May 3, 2016
When companies first started using Digital Right Management (DRM), it was under the auspices of protecting their works in order to foster innovation by ensuring that no one could steal their products or creations. In the ‘90’s, Congress passed the Digital Millennium Copyright Act (DMCA), which included Section 1201: a provision of law that made it illegal to try to circumvent Technological Protection Measures (TPMs), an umbrella term that includes DRMs. Unfortunately, implementation of TPM protections under Section 1201 has resulted in many unintended and harmful consequences.
Section 1201 has not only prevented individuals from using software and devices that they purchase freely and in a manner that will maximize their enjoyment without infringing on the producer or developer’s intellectual property rights. If you buy an e-book, DRM could prevent you from using it on the device of your choosing. If you buy an album or a movie online, you may not be able to copy it and watch it where and how you please. If you buy a phone, you may not be able to use an accessory made by a different manufacturer. All of these restrictions are the result of DRM. And all of them mean that in essence, you are being forced to buy damaged goods.
But the way that Section 1201 deals with these kinds of protection measures also has significant costs, as OTI explained in our recent comments to the Copyright Office. Companies like Microsoft and Lexmark have used Section 1201 to undermine market competitiveness - anathema to its intended purpose - by suing third party vendors in order to corner the respective markets for their goods and services. Luckily many of these attempts have failed in the courts, but the specter of legal fees stemming from these kinds of suits may be enough to prevent some innovators from entering the marketplace altogether.
Additionally, implementation of Section 1201 has stymied the increasingly important work of security researchers. Security researchers often try to hack software or hardware to find vulnerabilities that could be exploited by malicious third parties so that they can fix them, or at least notify the developer of the problem.
In our increasingly connected world - where everything from cars and airplanes to TVs to medical devices can be hacked by the “bad guys” - these researchers provide an increasingly important public service. However, developers and manufacturers often use protection measures, like DRMs, to limit access to their products and services, and then rely on heavy-handed implementation of DMCA Section 1201 to prevent researchers from digging too deeply into their code. Ultimately, the fear of liability under Section 1201 results in a significant chill in security research that may not just have protected our data, but that may have even saved our lives.
OTI is participating in the International Day Against DRM to fight back against the harms caused by DRM and its protection under DMCA Section 1201.