Feeds

Garage door DMCA case dismissed

Remote uncontrol

  • alert
  • submit to reddit

Intelligent flash storage arrays

A federal judge in Illinois this week ruled that the maker of a universal garage door remote didn't violate the anti-circumvention provisions of the DMCA, in a closely watched case that offers hope to critics of the controversial copyright law.

Judge Rebecca Pallmeyer dismissed part of a civil suite brought by the Chamberlain Group, a leading maker of automatic garage door openers, against Skylink Technologies, Inc., a competitor that markets a universal replacement for lost garage door remotes.

"I think this is another classic case of the DMCA being used in an anti-competitive fashion," says Gwen Hinze, a staff attorney with the Electronic Frontier Foundation, which closely tracked the case. "Clearly, Congress didn't intend on the DMCA being used to prevent interoperable consumer products."

At issue was a clever technique the Skylink remote employed to bypass Chamberlain's implementation of "rolling code" technology, which is detailed in court transcripts from the case.

Older garage door openers relied on a unique I.D. number programmed into each remote and the receiver sold with it. If the remote sends the right I.D. to the receiver, the receiver opens the garage door.

Rolling code technology, introduced in the early 1990's, added another layer of security by ensuring that a garage door opener never transmits the same sequence twice. As implemented by Chamberlain in its Liftmaster Security+ line of garage door openers, the remote and the receiver keep internal counters that begin in synch, and are incremented by a constant value (three) each time the door is opened. When the user presses the button on the remote, the remote transmits the current value of the counter, along with the static I.D. number. The receiver will only open the garage door if both numbers are correct.

Except, of course, that the user might press the remote outside the presence of the garage door receiver, perhaps more than once, putting the counters out of synch. Chamberlain's solution to this quandary is to allow the receiver to accept incorrect counter values, as long as they're no more than 4,096 above the expected value -- allowing for over 1,300 stray button-pushes in the lifetime of the remote.

But even if the user surpasses that number, the system has a reset mechanism that keeps the remote from turning into a paperweight. If the receiver gets a counter value outside of the "forward window," it waits for a second button push. If it sees that the counter was incremented by the correct amount (still three), and the I.D. number is right, it assumes the remote was subject to good deal of jostling, but is nevertheless the right remote. The receiver simply synchronizes its counter to the value transmitted by the remote, and opens the garage door.

"Code Grabbing" Fears
Skylink figured out that this last feature makes the whole rolling code song and dance unnecessary. With each button press, Skylink's Model 39 universal garage door opener sends the same sequence of three counter values: the first transmission sends an arbitrary value; the second sends a value that falls outside the forward window (and a similar "rear window") established by the first; the third just adds three to that. And the door opens.

The I.D. number must still match, which makes the Model 39 something less than a burglar tool. But that didn't deter Chamberlain from claiming that the Model 39 is an illegal circumvention device under the DMCA. In a hearing last June, Chamberlain attorney Karl Fink argued that the device compromises the security of the Chamberlain garage door openers by transmitting the same sequence each time. Now a tech-equipped garage burglar can sniff the sequence out of the airwaves and replay them later, "and that will be the same thing as if the Model 39 itself transmitted the codes," said Fink.

"The very feature of the rolling code was to defeat the code grabber," the lawyer argued. "That's exactly what's being defeated by the Model 39 because now the code grabber situation is back in play again. You might as well not have a rolling code system because you have now defeated it."

The argument that it was Skylink's remote and not Chamberlain's reset mechanism that made the rolling code implementation useless is exactly the sort of logic that judges have often accepted in interpreting the DMCA. But in her ruling on Thursday, Pallmeyer dodged the question, and found that consumers have a right to replace a lost remote with a competing product without violating federal law. "In addition, a homeowner has a legitimate expectation that he or she will be able to access the garage even if the original transmitter is misplaced or malfunctions."

The ruling hinged on the fact that Chamberlain's product packaging and website didn't prohibit consumers from using other manufacturer's remotes. If it had, the court's reasoning could have produced a different decision. That troubles EFF's Hinze, who worries that vendors will begin imposing explicit restrictions on what compatible products a consumer can use with something they've bought. "Whether that would be enforceable is a good question," says Hinze.

Copyright ©

Remote control for virtualized desktops

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.