X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
As the possibilities for on-line distribution evolve, so do security measures designed to protect copyrighted content. Digital Rights Management (DRM) systems, such as encryption, watermarking and fingerprinting, seek to prevent piracy and track the proliferation of copyrighted works which are distributed in digital form. DRM technology is developing at a rapid pace, making available increasingly efficient ways to police digitally distributed works. Rather than simply tracking illegal uses after they occur, newer DRM technologies aim to prevent or deter infringement in the first place. DRM technologies can also insure the integrity of digital files, by preventing or deterring unauthorized alteration of a file. DRM technologies are available to protect all kinds of digital files, including audio, video, text, graphics and software. The demand for effective DRM technologies has increased as the distribution of content in digital form has increased. The creation of digital versions of copyright works, whether authorized or unauthorized, increases the risk of unauthorized copying because a digital file can be duplicated and proliferated without significant loss in quality. [FOOTNOTE 1]The advent of the Internet as a highly effective means of rapid, person-to-person transmission of digital files has increased the risk of unauthorized copying exponentially, as the popularity of the Napster audio file sharing system vividly demonstrates. [FOOTNOTE 2] DRM SYSTEMS DRM Systems and the Digital Millennium Copyright Act (DMCA). Even with a DRM system in place, however, the threat of circumvention exists. The Digital Millennium Copyright Act (DMCA) [FOOTNOTE 3]addresses the threat of circumvention by prohibiting the proliferation of certain kinds of circumvention technology. These provisions of the DMCA are directed at those who create circumvention technology and those who make that technology available to the public, whether or not they are involved in any actual unauthorized copying or distribution. Civil remedies available under the DMCA include temporary and permanent injunctions to prevent violations; willful violations of the anti-circumvention provisions for financial gain may result in criminal liability, including fines and prison terms. A CASE OF FIRST IMPRESSION A recent case decided in the Southern District of New York, Universal City Studios, Inc. v. Reimerdes, [FOOTNOTE 4]a case of first impression under the DMCA, illustrates the application of the DMCA to circumvention technology. The Reimerdescase involves CSS (Content Scramble System), a type of rights management system that encrypts and decrypts DVD files, a digital format in which motion pictures currently are distributed. CSS is an encryption technology developed by the Motion Picture Association of America and several Japanese technology companies. CSS was designed to prevent unlawful copying by encrypting digital files that can be decrypted only on certain licensed equipment. The DVD Copy Control Association handles the licensing of the technology to manufacturers. Manufacturers around the world have been granted licenses, on a royalty-free basis, to release DVD players that will decrypt CSS-encrypted files in order for a user to view the content on a DVD disc. Only those licensed devices are authorized to decrypt and play the movie contained within the DVD. In 1999, a 15-year-old boy in Norway created DeCSS, decryption software that effectively circumvents CSS, allowing a movie in DVD file format to be viewed on any computer operating system or other compatible device. He developed the decryption software by reverse engineering a licensed DVD player to reveal the CSS algorithm and decryption keys. [FOOTNOTE 5] The usefulness of the DeCSS software depends upon other, readily available technological tools. The use of the DeCSS decryption software on a DVD motion picture file produces an extremely large digital file that would be difficult to widely distribute. However, a decrypted CSS file can in turn be processed through DivX, a compression program that greatly reduces the size of the digital file, making it feasible to distribute the file on the Internet or by transfer to an ordinary CD-ROM. The DeCSS software quickly made its way to the Internet and was posted on many Web sites, including that of 2,600: The Hacker Quarterly, prompting litigation against the Web site operators under the DMCA by Universal City Studios and seven other major motion pictures studios. The DMCA provides civil and criminal remedies for circumvention of secure technology, unless one of several very narrow exceptions applies. [FOOTNOTE 6]In order for plaintiffs to obtain relief under the DMCA, they need only show that there was a threat of irreparable injury due to a violation of the DMCA. A defendant may be liable for trafficking in a circumvention technology as defined in Section 1201 of the act if (1) the technology is primarily designed to circumvent a copyright protection “technological measure;” (2) the technological measure the defendant circumvented “effectively controls access” to copyrighted works; and (3) defendant “markets” the circumvention technology. The district court in Reimerdesreadily found that the defendants met the first and third of these criteria. The court rejected out of hand the argument that the purpose of DeCSS was to develop a DVD player that would run under the Linux operating system. [FOOTNOTE 7]The court noted that the defendants posted the DeCSS software in an easily downloaded file which contained DeCSS. They also posted links to other Web sites which included information about DeCSS and the software itself for downloading. CENTRAL ISSUE A central issue in Reimerdes, and an important consideration for other Digital Rights Management technologies, was the second factor required by Section 1201 of the act: whether the CSS technology “effectively controls access” to the works in question within the meaning of the DMCA. The defendants