next up previous


``Authority of the copyright owner'' in 1201(a)

Robert S. Thau and Bryan Taylor


Contents

Introduction

The plaintiff's case in Universal et al. v. Corley relies on an interpetation of the Digital Millenium Copyright Act (DMCA), specifically 17 USC 1201(a), which we regard as fundamentally flawed. This section of the law provides protection for ``access control mechanisms'', which as we shall show, was clearly intended by Congress to mean mechanisms which perform some sort of affirmative check that a viewer is authorized to view a particular work. Several such systems have been deployed by the movie studios to protect their work, including one (codeveloped with Circuit City, and marketed to consumers under the name ``Divx'') which actually checked the authority of a particular viewer to view works distributed on DVD disk.

However, the ``Content Scrambling System'' supposedly ``hacked'' by the plaintiffs in this case performs no such check -- a CSS-enabled player will view any CSS formatted DVD without performing any check that the user is authorized to view it. Plaintiffs claim protection for it anyway by misreading the law to state that the ``authority of the copyright owner'' referred to in the statute is not a grant of authority to view any particular work, but rather authority to implement the CSS process itself -- the authority to govern not merely the act of access, but the permissible means of access. Their assertion is in conflict with the text of the law, with the legislative record of Congress enacting the law, and with enduring, basic constitutional principles regarding intellectual property protection. Further, were their interpretation to stand, it would give them an awesome degree of power over the deployment of players for their movies and other protected content, far in excess of what was intended by Congress, and with very deleterious effects on the public interest.

Acknowledgments

This paper is the result of discussions on the dvd-discuss mailing list run by the Berkman Center at Harvard University, and has benefitted immensely from the insights of those on the list. All flaws are, of course, solely the fault of the authors.

Technical facts of the case

The plaintiffs in this case are most of the major movie studios in this country. This case concerns movies which they publish on Digital Versatile Disc (DVD). The process of formatting these discs includes the application of the so-called Content Scrambling System (CSS), which transforms the files containing the video and audio comprising the movie into an obscured format. The details of this obscured format, and the process of converting it to industry-standard formats (e.g. MPEG) which may then, after many further conversions, be displayed to a human viewer are licensed by the plaintiffs, via their intermediary, the so-called DVD Copy Control Authority (DVD-CCA), to player manufacturers.

Licensees are required to obey numerous conditions on their use of the CSS technology by the terms of the license. These conditions include implementation of a system called ``region coding'', which requires a player sold in America, for example, to refuse to play discs sold for use in Europe, or vice versa. (Among other measures, a player is required to keep a permanent record of the region it resides in, and to allow this record to be changed only a small, fixed number of times without being reset at the factory). These requirements also currently include the implementation of certain copy-control technologies designed to inhibit transfer of movies onto VCR cassettes (the so-called ``Macrovision'' machinery). However, the plaintiffs and their agents have acknowledged that these mechanisms are technically distinct from CSS per se, and bound to it only legally by the requirements of their license. They have also included among these conditions such matters as region coding, which have nothing to do directly with either access control or copy control, which comprise between them the subject matter of the DMCA. As the plaintiffs' witness, Robert Schumann stated in his second declaration:

23. As I also stated in my recent deposition, CSS and the decryption of it via DeCSS has nothing to do with protecting so-called regional coding or any mechanism which prevents consumers from fast-forwarding through the initial audiovisual information contained on a DVD disc (which includes copyright infringement warnings. and the like).
(Schumann supplemental declaration, June 1, paragraph 23).

The defendants in this case are distributing an unlicensed implementation of the CSS technology, called ``DeCSS'', which, like the licensed implementations, can take the obscured video files stored on commercial DVDs and convert them to unobscured form. This is the first of several conversions required to make these files visible to a human viewer, and is a necessary step in viewing the content on a DVD (others being conversion from a highly compressed form called ``MPEG'' to uncompressed digital video, formatting that digital video so hardware display drivers can process it, and the conversion of the digital data to analog signals driving an actual display; the analog signals are generally processed further within a display, but those steps are of no concern to us).

As such, DeCSS performs a function which is absolutely necessary to viewing the content on legitimately purchased DVDs to which CSS obscuration has been applied -- players which would clearly serve a legitimate function. In fact, as testimony at the trial has shown, DeCSS was originally written to serve as a component of such a player (Johansen testimony, p. 619 of the trial transcript). Contrary to the claims of the plaintiffs, it does not serve as a piracy tool; it is clumsy to use for that purpose, and in any case, other tools for that purpose are available, which do the job more conveniently, by essentially parasitizing a licensed DVD player. (Trial transcript, Reider testimony, p. 684).

The plaintiffs are suing to enjoin further distribution of DeCSS, claiming that their licensed implementations of the CSS technology provide a form of access control which is being ``circumvented'', or more simply, bypassed, by the unlicensed DeCSS implementation.

What makes this a peculiar claim is that there is nothing about any implentation of the CSS technology, either licensed or unlicensed, which would ever, in the ordinary course of the operation of CSS, deny any viewer access to the contents of any CSS-formatted DVD. If an unlicensed CSS implementation would reduce the contents of a given disc to (more) readable MPEG video data, then any licensed implementation would do the exact same thing. There is never any case in which the two implementations do anything different. How, then, can the plaintiffs claim that one of these things is providing an access check which is bypassed by the other?

To answer that question, let us begin by examining the law, and how it may be applied to two access control mechanisms of a sort which it is unquestionably intended to cover. Having done so, we will return to CSS, and to the contorted interpretation of the law which leads the plaintiffs to claim that CSS is providing access control despite the fact that in the ordinary course of its operation, it can never deny access.

Access controls and the DMCA

The applicable statute

The Digital Millenium Copyright Act was enacted by Congress to protect certain forms of electronic defenses which copyright holders might adopt for their works, by adding a new chapter, 12, to Title 17 of the United States Code, which defines copyright law. Two distinct types of mechanisms are protected -- access controls, in section 1201(a) of the law, and copy controls, in section 1201(b). The plaintiffs' case relies on construing CSS as an ``effective access control'', as defined in 1201(a). So let us examine how that term is defined. In section 1201(a)(3)(B) of the law, we find that, for purposes of section 1201:

(B) a technological measure `effectively controls access to a work' if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
If that is the case, then section 1201(a)(2) provides that
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-

(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

(C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

where ``circumvention'' is defined in 1201(a)(3)(A) as:
(A) to `circumvent a technological measure' means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner

So, ``effectively control access'' is defined in terms of ``gain access to the work'' -- which is not, itself, defined in the DMCA. Seeking definitions from common language, we find that any common dictionary (e.g., Merriam-Webster) defines three senses for the word ``access'': it can refer to a right, a means, or an act.

The most straightforward interpretation, in context, is that the technological measure must govern the act of access -- that is, it must, ``in the ordinary course of its operation'', perform some explicit test that the user is authorized by the copyright owner to view a particular work, and allow the act of viewing the work only in case that he is, in fact, authorized.

