RSSReverse Engineering DRM on CDs Deemed Lawful
By Scott M. Fulton, III | Published November 28, 2006, 3:39 PM
The US Librarian of Congress is recommending that Congress officially recognize that engineering intended to expose flaws in DRM schemes on audio CDs to be non-infringing.
Every three years, advisors to the US Library of Congress meet to determine whether certain technological measures that could be considered circumventions of copyright - and thus, running afoul of "fair use" provisions - are actually necessary in order to further the lawful use of copyrighted works.
In a stunning announcement yesterday, Librarian of Congress James H. Billington listed an unprecedented six scenarios in which such measures are now considered permissible and non-infringing. One of these scenarios, in explicit detail, permits engineers to circumvent (read: "crack") security provisions on audio CDs, in order that they may prevent harm to personal computers in which they may run.
Billington's recommendation to Congress may soon be enacted into law by future legislation with little chance of opposition. As a result, content publishers may become unable to invoke the Digital Millennium Copyright Act as ammunition against security engineers who seek to expose flaws, perhaps not only in CD copy protection schemes, but in similar DRM schemes as well.
The recommendation for this exemption came from Princeton University Professor Edward W. Felten and Princeton graduate student J. Alex Halderman, whose Freedom to Tinker blog has not only exposed deficiencies in DRM mechanisms like the one shipped with Sony BMG-branded audio CDs in 2005, but which also demonstrated how certain Diebold electronic voting machines could be compromised by means of devices like the access key from a hotel suite minibar.
The engineer generally credited with discovering the rootkit-like stealth mechanism that protected the XCP copy protection scheme is Mark Russinovich, whose security software and services firm was acquired earlier this year by Microsoft. Russinovich's discovery was first brought to light just over a year ago.
As Billington wrote yesterday, objections were raised to this circumvention exemption primarily on the grounds that existing copyright law already exempted work such as Russinovich's and Felten's. Those objections were rejected on the grounds that it wasn't clear to everyone whether the existing laws were explicit enough.
As a result, wrote Billington, he is recommending that Congress recognize "a class of works consisting of sound recordings, and audiovisual works associated with those sound recordings, distributed in compact disc format and protected by technological protection measures that control access to lawfully purchased works and create or exploit security flaws or vulnerabilities that compromise the security of personal computers, when circumvention is accomplished solely for the purpose of good faith testing, investigating, or correcting such security flaws or vulnerabilities."
Billington cited from current US Code which states that the privilege to circumvent should only be extended to those whose conduct in exposing flaws and vulnerabilities justifies the very act of exemption in the first place.
Also recommended for exemption from circumvention yesterday is any measure taken by an individual to change the contents of the firmware of his own cell phone, if the purpose of that cracking is to enable the phone to legally connect with a cellular service. In other words, assuming you own your phone, you can make whatever adjustments you wish to disconnect it from one carrier and connect it to another, with whom you're a legal and paying customer.
As Billington noted, customers often fulfill their initial terms of service with a carrier, only to be left with a phone they own but can't take with them to a new carrier. "The obstacle that prevents customers from using lawfully acquired handsets on different carriers," he wrote, "is the software lock." At least one carrier, which remained nameless, filed lawsuits stating that the existence of the lock itself is a violation of federal code.
Until those lawsuits are resolved, Congress may be stepping in. "The Register [of Copyrights] has concluded that the software locks are access controls that adversely affect the ability of consumers to make noninfringing use of the software on their cellular phones," the Librarian of Congress declared. He added that software locks don't protect the copyrighted technology inside the phone so much as they prevent customers from switching carriers, "a business decision that has nothing whatsoever to do with the interests protected by copyright."
Next: A victory for retro video game collectors
let the reverse engineering begin
Score: 0
|Actually, I don't find this surprising at all - with the exception that 'who would have thunk it'?!
James H. Billington is one of the world's foremost authorities on Russian intellectual and cultural history, and his The Icon & the Axe is a iconic tour de force which describes the Russian cutlure and intellectual tradition with an aplomb and an elegance to which few works can even aspire.
His understanding of the power of repression with regards to the intellectual exploration of ideas (as opposed to simply stealing!) is, I think, a fundamental consideration in his position. His position does NOT support the illegal theft of material.
I think his decision is wonderful, while at the same time I acknowledge the rights of the owners of copyrighted material to disceminate and control said material in any manner they choose. As a consumer you are free to either agreee to the terms or to go elsewhere and to buy some other material.
And I am personally rather shocked that there has not a major uproar over the non-portability of phones from one carrier to another! They should be available in unlocked form via the mass market without need to sign up for a service contract.
Score: 0
|It should be illegal to defeat the software lock on a mobile phone. Even better yet, cellular phone carriers and phone manufacturers should work together to develop a way to hard lock a GSM phone to a specific carrier just like CDMA phones already are. Cellular phone carriers should be allowed to pick and choose the specific models of phones that should work on their network. This would avoid a technical support nightmare for cellular phone carriers.
Score: 0
|This has nothing to do with technical decisions and everything to do with running a business. If you go anywhere else in the world besides the US, phones are portable across networks. The software lock is a hurdle imposed by the companies to make it difficult to switch.
Score: 0
|You're kidding right? People shouldn't have the choice to do things like purchase a GSM phone that is unlocked and take the sim card out of their current phone and place it in the new unlocked phone so that it becomes their new phone? Is this what you're saying?
What a troll post, or you must work for a cell carrier. Either way, you don't get it.
Score: 0
|If you choose to use a phone that your carrier doesn't sell or support then be prepared for your carrier's customer service to tell you to take a hike and call the phone manufacturer for any technical difficulties with the phone. Just one extra hassle.
Score: 0
|Well, duh.
Score: 0
|BTW, the headline is misleading. It's not lawful, nor deemed lawful. It has been suggested that these things be made lawful. Read the article, Scott. You wrote it.
Score: 0
|Yes, but it's a start...
Score: 0
|