Looking at the python file they are complaining about, it simply implements the "encryption profile" that is mentioned. There is no circumvention; it still requires the user password. It is also clearly a novel implementation, so there is no copyright violation here. Their "algorithm" or whatever is obviously not protected under DMCA.
So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.
Unfortunately, there are cases in which courts said approximately that implementing an algorithm (especially an algorithm that is a secret¹) without permission can be a violation of §1201. Recall
(a)(3)(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
¹ yes, I know that it's weird to regard the algorithm as a secret when implementations are given out to the user
What happens if you print out the source code and publish it as a book? Can the courts prohibit a book?
Phil Zimmermann asked this question in the context of export controls on "cryptography technology", i.e. the PGP software. MIT Press published the source code in 1995. But the US dropped its objections and this wasn't specifically tested in court (AFAIK, though similar questions were).
The SDNY and Second Circuit rejected the defendants' first amendment arguments in the Corley case. That was one of the most upsetting events of that decade for me, but I would insist that the first amendment argument has been tried, and at least in that context and those courts, it lost.
You might ask how we reconcile this with Bernstein, where the first amendment arguments were doing so well. One answer is that because of the DOJ tactic you mention, Bernstein isn't binding precedent.
I think other answers are about "atmospherics": grad students asserting first amendment rights in software are more sympathetic than hacker journalists, even if both are ultimately pretty antiestablishment. Also, as someone else brought up elsewhere in this thread, the courts are probably more used to seeing government suppression of speech as a first amendment problem than suppression of speech through civil litigation by private parties. For instance, the courts surely hate the idea of "banning books", yet they're happy to issue an injunction against a book if they conclude it's defamatory after a libel trial.
So, we might have been better off if a first amendment challenge to §1201 had been raised for the first time in a criminal prosecution of an academic or mainstream journalist. Which indeed would probably never have happened because the DOJ would have been reluctant to go ahead with it. Everyone in the legal system is interested in picking cases of first impression tactically.
There's still ongoing work to challenge §1201 under the first amendment, but it's not as obvious as you suggest that it will work out.
> yet they're happy to issue an injunction against a book if they conclude it's defamatory after a libel trial.
Another comment in this thread made me check this and find out that it's actually controversial and not well-established that courts should do this. I don't know how that normally works in practice!
> DMCA can not superseded the 1st amendment, sorry
You may think that but unfortunately in several cases either the plaintiff attempts to scare off the defendant(s) with the prospect of a court case, offering a blanket settlement to discontinue certain actions of the plaintiffs choosing, or if the plaintiff is about to lose the case they may drop it entirely to avoid setting a precedent against themselves.
> What happens if you print out the source code and publish it as a book? Can the courts prohibit a book?
Certainly under most European circumvention prohibition laws there's no requirement for the distribution of the circumvention tool to be done electronically, so yes, you could definitely prohibit a book.
(And books are prohibited in the likes of the UK by courts all the time for libel at al so it wouldn't be hard to see happening.)
I'd be surprised if the courts actually held that implementing an algorithm was an act of circumvention. I expect they'd rather hold that to be in violation of a different paragraph:
> (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
> (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
An implementation of the algorithm without the necessary key would still be a "component, or part thereof".
Section 1201 also makes it illegal to circumvent DRM measures or manufacture/import/provide tools that do.
> (2)No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that (A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
Although, i'm not sure if DMCA notices commonly used for infringing content also work for violations of section 1201.
I think you need the password and authorization from the copyright owner. The law provides this definition:
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
DeDRM tools are obviously not the ordinary course of operation for the DRM system chosen by the copyright owner, and using (for a different purpose than intended) a decryption key that the copyright owner has taken deliberate steps to hide from the consumer stretches any notion of "with the authority of the copyright owner". Copyright licenses usually come with strings attached, especially with regards to what kinds of uses are being authorized.
Someone downvoted you earlier, I imagine for not liking this situation. I don't like it either, but I worked with lawyers fighting the DMCA for a long time and many courts have interpreted it the way you describe. I wish people wouldn't downvote the proverbial messenger for reporting on the legal status quo!
I would argue that the failure in the presence of an alternate means to facilitate decryption is a negater of the whole "effectively" clause. That's okay though. Civil disobedience is the best way to go I'm afraid.
At first glance, the "effectively" does seem rather silly, especially when applied to weak DRM that's more or less trivially cracked. But the "ordinary course of its operation" is what gives it force, by protecting DRM from being disqualified as ineffective when subjected to conditions beyond ordinary operation. It's not a question of whether the DRM is robust against attack, but whether it normally presents any real barrier to non-hackers.
"Effectively" in legal terms means "to have an effect" (as in any effect at all), not that it has to be "effective" as in "good at it's job."
The plain English meaning of the word isn't really useful here.
All "effectively" in laws such as this (and the European equivalents) means that there has to actually be some mechanism of protection, i.e. you can't just have a file full of junk binary in the directory called "DRM" that doesn't do anything and claim circumvention by deleting it. But there is clearly an effect here.
Didn’t realize that, but I am still interested in whether or not a ‘DMCA notice’ can be used for the entire statute or just in removing duplicate copies of infringing content.
