Filed under: Features, Portable Audio

Legal analysis courtesy of Scott McMillan, Zachary Sharpe, and Trevor Adler of The Columbia Science and Technology Law Review.

The press and blogosphere have recently been abuzz over programs that remove copyright protections technologies known as Digital Rights Management (DRM) from purchased or rented media files. These DRMs restrict a consumer’s use of the media – morality notwithstanding, they are the only thing preventing you from copying your music or video files onto all of your friends’ computers. DRM-stripping programs remove such restrictions from the file (and typically violate your terms of service agreement, to say the least). In September, Microsoft filed suit against the hacker(s) responsible for one such DRM-stripping program, FairUse4WM, purportedly created by the now notorious Viodentia. Other such programs reportedly target the DRM protections of the iTunes Music Store and AllOfMP3, among others. What will become of Microsoft’s lawsuit? What does this have to do with “fair use” and the Digital Millennium Copyright Act (DMCA)? What follows is a brief overview in two parts. In the first, we’ll discuss current issues surrounding fair use with regard to the DMCA, and in the second we’ll approach Microsoft’s legal actions against Viodentia for FairUse4WM.

What fair use is, and how it works alongside the DMCA

“Fair use” is a doctrine under US copyright law that permits certain acts that might otherwise be considered copyright infringement. Copyright law gives authors the right to exclude others from their work, and can sometimes get in the way of the ultimate goal of copyright, which is to promote progress in art and science. The theory here is that without copyright protections, many artists and authors would be discouraged from distributing their work. The fair use exception allows copyright protections to remain in place while enabling consumers some degree of freedom in their use of purchased media. For example, it was generally understood that ripping CDs for personal use was legal because it fell under the fair use exception. However, fair use was dealt a serious blow with the enactment of the DMCA in 1998 and the widespread use of DRM protections. Indeed, fair use is not a defense to a DMCA claim.

The DMCA specifically prevents someone from “circumvent[ing] a technological measure that effectively controls access to [copyrighted works]” without permission from the copyright owner (17 U.S.C.A. § 1201(a)(1)(A) & (3)(A)). It also prohibits a person from, among other things, making such a tool or offering it to the public (17 U.S.C.A. § 1201(b)(1)). This provision has given content providers the power to take legal action against virtually anyone who tampers with their DRM protections, even those who would have otherwise been protected under the fair use doctrine — often times consumers like you.

A prime example of how courts have used this DMCA provision to strike down a DRM-removing technology involves DeCSS. As you might know, DeCSS removes the DVD content protection, or Content Scrambling System (CSS), essentially enabling anyone with a computer and a little know-how to rip DVDs. In the frequently cited case of Universal City Studios v. Corley 273 F.3d, 429 (2d Cir. 2001), the Second Circuit Court of Appeals affirmed a district court’s ruling that barred Eric Corley — aka Emmanuel Goldstein, publisher of the infamous 2600 hacker quarterly — from making DeCSS available for download on 2600.com, or posting links to other websites offering the program for download. Among other things, the court rejected the idea that DeCSS could be protected under the fair use doctrine, reasoning that fair use is concerned with how one uses a copyrighted work, not how someone obtains the work in the first place. Thus, the court concluded that the right to view a DVD does not create a right to decrypt the DVD.

Because the DMCA doesn’t distinguish between types of media involved or how protections are circumvented, the Corley case will most likely play a role in any future legal battle over DRM-stripping software. So far as FairUse4WM is concerned, the fair use doctrine would appear not give Viodentia (or users or distributors of the program) any protection against alleged DMCA violations, and FairUse4WM could suffer the same defeat in a US court as DeCSS. The European Union has enacted similar legislation to the DMCA, namely the 2001 EU Copyright Directive (EUCD). But Microsoft has admitted that it doesn’t know Viodentia’s location and has recently initiated action with Yahoo and Google to investigate. Legal defeat, however, has not at all magically eliminated the availability of DeCSS on the web. This may give some insight as to how effective current legal relief in the US will be once internet users take hold of a desirable new technology.