But, there are other possible readings; let us consider them. Clearly, it makes no sense to adopt the sense of ``access'' in which to ``gain access'' is to be granted the legal right to view something. That would reduce the law to nonsense; it would speak of technical means which somehow require the application of a process to a copyrighted work in order to allow a viewer to form a contract.

This leaves the interpretation in which ``access'' is a means, and the technical measure checks whether the viewer is using authorized means of acccessing the work. However, the technical measure itself is necessarily part of the means of access, so at the very least this reading lends a strange circularity to 1201(a)(3)(B). But nevertheless, as we shall see, that is the plaintiffs' reading. (Strangely, they seem to think this control extends over only means which employ cryptography in some way, even though the definition of ``effective access control'' never mentions cryptography, encryption, or decryption; of that, more anon). We will also see that this is how CSS itself is designed to function -- it does not and cannot check that the user has been authorized by the copyright owner to perform the act of access -- and we shall show see that this interpretation is at variance with both expressed Congressional intent in passing the DMCA, and with basic Constitutional principles regarding intellectual property protection.

But before doing that, it may be worth showing that our alternative interpretation, that ``effective access controls'' are restricted to measures which govern acts of access, does provide copyright holders with an opportunity to provide meaningful protection for their work, and that we are not trying to read the statute into nonexistence or irrelevance. So, let us examine a few examples of effective access controls under this definition.

Examples

On our reading, then, an ``effective access control'' is one which performs an explicit test that the viewer is authorized, and circumvention consists of bypassing, or negating the effect of, such a test, in order to provide access to a work to a person who would have been denied access ``in the ordinary course of [the access control's] operation''.

This is a fairly broad definition, which provides statutory protection for numerous mechanisms which the plaintiffs can build to protect their works. We will consider three.

Pay-per-view cable

In pay-per-view (PPV) cable case, programs are distributed to everyone in a particular cable network, but in a scrambled form. If a viewer desires to view one of these programs, then they make arrangements, including payment, with their cable provider. The cable provider then downloads a ``key'' for that particular program into that individual viewer's set-top box. When the program is broadcast, the set-top box applies the key to the scrambled program, obtains the program in unscrambled form, and shows it to the customer. In this scenario:

Circuit City Divx

Of course, in the PPV cable case, the work being protected (the pay-per-view programming) is never fixed in tangible media. But that is not essential; it would be easy to design a scheme in which players for DVD-like discs would similarly require a key to be downloaded into them in order to play the contents of a particular disc.

This mechanism would preserve the essential properties of PPV authentication which we have already discussed:

A scheme along these lines was actually marketed as ``Divx'' by Circuit City, in conjunction by the plaintiffs; the internal technical details of the scheme were different, but it looked the same to consumers in most respects, including most notably the requirement that the player be able to phone a central office (via an internal modem) to manage billing. (There is, of course, no connection between this scheme and a video compressor, also called ``Divx'', which has also been mentioned by the plaintiffs).

Certificates

We conclude with a less widely used, but still useful, example: certificates. MIT uses this mechanism to secure web access to student records. Briefly, a ``certificate'' is an electronic analog to a physical ID card with a watermark or raised seal -- a datum which is difficult to produce by someone without particular authority, but which anyone may easily inspect to determine that it has been produced properly. These are used in electronic communication as follows: a ``certification authority'' issues certificates to individuals who wish to be identified. (MIT serves as its own certification authority) They can subsequently present these certificates, via their web browsers, to a web server, which verifies that they have a proper certificate (the analog to a physical ID card with the proper seal), and may read the certificate to verify the user's identify (as a guard might read the ID card). The web server can then use the ``certified'' identity to determine whether or not to server a particular web page to the viewer -- in the MIT case, to assure that students view only their own records.

Note that while it is common practice to encrypt data protected by the certificate mechanism, simply to protect it from potential prying eyes as it traverses the network, that does not form part of the mechanism, and we would still have effective access control without it. This will become an important point later. To summarize again:

Many other access control mechanisms besides the ones we have discussed can be imagined, which all share those properties, but we need not go into all the possibilities here. The point is that the reading of the law which we have proposed allows the plaintiffs a variety of ways, some of which have already been deployed, to protect their content.

But, our reading does not provide protection under the law for a scheme like CSS, which, as we have seen, does not discriminate between movies that a user is authorized to view and those which they are not, and always grants access ``in the ordinary course of its operation''. To argue for protection for CSS under this law, then, the plaintiffs must adopt another reading. And they have.

CSS, DeCSS and plaintiffs' analysis

The plaintiffs believe this case is simple and straightforward. To quote one of their attorneys, Leon Gold, in pretrial hearings:

Circumvent means to descramble, and that's what DeCSS does. A technological measure effectively controls the access here to do the protected work and CSS is such a measure and it's designed to control access to our copyrighted works. Because CSS is an encryption technology, you've got to have a software key to open it, so CSS qualifies as an access control measure. And all of the statutory requirements are met, and defendants are clearly violating them.

Note the peculiar statement that ``Because CSS is an encryption technology, CSS qualifies as an access control measure''. This already indicates that the plaintiffs have adopted a somewhat strained reading of the statute. The statutory definition of ``effective access control'' -- that an effective access control measure is one that ``requires the application of information, or a process or treatment, with authority of the copyright owner, to gain access to the work'' -- makes no specfic reference to encryption, and indeed, as we have seen, it is perfectly possible to have an access control measure which does not encrypt the work it protects.

But rather than relying on Mr. Gold's perhaps hasty and off-the-cuff remarks, let's examine a more elaborate version of this argument, from a colloquy between David Carson, general counsel of the Library of Congress, and Dean Marks, head intellectual property lawyer for Time-Warner, at a hearing held regarding the DMCA at Stanford, concerning the notion of ``authority'' which is crucial to the statutory definition of ``effective access control'':

 16              MR. CARSON:  Are [DVD buyers] authorized to view
 17  [their DVD] on any machine they can find, that they can make
 18  to view it?
 19              MR. MARKS:  No, no.  They're authorized
 20  to view it on a licensed device.  If someone were to
 21  buy a VHS cassette, and they didn't have a VHS
 22  player, are they authorized to disassemble the
 23  videocassette, reproduce the film in there in 35-
 24  millimeter print and play it on their movie camera?
 25  I don't think so.
                                                   PAGE 249
  1              MR. CARSON:  Okay.  But, first of all,
  2  there's no contractual privity between the purchaser
  3  of that DVD and Time Warner, I assume.  There's no
  4  shrink-wrapped license.  You know, you don't sign a
  5  license saying, "I agree only to play this on an
  6  authorized player," when you purchase the DVD.
  7              MR. MARKS:  That's correct.  And neither
  8  is there a shrink-wrapped license when you buy a VHS
  9  cassette that's in NTSC format, and you only have a
 10  PAL player.

