Dismantling The Repair Monopoly Created By The DMCA's Anti-Circumvention Rules
from the tractor-liberation-front dept
One of the biggest victories of the copyright maximalists was the successful adoption of the 1996 WIPO Copyright Treaty, implemented by the DMCA in the US, and the Copyright Directive in the EU. Its key innovation was to criminalize the circumvention of copyright protection mechanisms. That strengthens copyright enormously by introducing yet another level of legal lockdown, and thus yet another powerful weapon for copyright holders to wield against their customers. But as Techdirt has reported, the anti-circumvention laws are now being used to prevent people from exploring or modifying physical objects that they own.
The DMCA’s anti-circumvention rules not only strengthen an old monopoly — copyright — they create a new one. Because it is forbidden to circumvent protection measures, only the original manufacturer or approved agents can legally repair a device that employs such technologies. Motherboard has an interesting profile of efforts by the wider repair industry to dismantle that new monopoly before it spreads further and becomes accepted as the norm:
Repair groups from across the industry announced that they have formed The Repair Coalition, a lobbying and advocacy group that will focus on reforming the Digital Millennium Copyright Act to preserve the ?right to repair? anything from cell phones and computers to tractors, watches, refrigerators, and cars. It will also focus on passing state-level legislation that will require manufacturers to sell repair parts to independent repair shops and to consumers and will prevent them from artificially locking down their products to would-be repairers.
The advocacy group is not exactly new, more of a re-branding and re-launching of “The Digital Right to Repair Coalition”, which was formed in 2013. Its aims are ambitious:
The Repair Coalition will primarily work at a federal level to repeal Section 1201 of the DMCA, which states that it’s illegal to “circumvent a technological measure that effectively controls access to a work protected under [the DMCA].” Thus far, activists have tried to gain “exemptions” to this section — it’s why you’re allowed to repair a John Deere tractor or a smartphone that has software in it. But the exemption process is grueling and has to be done every three years.
Given the power of the industries that support Section 1201, it’s hard to see it being repealed any time soon. However, the other part of the Repair Association’s strategy looks more hopeful:
On a state level, the group will push for laws such as one being proposed in New York that would require manufacturers to provide repair manuals and sell parts to anyone — not just licensed repair people — for their products. The thought is that, if enough states pass similar legislation, it will become burdensome for manufacturers to continue along with the status quo. At some point, it will become easier to simply allow people to fix the things they own.
As software is routinely added to yet more categories of everyday physical objects, so the issue of the repair monopoly created as a by-product of the DMCA will become more pressing. It’s good that there is now an advocacy group focussed on solving this problem. Let’s hope it succeeds.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: anti-circumvention, copyright, dmca, dmca 1201, repair monopoly, right to repair
Companies: eff, ifixit
Comments on “Dismantling The Repair Monopoly Created By The DMCA's Anti-Circumvention Rules”
Pick One
Companies should be limited to two options:
1) License
They aren’t selling their product, they are only licensing it’s use, in which case they are legally barred from referring to the transaction as a sale, maintain limited rights over the product such that they can prohibit people from fixing or modifying it themselves, but are also required to do so themselves within the scope of the license(product breaks, they have to fix it, customer loses their copy they have to replace it).
2) Sale
Product has been sold, and the company no longer has any rights or control over it, other than limited rights with regards to things like prohibiting reproductions and sales(not to be confused with re-selling the product, which is allowed). Customer is allowed to modify, change, give away or sell the product as desired, and the company has no ability to stop them. At the same time, the company has no obligations beyond the point of sale, such that if the product breaks unless it’s under warranty they don’t need to fix it, if the customer loses it they have no obligation to replace it.
Re: Pick One
That sounds both reasonable and fair — for the customers. I wish us all luck with getting that implemented!
it goes a bit further than that, it’s also a potential safety hazard. There was a video/article a few years ago from… I want to say Top Gear, or Car and Driver, or some such. Where a hacker gained full control over a Jeep Grand Cherokee (IIRC) while the reporter was “driving” it. I am talking Heating/AC, Windshield wipers, Blinkers, brakes and acceleration, the full 9 yards.