The DMCA notice process is specifically about copyright infringement. The circumvention prohibited by chapter 12, section 1201 is not included in the definition of copyright infringement provided in chapter 5, and chapter 12 defines its own set of remedies for violations (both civil and criminal). So it seems completely unjustified to use the formal DMCA notice process for this kind of complaint—there's no copyright infringement here, so there's no need for a takedown process that protects online providers from being liable for their users' infringing activities.
There are various notices with different rules, and it's somewhat dumbing it down to refer to a singular "DMCA notice", which generally here is used to refer to a copyright takedown request but has never actually really mean that.
> You're allowed to circumvent if you own a license to the protected work.
No, you're not—unless you fall under one of the several exceptions that are all far narrower than "if you own a license". Some of those exceptions are spelled out in the statute, and others are made on a temporary basis by the Librarian of Congress.
Damn. I rely on this software to read ebooks on my Remarkable tablet. I do this because I like giving at least a few pennies of royalty percentage to the author, and as far as I understand it, it's legal on my end to circumvent DRM for the sole purpose of interoperability for my legally-purchased content.
Of course, if they really don't want my money, there's always libgen.
> depends on what country you live in. Not everyone lives in the USA
As anti-DRM circumvention laws are a requirement of membership of the WTO, there are very few functioning countries that do not have them. The US law is not exceptional, nor even particularly stringent in this area.
I'm pretty sure you are allowed to "rip dvds" (and circumvent their protection in the process) to do so, for backup, in Italy. I think it might apply to the whole EU, but I could be wrong
No, you aren't. Italy has an anti-circumvention law that expressly prohibits this, and that law is a codification of an EU directive common across the entire EU.
You are allowed backup unprotected DVDs in Italy, but not protected ones.
I doubt it. This is DeCSS all over again; means will be found. Already anyone with an immediate need has downloaded the master snapshot, and can use that until an alternative distribution channel is set up.
Pirate Bay is still up, and the MPAA has legal guns much bigger than anybody involved with ebooks. It's just a matter of time before noDRM comes back.
This is always a fucking lie, and I wish we (as a community) would band together to make it more painful for giant companies to just spam DMCA takedowns as part of their DRM strategy.
Ignoring the entire issue with the fact that there probably wasn't any copyrighted material in the repo to begin with and that code is speech, and speech is protected in the US - in other words, taking the most charitable (for corporations) interpretation of the DMCA and assuming that neither of those holds true, a fair use provision still should hold!
Circumvention for purposes of transposing your media to a different platform (time-shifting, archival) are already explicitly allowed per USC and rulings (if I'm not mistaken).
I don't have the energy to type more. All in all, the DMCA needs some fangs pulled. Or fangs added, in the "perjury" category for entities that send out bad faith takedowns for code that they don't like. Has anyone ever been held legally responsible for a bad-faith DMCA takedown request? Don't think I've seen it.
So, the thing about circumvention exceptions is that...
1. There is no general exception for format shifting. If there was, DMCA 1201 would have zero legal weight.
2. Even if there was, it would not materially impact the legal status of this DMCA 512 takedown request
This is because DMCA 1201 circumvention exceptions only apply to half of the law. Section 1201 renders two different acts illegal:
1. You can't circumvent DRM, unless for specific purposes.
2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
Depending on how you look at it, either Congress assumed a black market would exist for DRM circumvention technology anyway; or they assumed people who need lawful circumvention would in-house everything and destroy it when they no longer needed it. That's the sort of question a court might have to interpret if someone was a bit more careful than, say, publishing the DRM unlock straight onto GitHub. But that's not this case. In this case, the law does not facilitate any fair use argumentation whatsoever.
It's not a lie, the DMCA 1201 exception process is just hilariously toothless.
>2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
I'm curious: why would this be the case? This is a restriction of speech that doesn't contain copyrighted content enacted by a copyright law. This seems like charging someone, by using an anti-burglary law, because they taught someone else how to pick a lock .
Just to give you an idea of how dumb this law is, try this for a hypothetical.
Alice uses DRM to protect her copyrighted work.
Bob uses the exact same DRM to stop you from copying public domain works, for example.
You publish some code to break Bob's DRM. Is that illegal?
The law shouldn't enable Bob to do that. But if you can have tools to break Bob's DRM, the tools will break Alice's DRM because they're the same, and then the law is pointless and might as well be repealed.
But if it's not legal to break Bob's DRM, then obviously the law is ridiculous and needs to be repealed, if it isn't already unconstitutional as a result.
I don't think that a law preventing you from breaking Bob's DRM just because it protects public domain is ridiculous. Public domain just means that nobody owns the rights, it is not an obligation for anyone who owns a copy to make it available to everyone.
For example, I can own a copy of Moby Dick and do everything in my power to make sure that you don't get my copy, and if you break into my house to read it, I can sue you for that, and I don't think "but I wanted to read a public domain book" is going to be well received. What I can't do is prevent you from getting your own copy of Moby Dick from someone more willing to share it, and then share it yourself.