argued that CSS was a “weak cipher” that did not “effectively control access” to the copyrighted works, (as evidenced by the success of the DeCSS software itself), and was therefore not protected under Section 1201. [FOOTNOTE 8]The district court rejected this argument as “indefensible as a matter of law” under the language of the act. Section 1201 expressly provides that “a technological measure ‘effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information or a process or a treatment, the authority of the copyright owner, to gain access to a work.” The court found that if the function of the technology in question is to control access, then the technology “effectively controls access” regardless of “whether … it is a strong means of protection.” [FOOTNOTE 9]The court also considered the legislative history of the DMCA, which includes discussion of encryption or scrambling technologies in particular as falling under the anti-circumvention protection of the DMCA. Having found that the distribution of the DeCSS program by the defendants violated the DMCA, the district court granted the plaintiffs’ request for declaratory and injunctive relief against further posting of the DeCSS decryption software. The court dismissed the defendant’s contention that such an injunction would be futile because the software is already widely distributed and continues to be available from other sources. In a strongly worded conclusion, the district court declared that “this decision will serve notice on others that ‘the strong right arm of equity’ may be brought to bear against them absent a change in their conduct and thus contribute to a climate of appropriate respect for intellectual property rights in an age in which the excitement of ready access to untold quantities of information has blurred in some minds the fact that taking what is not yours and not freely offered to you is stealing.” ‘CONTROLLING ACCESS’ Digital Rights Management Systems and “Controlling Access.” The issue of effective control of access under DMCA Section 1201 is important for other types of DRM systems. Under the district court’s ruling in Reimerdes, a DRM system need not be technologically robust in order to provide an avenue for legal redress under the DMCA. This aspect of the court’s opinion will become increasingly important as DRM systems are challenged by increasingly effective circumvention approaches. For example, it has been reported recently that the descrambling of DVDs is now possible with a mere seven lines of Perl code. [FOOTNOTE 10] But not all DRM systems “control access” in the same way as the CSS system involved in Reimerdes. Digital Rights Management technology is a general category under which different types of copy protection schemes fall. Some DRM technologies seek to prevent unauthorized copying, while others seek to track the proliferation of copies. In addition, while certain technologies protect the content owner, others protect the consumer’s private information during an on-line transaction or use that information to trace where the consumer has illegally distributed a protected work. Content owners may also use a variety of DRM technologies simultaneously, to protect rights while encouraging secure distribution. The extent to which these DRMs may fall under the protection of the DMCA anticircumvention provisions will likely depend in part on the details of the technology involved. WATERMARKING Watermarking is a copy detection scheme that: (1) proves ownership, (2) provides access control, and (3) traces illegal copies of protected works. In an audio file, the watermark is a bit stream hidden in a digital file that includes copyright information. Typically it is intended that the watermark be invisible or inaudible. The watermark forms a signature so that when copyright owners search for infringing uses, they can match the signature to detect where the copyrighted work has been used. In the case of audio files, the original audio watermark and bit stream are placed in an encoder with a secret key which is known only to the watermarker. Watermarks on audio files are designed to hide ownership information in digital audio so that the placement is insignificant to the listener, but large amounts of information embedded in the mark make hiding difficult. In addition to making the watermark undetectable, watermarking technology aims to make it extremely difficult to remove the watermark without ruining the audio quality, so that unauthorized next generation copies will be of undesirably poor quality. FINGERPRINTING Fingerprinting is the method of marking and registering data. On-line merchants and content owners may use fingerprints to embed the authentic identification of the original customer in a copyrighted file. The fingerprint will follow the customer around wherever the customer has distributed the file, through chat rooms, free FTP sites, e-mail attachments or file exchange programs. The goal of fingerprinting is to make the threat of detection an effective deterrent against the making of unauthorized copies of protected audio and image files. However, users often collude to find the fingerprint and alter it to change their identities. Hackers will compare different copies of a document with digital fingerprints and change it where the difference is noted. DRM TECHNOLOGIES While watermarking identifies rights holders by embedding ownership information in a file, newer DRM technologies such as CSS have developed to provide a way to complete or reject digital transactions according to specified usage rules created by the owner. These types of DRM technologies will allow anticopying features to follow a given music recording off-line to portable music players and personal computers. A typical DRM package of this type for on-line distribution may include server software, administration and usage-tracking functions as well as required client-side plug-ins. End-users are generally required to download plug-ins in order to view secure content, and a license dictates the