Developments in the Protection of DRM

March 1, 2000

There have been many recent examples of the tension between those who want to control the manner in which digital content is distributed and those providing technology to enable content to be used in different ways. You need only to look at the content industry’s ongoing war with peer-to-peer networks for high profile evidence (see MGM v Grokster 545 US 125 (2005) in the US and Universal Music Australia Pty Ltd v Sharman License Holdings Ltd [2005] FCA 1242, 5 September 2005 in Australia). 

While technological innovation has created new opportunities to produce perfect digital copies of content, one of the content industry’s responses has been to develop digital rights management (or DRM) technology (usually referred to in legislation as “technological protection measures”). While the music industry is only just getting to grips with some of the challenges of using DRM (see the recent controversy over the “Rootkit” DRM technology used by Sony-BMG in its music CDs), the computers games industry has much more experience. However, it has not been without its problems, which can be seen from a number of cases around the world relating to the use of mod chips to circumvent the DRM technology (based on access codes) used by Sony in its PlayStation consoles and licensed computer games. This technology is designed to prevent infringing copies of games being played on the PlayStation console and to ensure that games bought in one of Sony’s three world regions cannot be played in another region. 

The most recent decision was made by the High Court of Australia in the case of Eddie Stevens v Sony Kabushiki Kaisha Sony Computer Entertainment [2005] HCA 58 (6 October 2005). In this case, the High Court of Australia held that it was not an infringement of s. 116A(1) of the Copyright Act 1968 to modify a games console (with a mod chip) to enable infringing copies of games and games purchased in other regions to be played on it. This is in stark contrast to the decisions in a number of other jurisdictions (including the US and the UK), where the use of mod chips for this purpose has been held to infringe applicable copyright legislation. However, changes to the Copyright Act in Australia will mean that Australian courts are far more likely to follow the US lines of cases, as mentioned below.

Before analysing the cases and legislation, it is important to understand in outline how Sony’s technology works. 

Access Codes
While Sony PlayStation consoles are sold across the globe, it uses different access codes to allow the games to be played in three distinct regions, based on the following regions: (1) US, (2) Europe and Australasia and (3) Japan. These access codes mean that games bought in one region cannot be played in another (known as “region locking”). The access codes are also used to prevent infringing copies of the games being played on the console. 

The access code on a game consists of a string of encrypted sectors of data. Once the game is inserted in the console, but before it is played, a Boot ROM chip in the console reads the data. If the game is an infringing copy or game from another region, then the necessary access code is not found on the CD-ROM and the game will not load. 

Region locking was originated by Nintendo and is now used on most games consoles (including the Microsoft Xbox and Xbox 360), although it is not used on the Nintendo DS and Sony’s recently launched PSP. It remains to be seen whether region locking will be used by Sony in its PlayStation 3, due to be launched in 2006.

Mod chips
A mod chip is a programmed computer chip which can be used to modify a console so that it is instructed to accept any CD-ROM, irrespective of the access code (ie it effectively overrides the console’s programming). The result is that the mod chip enables the loading onto the console of a game from another region or an infringing copy of a game.

International Response
An international response to technological threats to DRM technology was introduced as part of the WIPO treaties in 1996 (the WIPO Copyright Treaty or WCT and the WIPO Performances and Phonograms Treaty or WPPT).  Article 11 of the WCT (Article 18 of the WPPT has similar effect) stated:

“Contracting parties shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorised by the authors concerned or permitted by law.”

This is clearly expressed in very broad terms and gives signatory states considerable scope to decide the manner of implementation. As a result, while most countries now have a law which protects DRM, there are important differences in the detail of the legislation. However, the international nature of this legal principle means that it can be useful to look at cases from other jurisdictions to understand how the law is developing.

The EU response to the WCT and WPPT was implementation in 2001 of the Copyright Directive (2001/29/EC), which required the EU member states to introduce implementing legislation by 22 December 2002. Article 6 of the Copyright Directive provides similarly broad language as to the extent of protection, although it refers to the fact that the person circumventing must know or have reasonable grounds to know the objective that is being pursued. It also requires adequate legal protection against those who manufacture devices which are designed to circumvent effective technological measures. However, the Copyright Directive also required member states to take appropriate measures to ensure that “permitted acts” (ie the acts which are permitted under national law without infringing copyright) may be exercised.