> I don't think that a law preventing you from breaking Bob's DRM just because it protects public domain is ridiculous. Public domain just means that nobody owns the rights, it is not an obligation for anyone who owns a copy to make it available to everyone.
That's not what's happening. Bob is making it available to everyone, and then trying to reassert a copyright on something that isn't.
Suppose Bob was the copyright owner, last year, before the work entered the public domain. He never distributed any copy without DRM, so no DRM-free copies exist. This is fine? Section 1201 of the DMCA was created to eliminate the public domain?
You're also missing the point. Stop trying to argue about the specifics of the thing Bob is doing and just choose anything you feel would be illegitimate. Preventing the use of third party toner cartridges, preventing farmers from repairing their tractors, take your pick. That's obviously not what the law was intended to do and it shouldn't be doing that.
But when Bob is using the same DRM as Alice, either you can publish tools to break it or you can't. If you can, the law is pointless. If you can't, the law is wrong.
> Suppose Bob was the copyright owner, last year, before the work entered the public domain. He never distributed any copy without DRM, so no DRM-free copies exist. This is fine? Section 1201 of the DMCA was created to eliminate the public domain?
No law compels Bob to provide people with new copies once the work enters public domain (and remember, Bob's publication might contain separate works with their own copyrights like cover art or an introduction). Once it does, Bob can't stop you from distributing a version you created by buying a print copy and scanning it or taking screenshots of his DRM version and running them through OCR (as long as you don't include the cover art or introduction). If Bob's DRM was unique to this one book, there might be an argument that breaking it was the same (as long as there's no cover art and no introduction). Since Bob's DRM is likely used for other works not in the public domain, it's going to be hard to distinguish your breaking it for this PD work from the fact that you've broken it for lots of other in-copyright things.
> No law compels Bob to provide people with new copies once the work enters public domain
The problem is not what the law requires Bob to do. The problem is what the law prohibits you from doing.
> Once it does, Bob can't stop you from distributing a version you created by buying a print copy and scanning it or taking screenshots of his DRM version and running them through OCR
"The law against breaking DRM isn't wrong but only because it is actually useless."
> Since Bob's DRM is likely used for other works not in the public domain, it's going to be hard to distinguish your breaking it for this PD work from the fact that you've broken it for lots of other in-copyright things.
That's the problem. The tools don't discriminate, so banning them goes too far and prohibits more than it is reasonable to.
> "The law against breaking DRM isn't wrong but only because it is actually useless."
No. Your right to distribute a copy doesn't imply your right to get one in the easiest way that you can imagine.
> That's the problem. The tools don't discriminate, so banning them goes too far and prohibits more than it is reasonable to.
Reasonable to whom? Someone else might say it's reasonable to protect the DRM on this PD book because it protects lots of in-copyright books without harming you because there are other ways of getting a copy of this one work without breaking the DRM on all of them. You might disagree but that's what courts are for.
The bigger problem with DRM exist because of concentration in the publishing industry. Licensing books sucks and that's what harms the public domain (and libraries), but there's not enough competition for many publishers to survive by offering to sell you the ebook rather than licensing it to you. Copyright isn't the enemy. It's the monopolies that abuse it.
Yes, that is exactly what this is like, and if this was 1998 you could have joined us all in a rousing debate about the chilling implications of all this.
To be fair, congress mostly doesn’t give a shit what happens either.
I’m genuinely curious if this aspect of the law would (or has) stand up to scrutiny, given that congress regularly writes unconstitutional laws, and the Supreme Court really really really hates prior restraint.
You're not allowed to circumvent for format shifting, but you are allowed to circumvent to access a work you have rights to. So these takedowns on GitHub should not be happening.
You are allowed to circumvent to access a work. No one is allowed to publish a method to do so (well, I believe the original copyright owner might be?).
So, most likely this GitHub takedown is perfectly legal.
The law allows people to circumvent copy protection to access works they are entitled to access. There is also a provision against sharing copy protection breaking methods.
I never interpreted them as clashing, merely that I can't knowingly share copy breaking mechanisms with people who are unauthorized to use a work. If they do clash then you have to side with the consumer.
> The law allows people to circumvent copy protection to access works they are entitled to access.
Claiming that such an allowance exists is not the same as actually identifying the statute or ruling that creates the allowance. What is your textual basis for claiming that there's a general permission for circumvention?
> If they do clash then you have to side with the consumer.
This sounds like you're referring to a concept that exists in contract law, but has no applicability to a question of how to handle a conflict between two provisions in law. In such a case, the courts will usually uphold whichever provision actually exists in the text of the law.
Have you actually read the law you're discussing? It was in the first amendment to the DMCA, because they realized they can't prevent people from accessing things they paid for.
I can't actually find the thing I am looking for. AFAIR the Cornell law site does not have the updated version that I need to reference, but you can see by the exemptions granted they are just codifying your rights to continue to use a work, even if it is not necessarily obsolete, if the copy protection has gotten in your way.
To actually change this rightsholders would have to lease works instead of selling them, but they still use the word "sell" when interacting with consumers.
I recently spoke with someone who helped write some of those exceptions and he said that they were a result of lobbying, including his lobbying, not that legislators added them for fear of having the statute thrown out by the courts.
