Calling All iPhone Developers: Support EFF's DMCA Exemption for Jailbreaking

Call To Action by Fred von Lohmann

iPhone application developers have until February 2, 2009 to submit comments to the Copyright Office in support of EFF's proposal for a DMCA exemption for iPhone owners who want to "jailbreak" their iPhones to gain the freedom to install applications of their choice. If you're an iPhone app developer, and you have a story about your frustration with Apple's chokehold over iPhone apps, please share it with the Copyright Office. Legalizing jailbreaking is a critical step in loosening Apple's grip and creating an open market for iPhone applications.

Apple uses "software locks" to prevent applications other than those sold from the iTunes App Store from running on the iPhone. The process of modifying an iPhone to run applications from other sources is known as "jailbreaking" (this is different from "unlocking," which generally refers to modifying an iPhone to operate with a different network carrier). Although hundreds of thousands of iPhone owners have already jailbroken their phones, Apple is likely to argue that the act of jailbreaking violates the DMCA's ban on circumventing software locks. In an effort to lift this legal cloud, EFF has proposed that the Copyright Office grant a 3-year exemption from the DMCA to permit jailbreaking.

Apple's shackling iPhone owners to the iTunes App Store has nothing to do with protecting Apple software from piracy. Instead, it's all about limiting competition and innovation on the iPhone platform. For example, Apple has refused to approve iPhone apps that compete with Apple's own software, such as Mail, Safari, and iTunes. Apple has also censored ebooks from the App Store. And developers of iPhone VoIP applications have also encountered inexplicable delays in app approval.

So, if you're an iPhone developer, and you are frustrated with Apple's iPhone app approval process, please consider sharing your experience with the Copyright Office and supporting EFF's proposed DMCA exemption for jailbreaking.

[Permalink]

Apple Shows Us DRM's True Colors

Commentary by Richard Esguerra

At this week's Macworld Expo, Apple announced that by April, music from the iTunes Store will no longer be shackled by digital rights management (DRM). Finally, DRM is good and fully dead for digital music -- gone from CDs, gone from downloads, and largely dead for streaming.

Apple's announcement comes nearly a year after Amazon.com's DRM-free MP3 deals went live, demonstrating that the record labels were holding the DRM card until they could wring business concessions from Apple (in the form of variable pricing). This just underscores that DRM is not really about stopping piracy, but rather about leverage over authorized distributors.

In fact, an inventory of Apple's remaining DRM armory makes it vividly clear that DRM (backed by the DMCA) is almost always about eliminating legitimate competition, hobbling interoperability, and creating de facto technology monopolies:

• Apple uses DRM to lock iPhones to AT&T and Apple's iTunes App Store;
• Apple uses DRM to prevent recent iPods from syncing with software other than iTunes (Apple claims it violates the DMCA to reverse engineer the hashing mechanism);
• Apple claims that it uses DRM to prevent OS X from loading on generic Intel machines;
• Apple's new Macbooks feature DRM-laden video ports that only output certain content to "approved" displays;.
• Apple requires iPod accessory vendors to use a licensed "authentication chip" in order to make accessories to access certain features on newer iPods and iPhones;
• The iTunes Store will still lock down movies and TV programs with FairPlay DRM;
• Audiobook files purchased through the iTunes Store will still be crippled by Audible's DRM restrictions.

The majority of these DRM efforts do not have even an arguable relation to "piracy." And even where things like movies and audiobooks are concerned, DRM is not only futile, but will likely be counter-productive, making the "legitimate" alternative less attractive than the Darknet options.

This week's announcement is another step in the meltdown of DRM for music. But it is also a stark reminder that Apple remains at the forefront of employing DRM to shove competitors to the fringes and wrest control out of the hands of users.

[Permalink]

UMG v. Veoh: Another Victory for Web 2.0

Legal Analysis by Fred von Lohmann

Over the holidays, video hosting site Veoh won another victory under the DMCA safe harbors, this time against Universal Music Group (UMG). The ruling should put to rest the argument that transcoding and other activities necessary for making content accessible on the web are not covered by the DMCA's Section 512(c) safe harbor for storing material on behalf of users (i.e., hosting user-generated content). This is good news not just for Veoh, but also for YouTube and every other site that hosts material uploaded by users.

Like many other companies that host content on behalf of users, Veoh has been bedeviled by copyright lawsuits. The copyright owners make the same argument in each of these suits: the hosting service should be liable for every infringing bit uploaded by naughty users and responsible for the full cost of policing for infringement. Fortunately, Congress enacted the DMCA's safe harbor provisions back in 1998 to protect service providers from exactly these risks, offering immunity from copyright damages to those who implement a notice-and-takedown system. In August 2008, Veoh won a big victory against adult video purveyor Io Group, relying on these provisions.