Now I don’t think the manufacturers want to be on the receiving end of a hundred or so lawsuits because they want to “protect the coding in their products” however flawed they are.
Re: Re:
Not all that long ago, just 21 July 2015 in Wired.
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Re: Re:
…a hacker gained full control over a Jeep Grand Cherokee (IIRC) while the reporter was “driving” it…
Why the Fill-in-the-blank would any automobile manufacturer allow a vehicle to allow any access to it’s CPU (or software/firmware) while the vehicle was in motion? That’s ignorant. Allowing wireless access of any kind? Also ignorant. For the ‘infotainment’ system now being deployed: that should be a completely separate system from the car’s controls.
Re: Re: Re:
Because to paraphrase Dr. Ian Malcolm; “The engineers were so concerned with whether or not they could do a thing, they never stopped to consider if they should.”
Re: Re: Re:
That’s easier said than done. For example, the “infotainment” computer in my car also manages the backup camera. When I put the car in Reverse, it displays the camera view on the screen, and overlays lines on it that curve as I turn the wheel, to indicate my path of travel. That’s an incredibly useful safety feature that couldn’t exist if the computer didn’t have access to the steering wheel.
But think of the corn growers, damn it!
If you give them the ability to repair their own combines, they’ll starve to death!
“Where a hacker gained full control over a Jeep Grand Cherokee (IIRC) while the reporter was “driving” it.”
O/T? That was the fault of lazy coding and/or sloppy ‘security’ in the vehicle’s software.
It has nothing to do with the issue: allowing third parties to effect repairs or mods to equipment that was purchased (not licensed). It may void the warranty, or even render the item useless. If so, that’s my choice to make. I own it, I evaluate the risks.
And here’s a damn good reason why this change needs to happen:
http://investmentunderground.com/2016/02/error-53-your-repaired-iphone-is-dead/
Yeah. Nothing says customer appreciation like Apple’s “You’re $700 phone is now a piece of shit because we think you had it repaired at a service center where we don’t get a cut.” response to affected phones.
Then again, Apple isn’t the problem.
Re: Re:
Well wait a minute.
Apple phone is programmed to not trust the fingerprint scanner if it is replaced.
That actually seems like a reasonable security feature.
Granted they should also provide a mechanism for a third party to be able to replace it but there is a legitimate security concern here if that specific component could be easily replaced by your adversary without your knowledge.
Re: Re: Re:
A scanner is hardware.
Apple’s software is checking for licensed scanners, not scanner safety in general.
The software should still work correctly regardless of the hardware in front of it.
Re: Re: Re: Re:
Well not really.
Consider this scenario.
Scanner replaced with a new scanner that has TWO I/O ports instead of one. Port 1 is connected to the standard iPhone system, port 2 bypasses the iPhone hardware and is linked to other hardware (either internal, external, or say directly to the wifi interface bypassing iOS). Any scans via the fingerprint scanner can be duplicated and sent out both ports, port 1 to the standard iPhone subsystems/iOS, and port 2 where it is recorded. Later on, if the installer of the scanner wishes to access some function of the phone protected via the fingerprint scanner, feed in recorded scanning into I/O port 2 and redirect it out I/O port 1 into the guts of the iPhone. As far as iOS is aware, it’s a legitimate scan coming from the fingerprint scanner because it didn’t verify that it was a certified secure (or to spec, e.g. only 1 I/O port) scanner.
Re: Re: Re:2 Re:
oh, and also to add.
But I do agree this should be the owner of the iPhones choice. Rather than bricking the phone, it should just give a warning each time you go to scan a fingerprint that it’s a
non-certified scanner and thus could be compromised.