> I can't actually find the thing I am looking for. AFAIR the Cornell law site does not have the updated version that I need to reference, but you can see by the exemptions granted they are just codifying your rights to continue to use a work, even if it is not necessarily obsolete, if the copy protection has gotten in your way.
The exemptions are issued by the Library of Congress and don't become part of the statutory text.
It's true that user advocates have argued that fair use is required by the first amendment and cited some text in Eldred for that proposition, and it's true that proponents of the DMCA have argued that fair use is accommodated by the exceptions and exemptions. Still, proponents of the DMCA have never admitted that the DMCA would be unconstitutional without those exceptions, nor that the DMCA is unconstitutional if those exceptions don't work or don't protect users' rights adequately.
Unfortunately the DMCA also covers technology that works around DRM, not just copyright violation. Anyone wanting to share any anti-DRM software is advised to use a non-US site; GitHub probably doesn't have a choice about things like this once someone reports it.
The notice didn't claim copyright violation. It claimed (accurately) that this code worked around their DRM.
By "non-US" you probably mean "non-WTO". WIPO/TRIPS was specifically used to policy-launder DMCA 1201 into US law despite the objections of the tech community in the US. EU law has very similar provisions and I'm told "copypaste 1201 language into your local law" is a common ask during USTR negotiations.
To all intents and purposes there aren't any that are functioning countries. Iran maybe, best of luck getting your code hosted there in an widely accessible way (IIRC Iran had membership until 2016 and technically does have a prohibition as a result but doesn't enforce it really).
There are a few very small island nations, North Korea, and Monaco/San Marino, though I think Monaco has an anti-circumvention provision anyway.
Israel's implementation is full of holes but they still have one, technically.
Read the rest. In context they are saying that the code allows people to circumvent the DRM and access their copyrighted works. So it's an anti-DRM claim not an ordinary copyright claim.
As Italian, I think you should take my words with mistrust, but as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
That said, I guess it was shortsighted from the founding father but I guess at the time people would be often oppressed by governments not by neighbors and friends and I think this is something we need to solve as it's the challenge of our times
What you describe isn't exactly the law in the U.S., but it gets at some real things:
(1) there is a separate "right of petition" in the first amendment in parallel with the rights of freedom of speech and press; the right of petition relates to asking the government to change its behavior;
(2) the courts have a notion of "core political speech", which is some of the most strongly protected speech; and
(3) the courts have a different notion of "commercial speech", which is some of the least-protected speech.
> as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
Free speech by anyone to anyone is protected from government restriction. It is the government that is forbidden from punishing speech not the government that must be party to the speech else free speech would have nearly zero meaning.
> Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
What is oft said is that the first amendment doesn't protect you from non governmental consequences for your speech. For example you can be fired for your speech but you may not be imprisoned nor silenced by the government.
When a private entity avails itself of remedies provided by the government to limit or punish your speech your constitutional rights are infringed because it is the government acting to limit your speech even if its on behalf of a claimant.
> as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
This is mostly true. But there are some special exemptions.
The real gotcha is that the courts have generally taken a dim view towards using the courts themselves to restrict someone’s speech. The Supreme Court basically doesn’t want (or maybe didn’t want given their recent changes) congress to launder free speech violations to civil lawsuits enforced by the courts. That’s kind of a neat trick that you’d generally want to suppress, which if I understand is why there are first amendment issues around defamation lawsuits, despite being purely between individuals.
How does this work with the DMCA? I dunno. But to my (non lawyer) eyes it does seem kinda like it effectively criminalizes speech, and I wonder if it should stand up to judicial scrutiny.
> I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
It depends. For example the 1st amendment protects a great deal of speech that in other countries would be slander, even though in that case the plaintiff is another civil entity and not the government.
Thanks. From the additional context in the link, it sounds like Readium might believe that this implementation is infringing on their proprietary ebook format code. I wonder if the taken down repo was a clean room implementation? If not they might have a case, if it looks similar
Doesn't matter if it is clean room or not. In the US, it isn't legal to share anti-DRM technology. Perhaps you could get some court to decide that this law violates the 1st Amendment, but that would be an uphill climb.
People shouldn't host anti-DRM stuff on any US site.
> People shouldn't host anti-DRM stuff on any US site.
This is the right answer.
On this, I'm somewhat surprised that nobody in Russia/China/Iran/NK/$OtherCountryThatDoesntCareForRelationsWithUSA has built a "GitHub for shady programs" yet - or if they have, it has not gone mainstream yet, I admit to not being up-to-date with "the scene". It's fairly ridiculous that you'd publish hacking tools on a Microsoft-owned site based in the US, it's like storing lock-picking hardware in a police station.
There are plenty of foreign hosts, the problem is that nobody knows about them. Gitee is a pretty big Chinese Github alternative, for example. Parts of the Russian software scene seems to prefer forums to dump software and source code.
You won't find these repositories looking for them, because they're often in their native language. Many forum posts are also locked behind registration. I've used Google Translate a bunch of times to get Russian software working, but only after someone linked it to me.
