Re: [tlug] Stop the FUD! here are some facts on the DMCA

["Stephen J. Turnbull" <stephen@example.com>]

>>>>> "Joe" == Joe Larabell <fred62@???> writes:

    Joe> But I'm left with a question. The original assertion (by
    Joe> Josh) was that DRM-protected music could not be replayed by a
    Joe> device on which the DRM algorithm had not been implemented
    Joe> without removing the DRM (which would be illegal).

    Joe> Is that not *access* rather than *copying*? Would I not have
    Joe> to violate the law to replay the work myself or even to tell
    Joe> someone else how to do so?

No.  As far as I can tell, "access control" means you cannot access it
at all.  If you have access by playing it in *any* way, you have
access.  What "lacking access" means is, for example, you have an
encrypted CD (eg, for transport to a store), but not the decryption
key.  However, if you have a system for playing the CD, but there are
only drivers for the dongle containing the key for Windows, you're
allowed to write drivers for Linux or (AFAICT) even decrypt the CD, as
long as you only use it within your license.  As far as I know, it's
not legal (under antitrust law, not copyright law) in the U.S. to
require that it only be used with a particular system unless it's part
of the system and distributed that way.

Also, telling someone how to do it is strictly speaking not a
violation of the law.  You have to manufacture, ie produce a tangible
item that can be used.  Evidently a program can be considered a
tangible item (in Tennessee apparently they've taken this to the
extreme that if you compute somebody's taxes by hand it's a service
not subject to sales tax, but if you key a macro into their own
computer for them, it's a product, and thus subject to sales tax).
However, an algorithm that is not expressed in a programming language,
or a sketch of a method, is not, so you have not manufactured
anything.  Where the boundaries are is not necessarily obvious, but
for example in the Sklyarov case, he was arrested for being involved
in developing and promoting a product, not for presenting a paper.

    Joe> Also, one other thing struck me as odd. In order to exercise
    Joe> my fair use rights, one important factor

There's only one important factor in fair use, and that's what the
judge says.  You sure can copy the whole thing, if that's relevant to
your fair use.  (For example, time-shifting of TV programs was ruled
to be fair use.)  Note that listening to a CD automatically involves
minimum of two full copies: from digital to analog electrical signals,
and from electrical signal to sound waves.  Since you bought the CD in
the expectation of listening to it, the legal doctrine is that you are
implicitly licensed to make the necessary copies.  (As with copying
for backup, this is not the same as "fair use".  "Fair use" applies to
the end purpose.  There's an excellent discussion of fair use at
http://www.educause.edu/apps/er/erm03/erm0368.asp.)

How far such implicit licenses and/or fair use goes is unclear, in the
absence of a lot more court decisions.

    Joe> And, all this notwithstanding, it's true that the mere threat
    Joe> of a DMCA lawsuit, legal or not, discourages development of
    Joe> the very tools

Sure.  The mere threat of a malpractice lawsuit keeps doctors from
stopping to help at accidents, too, but there seems to be a horrible
case a week in this country that shows what happens if you don't have
an effective malpractice law.  As I said, the DMCA turns out to be
poorly balanced.  I don't think that was Congress's intent---in
general the law seems to be quite carefully written.  Admittedly it's
going to be hard to restrike the balance at a better point, especially
with the power of the media distribution lobby.  (But note that Google
and Yahoo are---for the moment---on "our side".  Who knows...?)

    Joe> we would use to lawfully access works we've purchased for use
    Joe> on our linux-based computers.

Don't kid yourself.  *You* may be honest in this respect, but very few
people are.  Most people don't know what's illegal, and they
definitely don't want to know.  Until my university got a nasty lawyer
letter, my department kept a sizeable (probably 500,000 yen worth)
"lending library" of proprietary software, and I can't imagine that we
were the only or even the largest offender.  Evidently my bosses
considered it an "unofficial educational discount" (even though much
of the software was purchased at already discounted prices), and "OK
because everybody's doing it".  One of my colleagues told me it was
"site licensed", but since everything except Norton Antivirus got
locked away the day after the memo came out, I rather doubt it!

Even people who should know my beliefs on the matter occasionally
offer me warez ripped from proprietary media.
 