(Transcript of LOC hearing, Stanford, pp. 248-249).

So purchasers of a DVD are not entitled to view their DVD ``on any machine they can ... make'', but only on ``a licensed device''. But that is not due to any contractual obligation they personally have entered into, but due to the DMCA. However, once you have an authorized player, you are guaranteed to be able to play a given DVD; the player performs no authorization checks.

Note that the terms in which this is couched are rather different than in our analysis above -- they speak, for instance, not of authorized viewers, who may or may not be authorized to view a particular movie, but rather of authorized players, which, if authorized, may play any DVD.

What makes such a player authorized is, in the plaintiffs' view, the CSS license. If removal of the CSS obscuration is done by a licensed player, then the player has the authority of the copyright owner, and is therefore authorized. However, if the exact same process is performed by a player which was created by someone without a license, then it is unauthorized, and therefore circumvention, never mind that the two processes have the exact same effect.

Note also, that it is the manufacturer of the player who must be licensed in this view -- CSS licenses are not required of individual viewers, nor even, in the usual case, available to them. This system is not about controlling the access of individuals to DVDs; it is rather used to control (via the CSS licensing requirement) who may create players for them.

This is how our reading of the statute differs from that of the plaintiffs. We read the ``authority of the copyright owner'' to be the authority of a given user to view a particular work. But in the case of CSS, the copyright owners are claiming the right to control how, or whether, a particular piece of equipment performs a particular process.

It should be noted that the plaintiffs go on to state that this control only applies to ``access control processes'', and they sometimes go on to state that CSS fits that description because it is ``an encryption process''. Of which, more anon.

Problems with plaintiffs' analysis

There are a number of problems with the plaintiffs' assertion of a right, stemming from 1201(a), to vet the application of certain processes to their content. The legislative record is clear that Congress did not mean to create such a right, on the part of the defendants, and indeed amended the bill to avoid such an interpretation. Also, there are some basic Constitutional problems with this new exclusive right to vet implementations of an access-control process, which simply do not arise if the statute is read, as it seems clear that Congress intended, simply to give copyright holders the right to control access (and sue only when access was or might be provided to an unauthorized viewer).

False, pretextual encryption

We have seen that there are some problems with the plaintiffs' assertion that CSS meets the 1201(a) standard for ``effective access control'' processes because it is ``an encryption technology''. However, for the sake of argument, let us take them at their word. An empirical question then arises -- is CSS an encryption technology, evaluated by the usual technical criteria used in the field? We believe the answer is a qualified ``no''.

To explain this, let us briefly discuss what encryption is. In ``Privacy on the Line'', a book by Whitfield Diffie (coinventor of public-key cryptography) and Dr. Susan Landau, now of Sun Microsystems, define it as follows.

We shall describe cryptography for the moment only by what it does: a transformation of a message that makes the message incomprehensible to anyone who is not in posession of secret information that is needed to restore the message to its normal plaintext or cleartext form. The secret information is called the key, and its function is very similar to the function of a door key in a lock: it unlocks the message so that the recipient can read it.

(Diffie and Landau, ``Privacy on the Line'', MIT Press, 1998, p. 13).

A few things follow from this definition: the key must be physically separate from the work it protects; if not, then anyone who has the message has the key as well, so its contents are in no way protected from unauthorized recipients. Likewise, it must be something whose distribution is ordinarily limited to authorized recipients -- if the "key" is broadcast to the public at large, then any unauthorized recipient can obtain it at will, and once again, there is no real security. And of course, it must be difficult to obtain the plaintext of the message without the key.

With these definitions in hand, let us return to considering CSS. With regard to effectiveness, it suffices to refer to the declaration of Frank Andrew Stevenson, in which he exhibits a program that will recover the key from a ``scrambled'' piece of DVD video data (a so-called .vob file) in about a tenth of a second on a standard PC, thereby laying bare the data in the ``encrypted'' file. The weakest real encryption in common use (a strong symmetric algorithm with 40-bit keys) takes more than a week on a standard PC (assuming a million candidate keys can be checked per second; this will vary with the encryption algorithm), but even this can be broken in under a minute with special-purpose hardware. Security experts commonly describe 40-bit encryption as inadequate for serious use; algorithms for performing that encryption are freely available without any licensing requirments in standard textbooks. The CSS ``encryption'', simply evaluated on its merits, is laughable.

But that, by itself, is no basis for rejecting CSS under the law -- recall that the law's definition of ``effective access control'' (quoted above) simply describes what a technical protection measure must do ``in the ordinary course of its operation'', and has nothing to do with how easy it is to divert it into a different course. However, the law does specify what the technical measure must do, in the course of its operation, in order to be considered effective access control, namely, restrict access to a work to users with ``authority of the copyright owner'' -- in the case of cryptography by assuring that only authorized users have the key, like a physical padlock that keeps people without a physical key from entering a room.

Now, the CSS specification has several numbers in it which are described as ``keys''. However, none of these is given only to particular, authorized individuals. Most of the so-called keys are physically stamped into the same disc as the video they supposedly protect -- so anyone in physical possession of the video is necessarily in possession of the keys as well. If we may analogize a cryptographic key to a physical key for the padlock (on a room containing a work), then it's as if DVDs are distributed bearing padlocks which have their keys welded in -- the ``keys'' to unlock the work are physically stamped into the same disk as the work itself. You literally can't have one without the other. And anyone, authorized or not, can turn the ``key'' and gain entry. Such a ``key'' is not really a key at all; it's a fancy looking doorknob.

But the keys on the DVD are not all that is required to access the work. CSS also requires a ``player key'' embedded in DVD players made by licensees. However, any player key will ``unlock'' all CSS-protected DVDs. And anyone can buy a DVD player. So CSS does nothing to protect any particular work from access by people who are not authorized to view that work; unauthorized people can obtain a player from Best Buy, just like authorized ones. It is in this sense that CSS isn't really encryption; the function of cryptography is ordinarily to protect the contents of a message by people who aren't authorized to read it; but that's not what CSS does. Instead, it ``protects'' a work from being accessed by anything other than particular machinery. It doesn't control who views a work; it controls how the work is viewed.

In other words, CSS does not test in any way whether an individual viewer has ``the authority of the copyright owner'' to view a particular work. Instead, it imposes a process which is required to access the content of DVDs (the same process for all DVDs); the plaintiffs then want to be able to enjoin anyone from building equipment which performs that process without agreeing to their license, which imposes arbitrary terms of their choice, which may (and do) have nothing to do with access control, or copy control, per se. In effect, this would amount to a patent-like control over the process, with none of the limitations of patents, a point to which we shall return.

Encryption not required for access control; any process could be regulated

To sum up: the plaintiffs have adopted a reading of the law which allows them a patent-like control over processes which are required to gain access to their works -- that is, once again, that the law is meant to give them control over not just the act of access, but the means. They are suing because DeCSS threatens to allow DVD purchases to access the works they have purchased via means which they have not authorized (specifically, DeCSS itself).