There was https://git.rip but the creator got raided for other hacktivism and it was seized. (They need help with legal bills, donate at https://arson.cat)
Personally I'm actually of the opinion that people should just forget about working around DRM preventing legal access to content and just forget about DRM encumbered content altogether. Having work arounds adds value to otherwise worthless file formats. Dont support it, dont recommend it. dont even talk about it other than to say "meh, DRM'd you couldnt pay me enough to use it".
Quite an extreme stance I know, but then Ive never had a problem getting enough drm free content to fill my boots to the end of time.
It's a lot of content though. Basically every movie/TV show these days is DRM encumbered either in the streaming app, cable box, the download file or on the disc. Besides some indie stuff the only non-DRM video content I can think of is OTA TV which for me is a whopping 3 channels of not great stuff. Even movie theaters are technically DRM encumbered these days.
You remind me of a relative I've lost nearly all connection with because he now has a hard line stance on DRM. We used to watch movies and enjoy talking about them, but he wont watch anything that requires streaming. And worse, we used to enjoy playing the same video games and talking about them, but he wont use Steam, and he wont purchase video game consoles anymore.
I share his concerns, but when I weight my choices, I sometimes choose the DRM'ed content. The DRM may make my purchase a "rental", but it's often still an experience I choose to have, despite the cons. I have walked away from my fair share of DRM'ed content on principle, but I don't have such a hard-line stance.
Tell him to up his game and use torrents already. It might not help for games (I think Steam has done a pretty effective job of pulling people into its gravity). But it would certainly fix the divide over movies.
Unless of course he's using it as a way of avoiding getting sucked into too much entertainment in general. But there is such a thing as moderation.
Generally I find that recommending individual, uncoordinated action as a solution to a system issue to be generally unsuccessful. Something like this either needs a coordinated response like a boycott, or a political solution.
It depends on the metric for success: if the metric for success is that it ends the practice you oppose, then yes clearly individual, uncoordinated action won't do that. if the metric for success is that it extricates you from having to compromise on your principles, then it's quite easy to achieve success.
e.g. Although I'd be happy for <evil firm X> to go bankrupt or desist from making the world a better place, I'd also be plenty happy knowing I'm not giving them money to make the world a better place.
Yes and users aren't going to boycott so it goes back to one of the main reasons we have a government, to battle ludicrous policies that an old government passed.
What really sucks is that there are authors whos work I want to support but who have chosen (or more likely their publisher has chosen) to us a DRMd format.
I find that frustrating but a lot of that has to do with the contract that the author signed to be able to write the book in the first place.
I wish I could just skip all DRM free content but that is not the world I find myself in.
What can we do to oppose this idiocy that is trampling legitimate fair-use provisions of otherwise licensed content? It's been 10 years since the SOPA protests and while we may have stopped that three headed monster, the global situation with USA attempting to expand DMCA and similar measures to other countries is atrocious.
Other than recent EU court rulings potentially expanding what constitutes fair-use in that territory the situation is not looking good in the West.
The EU should oppose this. I mean the publishers greased the palms of Senators and Representatives here, not in the European union thus they are owed nothing.
In fact the EU in part funded the development of the Readium LCP system through the European Digital Reading Lab (EDRL),a non-profit community-driven organisation, who are the complainant in this case.
I'm constantly amazed at how many people don't understand what "fair use" actually means. Many seem to think it means "I should be able to do this" or even "I'm only using part of a copyrighted work". This issue has come up recently on Twitch with restreaming of TV shows, movies, anime and, more generally, with Youtube and other content.
Fair use [1] is a specific legal doctrine specific to the United States copyright system. Other countries have different legal standards (eg UK's fair dealing [2]). Fair use is a four part legal test and all four factors have to apply for it to fall under the legislation and precedents of US copyright law.
None of this is a commentary of the ethics of defeating DRM. From a purely legal point of view, defeating DRM puts you in violation of copyright law and all the case law (eg AACS decryption [3]) puts such efforts well outside "fair use".
Now I think the copyright situation is ridiculous, not least of which because of a certain unnamed rodent that seems to completely dictate US copyright law (eg wait for another copyright extension beyond death plus 70 years before 2025).
Personally I think copyright should be much shorter (eg 20 years total) with possible extensions that you have to pay an ever-increasing amount for.
But to anyone who wants to release tools on defeating DRM, just know you do so at your own (legal) peril and fair use doesn't apply and won't save you.
Fair use is such a meme at this point often perpetrated by content creators who want to infringe on copyright (because they disagree with many parts of copyright law) so they claim whatever they're doing is just "fair use".
The authors of this library can't possibly defend themselves by claiming fair use and they damn well know it. The real question is whether the tool really does break encryption or if the tool is just an implementation of the algorithm that doesn't comply with their terms and conditions. Theoretically, a white-room reverse engineered implementation could be written without signing any contract and the terms and conditions would only serve to cut off their access after violation, but you'd probably have a hard time convincing a judge of that. I don't favour their chances in a lawsuit, but as they don't publish any keys, it's clear that they don't really break anything.