If you look at the averages, it is of course incorrect to do what
Microsoft does and multiply unlicensed copies by MSRP to get damages,
but it's unlikely that the actual lost revenues are less than 10% of
Microsoft's estimates.  We are talking about tens of US $billions a
year in damages as understood by the law.  The economic value of "fair
use" loss due to DRM is probably several orders of magnitude smaller
(by definition of fair use---that which has negligible impact on
market value, see the Educause article).  Losses due to DRM
restriction of implicitly licensed copying or unavailability of DRM
for the consumer's preferred player is probably significant, but it's
surely much smaller than the losses due to unlicensed copying.

Whether the law is morally right, the monopoly profits derived
ethically fair, is another question entirely.  Everything I've written
above takes the assumed purpose of the law, creation of monopoly as a
reward to authors and inventors, as given.  I think it's questionable,
but it's the law.

I wonder about the ethics of making it impossible to enforce existing
laws when it's clear that systematic deliberate violations are taking
place.  (And there's also the pragmatics: do you really think a
legislature is just going to sit there when the profits they thought
they had granted to an industry get siphoned away by hackers?)

I also wonder about the ethics of wealthy people like us (in terms of
"human capital" as well as physical and financial wealth) getting
upset about not being able to use a given proprietary work on "all our
devices" or worrying about the inconvenience of having a "stack of
CDs" in the apartment, compared to the vast majority of people who
generally are satisfied with one device at a time, and don't have even
the minimal skill or equipment needed to rip content.

I wonder if the destruction of the rental market for works fixed in
physical media (which is the pragmatic consequence of unrestricted
copying) is justified by the benefits to linux users.

I wonder if preventing development of a flexible rental market for
works distributed over networks is justified by the benefits to linux
users.

I wonder about taking the common attitude that "if it's mine, I should
be able to do anything I want with it without worrying about others'
supposed rights" seriously.  Why *should* people have to know what is
and is not allowed, especially when it's as complex and unclear as
"fair use" or a Microsoft EULA?  Why not just make it impossible for
them to violate others' rights?  Then the rule "if I can do it, I have
the right to do it" works fine!

You should remember that the only harm that can be done to Linux users
exclusively via DRM is with works of pure data.  Anything which
involves an interesting computation can be be implemented via a
network service which requires the user to send their data to the
vendor, who processes it and sends back the results---just as
effective as DRM in protecting the software.  (This is similar to the
"ASP loophole" which allows commercial use of copyleft works without
distributing source of important modifications.)  This has significant
impact on privacy as well as annoying costs (exactly the reverse of
those that caused Josh to start this thread!)  This means that it's
going to be hard to combine services provided by different ASPs.
Effective DRM will allow both keeping your data private, and combining
proprietary services "in the privacy of your own home" by making ASP
implementations unnecessary from that point of view.

>From that point of view, in principle the anti-DRM movement is just as
anti-progress as the pro-DRM movement is.  From the hacker's point of
view, it's pretty clear that you'd rather have the source/data for
everything you use.  But let's remember our Unix roots---we use tools
as "black boxes" to build bigger ones.  Getting bogged down in the
details kills productivity in the large.  (See Fred Brooks's wonderful
retrospective essay "*The Mythical Man-Month* After 20 Years" in the
20th Anniversary Edition of the *The Mythical Man-Month*.)  He argues
(1) his biggest theoretical mistake in the 1975 original was to argue
that engineers need access to source of everything they use (!) and
(2) the biggest contribution to productivity in IT between 1975 and
1995 was the invention of shrinkwrap software.

None of this is a refutation of the anti-DRM position; it's not
intended to be.  However, I think it shows why it's important that we
think very carefully about what the heck we're doing, and why we do or
don't like specific laws in support of or weakening DRM or IP itself.
These issues are very delicate.  Especially we can see the existing
content that is "protected" by DRM, but will never know how much
content never got published because the potential author couldn't see
a business model for its exploitation.


Footnotes: 
[1]  Strictly speaking, I do accept proprietary software as long as
all non-commercial use is unrestricted, eg Aladdin Ghostscript or
Creative Commons NC or NCSA licenses.

-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.