Rights related to the prevention of the circumvention of DRM are generally referred to as “paracopyright”, since liability could arise from conduct independent of any actual infringement of copyright.

Developments in Australia
On 6 October 2005, the High Court of Australia held that the sale and installation by Mr Stevens of mod chips for Sony PlayStation consoles was not in breach of the anti-circumvention provisions of the Copyright Act 1968. The main issue before the court was whether the device used by Sony in its PlayStation consoles constituted a “technological protection measure” within the meaning of s 116A(1) of the Copyright Act. 

Sony argued that there were three different potential copyright infringements: (i) the unlicensed copying of and dealings in unlicensed copies of CD-ROM game software; (ii) the unauthorised reproduction of game software when it is run on a console; and (iii) the unauthorised reproduction of a cinematograph film when the game is run on a console.

Under Australian law, “technological protection measure” (or TPM) was defined in s. 10 of the Copyright Act as:

“a device or product, or a component incorporated into a process, that is designed, in the ordinary course of its operation, to prevent or inhibit infringement of copyright in a work or other subject-matter by either or both of the following means:

(a) by ensuring the access to the work or other subject matter is available solely by use of an access code or process (including decryption, unscrambling or other transformation of the work or other subject-matter) with the authority of the owner or exclusive licensee of the copyright;[or]

(b) through a copy control mechanism.”

A “circumvention device” was then defined as a device which has only a limited commercially significant purpose or use, or no such purpose of use, other than the circumvention of a TPM.

Another important element of Australian law is that for copyright to be infringed by reproduction, that reproduction must be in a material form. This is in contrast to the law in the UK, where it is clear that, while s 17(2) of the Copyright, Designs and Patents Act 1988 requires reproduction in a “material form”, a transient copy is sufficient to infringe copyright – this was discussed in Kabushiki Kaisha Sony Computer Entertainment Inc v Ball [2005] EWHC 1522 (Ch), which is mentioned below.  

At first instance, Sackville J’s approach to construction of this section, followed by the High Court, analysed closely the text and structure of this definition. He rejected the argument that a device fell within the definition even if it merely had a general deterrent effect on infringement. His view was also that running the game did not involve reproduction of the software in material form or substantial reproduction of a cinematograph film. He concluded (at [38]) that:

“a “technological protection measure”, as defined, must be a device or product which utilises technological means to deny a person access to a copyright work [or other subject matter], or which limits a person’s capacity to make copies of a work [or other subject matter] to which access has been gained, and thereby physically prevent or inhibits the person from undertaking acts which, if carried out, would or might infringe copyright in the work [or other subject matter].”

In the Full Court, this interpretation was overruled and the statute was interpreted in a broad manner. The Full Court held that it was sufficient for a device to be designed to deter or discourage infringement to fall within this definition. In the Full Court’s view, a TPM is a device that is designed to make copyright infringement futile in the ordinary course of its operation. They felt it was sufficient that the use of the access codes made any unauthorised game unplayable, even though the code did not prevent the unauthorised copy being made in the first place. 

However, the Full Court supported Sackville J’s view that there was no infringement as a result of the game being played (for the same reasons). 

The High Court unanimously allowed the appeal, holding that Sony’s access code did not constitute a TPM because it did not deny a person access to a copyright work, did not limit a person’s capacity to make copies of a work and merely prevented access once the infringing act had occurred (ie it was decisive that the access code technology did not physically prevent infringing copies of the games being produced, but only prevented their use).

The High Court also supported the views of both lower courts that there was not a reproduction of the game software in a material form when the game was played. The reason for this was that storage on the console’s RAM was not a form of storage from which the software, or a substantial part of it, could in the ordinary course be reproduced. On the evidence, it also felt that a substantial part of a cinematograph film was not reproduced when the game was played.

With effect from 1 January 2005, the Australian Copyright Act was amended so that there is now no further reproduction requirement in relation to material form. Therefore, Sony should now succeed on the ground that the loading of an unauthorised game would result in an unauthorised copy of the game being produced. As a result of the bi-lateral free trade agreement with the United States (AUSFTA), further changes to Australia’s laws are required by 1 January 2007. This is likely to result in the Australian legislation moving further in the direction of the US legislation, which is analysed below.