There could still be a violation going on if they hold one of those silly American software patents, but that would be solvable by only distributing the tools in countries where these patents can't be enforced. That also wouldn't be covered by a DMCA takedown of course, they'd need to start an actual lawsuit for that.
Using money to extend copyright is a bad solution. The house of the mouse will simply pay the fee, because they can, while the author of the bestselling book of 2002 might nog have the income to cover the copyright extenion fee.
Irony will then dictate that the house of the mouse will make a movie out of the bestselling book of 2002, and not pay a dime to the original author.
I don’t buy content I can’t format shift. It’s not that I share it in ways that are against the law, but that if I buy a book, I might want to read it on any number of devices I personally own. If I can’t do that, I’m not buying it. Period.
Also, don’t bother replying to me with any “but you’re licensing it…” nonsense. No. Look up an ebook on Amazon and you’ll see a “Buy” button next to it, with no mention of a license. As long as stores advertise that I’m buying a book, then that’s what I’m purchasing.
I just went to amazon.de and looked at a book and I saw "Jetzt kaufen" which translates to "Buy now". Yes that was a Kindle edition. amazon.com won't show me a purchase option because it wants me to buys Kindle things on amazon.de, but below the bookw, pointing to other Kindle editions (I checked) it shoes "What other items do customers buy after viewing this item?", so there too it uses the word "buy".
I see a "Buy now with 1-Click" button on content I haven't already purchased. There is a "deliver to" dropdown, but it just selects where the content goes after I click that "Buy now" button.
Think I have to side with Readium on this one, since the source code contains the actual bytes of the master key:
def secret_transform_profile10(input_hash):
...
# This 64-byte master key is basically all that distinguishes
# the open source "open for everyone" version from the so-called
# "open source" closed-source-version that's actually being used
# by book distributors.
...
masterkey = "b3a0..."
If it read that from an environment variable or a config file that wasn't included in the source I think this DMCA notice would have a lot harder time holding up.
The full number seems to be b3a07c4d42880e69398e05392405050efeea0664c0b638b7c986556fa9b58d77b31a40eb6a4fdba1e4537229d9f779daad1cc41ee968153cb71f27dc9696d40f .
You mean the number between b3a07c4d42880e69398e05392405050efeea0664c0b638b7c986556fa9b58d77b31a40eb6a4fdba1e4537229d9f779daad1cc41ee968153cb71f27dc9696d40e and b3a07c4d42880e69398e05392405050efeea0664c0b638b7c986556fa9b58d77b31a40eb6a4fdba1e4537229d9f779daad1cc41ee968153cb71f27dc9696d410 ?
PS. If someone is able to provide me all Git history of DeDRM repo, drop me an email to address that I used in a commit. I will force-push the repo with original state.
Why do we use DeDRM tools or equivalent? to be able to move a file from one ereader to another, from another brand; to feel that we "own" ebooks we have "bought"; to be sure that we keep ebooks in case the booksellers goes off-market; to be able to give and ebook we bought to a few friends.
What does kindle and other proprietary DRMs offer? none of it.
What do companies adopting Readium LCP offer? all of the above.
The original https://github.com/apprenticeharper/DeDRM_tools is still open, everybody can use it, Amazon, Adobe, B&N, Kobo don't bother, so it can be used, updated without bits of Readium LCP. LCP which is moving in the right direction IMO: being able to give an ebook to a friend by simply giving the password is great.
Plus, why do some people want to keep and share with the world ebooks they had for free from a public library: they totally crush the only solution which makes litterature available to everyone: if this spreads, libraries will not be able to get ebooks from major publishers anymore. Is it what they really want?
My kindle keyboard died last week (which I used for an impressive 11 years). Copying over the books (using Calibre) to my new PocketBook touch HD3 I got a lot of errors and was reminded of the fact that I don't own most of my Amazon books.
I knew it was going to happen, but it's still soooo annoying. Hooray for De-DRM and usenet, I't probably faster to re-download then to get the De-DRM set up.
> This departs from the policy of the user [private], from which noDRM has forked the repository DeDRM_tools. The user [private] does not provide circumvention material for the LCP solution, therefore it is not part of our request for takedown.
I can't help but to wonder how far you could reasonably go to avoid DMCA notices and such for projects like this, whilst still collaborating on it - basically to ensure that you're censorship resistant for any source code.
The youtube-dl fiasco from a while ago comes to mind in particular, in regards to DRM on books, i think that this comment on Reddit summarizes why it might be important:
> You know exactly why they don't treat it like a physical book. Because then they can rewrite the rules, you don't own it and they make more money.
(e.g. practices that feel like they should be illegal, but aren't, due to the state of education/healthcare industries in the US)
Some ideas for this thought experiment:
GitHub - clearly not the best option, since they're obligated to follow the regional DMCA laws.
GitLab/Gitea/Gogs/... - a self hosted service is probably better, even if takes more effort to run, but at that point the host itself would receive abuse complaints
DMCA Ignored Hosting - apparently a thing, but who knows how resistant they are once the larger corporations would start throwing their weight around
Tor/Onion Sites - probably not a good option, because currently the technologies are used by a number of shady individuals, and even without that factor, the user experience tends to generally be pretty poor (hard to onboard people, probably way slower)
In short, i'm not sure what actually can be done. I guess you just have to vote for people who view the state of the industry as a problem and see as nothing happens because the majority of the populace doesn't care (hopefully it would change, but don't rely on this alone).