Re: Re: Re:
However having an untrusted fingerprint scanner should disable the fingerprint scanner, not the entire phone. The phone already has a backup password you can use for access because setting up that password is a required part of setting up the fingerprint scanner.
Re: Re: Re: Re:
Precisely. Error 53 is pure anticompetitive spite on Apple’s part, and there are laws specifically prohibiting analogous behavior in car repairs. Apple really needs to face charges over this, both because they did something obviously wrong and to set a precedent.
Buy Kenmores
Seriously.
They have service manuals for almost all of their appliances, and an abundant and competitive parts economy. I can price parts from three unrelated websites for refrigerators, ranges, dishwashers, whatever and get not only a good price, but a repair sheet. And Sears service manuals are good enough to help you rewire a dishwasher, if you happen to need to do that (pro tip: always lock the hamster cage with the hamster in it).
-C
I once found an Acer desktop system in the trash. It was complete except that someone had removed the hard drive(s). In doing so, they removed the entire metal cage which held the hard drives and left it loose in the case.
I went to Acer’s site to see how to reattach it since I couldn’t figure it out on my own. There was no information. I then contacted Acer to ask for some kind of a manual or instructions on how to reattach it. They told me to take it to an authorized Acer service center and pay them to do it for me.
Guess which brand of computer I’ll never buy…
Re: Re:
You should have taken it to your local elementary school and had a 10 year-old fix it for you. 😉
Re: Re: Re:
10? I doubt you’d need someone with that seniority to do it.
Re: Re: Re: Re:
You think kids 10 and under know how to work on desktop computers? I would guess most of them have rarely even seen a desktop outside of school, and they certainly aren’t allowed to take those apart.
Re: Re: Re:
I’m usually pretty good at figuring things out, but this one has me stumped. There aren’t any hooks or tabs on it and none of the screw holes seem to line up with the case. I’m assuming it goes with it since it was inside the case and without some kind of a cage, there’s nowhere to mount a hard drive.
I’ve already submitted this to Techdirt but it fits rather niceley here as well:
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-1/
The system does not support batteries that are not genuine Lenovo-made or authorized. The system will continue to boot, but may not charge unauthorized batteries.
Re: Re:
Without this “feature” when an aftermarket battery catches fire some lawyer will be in court explaining to the Judge how “Lenovo should have detected these inferior batteries and prevented my clients $1m house from burning down!”
Not all situations are about vendor lock in, some components have safety/security considerations too.
Cory Doctorow gave an awesome talk on this at the most recent defcon. Absolutely worth a watch.
https://www.youtube.com/watch?v=pT6itfUUsoQ
part OF THE PROBLEM
a NEW pice of CRAP isnt as good as the old, and you want to repair the new one and CANT???
I will go back and Fox/remod the old one, and FORGET the new one. And get another 20+ years from it..
THIS…in an age when we could have 1 small box, that you can Plug a Hard drive, DVD(CD,DVD,BR, any format), Flash drive, almost anything, Including a security system…and play ALL our movies and videos..
And run into about 300 Copyrights, that you would have to pay for..
In 2012 Mass. passed auto right to repair
Massachusetts’ automotive Right to Repair Initiative passed 86% to 14% in 2012 (though H.4362 passed first): https://en.wikipedia.org/wiki/Massachusetts_Right_to_Repair_Initiative
DMCA fraudulent implementation of WIPO copyright treaty
The WIPO Copyright Treaty says this:
“Contracting Parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.”
The DMCA says this:
“No person shall circumvent a technological measure that effectively controls access to a work protected under this title.”
The DMCA literally ignores the requirement of a copyright nexus (which some courts are slowly recognizing as essential), and totally ignoring the fact that the WIPO treaty only intended to apply to circumvention for infringing purposes — not non-infringing uses permitted by law.
Sure, the DMCA also says, “Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.” That should mean that the prohibition on circumvention should never be interpreted to allow the copyright owner to control uses beyond the limits of the copyright, but courts have been ignoring this, completely.