Developments in the US
The United States implemented the WIPO Copyright Treaty (including Article 11) with the introduction of the Digital Millennium Copyright Act 1998 (the DMCA), amending title 17 of their United States Code. Through the DMCA, the US introduced protection for DRM in a manner which is far more favourable to the interests of those who use DRM to prevent unauthorised use of digital content. 

The DMCA makes it an offence to circumvent a technological measure that effectively controls access to a work or to manufacture etc any device which (1) is primarily designed or produced to circumvent a technological measure (or protection afforded by it), (2) has only limited commercially significant purposes or use other than circumvention or (3) is marketed with knowledge that it will be used to circumvent.

A “technological measure” is defined (at 3B) as a measure which “effectively controls access to a work if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work”. 

Therefore, DRM technology will be protected by the DMCA irrespective of whether the act being prevented would actually infringe copyright in the work – the only requirement is that the DRM is used to prevent unauthorised access. The DMCA is also drafted so as to focus on the effect of the DRM technology with regard to access to a protected work, rather than defining the nature of the technology (which was at the centre of the Australian case).

As a result, copyright owners such as Sony have been successful in taking action against those who have circumvented their technology in the US. They have also benefited from the fact that breach of the DMCA carries very severe consequences. The DMCA imposes criminal liability upon anyone who violates any of the anti-circumvention prohibitions “wilfully and for the purposes of commercial advantage or private financial gain” (at 1204(a)(1)(2)). The maximum punishment is up to 5 years in jail and/or a fine of up to US$500,000 for a first offence, and double for any further offence. 

The original US case was the 1999 case of Sony Computer Entertainment America Inc v Gamemasters (District Court for the Northern District of California No. C99 – 02743, US Dist. LEXIS 21719), in which an injunction was granted to Sony under the DMCA to prevent Gamemasters dealing in mod chips known as the “game enhancer”, on the basis that the game enhancer was a device whose primary function was to circumvent a technological measure that controlled access to the PlayStation system, which was protected as a registered copyright. This decision was subsequently followed in a series of cases across the US and Canada.

Developments in the UK
Unlike most countries, the UK had some protection for DRM prior to the WCT, in the form of s 296 of the Copyright, Designs and Patents Act 1988.  

UK law prior to implementation of the Copyright Directive
Section 296 provided that the making etc of any device or means specifically designed or adapted to circumvent DRM, or publishing information to assist persons to do so, would lead to the same cause of action as infringement of copyright. However, there was a requirement for knowledge or reason to believe that the device would be used to make infringing copies. 

When considered with the requirement that, under s 27 of the CDPA, an article will be an infringing copy if it has been made or is proposed to be imported into the UK, there was a potential gap in protection where circumvention technology was made in the UK for export to another country. However, recent changes in law mean that a trader who carries on business in the UK, and exports to other member states in the EU, could be sued in the UK for these acts. 

UK law following implementation of the Copyright Directive
The UK implemented the Copyright Directive by means of the Copyright and Related Rights Regulations 2003 (SI 2003/2498), which came into effect on 1 October 2003. 

As a result of implementation, the original s 296 was amended to apply only to computer programs, as required by the 1991 Software Directive (Counsel Directive 91/250/EEC). This section applies where a “technical device” has been applied to a computer program and a person manufactures etc any means the sole intended purpose of which is to facilitate the unauthorised removal or circumvention of the technical device, or publishes information intended to enable or assist a person to remove or circumvent the device.  The technical device is defined as “any device intended to prevent or restrict acts that are not authorised by the copyright owner of that computer program and are restricted by copyright” (s 296(6)). Again, there is a requirement for the person to have knowledge or reason to believe that the circumvention or technology will be used to make infringing copies. Interestingly, this section does not actually prevent a person circumventing DRM technology on their own behalf, it just prevents them providing this information to others. In this way, there is no inconsistency between this section and a person exercising the permitted acts in relation to computer software (ss 50A to 50D CDPA). 

Any DRM technology applied to copyright work other than computer programs is protected by the new ss 296ZA to ZF of the CDPA. 

