Apple Loses Big in DRM Ruling: Jailbreaks Are "Fair Use"
Nate Anderson, arstechnica.com
Every three years, the Library of Congress has the thankless task of listening to people complain about the Digital Millennium Copyright Act. The DMCA forbade most attempts to bypass the digital locks on things like DVDs, music, and computer software, but it also gave the Library the ability to wave its magical copyright wand and make certain DRM cracks legal for three years at a time.
This time, the Library went (comparatively) nuts, allowing widespread bypassing of the CSS encryption on DVDs, declaring iPhone jailbreaking to be "fair use," and letting consumers crack their legally purchased e-books in order to have them read aloud by computers.
The exemptions
The DMCA was passed in 1998, so this is the fourth go-round for the Library. In the past, people have usually complained that DRM prevented them from making legitimate use of items like DVDs—format-shifting a copy to one's iPod, for instance, was forbidden. The Register of Copyrights (who is part of the Library of Congress) dutifully listened to these complaints and then did... very little. Previous exemptions could charitably be described as "parsimonious." After all, if you need a two-minute clip of a film, you could always get it from a VHS tape or by taping a TV screen. Right?
The Librarian and the Register, cautious folks that they are, have moved slowly, but after more than a decade of the DMCA, they are increasingly willing to acknowledge its harms. That lead to this morning's ruling, which provides DRM circumvention exemptions for the following six classes of works:
(1) Motion pictures on DVDs that are lawfully made and acquired and that are protected by the Content Scrambling System when circumvention is accomplished solely in order to accomplish the incorporation of short portions of motion pictures into new works for the purpose of criticism or comment, and where the person engaging in circumvention believes and has reasonable grounds for believing that circumvention is necessary to fulfill the purpose of the use in the following instances:
(i) Educational uses by college and university professors and by college and university film and media studies students; (ii) Documentary filmmaking; (iii) Noncommercial videos.
(2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.
(3) Computer programs, in the form of firmware or software, that enable used wireless telephone handsets to connect to a wireless telecommunications network, when circumvention is initiated by the owner of the copy of the computer program solely in order to connect to a wireless telecommunications network and access to the network is authorized by the operator of the network.
(4) Video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works, when circumvention is accomplished solely for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if:
(i) The information derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer network; and (ii) The information derived from the security testing is used or maintained in a manner that does not facilitate copyright infringement or a violation of applicable law.
(5) Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace; and
(6) Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book’s read-aloud function or of screen readers that render the text into a specialized format.
The language here can be opaque, so let's parse these a bit.
DVDs
First up: DVDs! Previous exemptions have been carved out for college professors who might use film clips in class. But note the broad nature of the new rule—it applies to everyone. As long as you are making a documentary or noncommercial video, you're in.
The exemption only covers "short portions of motion pictures," since the Register was not convinced that longer portions would necessarily be fair use. And if there's some other way of getting the clips short of bypassing DRM, you should take it.
According to the official explanatory text (PDF), "Where alternatives to circumvention can be used to achieve the noninfringing purpose, such noncircumventing alternatives should be used." Thus, if you have screen capture software and need only a low-quality copy for some purpose, you should use that.
But the exemption is a key one, despite its limiting language. As the Librarian of Congress finally admitted, "I agree with the Register that the record demonstrates that it is sometimes necessary to circumvent access controls on DVDs in order to make these kinds of fair uses of short portions of motion pictures."
Jailbreaking
The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost.
The Electronic Frontier Foundation argued that jailbreaking one's iPhone should be allowed, even though it required one to bypass some DRM and then to reuse a small bit of Apple's copyright firmware code. Apple showed up at the hearings to say, in numerous ways, that the idea was terrible, ridiculous, and illegal. In large part, that was because the limit on jailbreaking was needed to preserve Apple's controlled ecosystem, which the company said was of great value to consumers.
That might be true, the Register agreed, but what did it have to do with copyright?
"Apple is not concerned that the practice of jailbreaking will displace sales of its firmware or of iPhones," wrote the Register, explaining her thinking by running through the "four factors" of the fair use test. "Indeed, since one cannot engage in that practice unless one has acquired an iPhone, it would be difficult to make that argument. Rather, the harm that Apple fears is harm to its reputation. Apple is concerned that jailbreaking will breach the integrity of the iPhone's ecosystem. The Register concludes that such alleged adverse effects are not in the nature of the harm that the fourth fair use factor is intended to address."
And the Register concluded that a jailbroken phone used "fewer than 50 bytes of code out of more than 8 million bytes, or approximately 1/160,000 of the copyrighted work as a whole. Where the alleged infringement consists of the making of an unauthorized derivative work, and the only modifications are so de minimis, the fact that iPhone users are using almost the entire iPhone firmware for the purpose for which it was provided to them by Apple undermines the significance" of Apple's argument.
The conclusion is sure to irritate Steve Jobs: "On balance, the Register concludes that when one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses."
SecuROM and SafeDisc
Exemption four is quite clear—security research on DRM-limited video games is allowed—but why is it there? What research needs to be done?
It turns out that the real target here is the DRM itself, specifically two controversial systems called SecuROM and SafeDisc. Professor Alex Halderman, a longtime security researcher in this area, begged the Library to let him investigate these kinds of invasive DRM without legal worries.
"The evidence relating to SecuROM tends to be highly speculative," said the Register, explaining her approval of the exemption, "but Professor Halderman asserted that this situation has been crying out for an investigation by reputable security researchers in order to rigorously determine the nature of the problem that this system cause[s], and dispel this uncertainty about exactly what's going on. He believed that the prohibition on circumvention is at least in part to blame for the lack of rigorous, independent analysis."
But the SafeDisc situation is clearer. "In contrast to SecuROM, SafeDisc has created a verifiable security vulnerability on a large number of computers. Opponents of the proposed class did not dispute that SafeDisc created a security vulnerability, but they argued that the security flaw was patched by Microsoft in 2007, without the need of an exemption. However, SafeDisc was preloaded on nearly every copy of Microsoft's Windows XP and Windows 2003 operating systems and was on the market for over six years before a security researcher discovered malware exploiting the security. The vulnerability had the capacity to affect nearly one billion PCs."
Given what's at stake, the Library decided to allow such security research.
E-books
Remember how Amazon got into trouble with publishers for allowing its Kindle to do automated text-to-speech? Publishers objected that this could cut into their audiobook money and that it might violate their rights.
Amazon may have clamped down on the feature in response, but the Library of Congress has now given users the right to crack e-book DRM in order to hear the words. Exemption number six only applies in cases where there is no alternative; if e-book vendors offer any sort of version that allows screen-reading or text-to-speech, even if the price is significantly higher, people must use that version rather than bypass DRM.
But if there are no commercial alternatives, e-book buyers are at last legally allowed to bypass DRM.
The clock is ticking
Other, broader exemptions were not allowed. Bypassing the DRM on purchased music when the authentication servers have gone dark? Still illegal. Bypassing the DRM on streaming video in order to watch it on non-supported platforms? Nope.
But the exemptions that did make it were carefully thought out and actually helpful this time around. That's the good news. The bad news is that they must be re-argued every three years, and the Library has taken so long getting its most recent ruling out that that the next review happens just two years from now.
So enjoy your exemptions while you can.