Have we seen the end of fair use? Current law still leaves a little wiggle room. While programs specifically designed to circumvent copyright protections have little chance of overcoming the DMCA, manual workarounds may still be legal. For example, most downloadable music services (begrudgingly) allow users to burn audio CDs from the music they buy. Doing so also strips the files of their DRM, but because users have permission to copy to CD, this use is acceptable under the DMCA. Re-ripping the CD back into unprotected audio files for personal use is probably acceptable under fair use or by some other right (the RIAA allows copying of CDs for personal use but not because of fair use). Whether courts would view this multi-step process as DRM “circumvention” under the DMCA has yet to be seen.

So where will the line between fair and illicit use eventually be drawn? The current legal incongruity between manual DRM workarounds and blatant DRM hacks reflects the questionable post-DMCA state of the fair use doctrine. Will this be enough to encourage lawmakers and courts to rethink their position on the DMCA? Only time will tell.

Microsoft takes legal action

On September 22, Microsoft filed a complaint against “John Does 1-10, a/k/a ‘Viodentia’,” alleging that Viodentia created and distributed software, FairUse4WM, that incorporates code from Microsoft’s Windows Media Format SDK v. 9.5. Microsoft argues that Viodentia should therefore be held liable for copyright infringement. Filing an action against a John Doe is somewhat tricky in the American legal system; we have an adversarial legal system, and when you file against a John Doe, you’re suing somebody whose identity you don’t know and who’s therefore not represented in court. One of the first steps, then, when suing a John Doe is to find out just exactly who you’re suing. This is done through a third party discovery motion, which needs to be approved by the court. Accordingly, Microsoft filed a Motion for Leave to Conduct Third Party Discovery on September 26.

In granting the motion for third party discovery to identify Viodentia, Judge John Coughenour set explicit limits on who can be subpoenaed and what can be requested. Judge Coughenour allowed discovery against two named e-mail providers, Yahoo! and Google. Microsoft may only look for information that is reasonably likely to lead them to identify the user of the targeted IP address(es). Judge Coughenour also authorized a limited second level of discovery that works as follows: if Microsoft’s Google and Yahoo! discovery uncovers an IP address relevant to the identification of Viodentia, Microsoft is permitted to issue subpoenas to the ISP that operates or issued that IP address in order to determine the identity of the user.

If Microsoft is unable to procure useful information from Google or Yahoo!, or if they run into a dead end at the ISP level, it will need to find some other means of identifying Viodentia. To expand the scope of its search, Microsoft would need to seek and receive further permission from the court. The present order gives Microsoft only 120 days to discover Viodentia’s identity. Although Microsoft can seek a time extension, if it cannot name an actual person in its suit before Judge Coughenour’s patience wears out, the case will likely be thrown out.

If Microsoft does identify Viodentia, the case can proceed. This would entail service of process and would involve thorny jurisdictional questions if Viodentia does not reside in or have sufficient ties to the US. In that case, even if the infringing acts alleged in the lawsuit occurred in the US, unless Viodentia can be prevailed upon to come to the US and be properly served, the case would likely be dismissed on grounds of forum non conveniens (inconvenient forum).

The critical importance of the subpoena power to Microsoft’s case against Viodentia explains the otherwise-mysterious question of why Microsoft has filed a suit for copyright infringement rather than for circumvention of DRM. The subpoena power is a little-noticed feature that the DMCA added to copyright law. In the old days, ISPs often refused to disclose the identities of their users. Then along came the DMCA’s 17 U.S.C. 512(h)(1), which enables a content owner to subpoena an ISP and demand user identities. This is crucial because ultimately, it is the only way to maintain a lawsuit and force a user like Viodentia to stop. But here’s the problem: 512(h)(1) applies only to copyright violation and not to DRM circumvention. If it were only a matter of hacking WM, Microsoft would not be able to use a subpoena to identify Viodentia. Therefore, Microsoft must claim copyright infringement, whether or not that actually is the case.

In the meantime, Microsoft is issuing cease-and-desist letters to websites hosting FairUse4WM, alleging the same copyright infringement as alleged against Viodentia. It remains to be seen if Microsoft will attempt to advance its copyright argument against these websites by filing suit, or whether it will focus its efforts on Viodentia. Since websites hosting FairUse4WM cannot hide behind the fair use doctrine as noted above, those that are within Microsoft’s legal reach will likely heed Microsoft’s threats rather than be ensnarled in a costly legal battle. However, it is important to note that legal defeat has not magically eliminated the availability of similar DRM-stripping programs like DeCSS on the web. This may give some insight as to how effective current legal relief in the US and abroad will be once internet users take hold of a desirable new technology.