Section 296ZA prohibits a person doing anything which circumvents the “technological measures” knowing, or having reasonable grounds to know, that he is pursuing that objective. “Technological measures” are defined in s 296ZF(1) as “any technology, device or component which is designed in the normal course of its operation, to protect a copyright work other than a computer program“. However, such measures will only be protected if they are “effective”, which will be the case where the work is controlled by the copyright owner through DRM technology “which achieves the intended protection“. However, for DRM technology to be protected by ss 296ZA to 296ZE, it must be designed to prevent acts which are “restricted by copyright” (s 296ZF(3)(a)).

Section 296ZD of the CDPA also gives the copyright owner a cause of action against anyone who manufactures or supplies any device which (1) is promoted for the purposes of circumvention, (2) has only limited commercially significant purposes or use other than to circumvent or (3) is primarily designed to enable circumvention. This is a tort of strict liability, ie it is not a defence to show that you did not know or have reason to believe how the devices would be used. 

Finally, s 296ZB makes it a criminal offence which is punishable by up to two years’ imprisonment to manufacture etc any device, product or component which is primarily designed, produced or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures. 

There are a number of important differences between ss 296 and ss 296ZA to 296ZF. First, under s 296, there are requirements that the DRM technology must be intended to prevent infringement of copyright and that the person knew or had reason to believe that the circumvention technology would be used to make infringing copies. However, under s 296ZD the only requirements are for the technological measures to be designed to protect the copyright work and that they are effective – once you have established that, circumvention itself or the other related acts will result in a cause of action.

Another difference is that s 296 protects devices which are “intended” to prevent or restrict acts, while ss 296ZA to 296ZE apply where the technological measure is “designed” to protect the copyright work and is “effective”. Therefore, while there is no need for the DRM technology actually to operate as intended in order to be protected by s 296, the technological measure will be protected under ss 296ZA to 296ZE only if it actually works. However, the section does not specify how secure the DRM must be to be considered “effective”.

Cases in the UK
There were two cases relating to the legality of mod chips under the original s 296, which were both decided in favour of Sony (Sony Computer Entertainment v Owen and Sony Computer Entertainment v Edmunds). 

The most recent case in the UK was in July 2004, which was an unsuccessful application for summary judgment by Sony (Kabushiki Kaisha Sony Computer Entertainment Inc v Ball [2005] EWHC 1522 (Ch)). This case considered the law both before and after implementation of the Copyright Directive. Mr. Justice Laddie refused Sony’s application for summary judgment on the grounds that there was a further evidential burden to be discharged by Sony, which could only be done at a full hearing. However, Laddie J’s judgement gives some indications as to how the amended legislation will apply in the UK. 

Mr Justice Laddie considered that use of mod chips would potentially fall within the ambit of s 296 in its original form. When the CD-ROM is played on the games console, a copy of the copyright work embodied in the game would be copied on to the memory of the console. This would be an infringement, even where such copy was merely transient. However, there was a requirement for knowledge or belief that the chips would infringe and, since it could not be shown at the summary judgment stage whether Ball knew that the mod chips would be sold to customers in the UK, it could not be determined whether there was a breach under s 296. 

In relation to the CDPA as amended by the Copyright Directive, a similar position was reached in relation to the new s 296.  Although Ball argued that the “sole intended purpose” of the mod chip was not to circumvent DRM but to enable back-up copies, which were permitted under s 50A, this was rejected as Laddie J did not consider that the copies were necessary for the lawful use of the user, as is required by that section. 

In relation to s 296ZA Laddie J stated that Mr Ball would be in breach if he had himself installed and used the modified console. However, in relation to s 296ZD, while Laddie J acknowledged that this was a tort of strict liability, he felt that there would only be a cause of action under the section if the device is “primarily” designed to enable or facilitate the circumvention of the games console within the jurisdiction. Again, this was not an issue he could resolve at summary judgment stage. However, he did confirm that Ball’s conduct clearly fell within the independent breach of having in his possession for commercial purposes a product which was promoted, advertised or marketed for the purposes of the circumvention of technological measures.

While the drafting of the law in Australia, the US and the UK have a number of differences, the recent changes in Australia mean that the law in these three key jurisdictions is converging. The clear trend in the courts is towards upholding DRM technology, such as that used by Sony in its PlayStation console. While Stevens may have won the latest battle in Australia, Sony should be confident of winning the war against those seeking to circumvent its DRM.

Steve Holmes is a Senior Associate in the IP/IT Group of the Baker & McKenzie London office: