High Crimes and Misdemeanours: Breaking the Code of E-books and DVDs

June 30, 2003

You might think that copyright would give an intellectual property owner all the protection which he might reasonably require but, of course, it would be much easier to protect intellectual property if it were possible to clamp down on the technology that allows a breach of copyright to be perpetrated in the first place.

The banning of tape and video recorders, recordable DVDs and the like is past praying for, and was never commercially a starter anyway. Take recordable DVDs: what fuels the hardware market is the possibility of copying DVDs – could the hardware manufacturers seriously expect to recoup their investment in research and development if their only market was people wishing pristine copies of footage of their babies crawling on the lawn? For every manufacturer who stands to lose out on the sale of a commercially produced DVD, there is another with a vested interest in selling a DVD recorder. One might call to mind the square-off a while ago between Disney and Microsoft, resolved only when Disney threatened to post Microsoft source codes on the net.

But there is also a kind of symbiosis between the opposing industrial interests: hardware manufacturers cannot afford to have the entertainment product suppliers go out of business, and entertainment product suppliers need a healthy hardware manufacturing sector. The pragmatic solution is not to stifle the new digital technology, but to attempt to control it.

From the industry point of view, legal controls are insufficient. The number of individuals who, wanting to make a copy of their favourite CD or DVD for a friend, are discouraged from doing so by the thought that it may be wrong is likely to be small and the number of potential pirates who are put off by the illegality of the exercise can probably be counted on the fingers of one hand. Nor is the situation helped by an extensive public perception that, illegal or not, there is nothing morally reprehensible about infringing copyright. Add to that brew the small, but technologically literate, constituency which believes with a passion that it is the whole notion of intellectual property that is immoral, and the extent of the problem becomes clear. It is ironic that only in relation to the oeuvre of Marx (Groucho) that the dictum of Marx (Karl) that property is theft seemingly continues to carry any public conviction.

Legal controls will work only if the potential infringer, having performed a calculation of the risks, costs and potential rewards, decides that the game is not worth the candle. It might be possible to take the Chinese approach: a leading Chinese intellectual property lawyer explained to me that the Chinese method is each year to round up the two or three of the worst offenders and execute them. This may well encourager les autres but it does raise questions of proportionality. Other jurisdictions are more likely to content themselves with measures seeking to confiscate the assets of pirates and counterfeiters. Such measures may have some effect, but the average individual who copies the odd CD or DVD is not going to be deterred – he will rightly conclude that there is virtually nil chance of his being caught (even if it occurs to him that anyone would be likely to be looking for him in the first place).

As a result, the industry is increasingly adopting technological means of preventing consumers making copies. Perhaps the most well-known is the fragmenting of the world DVD market into a number of different (and incompatible) zones, so that (for example) you cannot play a zone 1 DVD in a zone 2 player. Alongside this, manufacturers can also use code which frustrates copying, for example by preventing the playing of a DVD in a Linux computer.

In short, machine code ends up as a substitute for a legal code. This particular blunt instrument is by no means without its own problems: first, of course, such machine code can itself be circumvented; but, second, and more concerning for the lawyer, the machine code can end up frustrating perfectly legal activities. Not all copying is a breach of copyright – there is, of course, the exception for fair dealing.

The tension thus created between machine and legal code is obvious. Because the machine code can be circumvented, the industry lobbies for legislation to close off what it sees as the loopholes. A pliable legislature might then find that it ends up making criminals of people who are engaged in an activity which can be directed towards a lawful end, as in the Digital Millenium Copyright Act, discussed more fully below, and courts may find themselves trying as alleged criminals those whom the industry in league with enthusiastic prosecutors have chosen as examples pour encourager les autres.

Recent Cases

In three recent cases (two criminal and one civil) when courts had to grapple with these issues, the industry came off the worst.

The leading security coding technology for DVDs is a system known as CSS. In the case of State’s Advocate v Jon Lech Johansen (Oslo Tingrett, 7 January 2003), the defender, who was 15 years of age at the time of the alleged offence and nicknamed DVD Jon, had developed a program known as DeCSS which circumvented that security coding, allowing DVDs both to be played on a Linux computer and to be copied. He made this program available on the Internet.

Following a complaint from the Motion Picture Association of America (MPAA), the Norwegian prosecutor brought criminal charges against DVD Jon in respect of his using the program to circumvent the code and watch DVDs (which he had legally purchased) on his own Linux computer, charging him with a breach of the Norwegian Criminal Code section 145(2). This outlaws breaking into another person’s locked property to gain access to data, to which access the intruder is not entitled. This is the provision which is customarily used to prosecute hackers.

The court (chaired by Judge Irene Sogn assisted by two expert judges who were described as computer specialists) decided that, since the defendant had bought the DVDs in question, they were his own property (in effect, he was licensed to view them) and that, therefore, he could not be regarded as breaking into another person’s property:

“The Court finds that someone who buys a DVD film that has been legally produced has legal access to the film. Something else would apply if the film had been an illegal pirate copy.”