Actually, my father recently read some standards online for the industry he is employed in - not only did he have to pay for viewing them, but he could also not save anything because of the DRM in place in the browser (the closest you can get is screenshots, but on text heavy documents that is pretty useless unless you use your own OCR, which many don't know how to do).
Now, maybe that's just a European perspective, but that felt pretty unfair. Especially considering the fact that these standards had information in them which could save lives. Why should you put things like that behind a paywall!?
Seems unbelievable the distributed/federated/p2p/blockchain Web 3.0 hype is all around and we still don't have a censorship-proof alternative to GitHub.
I’d love to hear from the copyright owner (the repo owner). According to github they were contacted and offered legal support. Why didn't they take it or investigate and challenge the notice? I could see how it would be easy to think “welp I help people remove DRM for archival and interoperability purposes and I got a DMCA notice it’s over”. I wonder if the EFF would be interested in lending support.
> Why didn't they take it or investigate and challenge the notice?
Because they would lose their safe harbor protection under the DMCA, and could be sued directly by the rights holder. And because this work probably is in violation of the anti circumvention portion of the DMCA, so a lawsuit could be very expensive
Your code can be hidden without any notification, just showing "该文件疑似存在违规内容,无法显示" (The file is suspected to contain illegal content and cannot be displayed). You even don't know which part has the issue and how to modify.
It provides ways to interact with ebooks protected with DRM systems. It's basically the only mainstream tool in that space; integrates easily with readers and collection managers, it's very battle-tested, has been around for a long time.
noDRM published its code on GitHub. A DRM developer now claims it provides illegal tools, so GitHub disabled the repo.
The community-developed LCP software is used by public libraries (mostly in Europe) to lend ebooks to patrons fora limited period of time, say one month.
What NoDRM allows is for that lending period to be broken, so that patrons (readers) can read the ebook they have borrowed forma public library indefinitely.
The practical consequence is that copyright owners (authors, publishers., etc) would in most cases cease to make ebooks available for lending.
In some cases Readium LCP is also used by ebook vendors (retailers), mostly small European ones, as an alternative to Adobe's RMSDK, but the LCP platform is constructed such that if you buy the ebook from one vendor that you can read it on the app of any other vendor using Readium LCP, even if their authentication server is different (Adobe always requires authentication through a central Adobe server, meaning the end user needs an account both with Adobe AND the vendor/library, something not required with Readium LCP). IT is the most interpoerable system available in the publishing ecosystem
I find it quite disheartening that nobody (or at least very few people in this thread) have looked who the complainant(s) actually are, i.e. the European Digital Reading Lab (EDRL) and (indirectly) the Readium foundation, both of which are community–driven non-profit organisation, operating on very modest budgets.
The Readium LCP software system (as distinct from the Readium the reading applications) was created a community effort to offer readers a user-friendly alternative to proprietary DRM systems. IT plays a particularly strong role in libraries ebook lending where it’s rule it is to ensure that a loan is just that a loan.
I understand the misgivings some have about the DMCA, copyright law and associated copyright protections, and the capitalist system in general. However, please set these aside for a moment and look at the situation from the perspective of readers, authors and others.
Readium LCP is fundamentally a trust system. It relies on copyright holders and that is not just large media companies, but small independent publishers, authors, agents and similar.
The largest consumer publisher (Penguin Random House) is but less than 1/100th the size of Apple or Amazon. Also the earning of an average author in the UK is in the neighborhood of a mere £7,00 per year.
If beg everyone to consider what the practical ramifications would be of destroying trust in a community-driven platform hat spent years to generate.
It means library lending of ebooks would cease entirely or revert to the old system such as Adobe’s RMSDK (reader mobile software development kit) with all the usability issues so familiar to anyone who does software development in the publishing ecosystem.
Aside: the acronym LCP originally stood for “lightweight content protection system” it is “lightweight” by design. For “marketing" reasons (or what I call “trust building”) it was later changed to stand for “licensed content protection”.
Also note that this is a discussion about consumer publishing “trade publishing in the vernacular of the industry) which is distinct from academic publishing (scientific journals, textbooks, etc.) a market dominated by Elsevier, Springer Nature and similar where Readium LCP is hardly used.
Disclaimer: Yes, I personally engage in weekly Readium engineering calls, but neither me not my organisation use or contribute to Readium LCP. WE use and contribute to the general Readium ebook reading software. I can attest that Readium comes with all the issues and problems of a community-driven open software system, but please recognise it for what it is, a community-driven , not-for profit effort.
> a user-friendly alternative to proprietary DRM systems.
That’s a non-sequitur. RMS would have something pithy to say about pretty handcuffs or such, but all I have to offer is: the user friendly alternative to DRM is having no DRM.
> The largest consumer publisher (Penguin Random House) is but less than 1/100th the size of Apple or Amazon.
I'm not sure what you're actually trying to say here. This feels like the positive version of an ad-hominem attack: "Ignore what they're doing because they're really good guys."