Veoh's latest victory was against UMG, which sued Veoh because Veoh users allegedly uploaded UMG music videos without authorization. The issue before the court was whether the DMCA safe harbor for hosting only covers the actual act of storing bits on a server, or whether it also covers related activities, such as:

1. automatically transcoding video files uploaded by users into Flash format;
2. automatically creating copies of uploaded video files that are comprised of smaller “chunks” of the original file;
3. allowing users to access uploaded videos via streaming;
4. allowing users to access uploaded videos by downloading whole video files.

Relying on the statutory language, as well as the legislative history, the court concluded that all of these activities are covered by the DMCA Section 512(c) safe harbor. Lots of online service providers will greet this ruling with relief. If the court had accepted UMG's arguments, every web host would lose the safe harbor as soon as it made web pages available to the public. The ruling should also help YouTube in its ongoing battle with Viacom, which also turns on the continuing strength of the DMCA safe harbors.

But the Veoh ruling also points out a surprising irony: while YouTube and Viacom are fighting their interminable litigation trench war, many interesting DMCA legal questions are being resolved in smaller, faster-moving cases involving companies like Veoh. At this rate, the highly-anticipated Viacom v. YouTube lawsuit may end up a footnote in the legal fights that define the rules governing user-generated content.

[Permalink]

Remixers, Unlockers, Jailbreakers, Oh My!

Legal Analysis by Fred von Lohmann

Yesterday, EFF filed petitions (1, 2) with the Copyright Office seeking DMCA exemptions for three categories of activities that do not violate copyright laws, but that are still jeopardized by the DMCA's ban on bypassing technical protection measures used to control access to copyrighted works (i.e, DRM). The three exemptions are for:

• Noncommercial video creators (like YouTubers and vidders) who rip DVDs in order to use clips for fair use remixes;
• Cell phone owners who want to unlock their phones to use them on cellular networks of their choosing;
• Cell phone owners who want to "jailbreak" their phones in order to use applications of their choosing (e.g., iPhone owners who want apps from sources other than the iTunes App Store).

The exemption for remix video creators is necessary to protect fair use in a digital world where visual literacy (what Larry Lessig calls RW culture) is increasingly important. Today, if you rip a DVD, the MPAA takes the position that you've broken the law, even if you are making a video that comments on the latent racism in Disney films or the sexualized violence in 300. This is what free speech looks like in the 21st century, and a DMCA exemption is necessary if we want to avoid driving millions of amateur creators into the copyright underground.

The cell phone exemptions (unlocking and jailbreaking) are necessary to protect your "freedom to tinker" with products you own. Cellular carriers lock their phones not to protect their copyrights, but rather to discourage customers from switching carriers. This is not only anti-competitive, but puts millions of used cell phones into landfills each year. More recently, cell phone makers have started locking phones to a single source for applications -- which is why more than 350,000 iPhone owners have "jailbroken" their iPhones in order to get the apps they want, instead of just the ones Apple is willing to let them have.

Others are seeking exemptions for computer security researchers who want to investigate DRM on videogames (SecuROM, we're looking at you); documentarians, film professors, and media literacy educators who need to take clips from DVD; and consumers who have been left high and dry by vendors who retired their DRM authentication servers (e.g., Walmart, Yahoo, Microsoft). All of the proposals have been posted on the Copyright Office website. Comments supporting or opposing the proposed exemptions are due by Feb. 2, 2009. Hearings will follow in the Spring, and the Copyright Office will announce its final determinations in October 2009, as the last set of exemptions expire.

[Permalink]

Apple Confuses Speech with a DMCA Violation

Legal Analysis by Fred von Lohmann

Slashdot reports that Apple has sent a "cease and desist" email to bluwiki, a public wiki site, demanding the removal of postings there by those who are trying to figure out how to write software that can sync media to the latest versions of the iPhone and iPod Touch.

Short answer: Apple doesn't have a DMCA leg to stand on.

At the heart of this is the iTunesDB file, the index that the iPod operating system uses to keep track of what playable media is on the device. Unless an application can write new data to this file, it won't be able to "sync" music or other content to an iPod. The iTunesDB file has never been encrypted and is relatively well understood. In iPods released after September 2007, however, Apple introduced a checksum hash to make it difficult for applications other than iTunes to write new data to the iTunesDB file, thereby hindering an iPod owner's ability to use alternative software (like gtkpod, Winamp, or Songbird) to manage the files on her iPod.