For comparison here’s what the TPP says..
Article 18.68: Technological Protection Measures (TPMs)82
1. In order to provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that authors, performers, and producers of phonograms use in connection with the exercise of their rights and that restrict unauthorised acts in respect of their works,
performances, and phonograms, each Party shall provide that any person that:
(a) knowingly, or having reasonable grounds to know, circumvents without authority any effective technological measure that controls access to a protected work, performance, or phonogram; or
(b) manufactures, imports, distributes, offers for sale or rental to the public, or otherwise provides devices, products, or components, or offers to the public or provides services, that:
(i) are promoted, advertised, or otherwise marketed by that person for the purpose of circumventing any effective technological measure;
(ii) have only a limited commercially significant purpose or use other than to circumvent any effective technological measure; or
(iii) are primarily designed, produced, or performed for the purpose of circumventing any effective technological measure,
is liable and subject to the remedies provided for in Article 18.74 (Civil and Administrative Procedures and Remedies).
Each Party shall provide for criminal procedures and penalties to be applied if any person is found to have engaged wilfully and for the purposes of commercial advantage or financial gain in any of the above activities.
A Party may provide that the criminal procedures and penalties do not apply to a non-profit library, museum, archive, educational institution, or public non- commercial broadcasting entity. A Party may also provide that the remedies provided for in Article 18.74 (Civil and Administrative Procedures and Remedies) do not apply to any of the same entities provided that the above activities are carried out in good faith without knowledge that the conduct is prohibited.
2. In implementing paragraph 1, no Party shall be obligated to require that the design of, or the design and selection of parts and components for, a consumer electronics, telecommunications, or computing product provide for a response to any particular technological measure, provided that the product does not otherwise violate a measure implementing paragraph 1.
3. Each Party shall provide that a violation of a measure implementing this Article is independent of any infringement that might occur under the Party’s law on copyright and related rights.
4.
With regard to measures implementing paragraph 1:
(a) a Party may provide certain limitations and exceptions to the measures implementing paragraph 1(a) or paragraph 1(b) in order to enable non-infringing uses if there is an actual or likely adverse impact of those measures on those non-infringing uses, as determined through a legislative, regulatory, or administrative process in accordance with the Party’s law, giving due consideration to evidence when presented in that process, including with respect to whether appropriate and effective measures have been taken by rights holders to enable the beneficiaries to enjoy the limitations and exceptions to copyright and related rights under that Party’s law;
(b) any limitations or exceptions to a measure that implements paragraph 1(b) shall be permitted only to enable the legitimate use of a limitation or exception permissible under this Article by its intended beneficiaries and does not authorise the making available of devices, products, components, or services beyond those intended beneficiaries; and
(c) a Party shall not, by providing limitations and exceptions under paragraph 4(a) and paragraph 4(b), undermine the adequacy of that Party’s legal system for the protection of effective technological measures, or the effectiveness of legal remedies against the circumvention of such measures, that authors, performers, or producers of phonograms use in connection with the exercise of their rights, or that restrict unauthorised acts in respect of their works, performances or phonograms, as provided for in this Chapter.
5. Effective technological measure means any effective technology, device, or component that, in the normal course of its operation, controls access to a protected work, performance, or phonogram, or protects copyright or related rights related to a work, performance or phonogram.
Sorry Glyn, but as much as you appear to be morally on the right side of the argument, the reality of technology isn’t the same.
More and more of the things we use each day are based on a combination of hardware and software. The hardware alone doesn’t do anything, the software provides the functionality and connection between the various parts. Without software, your “smart” phone would be nothing more than a collection of parts. That isn’t just the OS, but also the firmware that runs sub-assemblies and the various bits and pieces.
In order for many things to work properly, those sub-assemblies and plugged in parts must be right. Not almost right, not kinda right, but right. A fingerprint scanner that doesn’t scan exactly the same (or sends the same results for all fingers, regardless) may in fact defeat the function and make the device less secure.
