Christian rockers risk wrath of DMCA with DRM tips

'My heart is heavy with this whole copy-protection thing'

  • alert
  • submit to reddit

3 Big data security analytics techniques

The bassist of Switchfoot is teaching fans how to disable the copy protection measures in the San Diego rock band's own CDs, presumably upsetting Sony and perhaps unwittingly testing the anti-circumvention rules of the Digital Millennium Copyright Act.

Tim Foreman, brother of lead singer Jon, has taken exception to the Digital Rights Management software that appears on the platinum-selling Christian band's latest release, Nothing Is Sound.

"My heart is heavy with this whole copy-protection thing," he wrote on the band's website last week after it came to his attention that fans were having problems importing the band's latest songs from CD to iTunes. So he posted full instructions for disabling the DRM that accompanies the CD, including a link to an open source program that helps to rip CDs.

He said he was "horrified" to learn about the new copy-protection policy of major labels including Switchfoot's own label, Sony. "I feel like as a band and as listeners, we've all been through a lot together over the past ten years, and we refuse to allow corporate policy to taint the family we've developed together."

Foreman is not encouraging people to steal his band's music, albeit his instructions could be applied in this way. Rather, his motive is to improve the accessibility of CDs that have been purchased legitimately by fans who then encounter limitations on how they listen to the music. However, his posting risks more than the band's relationship with Sony: Foreman's actions could amount to a breach of the US Digital Millennium Copyright Act of 1998, known as the DMCA.

Circumvention of DRM is controlled by section 1201 of the DMCA. It makes it illegal to "offer to the public" any technology, product, service, device, component, or part thereof, that:

  • is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a protected work;
  • has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a protected work; or
  • is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a protected work.

It does not matter to the DMCA that the purpose of the circumvention might be something other than illegal copying of a CD; it simply bans such circumvention. Its limited defences do not include Foreman's altruistic motive.

In the UK, similar laws exist. Regulations of 2003 amended the country's Copyright, Designs and Patents Act of 1988 to create an offence of providing a "service" either in the course of a business or otherwise than in the course of a business to such an extent as to affect prejudicially the copyright owner, the purpose of which is to enable or facilitate the circumvention of effective technological measures. It is unclear whether instructions would amount to a "service".

Back in the US, the application of the DMCA to the posting of circumvention instructions has not been tested in circumstances like Foreman's. It may be difficult to argue that he has "marketed" the instructions. But there have been legal actions.

Some anti-circumvention actions in the US

In 1999, eight movie studios sued 2600 Magazine for linking from its website to code for software called DeCSS that defeated the copy protection system of DVD players. It was written by a Norwegian teenager called Jon Johansen to let him play DVDs on his computer which ran on the Linux operating system. The New York District Court and the Circuit Court of Appeals applied the DMCA to ban 2600 Magazine from publishing or linking to DeCSS.

A separate case was brought in 1999 against California resident Andrew Bunner who republished the code for DeCSS on his site. The DVD Copy Control Association argued that his republication of DeCSS constituted illegal misappropriation of its trade secret; but Bunner successfully argued freedom of speech because he was republishing information readily obtainable in the public domain.

In 2000, Slashdot was told by Microsoft to remove postings that contained instructions on how to skip the end user licence agreement that is presented as part of a Microsoft download. Microsoft's lawyers argued that the postings breached the DMCA.

In 2002, there was media coverage about how an early form of DRM on a Sony CD could be overcome with a marker pen. This was followed by speculation that the news sites themselves (including OUT-LAW.COM) had broken the DMCA's prohibitions on marketing by covering the story – albeit the purpose of this speculation was to highlight the flaws in the DMCA. "It's time for the DMCA to get the butt-whooping it deserves from the First Amendment," wrote open source news site Newsforge.com.

The following year, a student revealed that another copy-protection mechanism could be overcome by pressing the Shift key on a computer when inserting the CD. A DMCA lawsuit was threatened by the DRM developer, but later dropped to avoid "chilling" academic research. The shift key trick plays a part in Foreman's instructions.

In 2004, Senator Orrin Hatch proposed a law that became known as The Inducing Infringement of Copyrights Act of 2004 (it was formerly called the INDUCE Act). It sought to address a ruling in MGM's case against Grokster which found the P2P service not liable for contributory copyright infringement. Merely advertising a circumvention device or providing instructions for its use could have been an offence under Hatch's plan. But his law was defeated by pressure from technology and consumer groups.

Ultimately, the Supreme Court ruled against Grokster in 2005, which made clear that "one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties." Of course, Tim Foreman could argue that he is not doing any such thing.

Meanwhile, Switchfoot's fans are grateful for the tips. "You should know that you're REALLY AWESOME for posting such a detailed explanation," wrote a Florida fan called Chelsea.

Others simply question the eligibility of today's DRM systems for DMCA protection. As blogger Steve Anderson put it, "to circumvent a copyright protection system, surely you need to have a copyright protection system that acts like one, rather than the CD equivalent of a Post-It Note saying 'My milk, hands off.'"

Copyright © 2005, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.