When asserting this control, in court and elsewhere, the plaintiffs and their representatives are always careful to qualify it, by saying that this right to authorize means of access extends only to ``access control processes'', and not other kinds of processes. For instance, as we have seen, they have been careful to state in court that CSS is an access control process because it uses cryptography (a debatable position in and of itself, once the nature of that cryptography is analyzed, as we have seen).

However, no support for this assertion may be found in the statute. Neither the definition of access control nor that of circumvention in 1201(a) requires any particular structure of the access control mechanism, or the nature of the measures used to circumvent it. The definition of ``effective access control'' states simply that an effective access control must ``require the application of information, or a process or a treatment, with the authority of the copyright ower, to gain access to the work''; there is no restriction on the technical means by which this requirement is met. And while the definition of circumvention discusses descrambling and decryption, it also encompasses any other technique which allows a user to ``avoid, bypass, remove, deactive, or impair a technological measure'', again with no restriction to particular technical means.

Also, the plaintiffs use the terms ``decrypt'' and ``descramble'' interchangably, but standard rules of statutory construction tell us that different words apply to different things, and the range of technological measures which may be described as ``scrambling'' is so broad that it is no restriction in practice. For instance, we have already mentioned the MPEG compression process which is used on DVD video even without CSS. This process is intended solely to compress the data, with no pretense of access control. Yet, the compression process involves throwing away some of the data and thoroughly scrambling the rest, and intensive computation is required to ``descramble'' it back to ordinary digital video.

Lastly, let us note that there are real, deployed examples of access control (certificates, as discussed earlier) where the use of encryption, if any, is wholly incidental, and not a part at all of the access control provided. You can have access control without encryption -- and the plaintiffs' reading would have the bizarre effect of denying such systems protection under the law.

In short, the notion that the law is restricted to processes which are somehow cryptographic is fallacious. If the law actually grants the plaintiffs the authority they claim, then they could exercise that authority over any process which is necessary to gain access to one of their works, such as, for instance, a video compression algorithm. Thus, they would secure the benefits of a patent on that process without meeting any of the requirements (originality, protection for a limited time), a point to which we shall return.

Authority not granted to the party performing the ``decryption''

But first, let us return to the specific case of CSS. To summarize our analysis thus far: The plaintiffs claim it is an effective access control measure, even though it does not effectively control access (which is always granted ``in the ordinary course of its operation''), because it is ``an encryption process'', a claim which is debatable at best. On these bases, they claim that the ``decryption'' can only be performed with their authority, as expressed in the licenses they grant -- authority which must be expressed in a contract such as the CSS license; without such a grant of authority, the plaintiffs claim, ``decryption'' is illegal. But, if we grant them these claims, for the sake of argument, then it is not clear how a home user is ever authorized to play a DVD.

The usage scenario here is simple: the user puts their DVD into a player produced by a CSS-licensed manufacturer (say, Panasonic), and pushes the ``play'' button. The DVD then plays, so if encryption is involved in CSS at all, then decryption is being performed. But who is performing it? Not Panasonic -- Panasonic did not put the disk in the player, nor did they push the ``play'' button. It is the user who performed these actions, and caused the decryption to commence, so it is the user that is decrypting the DVD. And, if we grant the plaintiffs' claim that decryption may only be performed if they grant their authority to perform it, that authority must be granted to the party performing the decryption -- which in this case is the user, not Panasonic.

How, then, is authority communicated to the user? Not by contract; recall that Dean Marks of the MPAA was candid in acknowledging this, in colloquy with David Carson of the LOC:

  1              MR. CARSON:  Okay.  But, first of all,
  2  there's no contractual privity between the purchaser
  3  of that DVD and Time Warner, I assume.  There's no
  4  shrink-wrapped license.  You know, you don't sign a
  5  license saying, "I agree only to play this on an
  6  authorized player," when you purchase the DVD.
  7              MR. MARKS:  That's correct.
(Stanford LOC hearing transcript, p. 249). The only contract they have is with the player manufacturer, a CSS licensee -- Panasonic, in our example -- not with the user.

Note that a contractual grant of authority would be easy to arrange, as a shrink-wrap license on either the players or the DVDs. In fact, software DVD players typically do come with shrink-wrapped licenses. But these do not convey authority to use the player to view anyone's works. Quite the opposite, in fact. For instance, the Xing player license advises the user that:

7. All video, audio and other content accessed through the Product is the property of the applicable content owner and may be protected by applicable copyright law. This Agreement gives you no rights to such content.
(Xing player license, declaration of Chris Eddy in the California trade-secret case, p. 5).

How, then, is the plaintiffs' authority granted to the users, if not by contract (which it would have imposed no burden upon them to arrange)? Is it simply defined by whatever uses of CSS the plaintiffs deem, in closed, privileged conversations to their attorneys to be authorized? And if so, how are ordinary citizens outside of those cloistered rooms to know whether any particular use is authorized, or whether it is a violation of the law?

Conflicts with the First Sale doctrine

Another way of looking at the question of when, and how, authority is conveyed to the purchaser is to consider that question in the light of the First Sale doctrine, codified at 17 USC 109. This section of the copyright laws governs what rights are transferred to the purchaser of a published work, in the absence of a contract with the copyright owner (which clearly does not exist in the case of DVDs). It states that when a copy of a published work is sold, the purchaser acquires all rights other than those listed in 17 USC 106 as exclusive rights of the copyright owner. In fact, 17 USC 109(c) specifically provides that the right to privately display the work is transferred.

In other words, the copyright laws state that when a published work is sold, the coypright owner voluntarily parts with the rights of control associated with ownership of a copy, and the purchaser of the DVD acquires the right to display the work to an audience in the physical presence of the copy. Since display inherently requires the act of access if the work is scrambled, the right of access is part of the larger right to display -- authority over which, once again, the copyright holder has voluntarily surrendered at the point of sale.

If surrendering those rights is not to the taste of certain copyright owners (including, evidently, the movie studios), the law does give them an option: they may sell their works, as is commonly done with software, pursuant to an explicit license agreement which imposes whatever additional restrictions are to their taste; contract law, then, rather than copyright law applies. And such a model of sales would impose scant burden on the plaintiffs; following the practice of software shrink-wrap license agreements, they can simply notify the buyer of the contract in a prominent way, and allow the purchaser to return the work if they don't agree with the terms. In fact, there is precedent for exactly that arrangement with the ``DivX'' pay-per-view scheme for controlling DVDs, which did require the consumer to sign an explicit contract.