Is all of this still relevant if Microsoft intends to turn its back on PlaysForSure? Absolutely. Zune or no Zune, PlaysForSure is supposed to live on for its current partners. What’s more, Microsoft’s case against Viodentia will likely establish important legal precedent for actions against the creators of other current and future DRM-stripping programs. If you thought Microsoft’s lawyers were scary, wait until you see Apple’s.

FairUse4WM followup

We’ve received scattered reports that the final version of Windows Media Player 11 “fixes” FairUse4WM by not recovering the previous, broken keys; 11 now apparently AES encrypts keys, but fortunately that too has apparently been circumvented — though not by Viodentia. Windows Media Player 10 users are still unaffected, and can technically feasibly continue use of the application, still at version 1.3. -Ed.

This piece by the STLR Engadget Team was led by Columbia STLR contributors Scott McMillan, Zachary Sharpe, and Trevor Adler.

Permalink | Email this | Linking Blogs | Comments

BOLD MOVES: THE FUTURE OF FORD A new documentary series. Be part of the transformation as it happens in real-time

Office Depot Featured Gadget: Xbox 360 Platinum System Packs the power to bring games to life!

Filed under: Portable Audio

Mere days after Microsoft started pushing a new IBX version for “protecting” PlaysForSure files from its users, the FairUse4WM guys have thrown down a new version that deals with that and other little DRM-circumvention obstacles. The new release — version 1.2 — knocks out DRMv1 files you’ve ripped yourself with protection, breaks down individualized WM9 files and has a workaround for WM11beta2. Of course, we’re guessing it won’t be long until Microsoft has another quick update to break FairUse4WM again, but it seems like a more drastic update might be in order to shut down this hack for good. We’re sure you’re well familiar with our stance on this whole issue, and hope that version 1.2 treats you right.

Read | Permalink | Email this | Linking Blogs | Comments

Filed under: Portable Audio

Earlier this week we told you about the first tool we’ve yet heard of that strips the FairPlay DRM from the iTunes Music Store v6 tracks you bought, called QTFairUse. Unfortunately, because this tool was still very raw and in Python, so it didn’t seem entirely there yet for the rest of us; well, today we’re one step closer with myTunes, a small (50KB), simple, graphical Windows app designed to strip the DRM off your iTunes tracks lickety split. Based on the QTFairUse Python code (and not that of the original myTunes from way back in the day), this app unfortunately only strips DRM in real time, meaning that while it automates the process as you churn through your playlist, it also requires you to play through your library song by song (compared to FairUse4WM, which strips PlaysForSure DRM en masse). Also, after the FairPlay has been stripped, you still have to use another tool to reconstruct your track from your raw AAC file (which also means you have no metadata). In other words, even though this tool simplifies a lot of the process, it’s still also a huge pain to use, so you’d better be prepared to bust out some shell scripting until the next version of myTunes is released (when they intend to automatically add the headers and metadata, making it a one step process). But it did most definitely work, click on to get an idea of what you’re in for with this early version of myTunes.

[Thanks, Pete]

So the first thing we did was, of course, update to the very latest version of iTunes for Windows (6.0.5.20) and buy a song from the iTunes Music Store.

We love Ultravox, so we picked an appropriate song…

As you can see, we’re prepared for major cash outlays for our editorial.

Once you have your track ready to play, fire up myTunes, set your decoding path, and enable myTunes.

Then, just hit play on your DRMed track, and it will begin the DRM stripping process.

Like we said, it goes in real time, so be patient. You’ll probably want to leave this thing running overnight (hey, that’s 8 hours of un-DRMed music a day, not too bad).

Once it’s done decoding, you have to use another tool called faad.exe to construct a playable AAC ADTS file. Kinda sucks, but it only took 2.8 seconds for Hymn to get built back up. Then we moved all our files (the FairPlay DRMed file, the raw AAC file, and the reconstructed AAC file) to our other machine for testing.

As you’d expect, this is what happened with the AAC file tried to play in VLC. No go — that’s copy protection for ya!

Neither would the raw AAC file play, but that wasn’t a surprise either. The resulting file from faad worked just fine, though.

Unfortunately it had no metadata (as expected).

However, as you can see the bitrate was kept intact, and the file size was almost identical to its original. We can’t yet confirm that this was a lossless DRM stripping method, but we’d wager it is (or at least very close to it). For what it’s worth, we heard absolutely no discernable loss in sound quality. Happy fair use everybody!

Read | Permalink | Email this | Linking Blogs | Comments

Filed under: Home Entertainment

Leave it to the Hawthorne Effect, right? It’s been three days since we spilled the beans about the PlaysForSure-stripping FairUse4WM app, and already Microsoft’s Windows Digital Media Division is issuing notices to its PlaysForSure licensees regarding patching up the problem. It’s a little difficult for the likes of us to decode, but check it out for yourself, we’ve printed the letter in its entirety (sans email addresses) for your perusal. From what we can glean, Microsoft’s prepared to combat this “new circumvention tool” by patching the individualized blackbox component (IBX) in PlaysForSure either as a push down through the software, or as an update availaable in the near future to Windows users. We won’t butcher the technical nuances of this one any further though, so we’ll let you guys see what’s what and figure out how to keep everyone in the Fair Use fair use loop. Either way, guess it looks like Microsoft wasn’t listening to our pleas; are you there Bill? It’s us, Engadget.

—copied from source—
From: Windows Media License Agreements [email removed]
Sent: Monday, August 28, 2006 8:52 PM
To: Windows Media License Agreements
Subject: Update to the Windows Media Format SDK version 9.5 [identifier removed]

Dear Windows Media Licensee,

On August 25th, 2006, Engadget.com reported on a software tool that would allow consumers to decrypt WMDRM protected content. In response, on August 28, 2006, Microsoft released an update to the individualized blackbox component (IBX) designed to ensure that client applications using the Windows Media Format SDK version 9.5 who individualize to this latest version are robust against a new circumvention tool.

This update is not yet available for the Windows Media Format 9 Series FSDK or for users of Windows XP Media Center Edition 2005 Update Rollup 2.

Consumers are not at risk in any way. Content services can require that the updates be present in order to issue licenses by following the instructions below. Please note that the version number of IBX was not incremented as part of these updates to avoid delaying the release of these critical breach mitigations. Consequently, the only way to determine if the update is installed is to query the build number of the IBX. This requires code executing on the client.

To determine the build number of the IBX:

1. Ensure the PC is running the August 2005 update to Windows Media DRM. See the attached white paper for details.
2. Determine the path of the WMDRM folder. The path is stored in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\DRM\DataPath
3. Identify the file name of the latest IBX. If the machine has been individualized only once, the IBX file name will be indivbox.key. Otherwise, the IBX file name is in the form indivbox_xxx.key, where xxx are digits 0-9. The file name with the greatest value of xxx will be the latest IBX.
4. Call GetFileVersionInfo() to retrieve the build version of the file identified in step 3. See [link].
5. If the IBX file version is 11.0.5497.6285 or greater, then the updated IBX is installed

Please submit questions to [email removed]

Best regards,

Windows Media Licensing Department
Microsoft Windows Digital Media Division
——————————–

Permalink | Email this | Linking Blogs | Comments

Filed under: Portable Audio

XM is firing back against the recording industry’s lawsuit over the Pioneer Inno‘s ability to temporarily store copyrighted material, stating rather boldly in an open letter to its customers that “we will vigorously defend these radios and your right to enjoy them in court and before Congress, and we expect to win.” Claiming that the record labels “don’t get it,” XM argues that consumers have always been free to tape over-the-air content from a variety of sources, provided that they restrict those recordings to personal use. What’s more, the Inno doesn’t even let you transfer recorded content to other devices, and deletes all of your tunes if you drop your XM subscription, so it’s already much more restrictive than the recording devices faced by TV and terrestrial radio broadcasters. Instead of actually expecting XM to pay $150,000 for each song recorded by Inno users (which would probably amount to at least several billion dollars), it’s more likely that the music industry is using this suit to coax XM into joining rival Sirius in coughing up additional licensing fees. Also, a note to XM PR: despite your suggestion that the record labels are attacking sat radio owners at the expense of a war on the “real” pirates, we think that the industry is both well-prepared and well-equipped for a multi-front conflict.

[Thanks to everyone who sent this in]

Read | Permalink | Email this | Linking Blogs | Comments