With the problems of product liability and the the potential for both legal action and loss of face in public, it’s not surprising that companies are not interested in allowing third parties to install unchecked components or to make modifications.
Re: Re:
If this attitude had been prevalent in the ’80s, this technology which you seem so keen to protect would simply not exist. We’d still be dealing with proprietary black box systems, and innovation would have been slowed to a crawl.
Reverse engineering can be used to develop a part that is indistinguishable in operation from a “licensed” part. This right needs to be protected and championed.
Re: Re: Re:
“We’d still be dealing with proprietary black box systems, and innovation would have been slowed to a crawl.”
Not at all, a black box system is just an invitation to make your own, for others to create. A lack of innovation or moving forward should be something that drives innovation and new development. Then again, if you think that producing a knock off part is somehow innovative, then I guess you are right.
Re: Re: Re: Re:
You have no knowledge of recent history, do you? You sit here enjoying the fruits of the Computer Revolution, yet are gleefully trying to clamp down on the rights and abilities that brought those fruits to bear.
Ok, I guess I need to give a quick history lesson.
The Dark Ages
In the ’60s and ’70s, personal computing was a laughable pipe dream. This is despite the commercialization of the silicon transistor in the ’50s. Computers were proprietary mainframe/terminal setups, and cost exorbitant sums of money. This was because each seller had to build their system from the ground up, hardware and software. Now, as we approach the ’80s, hardware costs have started to go down, but software costs were going up. Companies still had to write the complete codebase for their proprietary system. Compatibility was unheard of, and costs were still too expensive for personal computing for the general public. Hobbyists could put together relatively cheap kit computers, but the retail desktops cost $5000-$10000, adjusted for inflation.
Enter “Open Architecture”
The early commercially successful computers, the Apple II and the IBM 5150, both utilized a published, card-based, open hardware architecture. This meant that any company could follow the spec and produce hardware components compatible with the machines, and allowed third-party software to enter the mainstream. Now, instead of using whatever proprietary word processor came on the machine, you could run WordStar, or any other software. This meant that the computer manufacturer didn’t need to develop all that software in-house, lowering the cost of the machine.
The Clone Wars
It’s the early ’80s, and home computing is starting to take off. IBM dominates the market, but they’re still too expensive for most households. Still, they’ve built up an ecosystem of third-party software that consumers demand. “Does it run Lotus 1-2-3?” is the death knell of many a new entrant. Things look bleak for everyone but Big Blue.
Then inspiration strikes. IBM’s machines ran PC-DOS, provided by a small company called Microsoft. Microsoft also sold the OS, as MS-DOS, to any interested third-party. Some companies try to break into the market by using MS-DOS, but differences in the BIOS mean that programs needed tweaking before they could run on each machine.
Compaq wants to build a fully-compatible IBM Clone, but they can’t just copy IBM’s BIOS due to Copyright law (See Apple v. Franklin). They could, however, independently create their own BIOS that behaved identically. They proceeded to do a clean-room reverse engineering of the IBM BIOS, and built the first true PC clone. When IBM’s lawyers could do nothing to stop Compaq, the floodgates opened. The new competition enabled by these “knockoffs” drastically lowered the price of computing hardware, bringing about the commoditization that we enjoy today.
That’s only a brief overview, there’s much more to the story, and I encourage you to read up on it. It should make clear the pivotal role that reverse-engineering and third-party compatibles had in bringing about ubiquitous computing, though.
Re: Re:
With the problems of product liability and the the potential for both legal action and loss of face in public, it’s not surprising that companies are not interested in allowing third parties to install unchecked components or to make modifications.
It’s the Digital Millennium Copyright Act, not the Digital Millennium Product Liability Act. If Congress is concerned about liability, they should pass a law addressing that. The DMCA should not be misused for this purpose.