(Incidentally, the prospect of communicating restrictions by license agreement clarifies that there is no conflict whatever between 17 USC 109, the First Sale doctrine, and 17 USC 1201, the anticircumvention provisions of the DMCA. If a copyright owner wants to exercise their right to control access to a work via technical measures, granted by 1201, all the First Sale doctrine requires is that they provide a license agreement notifying the purchaser of what they are doing, which seems only fair).

However, in the case of DVDs, the movie studios have chosen not to impose a license agreement, and to sell within the terms of traditional First Sale. They made that choice, while well advised by their own counsel; they should be prepared to live with it.

Access controlled is access to a market, not access to a work

Another problem with the plaintiffs' analysis is that they are not using CSS to control access to works. As we have noted already many times, any DVD will play in any DVD player. What they are using it for is to impose conditions on the manufacture of players -- some of which have to do with the goals of the DMCA (e.g., imposition of Macrovision copy control), and some of which simply do not (e.g., region control).

In other words, the plaintiffs are asserting that the DMCA gives them the right to control access into the market for DVD players, by requiring anyone who builds a player to enter into a license agreement, to which they can attach arbitrary terms.

Again, it is interesting to observe the colloquy of Mr. Carson of the LOC, and Mr. Marks, representing the DMCA, on this point. Mr. Carson began by noting that CSS, as described by Mr. Marks, had nothing to do with access control as he (correctly) understood it:

  6              It strikes me that what we are
  7  describing is perhaps a copying control device in
  8  access control clothing.  In other words, you've got
  9  a device that controls access to a work, but not in
 10  the way that, certainly before this rulemaking
 11  began, I thought we were talking about.  We were
 12  talking about access control devices.
 13              In other words, I assumed -- naively,
 14  perhaps -- that a technological measure that
 15  controls access to a work, the purpose of that is to
 16  make sure that authorized users and only authorized
 17  users are getting access to the works.  So if I paid
 18  the price to the copyright owner otherwise be able
 19  to use that work, then I'm entitled to use it.
 20              And if he somehow gets access to it by
 21  circumventing encryption or passwords, or whatever,
 22  then she's in trouble because she's not an
 23  authorized user.  I'm not in trouble because I am.
 24  That's got nothing to do, as far as I can tell, with
 25  what you're talking about.
(LOC hearing transcript, p. 245)

Here is what Mr. Marks had to say in response:

  6              MR. MARKS:  I think it's partially a
  7  fair description.  I think it is also used -- the
  8  fact that the work is encrypted is used to try and
  9  guarantee that the user has legitimately -- has
 10  legitimate access to the work as well.  I mean, I
 11  don't think it's completely devoid, the CSS system,
 12  of trying to ensure that those people that -- for
 13  example, would just simply duplicate the DVD disks -
 14  - you know, pirates who would duplicate the DVD
 15  disks.
 16              And if there were pirate players that
 17  were unlicensed, they wouldn't be able to play those
 18  disks because they were encrypted with CSS.  That
 19  serves an access control function as well.
(LOC hearing transcript, p. 246)

So, Mr. Marks suggests two ``access control'' functions for CSS. One of these functions is, in fact, copy control, not access control; the other has to do with ``pirate'' players. Furthermore, Mr. Marks immediately admitted that CSS does not, in fact, have anything to do with copy protection, per se, returning once again to players:

 20              MR. CARSON:  But a duplicated --
 21              MR. MARKS:  A duplicated DVD disk is
 22  going to duplicate the CSS encryption.
 23              MR. CARSON:  And can be played on any
 24  legitimate player.
                                                   PAGE 247
  1              MR. MARKS:  And can be played on any
  2  legitimate player, legitimate licensed CSS player.
  3  And not be played on non-licensed players.
(LOC hearing transcript, pp. 246-247)

So, the only ``access control'' function served by CSS is, by Mr. Marks own testimony, regulation of the player market -- specifically, restricting it to ``licensed players''. Where a licensed player, of course, is one whose manufacturer agreed to the full terms of the CSS license agreement -- terms which, like region controls, may have absolutely nothing to do with the purposes of the DMCA. And later, when Mr. Carson asked what defined an ``authorized user'', in the view of Time Warner, Mr. Marks replied that that was anyone who had legal possession of a DVD and a licensed player (the only legal kind of player, in the plaintiffs' view):

 21              [MR. CARSON:] In other words, there's no reason to
 22  believe as a general proposition that someone who
 23  has a commercially manufactured and marketed DVD,
 24  manufactured by Sony, perhaps, or any of the major
 25  studios -- Time Warner, whatever -- is not an
 26  authorized user.
                                                   PAGE 248
  1              If someone has that DVD which is
  2  manufactured by Time Warner, you're going to presume
  3  they're an authorized user, aren't you?
  4              MR. MARKS:  Yes.  Although you'd have to
  5  sort of define what you mean by authorized user.  If
  6  someone has purchased a DVD from Time Warner,
  7  they're authorized to play it on a licensed DVD
  8  player.  They can play it as many times as they
  9  want, there's no restriction on saying it's a one-
 10  time play, it's a two-time play.
(LOC transcript, pp. 247-248)

So, again, Mr. Marks makes plain that CSS has nothing with do with seeing whether a given user gets to see a movie -- if they have the disk, CSS will allow any licensed player to play it for them. The sole ``access control'' function of CSS, on Mr. Marks' own explicit testimony, is to restrict DVD playback to ``licensed'' players -- i.e., those whose manufacturers have agreed to abide by the plaintiffs' restrictions, whatever they may be.

Before the passage of the DMCA, this would have been somewhat questionable; indeed, it has at least the appearance of an illegal tying arrangement. But that is not what we wish to investigate here -- we simply wish to know if this is the sort of arrangement that Congress meant to protect when they passed this law. So, let us see.

Inconsistent with Congressional intent

The legislative history, unsurprisingly, does have something to say about how Congress envisioned the relationship between the copyright holders and makers of players for their works. Both houses of Congress wanted to maintain the rule established in the Betamax case, that any device with a legitimate purpose was legal, and that the copyright holders not be able to decide among themselves what constituted a legitimate purpose. Sen. Ashcroft, in the Senate:

In discussing the anti-circumvention portion of the legislation, I think it is worth emphasizing that I could agree to support the bill's approach of outlawing certain devices because I was repeatedly assured that the device prohibitions in 1201(a)(2) and 1201(b) are aimed at so- called ``black boxes'' and not at legitimate consumer electronics and computer products that have substantial non-infringing uses. I specifically worked for and achieved changes to the bill to make sure that no court would misinterpret this bill as outlawing legitimate consumer electronics devices or computer hardware. As a result, neither section 1201(a)(2) nor section 1201(b) should be read as outlawing any device with substantial non-infringing uses, as per the tests provided in those sections.

If history is a guide, however, someone may yet try to use this bill as a basis for initiating litigation to stop legitimate new products from coming to market. By proposing the addition of section 1201(d)(2) and (3), I have sought to make clear that any such effort to use the courts to block the introduction of new technology should be bound to fail.

