Feeds

Garage door DMCA case dismissed

Remote uncontrol

  • alert
  • submit to reddit

High performance access to file storage

A federal judge in Illinois this week ruled that the maker of a universal garage door remote didn't violate the anti-circumvention provisions of the DMCA, in a closely watched case that offers hope to critics of the controversial copyright law.

Judge Rebecca Pallmeyer dismissed part of a civil suite brought by the Chamberlain Group, a leading maker of automatic garage door openers, against Skylink Technologies, Inc., a competitor that markets a universal replacement for lost garage door remotes.

"I think this is another classic case of the DMCA being used in an anti-competitive fashion," says Gwen Hinze, a staff attorney with the Electronic Frontier Foundation, which closely tracked the case. "Clearly, Congress didn't intend on the DMCA being used to prevent interoperable consumer products."

At issue was a clever technique the Skylink remote employed to bypass Chamberlain's implementation of "rolling code" technology, which is detailed in court transcripts from the case.

Older garage door openers relied on a unique I.D. number programmed into each remote and the receiver sold with it. If the remote sends the right I.D. to the receiver, the receiver opens the garage door.

Rolling code technology, introduced in the early 1990's, added another layer of security by ensuring that a garage door opener never transmits the same sequence twice. As implemented by Chamberlain in its Liftmaster Security+ line of garage door openers, the remote and the receiver keep internal counters that begin in synch, and are incremented by a constant value (three) each time the door is opened. When the user presses the button on the remote, the remote transmits the current value of the counter, along with the static I.D. number. The receiver will only open the garage door if both numbers are correct.

Except, of course, that the user might press the remote outside the presence of the garage door receiver, perhaps more than once, putting the counters out of synch. Chamberlain's solution to this quandary is to allow the receiver to accept incorrect counter values, as long as they're no more than 4,096 above the expected value -- allowing for over 1,300 stray button-pushes in the lifetime of the remote.

But even if the user surpasses that number, the system has a reset mechanism that keeps the remote from turning into a paperweight. If the receiver gets a counter value outside of the "forward window," it waits for a second button push. If it sees that the counter was incremented by the correct amount (still three), and the I.D. number is right, it assumes the remote was subject to good deal of jostling, but is nevertheless the right remote. The receiver simply synchronizes its counter to the value transmitted by the remote, and opens the garage door.

"Code Grabbing" Fears
Skylink figured out that this last feature makes the whole rolling code song and dance unnecessary. With each button press, Skylink's Model 39 universal garage door opener sends the same sequence of three counter values: the first transmission sends an arbitrary value; the second sends a value that falls outside the forward window (and a similar "rear window") established by the first; the third just adds three to that. And the door opens.

The I.D. number must still match, which makes the Model 39 something less than a burglar tool. But that didn't deter Chamberlain from claiming that the Model 39 is an illegal circumvention device under the DMCA. In a hearing last June, Chamberlain attorney Karl Fink argued that the device compromises the security of the Chamberlain garage door openers by transmitting the same sequence each time. Now a tech-equipped garage burglar can sniff the sequence out of the airwaves and replay them later, "and that will be the same thing as if the Model 39 itself transmitted the codes," said Fink.

"The very feature of the rolling code was to defeat the code grabber," the lawyer argued. "That's exactly what's being defeated by the Model 39 because now the code grabber situation is back in play again. You might as well not have a rolling code system because you have now defeated it."

The argument that it was Skylink's remote and not Chamberlain's reset mechanism that made the rolling code implementation useless is exactly the sort of logic that judges have often accepted in interpreting the DMCA. But in her ruling on Thursday, Pallmeyer dodged the question, and found that consumers have a right to replace a lost remote with a competing product without violating federal law. "In addition, a homeowner has a legitimate expectation that he or she will be able to access the garage even if the original transmitter is misplaced or malfunctions."

The ruling hinged on the fact that Chamberlain's product packaging and website didn't prohibit consumers from using other manufacturer's remotes. If it had, the court's reasoning could have produced a different decision. That troubles EFF's Hinze, who worries that vendors will begin imposing explicit restrictions on what compatible products a consumer can use with something they've bought. "Whether that would be enforceable is a good question," says Hinze.

Copyright ©

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.