On 20 January 2003, the Prosecutor marked an appeal, and on 3 March the Appeal Court granted the requisite leave. The appeal is not likely to be heard until the end of the year. Watch this space.

One suspects that the MPAA’s concern was not that Jon was watching DVDs on his Linux computer so much as that he was making the program available on the Net. The problem for the prosecutor, however, was that, under Norwegian law, there was nothing which could be done in respect of the real mischief: the distribution of the program over the Internet so that others might use it, and, indeed, might use it with piratical intent.

That was not an issue for the Federal prosecutor in US v ElcomSoft and Sklyarov (US District Court for the Northern District of California at San Jose, 13 December 2002).

Adobe Systems Inc produces an e-Book reader, without which it is not possible to view an e-Book on the consumer’s computer. As might be expected, the software contains various security codes which inter alia prevent viewing of an e-Book in other formats or on multiple computers, and enable the e-Book publishers to create various restrictions on copying, printing and other activities. ElcomSoft (who employ Mr Sklyarov as a programmer) is a Russian company which (perfectly legally under the law of the Russian Federation) developed a program, ElcomSoft’s Advanced e-Book Processor (AEBPR), which allows e-Books to be accessed whilst overriding the various security controls. It made this program available on the Internet. There was no suggestion that ElcomSoft was other than a respectable corporation (it even supplies the US Government). Sklyarov developed the algorithms on which AEBPR is based, and allegedly wrote a part of the program.

On 16 July 2001, Mr Sklyarov was arrested by the FBI when he was in Las Vegas, presenting a paper at a Conference. He was held in custody until he was released on bail on 6 August, being allowed to return to his family in Russia on 13 December pending his trial.

He was charged, first with conspiracy to traffic under section 1201(b)(1)(A) of the US Copyright Act, 17 USC, enacted by the Digital Millennium Copyright Act 1998 (the DMCA). This section prohibits any person from manufacturing, importing, offering to the public, providing or otherwise trafficking in “any technology, product, service, device, component, or part thereof”, that “is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner” under the Copyright Act. The second and third counts alleged trafficking in technology primarily designed to circumvent technology that protects a right of a copyright owner and aiding and abetting. The fourth and fifth counts alleged trafficking in technology marketed for use in circumventing technology that protects a right of a copyright holder and aiding and abetting. The basis of the alleged offences was that the defendants distributed software that could read encrypted Adobe e-Books in a manner not intended by the publishers, thereby overcoming the various security controls.

Each of the four charges under section 1201 carried a maximum penalty for Mr. Sklyarov of a fine of $500,000 and five years’ imprisonment and the conspiracy charge carried a maximum of a $250,000 and five years’ imprisonment. His employers faced a maximum of a $500,000 fine on each charge – an altogether nastier fate than might have awaited DVD Jon where the prosecution were calling for a 90-day suspended sentence and confiscation of the computer equipment.

Quite apart from the Draconian nature of the penalties, other aspects of the Sklyarov charges were deeply unsettling. First, there was the by now familiar anomaly that the defendants were being prosecuted for carrying out an activity which was perfectly legal on the other side of the Atlantic but, second, there was the profound illogicality of the legislation involved.

As noted above, not all copying is in breach of copyright. Printing and/or copying may be perfectly legal if it falls under one or more of the recognised exceptions; and, furthermore, in an echo of the DVD Jon case, if someone has bought an e-Book, why should he be prevented from accessing it on a computer other than the computer which he used to download it? For example, his system might crash and the e-book might require to be reinstalled, or he might simply replace his computer with a newer model. The Adobe software would prevent the accessing of the e-Book in such circumstances.

The US legislators, one presumes, were aware of such issues, for the use of circumventing software in some circumstances is not illegal, but trafficking in it is. Indeed, in refusing the defendant’s motion for dismissal of the charges on the ground of the alleged unconstitutionality of the legislation, the Court expressed the view that this structure reflected a careful balancing by Congress of the rights of the copyright owner against the public right of fair use (US District Court, Northern District of California, San Jose Division, 8 May 2002, at p 5).

It appears that Adobe itself (the original complainant) was sensitive to the public relations nuances for, as early as 20 July 2001 – whilst the unfortunate Mr Sklyarov was still languishing in custody, it called for him to be released and for the prosecution to be abandoned. The latter call at least fell on deaf ears.

The case proceeded to trial, and both defendants were acquitted by the jury on 17 December 2002.

Since this was a jury verdict, it is not possible to know why the jury acquitted, but, at first blush, it is difficult to see how the acts complained of did not constitute a breach of the criminal provisions of the US Copyright Act. For aught yet seen, it may be that this is a case of a jury not being prepared to convict for a breach of what is seen as bad law.

A third case, in the civil courts this time, also left the industry with a bloody nose. Matthew Pavlovich is a Texas resident with no discernible connection with California, save that he published DVD Jon’s DeCSS program on his Web site and an awful lot of films are made in California. As connections go, that might seem a bit tenuous, but it was good enough for the DVD Copy Control Association (the licensee of the CSS software) who brought proceedings for an injunction against Mr. Pavlovich in the Superior Court of Santa Clara County. Pavlovich applied to the Appeal Court seeking an order staying the action, but the order was refused. On appeal to the California Supreme Court, the Supreme Court overturned the decision of the Appeal Court (Supreme Court of California, 25 November 2002).

Under the law of California, there is jurisdiction over a non-resident defendant only where ‘the defendant has such minimum contacts with the state that the assertion of jurisdiction does not violate “traditional notions of fair play and justice”‘. Each case falls to be judged on its own merits. However, one of the tests applied in this exercise is the ‘intentional effects test’: it is not enough that the defendant knew or ought to have known that his act would cause harm in the forum state, but also it must be shown that the act in question was ‘an intentional act…….expressly aimed at the forum state’ (at p 9).

On that test, the Court took the view that the Web site merely gave information and was in no way targeted at California (p 13). The only remaining question was whether Pavlovich’s knowledge that his tortious conduct might harm certain industries centred in California (motion picture, computer and consumer electronics industries) was sufficient to amount to

expressly aiming at California (p 16). The court’s view was that this connection was too tenuous. Interestingly, however, the Court concluded by saying:-

“Because the only evidence in the record even suggesting express aiming is Pavlovich’s knowledge that his conduct may harm industries centered in California, due process requires us to decline jurisdiction over his person.

In addition, we are not confronted with a situation where the plaintiff has no other forum to pursue its claims and therefore do not address that situation. DVD CCA has the ability and resources to pursue Pavlovich in another forum such as Indiana or Texas. Our decision today does not foreclose it from doing so. Pavlovich may still face the music – just not in California.”

The DVD CCA appealed to the U.S. Supreme Court, who, on 3 January 2003, upheld the California Supreme Court.

Comment

Where do these cases leave us?

There will always be a constituency which anarchically considers the very existence of the protection of intellectual property a bad thing. For the rest of us the issue is how to protect the rights of intellectual property owners without infringing the rights accorded to others. That is what can be odious about ‘code as code’, for, in its overzealous desire to protect the owner of the intellectual property, it can frustrate the rights of those who may in certain circumstances either lawfully copy or lawfully gain access by alternative means to material, access to which they have bought. In principle, the development and use of software that circumvents ‘code as code’ for lawful purposes cannot be wrong, and it only brings the law into disrepute (and so, ultimately, is counterproductive) to seek to punish with Draconian criminal penalties those who are facilitating lawful dealing with copyright materials. Indeed, there is a flavour of this philosophy lying behind the decision in the Grokster case, discussed elsewhere in this issue by James Mitchell (no relation).

That, however, is not how the industry sees it. The Pavlovich and Johansen cases were part of a worldwide assault by CSS on the DeCSS camp, and Mr Pavlovich was but one of several hundred named and unnamed defendants in its California action, all but one of whom was resident outside California.

January was a black month for those who zealously try to defend copyright by attacking the purveyors of the decoding technology; but it may well only be seen by them as a temporary setback: Mr. Pavlovich is not precisely off the hook; the prosecutor’s appeal in the DVD Jon case is pending, and there is plenty of scope under the Digital Millennium Copyright Act to get tough with consumers: for example, it is an offence to listen to copy-protected music CDs on certain stereos and personal computers and to view non-US zone DVDs on US players (so DVD Jon had better not watch his movies on his laptop when visiting the US). More worryingly, Code as Code is used (with the support of the DMCA) to prevent copying and (because of the zoning restrictions above) sometimes even viewing of films which are in the public domain.

In a final exquisite twist of the Code as Code knife, Disney in the US has coded its DVDs in such a way as to make it impossible to skip the commercials. As we have seen, the DMCA makes a criminal offence, visited with condign punishment, the supply of DeCSS and similar programs as a means of overcoming those restrictions. Is it really the purpose of the law to make criminals of those whose products enable consumers to exercise their right not to watch something which they do not want to see?

Of course, there remains the problem that technology is amoral: and programs and devices which may be used for lawful purposes may also be used for unlawful ones; but consider this: you can be bludgeoned to death by a deep-frozen leg of lamb; is the law to prosecute butchers for selling what, in the wrong hands, might prove to be a lethal weapon?

Iain G. Mitchell Q.C. is a Scottish Advocate specialising in intellectual property and e-commerce. He is the Chairman of the Faculty of Advocates I.T. Group, Vice-Chairman of the Scottish Society for Computers and Law, and Joint Editor of the Journal E-L@w Review.