As my colleagues may recall, this wouldn't be the first time someone has tried to stop the advance of new technology. In the mid 1970s, for example, a lawsuit was filed in an effort to block the introduction of the Betamax video recorder. I think it useful to recall what the Supreme Court had to say in ruling for consumers and against two movie studies in that case:

One may search the Copyright Act in vain for any sign that the elected representatives of the millions of people who watch television every day have made it unlawful to copy a program for later viewing at home, or have enacted a flat prohibition against the sale of machines that make such copying possible.
As Missouri's Attorney General, I had the privilege to file a brief in the Supreme Court in support of the right of consumers to buy that first generation of VCRs. I want to make it clear that I did not come to Washington to vote for a bill that could be used to ban the next generation of recording equipment. I want to reassure consumers that nothing in the bill should be read to make it unlawful to produce and use the next generation of computers or VCRs or whatever future device will render one or the other of these familiar devices obsolete.
(Congressional record, 14 May 1998, p. S4890).

Which was echoed on the other side of the aisle; here are remarks from Rep. Klug, in the final debate on the Conference Committee bill:

Both of these changes share one other important characteristic. Given the language contained in the Judiciary Committee's original bill, specifically sections 1201(a)(1), (a)(2), and (b)(1), there was great reason to believe that one of the fundamental laws of copyright was about to be overruled. That law, known as Sony Corporation of America v. Universal Studios, 464 U.S. 417 (198), reinforced the centuries-old concept of fair use. It also validated the legitimacy of products if capable of substantial non-infringing uses. The original version of the legislation threatened this standard, imposing liability on device manufacturers if the product is of limited commercial value.

Now, I'm not a lawyer, but it seems irrational to me to change the standard without at least some modest showing that such a change is necessary. And, changing the standard, in a very real sense, threatens the very innovation and ingenuity that have been the hallmark of American products, both hardware and content-related. I'm very pleased that the conferees have meaningfully clarified that the Sony decision remains valid law. They have also successfully limited the interpretation of Sections 1201(a)(2) and (b)(1), the ``device'' provisions, to outlaw only those products having no legitimate purpose. As the conference report makes clear, these two sections now must be read to support, not stifle, staple articles of commerce, such as consumer electronics, telecommunications, and computer products used by businesses and consumers everyday, for perfectly legitimate purposes.

(Congressional Record, 12 Oct. 1998, p. H10621)

But, might it change things if a player manufactured without the cooperation of the copyright holders exposed their works to the possibility of unauthorized duplication? The answer, as clearly envisioned by Congress, is no; they even amended the law to try to preclude such an interpretation. Sen. Ashcroft, again, in the immediate continuation of the speech quoted above:

Another important amendment was added that makes clear that this law does not mandate any particular selection of components for the design of any technology. I was concerned that this legislation could be interpreted as a mandate on product manufacturers to design products so as to respond affirmatively to effective technical protection measures available in the marketplace. In response to this concern I was pleased to offer an amendment, with the support of both the Chairman and the Ranking Member of the Committee, to avoid the unintended effect of having design requirements imposed on product and component manufacturers, which would have a dampening effect on innovation, and on the research and development of new products. Accordingly, my amendment clarified that product designers need not design consumer electronics, telecommunications, or computing products, nor design and select parts or components for such products, in order to respond to particular technological protection measures.

This amendment reflects my belief that product manufacturers should remain free to design and produce consumer electronics, telecommunications and computing products without the threat of incurring liability for their design decisions under this legislation. Nothing could cause greater disaster and a swifter downfall of our vibrant technology sector than to have the federal government dictating the design of computer chips or mother boards. By way of example, during the course of our deliberations, we were made aware of certain video boards used in personal computers in order to allow consumers to receive television signals on their computer monitors which, in order to transform the television signal from a TV signal to one capable of display on a computer monitor, remove attributes of the original signal that may be associated with certain copy control technologies. I am acutely aware of this particular example because I have one of these video boards on my own computer back in my office. It is quite useful as it allows me to monitor the Senate floor, and occasionally ESPN on those rare occasions when the Senate is not in session. My amendment makes it clear that this legislation does not require that such transformations, which are part of the normal conversion process rather than affirmative attempts to remove or circumvent copy control technologies, fall within the proscriptions of chapter 12 of the copyright law as added by this bill.

(Congressional record, 14 May 1998, pp. S4890-S4891).

In this example, Sen. Ashcroft cites a device which actually bypasses a technical protection measure as not actionable circumvention under the law, because the end effect is not to provide a work to an unauthorized person. (The amendment to which Ashcroft refers was codified as 1201(c)(3)).

In these quotes and others, Congress was expressing a clear intent that the DMCA not be used as a club for copyright owners to dictate how products like computers, programs, and DVD players could be designed -- an intent that was echoed in the House debate (by Klug and others), and carries straight through to the Conference Committee report:

Persons may also choose to implement a technological measure without vetting it through an inter-industry consultative process, or without regard to the input of affected parties.
(Congressional Record (House), 8 Oct. 1998, p. H10065)

Note here that copyright owners are specifically denied the right to vet and approve implementations of their access control measures. In fact, they go on to stress that such reimplementations are allowed to suppress incidental effects, if that's needed for usability:

Under such circumstances, such a technological measure may materially degrade or otherwise cause recurring appreciable adverse effects on the authorized performance or display of works. Steps taken by the makers or servicers of consumer electronics, telecommunications or computing products used for such authorized performances or displays solely to mitigate these adverse effects on product performance (whether or not taken in combination with other lawful product modifications) shall not be deemed a violation of sections 1201(a) or (b).
(Congressional Record (House), 8 Oct. 1998, p. H10065)

This makes plain that the only protection afforded under 1201 is against products which perform circumvention per se -- for 1201(a), that would be actually allowing unauthorized access -- and not for whatever incidental effects an access control mechanism might have or perform. Other Congressmen made similar remarks, and some were even more emphatic than the ones I've quoted so far. Here's Sen. Kohl, speaking before the floor vote on the Conference Committee's final bill:

[1201(c)(3)] reflected my belief that product manufacturers should remain free to design and produce the best, most advanced consumer electronics, telecommunications, and computing products without the threat of incurring liability for their design decisions. Creative engineers-not risk-averse lawyers-should be principally responsible for product design.
(Congressional Record (Senate), 8 Oct. 1998, p. S11888)

Inconsistent with other provisions of the DMCA

We might also note that the injunction sought by the plaintiffs would harm some fields of activity specifically protected by the DMCA.

Cryptographic research, for example, is the study of security systems and their failures; to the extent that CSS qualifies as an access control mechanism, or security system, at all, it is clearly a fit subject for such research. And it is a field of endeavor granted specific protections in the DMCA, as 1201(g). However, that research can only proceed if the researchers are allowed to communicate precise descriptions of the system, its components, and its operation -- and it is exactly that communication, in the form of computer source code, which the plaintiffs are seeking to enjoin.