The original checksum hash was reverse engineered in less than 36 hours. Apple, however, has recently updated the hashing mechanism in the latest versions of the iPhone and iPod Touch. Those interested in using software other than iTunes to sync files to these new iPods will need to reverse engineer the hash again. Discussions about that process were posted to the public bluwiki site. Although it doesn't appear that the authors had yet figured out the new iTunesDB hashing mechanism, Apple's lawyers nevertheless sent a nastygram to the wiki administrator, who took down the pages in question.

Here are just a few of the fatal flaws in Apple's DMCA argument.

Where's the "technology, product, service, device or device"?

The DMCA provides that:

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that ... is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner....

The information posted on the wiki appeared to be text, along with some illustrative code. Nothing that I saw on the pages I was able to review would appear to constitute a "technology, product, service, device, component, or part thereof." In fact, the authors had apparently not yet succeeded in their reverse engineering efforts and were simply discussing Apple's code obfuscation techniques. If Apple is suggesting that the DMCA reaches people merely talking about technical protection measures, then they've got a serious First Amendment problem.

Who owns the copyrighted work?

The iTunesDB file is not authored by Apple, nor does it appear that Apple has any copyright interest in it. Instead, the iTunesDB file on every iPod is the result of the individual choices each iPod owner makes in deciding what music and other media to put on her iPod. In other words, the iTunesDB file is to iTunes as this blog post is to Safari -- when I use Safari to produce a new work, I own the copyright in the resulting file, not Apple.

So if the iTunesDB file is the copyrighted work being protected here, then the iPod owner has every right to circumvent the protection measure, since they own the copyright to the iTunesDB file on their own iPod.

Where's the access control?

The contents of the iTunesDB file is not protected at all -- any application can read it. So, as a result, the obfuscation and hashing mechanisms used by Apple to prevent people from writing to the file cannot qualify as "access controls" protected by Section 1201(a) of the DMCA.

Apple might argue that the checksum hash prevents people from preparing derivative works, which means that it's a "technological measure that effectively protects the right of a copyright owner" (as noted above, however, it's the user, not Apple, who owns any copyright in the iTunesDB file). The DMCA, however, does not prohibit circumvention of technical measures that are not access controls, although it does restrict trafficking in tools that circumvent these measures. But, as mentioned above, there are no "tools" on the bluwiki pages.

What about the reverse engineering exemption?

Apple's lawyers also appear to have overlooked the DMCA's reverse engineering exception, 17 U.S.C. 1201(f), which permits individuals to circumvent technological measures and distribute circumvention tools "for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute [copyright] infringement."

Enabling iPods to interoperate with "independently created computer programs" (like gtkpod, Winamp, and Songbird) is precisely what the reverse engineering exception was intended to protect.

Where's the nexus to infringement?

Finally, Apple's DMCA theory fails because any "circumvention" that might be involved here has no connection to any potential copyright infringement. Two decisions by federal courts of appeal (1, 2) have held that without a nexus to potential infringement, there is no violation of the DMCA. And here, it's hard to see how reverse engineering the iTunesDB checksum hash can lead to any infringement of the iTunesDB file -- after all, the reverse engineers presumably aren't interested in making piratical copies of the iTunesDB file. Instead, they just want to sync their iPhones and iPods using software other than iTunes. No infringement there.

Of course, without more than the bare "cease and desist" emails sent by Apple's lawyers to bluwiki, we can't know for certain what other DMCA arguments they may have had in mind. But I certainly can't see any DMCA violation here based on Apple's nastygrams thus far.

[Permalink]

Apple Downgrades Macbook Video with DRM

Commentary by Fred von Lohmann

Once again, thanks to DRM, a new product ends up less useful than the one it replaces. This time, it's the new family of Apple Macbook laptop computers that gets the downgrade.

When it launched the new Macbooks, Apple announced that they would sport a new digital video output connector, known as Mini DisplayPort. What Apple failed to mention, however, is that those connectors allow movies studios to force the computer to authenticate any external monitor before allowing playback of programs purchased or rented from the iTunes Store (Microsoft's Windows Vista does something similar). In other words, the HDTV monitor or projector that worked for you yesterday, won't work with your new computer tomorrow if Hollywood has embedded a flag in the iTunes content you paid for.

This is a remarkably short-sighted move for both Apple and Hollywood. This punishes existing iTunes customers: several have reported that iTunes purchases that played on external monitors on their old Macbooks no longer will play on their new Macbooks. In other words, thanks to the Macbook "upgrade," Apple just "downgraded" everyone's previous investment in iTunes content (if we've told you once, we've told you a dozen times -- when you buy DRMd content, the vendor can snatch your investment from you at any time).

