Feeds

Garage door DMCA case dismissed

Remote uncontrol

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

A federal judge in Illinois this week ruled that the maker of a universal garage door remote didn't violate the anti-circumvention provisions of the DMCA, in a closely watched case that offers hope to critics of the controversial copyright law.

Judge Rebecca Pallmeyer dismissed part of a civil suite brought by the Chamberlain Group, a leading maker of automatic garage door openers, against Skylink Technologies, Inc., a competitor that markets a universal replacement for lost garage door remotes.

"I think this is another classic case of the DMCA being used in an anti-competitive fashion," says Gwen Hinze, a staff attorney with the Electronic Frontier Foundation, which closely tracked the case. "Clearly, Congress didn't intend on the DMCA being used to prevent interoperable consumer products."

At issue was a clever technique the Skylink remote employed to bypass Chamberlain's implementation of "rolling code" technology, which is detailed in court transcripts from the case.

Older garage door openers relied on a unique I.D. number programmed into each remote and the receiver sold with it. If the remote sends the right I.D. to the receiver, the receiver opens the garage door.

Rolling code technology, introduced in the early 1990's, added another layer of security by ensuring that a garage door opener never transmits the same sequence twice. As implemented by Chamberlain in its Liftmaster Security+ line of garage door openers, the remote and the receiver keep internal counters that begin in synch, and are incremented by a constant value (three) each time the door is opened. When the user presses the button on the remote, the remote transmits the current value of the counter, along with the static I.D. number. The receiver will only open the garage door if both numbers are correct.

Except, of course, that the user might press the remote outside the presence of the garage door receiver, perhaps more than once, putting the counters out of synch. Chamberlain's solution to this quandary is to allow the receiver to accept incorrect counter values, as long as they're no more than 4,096 above the expected value -- allowing for over 1,300 stray button-pushes in the lifetime of the remote.

But even if the user surpasses that number, the system has a reset mechanism that keeps the remote from turning into a paperweight. If the receiver gets a counter value outside of the "forward window," it waits for a second button push. If it sees that the counter was incremented by the correct amount (still three), and the I.D. number is right, it assumes the remote was subject to good deal of jostling, but is nevertheless the right remote. The receiver simply synchronizes its counter to the value transmitted by the remote, and opens the garage door.

"Code Grabbing" Fears
Skylink figured out that this last feature makes the whole rolling code song and dance unnecessary. With each button press, Skylink's Model 39 universal garage door opener sends the same sequence of three counter values: the first transmission sends an arbitrary value; the second sends a value that falls outside the forward window (and a similar "rear window") established by the first; the third just adds three to that. And the door opens.

The I.D. number must still match, which makes the Model 39 something less than a burglar tool. But that didn't deter Chamberlain from claiming that the Model 39 is an illegal circumvention device under the DMCA. In a hearing last June, Chamberlain attorney Karl Fink argued that the device compromises the security of the Chamberlain garage door openers by transmitting the same sequence each time. Now a tech-equipped garage burglar can sniff the sequence out of the airwaves and replay them later, "and that will be the same thing as if the Model 39 itself transmitted the codes," said Fink.

"The very feature of the rolling code was to defeat the code grabber," the lawyer argued. "That's exactly what's being defeated by the Model 39 because now the code grabber situation is back in play again. You might as well not have a rolling code system because you have now defeated it."

The argument that it was Skylink's remote and not Chamberlain's reset mechanism that made the rolling code implementation useless is exactly the sort of logic that judges have often accepted in interpreting the DMCA. But in her ruling on Thursday, Pallmeyer dodged the question, and found that consumers have a right to replace a lost remote with a competing product without violating federal law. "In addition, a homeowner has a legitimate expectation that he or she will be able to access the garage even if the original transmitter is misplaced or malfunctions."

The ruling hinged on the fact that Chamberlain's product packaging and website didn't prohibit consumers from using other manufacturer's remotes. If it had, the court's reasoning could have produced a different decision. That troubles EFF's Hinze, who worries that vendors will begin imposing explicit restrictions on what compatible products a consumer can use with something they've bought. "Whether that would be enforceable is a good question," says Hinze.

Copyright ©

Providing a secure and efficient Helpdesk

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.