The plaintiffs' interpreation is also somewhat difficult to reconcile with the provisions for reverse engineering in the Act. The whole point of reverse engineering, as it is ordinarily practiced, is to allow an engineer to discover features of a system or product which its manufacturer has chosen not to disclose, in order that the engineer can design a device with similar functions without having to license the relevant details from the manufacturer. But if a license is required for the engineer's product to be legal anyway, why protect the process of reverse engineering?

Inconsistent with Constitutional principles

Finally, let us try to relate the new right the plaintiffs are claiming to the Constitution. What the plaintiffs are claiming, once again, is a patent-like power to regulate the manufacture of players which perform their ``access control'' process. Constitutional enabling language for both patents and copyrights, which (in Article I, Sec. 8) grants Congress the power ...

To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries.

This has traditionally been interpreted as restricting the power of Congress to create exclusive rights for authors and inventors in several ways:

The access-control right fails the first two of these tests flat -- there is no time limit; more strangely, in this case, we have authors (copyright holders) claiming an exclusive and perpetual right to a ``process or treatment'' which is applied to their work -- clearly an invention.

Abuse of paracopyright

Lastly, even if we accept that plaintiffs have been granted a patent-like right to control the implementation and use of CSS, in perpetuity, the courts have long held that there are limits to the scope of such grants, based on a long history of jurisprudence which states that in order to fulfill its Constitutional purpose, the monopoly grant provided by laws is limited tightly to the actual intellectual property.

The basis of this jurisprudence is not the antitrust laws, but the Constitution itself. Indeed, as the Supreme Court ruled in Morton Salt (quoted below) the question of antitrust violation per se is irrelevant; what matters is the public purpose underlying the intellectual property grant. Morton Salt stated this rule for patents; several circuits have extended the principle to copyrights; it is clear that similar limits should apply to whatever new ``paracopyright'' rights were granted by the DMCA. And in already tying CSS to mechanisms like region coding -- a mechanism whose explicit, designed purpose is restraint of trade between the regions -- the plaintiffs are clearly exceeding the bounds.

The plaintiffs' witnesses admit and relish the tying between movies and players, as the numerous quotes about ``authorized'' and ``licensed'' players clearly show; the whole purpose of the CSS licensing regime is to impose restrictions on the players. As Mr. Marks testified at the LOC hearing:

6 Those devices, whether they be players 7 or personal computers or the Sony PlayStation who 8 would like to have their devices be able to display 9 and play back those DVD disks need to get a license 10 to be able to decrypt the CSS encryption system. 11 They do that by going to the DVD-CCA and applying 12 for a CSS license. 13 That CSS license gives them the keys and 14 tools to be able to decrypt the disks. It also 15 imposes certain conditions on what the device can do 16 with the content once it is decrypted. One of those 17 obligations, for example, is that the content is not 18 allowed to flow out in the clear on a digital 19 output.
(LOC hearing transcript, p. 242). The collective market power of the movie studios in the DVD market is obvious and undisputed. Through contractual arrangement with the DVD-CCA, the studios have formed a trust which seeks to force an unwanted licence on all prospective members of the DVD player market. This is as obvious a case of tying as one can imagine. The collective force of the trust of all movie studios has subordinated an entirely new technology market under the guise of access authorization.

``First, as to antitrust liability, case law supports the proposition that a holder of a patent or copyright violates the antitrust laws by 'concerted and contractual behavior that threatens competition.' '' Image Technical Services Inc v. Eastman Kodak Co, No. 96-15293, (9th Cir. 8/26/97).

The problem becomes clear when we read the statute's requirement for the authorization of ``the'' copyright owner. Setting aside the ``which came first, the access or the device'' question, if each studio were to market its access authority independently, no trust would exist and there would not be a problem. However, through collusion the Copyright Act is subverted. The MPAA authorization model provides authority not from the copyright holder of the individual movie, but rather from a single entity which speaks for the entire trust of all movie studios. Copyright holders not acting as part of a trust might disagree on whether and end user could create unencrypted copies for certain purposes. If the MPAA model does not create a trust, how can can authorization be coherently defined when different copyright holders make different determinations on authorization in a common protection scheme.

The industries' desire for standardization cannot serve as the escape hatch here. The true intent of the DMCA was to allow First Sale to be taken for the keys to encrypted works. These keys could easily be placed in a variety of standardized players without the need for a trust that would drive restrictive conditions and expensive prices to all would be player developers.

It is commonplace for encryption algorithms to be openly distribution and yet the keys they use to remain proprietary. In fact, this is the prefered model for the field, because it is widely acknowledged that trying to keep the alogorithm secret is doomed to failure. So-called ``security through obscurity'' is a ``beginners mistake'', in the words of the expert witnesses for the defense.

While a violation of antitrust laws is sufficient, it is not strictly necessary for a defense to an intellectual property violation, as argued persuasively in Lasercomb v. Reynolds:

A patent or copyright is often regarded as a limited monopoly - an exception to the general public policy against restraints of trade. Since antitrust law is the statutory embodiment of that public policy, there is an understandable association of antitrust law with the misuse defense. Certainly, an entity which uses its patent as the means of violating antitrust law is subject to a misuse of patent defense. However, Morton Salt held that it is not necessary to prove an antitrust violation in order to successfully assert patent misuse:

``It is unnecessary to decide whether respondent has violated the Clayton Act, for we conclude that in any event the maintenance of the present suit to restrain petitioner's manufacture or sale of the alleged infringing machines is contrary to public policy and that the district court rightly dismissed the complaint for want of equity.'' 314 U.S. at 494. See also Hensley Equip. Co. v. Esco Corp., 383 F.2d 252, 261 & n. 19, amended on reh'g, 386 F.2d 442 (5th Cir. 1967); 8 Walker on Patents, at § 28:33.

So while it is true that the attempted use of a copyright to violate antitrust law probably would give rise to a misuse of copyright defense, the converse is not necessarily true - a misuse need not be a violation of antitrust law in order to comprise an equitable defense to an infringement action. The question is not whether the copyright is being used in a manner violative of antitrust law (such as whether the licensing agreement is "reasonable"), but whether the copyright is being used in a manner violative of the public policy embodied in the grant of a copyright.

Morton Salt expressed the Supreme Court's view on misuse of patents, which Lasercomb translated into copyrights. It is only since the rise of copyrighted computer programs that misuse of copyright has gotten attention. Still, Lasercomb's perspective has subsequently been endorsed by the 5th Cirtuit as well, eg Alcatel USA v. DGI Technologies, No. 97-11339, (5th Cir. 1999). When the Lasercomb standard is take together with that of Morton Salt, a comprehensive statement covering intellectual property can be formed:

The grant to the creator of the special privilege of a intellectual property grant carries out a public policy adopted by the Constitution and laws of the United States, "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors ...the exclusive Right ..." to their original works and novel inventions (United States Constitution, Art. I, section 8, cl. 8). But the public policy which includes original works and inventions within the granted monopoly excludes from it all that is not embraced in the original expression or novel invention. It equally forbids the use of the intellectual property grant to secure an exclusive right or limited monopoly not granted by the Copyright or Patent Office and which it is contrary to public policy to grant.