None of this changes the fact that the removed tools where the primary means for most people to unencumber content they own.
You have one paragraph dismissing DMCA and copyright, but that's the primary issue here. The fact that it's Readium issuing the DMCA notice instead of Amazon is immaterial in my opinion. The effect is the same.
I would really love to see someone get prosecuted for fraudulent DMCA claims such as this one. The claimant here has sworn, under penalty of perjury, that they are the copyright holder of the code in the named repository. This is a straight up lie - in reality they hold no copyright over code in the repository, because the code in the repository has been independently created.
The anti-circumvention portion of the DMCA is a completely separate thing, and as far as I am aware running afoul of it does not give anyone the right to claim copyright over the code you wrote. The claimant's correct path to a remedy (if any) is to sue the authors of the "circumvention device" and prove the case in court, rather than fraudulently abusing the DMCA takedown process as a shortcut.
If Microsoft/Github wants to show us how enlightened they have become, they should sue this claimant for fraud and tortious interference. Standing up for one's customers against bogus legal action could even become a selling point of SaaS.
How does quoting a passage where they assert copyright ownership over one thing imply that they did not also assert copyright ownership over something else?
> What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL. ... https://github.com/noDRM/DeDRM_tools
> the content of the repo was illegally obtained. The repo and its forks must be shut down entirely.
> I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.
> I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.
In addition, the larger context of a DMCA Takedown Request is to assert expedient takedown of a copy of work that you have copyright ownership over. Adding a bunch of backpedaling filler to a DMCA Takedown Request does not alter its basic purpose.
edit: Sheesh it looks like Microsoft is actually encouraging claimants to write these fraudulent DMCA notices regarding circumvention technology [0]. So this is basically another extralegal "Content ID" process, and Microsoft being overzealous with takedowns makes them a terrible option for hosting your stuff. I'd love to see the law produce some justice here for once, but the real answer to these corporate-bought one-sided laws is IPFS and the like.
Like it or not, anticircumvention measures are black-letter law in much of the world. In the USA, producing or distributing software designed to circumvent DRM can subject you to civil and criminal penalties.
According to 17 U.S.C. section 512, it is not necessary for the material itself to be infringing in order for a DMCA notice to be valid. If "an activity using the material" is infringing, the material must be removed upon receipt of a takedown notice.
Therefore, it is likely that takedown notices are as legitimate for material that violates Section 1201 as they are for copyrighted material.
This is copyright law working as intended, nothing more.
You cut off a few words that probably carry real meaning:
> "does not have actual knowledge that the material or an activity using the material on the system or network is infringing;"
So there's a (somewhat ambiguous) restriction that the only activities this clause is concerned with are those happening on the system or network operated by the service provider that wants safe harbor protection against liability for their users' infringement.
And to determine what activities can qualify as copyright infringement, you have to look in section 501 and the other sections it references; section 512 does not alter the definition of copyright infringement, it just adds nuance to who can be held liable for infringement.
I know enough people in creative industries to know that digital distribution just isn't viable without DRM -- and that creatives want an environment with strongly enforced copyright. As a society we value the livelihood of artists over the convenience of their audience, and that's why we pass laws like the DMCA. The Napster era has totally destroyed interesting music scenes because the musicians couldn't put food on the table making music. DRM enforces copyright in an environment where infringement would otherwise be rampant because of how easy it is -- computers being, like VCRs, general purpose copyright infringement machines. Geez, even the concept of hypertext, as elucidated by Ted Nelson, had DRM built in because other people's IP rights become a fact of life you have to reckon with the minute you deal with readable material!
Of course, DRM schemes fail, and that's where the law comes in. Section 1201 delegitimizes markets for DRM exploits that would otherwise return us to a situation where infringement is rampant, easy, and undetectable. It drives circumvention activity underground, adding friction to the process and making it more difficult than simply buying the material.
There's a real simple principle that geeks don't seem to get: If you want access to digital content without being sued or jailed, just buy it legitimately and don't fucking break the DRM. Abide by the terms the author or publisher has set, or don't buy the content at all. The droit d'auteur, as a moral principle, means that said author or publisher has a moral right to determine how their work is to be exhibited or viewed.
> If you want access to digital content without being sued or jailed, just buy it legitimately and don't fucking break the DRM.
I'm not going to go off on how the rest of your reply feels extremely wrong to me, but I will respond to this. What if I bought content legitimately but the DRM prevents me from viewing/using it as I wish? If I buy a book, I can read it in any way I want, I can use glasses or photocopy it so the letters get big enough to read it without discomfort.
I can also tear it apart, replace the order of the pages, or even make a collage with the words if I so wish.
I can't do any of the above with DRM'd content.
Why would you want to live in a reality in which the author of a work can dictate how a copy of their content can be watched or consumed even after the consumer has bought it? Even the reason for copyright itself as stated in the Copyright Act is "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
It's supposed to be an incentive for artists to make more works as they have a government-guaranteed monopoly over their creations. That monopoly is intended to incentivize potential artists, not to be a moral guide for what rights they should indefinitely have.
So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.