And it's still not clear how bad this will be for purchasers of new Macbooks -- if Apple has deployed DPCP content protection on its DisplayPort implementation, there are virtually no display devices that support this new-fangled lockdown standard (it's not clear from news reports whether the Macbook DisplayPort will work with HDCP-compatible display devices over DVI or HDMI connectors).

As for the movie studios, this gives legitimate customers one more compelling reason to avoid "legit" sources of content in favor of downloading from The Pirate Bay or ripping DVDs using Handbrake. So this is just another example of the way in which the MPAA companies use DRM not to stop piracy (since this will, if anything, encourage people to opt for the Darknet), but rather to control those who make devices that play movies.

[Permalink]

The Two Best Books About the DMCA

Commentary by Fred von Lohmann

The blogosphere is doing a great job examining the legacy of the Digital Millennium Copyright Act (DMCA), which was enacted into law ten years ago this week. But people frequently ask me where they can turn for a more in-depth analysis of the DMCA, DRM, and their impact on digital culture. For them, there are two books I recommend first and foremost.

First, there is Jessica Litman's Digital Copyright, which does a masterful job explaining how the DMCA (and much of the rest of our copyright law) came to be. Tracing the law from its beginnings in the internal bureaucracy of the Clinton administration in 1992, over to the international treaty realm of the World Intellectual Property Organization (WIPO), and back to Congress, her account lays bare the political realities that produced a law that put corporate interests before the public interest.

Second, there is Tarleton Gillespie's Wired Shut, which picks up where Digital Copyright leaves off, tracing how the DMCA has been used as part of a larger effort to use technology and law to "weld the hood shut" on new digital devices. Tarleton's book is a bit more academic in tone than Jessica's, but at the heart of it are three fantastic chapters than provide a full historical accounting of the controversies surrounding (1) SDMI (chapter 5); (2) the development of CSS, used to encrypt DVDs (chapter 6); and (3) the broadcast flag for digital broadcast television (chapter 7). For those who want to get right to the action, I recommend starting at Chapter 5. EFF was deeply involved in all three of these watershed digital controversies, so to some degree these chapters are also a history of our digital copyright efforts.

If you want to understand what the DMCA does, and how we ended up with it as the law of the land, these two books are where to start.

[Permalink]

DMCA: Ten Years of Unintended Consequences

Commentary by Fred von Lohmann

Today is the tenth anniversary of the Digital Millennium Copyright Act (DMCA), signed into law by President Bill Clinton on October 28, 1998. EFF is marking the occasion with the release of a 19-page report that focuses on the most notorious part of the law: the ban on "circumventing" digital rights management (DRM) and other "technological protection measures." The report, entitled Unintended Consequences: Ten Years Under the DMCA, collects reported cases where the DMCA was used not against copyright infringers, but instead against consumers, scientists and legitimate competitors.

The collected stories are like a trip down memory lane for those who have followed digital freedom issues over the past decade. Here are a few examples of DMCA abuse in the report that you might remember:

• In 1999, Sony sues Connectix over the Virtual Game Station, which let you play your legit Playstation games on your Macintosh.
• In 2001, the Secure Digital Music Initiative (SDMI) threatens Princeton Professor Ed Felten's research team over disclosure of vulnerabilities in audio watermarking technology.
• In 2001, Russian programmer Dmitry Sklyarov is arrested after speaking at Defcon, accused of building software for his employer, ElcomSoft, that converted Adobe e-books to PDF.
• In 2002, Blizzard sues a group of hobbyist open source developers over bnetd, server software that allows people to play Blizzard games against each other over the Internet.
• In 2003, Lexmark uses the DMCA to block distribution of chips that allow refilling of laser toner cartridges.
• In 2004, Hollywood succeeds in shutting down 321 Studios' DVD X Copy software, which allowed people to make backup copies of their own DVDs.
• In 2006, computer security researchers at Princeton delay disclosure of the Sony-BMG "rootkit" based on fears of DMCA liability.
• In 2008, Hollywood targets Real Networks over RealDVD, software that allows you to copy DVDs to a hard drive for later viewing.

The collection of stories makes vividly clear what EFF has been saying for the past ten years: the DMCA has harmed fair use, free speech, scientific research, and legitimate competition.

That's all the more galling because the law has failed in its stated goal of preventing digital piracy, instead being used to prop up weak DRM schemes whose only purpose is to hinder competition, innovation, and interoperability. That explains why the music industry has largely abandoned DRM, while the Hollywood studios cling to it more fervently than ever.

