that the DMCA blatantly violates the First Amendment. It's sort of like the law restricting the export of encryption software, but if you print the algorithm on a T-shirt you can walk across the US/Canada border with no problem while wearing it.
[ link to this | view in chronology ]
- Jose_X, 1 Jul 2011 @ 12:53pm
  
  Re: First ammendment
  "No person shall... offer to the public... any technology, product, service, device, component or part thereof, that is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title."
  
  My interpretation is that "products" and the rest would not include speech as clearly would be a website.
  [ link to this | view in chronology ]
Gill Bates, 28 Jun 2011 @ 9:10am

Private Browsing
also works well in chrome or Firefox.
[ link to this | view in chronology ]
Patty, 28 Jun 2011 @ 10:55am

NYT and DMCA
I set the browser to delete cookies on close and have never had a problem accessing as much of the NYTs as I want. Is deleting cookies a violation of the DMCA?
[ link to this | view in chronology ]
Overcast (profile), 28 Jun 2011 @ 11:15am

I set the browser to delete cookies on close and have never had a problem accessing as much of the NYTs as I want. Is deleting cookies a violation of the DMCA?

Probably.

But all these IP and supposed 'protection' laws being put in are just to make sure we are ALL guilty of something - all the time. It's the only easy way to run a police state, like our 'leaders' endeavor to do.
[ link to this | view in chronology ]
Overcast (profile), 28 Jun 2011 @ 11:22am

You should not be allowed to use any money to run for president. The president should stand on his or her two feet alone. Why not hold a series of debates/ conferences where anyone who wanted to be (and qualified to be) president could join the conversation? This would level the playing field and allow the person with the best ideas and character to be elected versus the person with the most $$$.

The BIG problem is that politicians give grants and tax-exemptions to various organizations and companies. Then those SAME organizations/companies turn around and *fund their campaigns*.

It's basically just money laundering, but since they are 'good organizations' with their parasitic politicians protecting them, the justice department could care less.

So much for the 'rule of law' in the formerly United States of America - now known as the Tyrannical States of America, or TSA for short.
[ link to this | view in chronology ]
TWiT, 28 Jun 2011 @ 12:25pm

NY Times? Hava
Oh. Golly. The NY Times has something worth reading?

I've said for the last couple of years I'd be very happy if Hava just vanished. Shamefully, most of the idiotic planet runs on a .js script.
[ link to this | view in chronology ]
Anonymous DirtyPirate, 28 Jun 2011 @ 9:24pm

DMCA
I have a grrrrreat! method of circumventing DRM: I just don't buy anything or look at anything that requires it. Like the NYT. Arrrrrr! Come and get me, Effin' Bee Eyes!
[ link to this | view in chronology ]
last word, 4 Nov 2011 @ 8:20am

last word
just dont patent the process...
[ link to this | view in chronology ]