Interestinly enough, the judicial origin of intellectual property misuse is traced by James A.D. White in his article ``Misuse or Fair Use: That is the Software Copyright Question'' (Berkeley Technology Law Journal 12-2, Fall 1997) to a Supreme Court case strikingly similar to the one at hand.

The doctrine of intellectual property misuse first arose in the early 1900s in conjunction with the use of patents. In the 1917 case of Motion Picture Patents v. Universal Film Mfg. Co. [243 U.S. 502 (1917)], the patentee licensed its patented movie projector on the condition that the film used in the machine must be purchased from the patentee (a type of tying arrangement). The Court found that:

[S]uch a restriction is invalid because such a film is obviously not any part of the invention of the patent in suit; because it is an attempt, without statutory warrant, to continue the patent monopoly in this particular character of film after it has expired, and because to enforce it would be to create a monopoly in the manufacture and use of moving picture films, wholly outside of the patent in suit and of the patent law as we have interpreted it.

In short, the Court denied relief to the patentee because the licensing restrictions attempted to extend the scope of the film projector patent into the unpatented area of film.

The same logic applies to the studios' use of CSS on movies. Were it confined to assuring that the consumer purchased the descrambling key before viewing the work, there might not be a problem. However, just as in Motion Picture Patents, the intellectual property rights to the work are tied not just to the key, but to full blown players which implement additional technology that is not part of the monopoly grant. Further this technology can only be obtained, according to the MPAA, subject to the DVD-CCA licence which contains anticompetitive terms that attempt to restrict end-users from reverse engineering it and prevent public disclosure of the ideas it contains. Both restrictions violate 17 USC 102(b) which forbids copyright protection to ``ideas'' or ``methods of operation''.

The reasoning from 1917 is timeless. These restrictions are invalid because a player is obviously not any part of the creation of the intellectual property in suit; because it is an attempt, without statutory warrant, to extend the intellectual property monopoly in this instance movies on DVD, beyond the scope and duration statutorily protected, and because to enforce it would be to create a trust in the licencing and use of DVD players, wholly outside of the intellectual property in suit, and hence beyond the reach of intellectual property laws as the Supreme Court has interpreted them.

These problems inhere only to the plaintiffs' reading

It is noteworthy that the problems discussed above largely go away when the statute is read, as seems clear it was intended, to protect only measures which test whether a user is authorized to view a particular work, and only to the effect that plaintiffs' can sue if such a test is subverted, not if it is performed correctly by a device which they have not licensed. In this reading, the law becomes reflective of the expressed Congressional intent, not completely at variance with it. And the law is no longer seen as granting exclusive rights over any process to copyright holders. (No such grant is necessary to protect legitimate access control; Congress can ban circumvention tools without granting exclusive rights to manufacturers of access controls just as they can ban burglary tools without granting a new form of intellectual property right to locksmiths).

Consequences of adopting plaintiffs' reading

We have argued so far that the plaintiffs' reading of the DMCA is at odds with the text of the statute itself, with legislative intent, and with the Constitution. However, if they were to prevail, it would establish a precedent which would, in the long run, be enormously harmful to the public interest. To see this, let us examine what the rights plaintiffs are claiming in this case, and consider what similar claims they might make in the future.

Imposition of arbitrary use controls on work, via license restrictions

To begin with, the plaintiffs are claiming a monopoly right to vet and approve implementations of the CSS process, a process which is necessary to render the video from any DVD (deriving this supposed right from the notion that CSS is an ``access control'' process, even though it does no more to check that the viewer of a given disk is in any sense authorized than do any of the other, numerous processes such as MPEG decompresssion which are necessary to achieve the same end). To put the matter simply, it is not possible to build a useful DVD player -- one which will render the movies on any of the DVD disks commonly sold in stores -- which does not perform the CSS process. (One could build a DVD player which did not do CSS, but it would not render the vast majority of current DVD titles, and would be very little use in the usual role of such a player in home entertainment). So, if plaintiffs succeed in their case, it will not be possible to build a useful DVD player without a license.

And, while the fee for these licenses is (so far!) nominal, and they have been given out (so far!) to anyone who was willing to agree to the terms of the license, there is a catch -- namely, the terms of the license, which already impose conditions which many might find obnoxious.

One such condition, for instance, is the implementation of the ``region coding'' mechanism, by means of which the plaintiffs mark certain disks as intended for particular markets, so that a DVD sold in the United States, for instance, is not supposed to be playable in Brazil. Many people (not excepting Americans, who are not supposed to be able to view disks sold in Europe!) might find this to be an obnoxious restrigion. Indeed, in Europe, there is already a substantial market for DVD players without region control, and for kits to disable the region control mechanism in DVD players. This region coding mechanism has nothing to do with either access control or copy control, the two nominal rights provided by copyright holders under the DMCA. Yet, the plaintiffs are using their supposed right to license the CSS mechanism as a club to force player manufacturers to adopt it.

And there is nothing in the plaintiffs' reading of the law to prevent them from imposing even more restrictions on CSS licensees in the future, which, if translated into mechanisms such as region coding, would be translated directly into controls of the use of their works by the consumer. In effect, the plaintiffs would have bootstrapped the access control power, which they were given by Congress into a power to control the use of their works, which they were denied. And they would have reestablished the end-to-end control of the chain through which their works are distributed which they lost decades ago in U.S. v. Paramount -- they would not directly control the players in peoples' homes, but they would have so much control over what those players were allowed to do that the effect on the public interest would be as severe as if they did.

Economic control of the player market

Likewise, while the plaintiffs are not charging excessive fees or discriminating against potential licensees now, there is nothing in their reading of the law to prevent them from doing so in the future, thereby allowing them to pick and choose among potential licensees. They would have bootstrapped the ``access control'' power into power to control the design of products which play their works -- another power which Congress specifically denied them.

In short, if the plaintiffs are allowed to impose arbitrary terms in the CSS license, and to require such a license as a condition of legal manufacture of players for their work, they would have acquired a power of enormous scope, of immense value to them, but hugely inimical to the public interest.

About this document ...

``Authority of the copyright owner'' in 1201(a)

This document was generated using the LaTeX2HTML translator Version 98.1p1 release (March 2nd, 1998)

Copyright © 1993, 1994, 1995, 1996, 1997, Nikos Drakos, Computer Based Learning Unit, University of Leeds.

The command line arguments were:
latex2html -split 0 auth.tex.

The translation was initiated by Robert S. Thau on 2000-08-01


next up previous
Robert S. Thau
2000-08-01