conditions for use. Even more innovative technology is the device driver that works at the operating level of a computer, created in response to easily decrypted plug-ins. Microsoft’s Secure Audio Path is one such platform that adds static interference to files. Once the file video and audio cards authenticate themselves, the file can be played. It secures digital music in the kernel and makes sure that the music reaches the soundcard and is not diverted to an unauthorized application. These types of DRM technologies facilitate lawful superdistribution, which is the subsequent distribution of a file by a valid user. A DRM system that is implemented by either the retailer site or the server will force the next user to register for a license in order to make use of the transferred file. Content can only be accessed if the new consumer obtains the same digital rights. To obtain a license: (1) content is encrypted and packaged with access rules; (2) the consumer obtains the encrypted content rules either through a purchase or a free promotional download from the content provider or retailer; (3) a permit request is forwarded to the clearinghouse; and (4) a permit is then issued so that secure content can be superdistributed. The clearinghouse would then generate sales reports and distribute audit records and royalties. Those who are not interested in paying for expensive secure delivery systems may use clearinghouses. Content can be stored in a clearinghouse safely and streamed to end-users. Instead of creating secure delivery systems, music would be stored on a user’s hard drive and be available only as a stream. A timed cache would stop after a certain period of time in order to force the user to go back on-line and update the stream. Most DRM packages provide that, while DRM providers deliver the protection tools, content owners set the conditions. Major components of the system include the protection toolkit, distribution toolkit, consumer toolkit and back-office component. The owner determines access and encryption rules while the distribution toolkit will help the owner create interfaces for distribution. The consumer toolkit will not allow any distribution if authorization is not valid. INDUSTRY STANDARDS The Secure Digital Music Initiative (SDMI), an organization comprised of record companies and technology companies, recognizes the problems with protecting content on-line. It is currently developing industrywide specifications for protecting digitally distributed music as well as standards for compatibility. SDMI’s goal is that portable audio devices will be compliant with technologies that secure copyrighted works, something CSS already accomplished for DVDs. The Software & Information Industry Association (SIIA) is another organization that participates in digital rights management. SIIA is a trade association of the software code and information content industries. It aims to inform users about protected information and to create a copyright enforcement scheme. CONCLUSION As the cat-and-mouse game of the development and circumvention of DRM systems continues, copyright owners and licensors should consider the choice of a technological system from two perspectives: how well it will work technologically, and whether the manner in which the system works technologically will afford a level of legal protection under the anticircumvention provisions of the DMCA. Richard Raysman and Peter Brown are partners at Brown Raysman Millstein Felder & Steiner LLPin New York. Janet Abrams, a legal intern at the firm, assisted with the preparation of this article. ::::FOOTNOTES:::: FN1In contrast, even first-generation copies of analog audio and video formats (such as video tapes and audio cassette tapes) often show significant degradation in quality, and the quality of subsequent copies rapidly decreases. This degradation of quality tends to be a limiting factor in the proliferation of analog copies, as compared to digital copies. FN2 See A & M Records, Inc., et al. v. Napster, Inc., 114 F.Supp.2d 896 (N.D. Cal. 2000), aff’d, No. 00-16401, No. 00-16403, 2001 U.S. App. LEXIS 1941 (9th Cir. Feb. 12, 2001). FN3The Digital Millennium Copyright Act, 17 U.S.C �1201 et seq. The act was enacted in 1998 and went into effect October 2000. It implements two World Intellectual Property Organization (WIPO) treaties: the WIPO Copyright Treaty and the WIPO Performance and Phonograms Treaty. U.S. Copyright Summary, December 1998. FN4 Universal City Studios, Inc et al., v. Reimerdes, et al., 111 F. Supp. 2d 294 (S.D.N.Y. 2000). An appeal has been filed by the defendants, and numerous amici, including the American Civil Liberties Union, have filed briefs focusing on the fair use and other statutory and constitutional issues involved in the case. Seevarious case materials at eff.org/IP/Video/MPAA-DVD-cases/ (Last visited March 7, 2001). FN5Reverse engineering is an exception to circumvention under the DMCA. It allows a person who has lawfully obtained a right to use a copy of computer program for the sole purpose of identifying and analyzing its elements to achieve interoperability with other programs. U.S. Copyright Office Summary December 1998. FN617 U.S.C. ��1203, 1204 FN7The district court rejected the “Linux” argument as a factual matter, and further held that the defendants could not claim fair use because fair use is not a defense to gaining unauthorized access to a work. The argument that DeCSS falls under the reverse engineering exception to the statute was also rejected, on the grounds that the reverse engineering exception does not apply to the dissemination of the technology developed through the reverse engineering process. Reimerdes, 111 F. Supp.2d at 318-21. FN8CSS is based on a 40-bit encryption key. FN9 See Reimerdes, 111 F. Supp. 2d at 318. FN10 Seewired.com/ news/culture/ 0,1284,42259,00 .html (last visited March 7, 2001). Perl is a relatively simple scripting language available on most computer operating systems.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.