Not everything in the DMCA is bad. While the anti-circumvention provisions have proven to be a dangerous failure, the so-called "safe harbor" provisions for online service providers have succeeded in creating enough legal certainty to launch companies like Yahoo, Google, eBay, YouTube, and MySpace. Of course, copyright owners have been working hard in cases like Viacom v. YouTube and Io v. Veoh to erode these safe harbors. And, while the safe harbors have protected intermediaries like Google, they have not adequately protected the free speech interests of internet users, as the McCain-Palin campaign recently learned.

There have been recent rumors that the new Congress might reopen the DMCA, creating an opportunity for reform. Unfortunately, that may also create an opportunity for MPAA and RIAA mischief. For now, here's hoping that the DRM continues its slow death and the anti-circumvention provisions become less relevant to real businesses, while the courts continue to interpret the safe harbors to leave a door open to the Internet's disruptive innovators.

P.S. For more perspectives on the DMCA's origins and legacy during this 10 year anniversary week, see Freedom to Tinker and the Public Knowledge blog all this week.

[Permalink]

Do You Need An Exemption from the DMCA?

Announcement by Fred von Lohmann

Every three years, the U.S. Copyright Office undertakes a rule-making to consider whether the DMCA's ban on circumventing technological protection measures (e.g., DRM and other "access control" restrictions) is interfering with noninfringing uses of copyrighted materials. The Copyright Office has announced that those interested in requesting a DMCA exemption for the period 2009-2012 must submit their proposals to the Copyright Office by December 2, 2008 (there will be an opportunity in February to support or oppose the proposals, but the proposals have to be made in December).

Do you think you might need a DMCA exemption? Before you answer, you should read the Copyright Office's final report in the 2006 rule-making carefully. As we pointed out in 2005, the Copyright Office has repeatedly dismissed any consumer-oriented fair uses, such as making backup copies of DVDs or video games, as well as requests for exemptions to enable copying DVDs to laptops and portable devices. The Copyright Office also rejected EFF's efforts to secure exemptions in 2003 to allow circumvention of DVD region coding by legitimate DVD owners, to skip "unskippable" DVD advertisements, and to access public domain materials on DVDs. All in all, we stand by our 2005 assessment that the DMCA rulemaking process is hopelessly broken when it comes to addressing noninfringing digital consumer fair uses.

However, the 2006 rule-making showed that other kinds of exemptions may be granted, where circumvention is necessary for noninfringing activities like classroom teaching (e.g., film professors using DVD clips), computer security research (e.g., regarding copy-protected CDs), archiving and preservation (e.g., preserving video games and multimedia software), maintaining obsolete systems (e.g., malfunctioning or obsolete "dongles" for software), and promoting interoperability (e.g., cell phone unlocking).

If you are engaged in noninfringing activities that have been tripped up by the DMCA's anti-circumvention provisions, and would be interested in a DMCA exemption for 2009-2012, let us know by October 31. We've got some ideas of our own (including renewing the cell phone unlocking exemption for you iPhone unlockers!), but we're eager to hear from other user communities that may have been overlooked.

[Permalink]

YouTube Responds to McCain Campaign's Letter

Legal Analysis by Michael Kwun

Yesterday, we wrote about the McCain-Palin campaign's letter to YouTube, highlighting how DMCA takedown notices can make online speech disappear from the Internet, even when the claims of infringement plainly lack any merit.

Today, we bring you YouTube's response. YouTube's response points out, much like we did yesterday, that the McCain-Palin campaign's proposed solution (human review of DMCA takedown notices targeting videos posted by political candidates and campaigns) favors speech from one particular class of users. YouTube says that it "tri[es] to be careful not to favor one category of content on [its] site over others, and to treat all of [its] users fairly, regardless of whether they are an individual, a large corporation, or a candidate for public office."

At the end of the day, we agree with YouTube that "[t]he real problem here is individuals and entities that abuse the DMCA takedown process." And we commend YouTube for taking action in some cases where it has identified false takedown notices.

Nonetheless, although YouTube may not be the source of the problem, that doesn't mean it can't do more to be part of the solution. YouTube notes that it can't always be certain whether a video qualifies as fair use, and that it can't know whether the poster has a license to the content. That's all true.

But just because YouTube can't always identify sham takedown notices doesn't mean it can't sometimes know the answer. Using a short excerpt from a news broadcast and commenting on it in a political commercial is clearly fair use. And there are many other examples of clear fair uses, as well.

We'd love to see YouTube take further action, so that takedown notices directed at clearly non-infringing videos can't be used to silence speech. As we said yesterday, stay tuned for more on this topic from us soon.

[Permalink]