Ongoing legal study of “technological measures” done without understanding technology?

In a recent online discussion I was pointed to two academic papers discussing technological measures.

The common thread with both of these papers is that they were not based on the science behind technological measures, but marketing brochures, and ignored the elephant in the room which is the basis of most of the opposition to anti-circumvention legislation. Technological measures can be applied to both content and devices, and the vast majority of the controversy surrounds measures applied to devices by other than their owners.

The article Access and use ‘technological measures’ – a legal distinction without a technological difference? discussed a meeting I had with a lawyer, and the handouts I used to explain the technical underpinnings of “technological measures”. The key point is that there are technical measures applied to content, and technical measures applied to devices, with nearly all the debate surrounding the technical measures applied to devices.

On the content side, content can be encoded (encrypted) so that it can only be accessed with the right access keys (decryption keys). Legal protection for these types of technical measures effectively means that copyright holders are being given a new “right of non-interoperability” where they can impose specific brands of access technology. I believe that this new right will be counter-productive to the interests of a majority of creators, and is a direct anti-competitive attack against software authors (which I am one of).

Most of the controversy surround technological measures applied to devices, where it is the person using the device (most often its owner) that is locked out of the device. The hardware will be running software, and in the software is an encoding of the rules that the hardware will be following. No matter what the source of the rules are, the rules require computer hardware in order to be interpreted. In order to impose these rules on the owner of the hardware, the owner must be locked out of making their own software choices. This is obviously harmful to me as a software authors as, if a hardware owner can’t make their own software choices, they can’t chose my software.

The paper by Timothy K. Armstrong sidestepped the debate, trying to differentiate between “local authorization” and “remote authorization”, without addressing the fundamental question of what technology is doing this authorization, who authored the software, and who owns the hardware. The source of these foreign rules do not matter to the question of whether the owner of the device is in control of what they own.

As indicated above, the “technological measures” debate is not about the specific rules that are encoded in software by a DRM manufacturer, which are then run on our hardware, but whether foreign locks and software should be mandated to be running on our hardware in the first place.

Many people like to make an analogy between locks on their homes and digital locks. The problem is, with these “technological measures” we are not talking about a lock on your own home which you have the key to, but a lock added by someone else to your home. If a third party added a lock to our home, would we be focused on the specific rules that this third party was using? Would we instead be justifiably upset at the fact that someone other than the owner placed a lock on the home, and are requiring *any* permission (for any reason) for the owner to enter?

The paper by Jane C. Ginsburg starts by talking about whether copyright includes a digital access right, repeating the highly controversial suggestion that using digital technology to access content involves copying into RAM and thus requires permission. The sentence “Thus, access controls underpin the reproduction, communication and distribution rights” is on page 7 of the paper, which could alone be considered the conclusions of the paper. Thus the expansion of this exclusive “digital access right” in the DMCA is claimed to be non-controversial, and copyright holders having the ability to impose specific brands of access technology is claimed to also be non-controversial.

Suggesting that copyright includes a “digital access” right is extremely controversial. If copyright holders have the right to refuse access to a work without permission, and not just the limited set of activities which copyright regulated in the past, nearly all the balance in copyright would be lost. The limitations and exceptions to copyright would be effectively nullified as — in order to exercise any of these limitations or exceptions — one must already have access to the work.

The statement in the abstract that, “The US experience to date indicates that legal protection for technological measures has helped foster new business models that make works available to the public at a variety of price points and enjoyment options, without engendering the ‘digital lockup’ and other copyright owner abuses that many had feared” is just that, a statement. Nothing in the paper lends credibility to that unreferenced statement. The statement also contradicts what most people can see for themselves, which is that there are far more locked-down devices (where someone other than the owner holds the keys) in peoples homes and in their possession today than in the past. This dangerous trend is only increasing, not decreasing, and it should be obvious that anti-circumvention law is promoting this device lock down.

Like the first paper, the key controversy around technological measures is simply not discussed (locks on devices), and the entire paper presumes that technological measures worked as advertised in the brochures (snake-oil promoting a form of “magic”), ignoring the technological reality of how they actually work.

This is a problem with the current digital copyright debate: most people discussing the key technology issues lack the basic technological knowledge to accurately evaluate the situation. Any analysis of “technological measures” that doesn’t recognize that these measures are implemented in software, and run on hardware which the software author and other copyright holders most often do not own, will be flawed.

Related: Even in the “DRM” debate, Content is not King.

Related Download
How Well Do You Know Your Apps? How to Implement a Continuous Application Monitoring Initiative Sponsor: HPE
How Well Do You Know Your Apps? How to Implement a Continuous Application Monitoring Initiative
Watch our insightful security webinar to learn more about how to implement a continuous application monitoring initiative.
Register Now