17 U.S.C.
United States Code, 2011 Edition
Title 17 - COPYRIGHTS
CHAPTER 12 - COPYRIGHT PROTECTION AND MANAGEMENT SYSTEMS
§1201. Circumvention of copyright protection systems
(a) Violations Regarding Circumvention of Technological Measures.
(1)
(A) No person shall circumvent a technological measure that effectively
controls access to a work protected under this title. The prohibition contained in
the preceding sentence shall take effect at the end of the 2-year period beginning
on the date of the enactment of this chapter.
(B) The prohibition contained in subparagraph (A) shall not apply to persons
who are users of a copyrighted work which is in a particular class of works, if such
persons are, or are likely to be in the succeeding 3-year period, adversely affected
by virtue of such prohibition in their ability to make noninfringing uses of that
particular class of works under this title, as determined under subparagraph (C).
(C) During the 2-year period described in subparagraph (A), and during each
succeeding 3-year period, the Librarian of Congress, upon the recommendation of
the Register of Copyrights, who shall consult with the Assistant Secretary for
Communications and Information of the Department of Commerce and report and
comment on his or her views in making such recommendation, shall make the
determination in a rulemaking proceeding for purposes of subparagraph (B) of
whether persons who are users of a copyrighted work are, or are likely to be in the
succeeding 3-year period, adversely affected by the prohibition under
subparagraph (A) in their ability to make noninfringing uses under this title of a
particular class of copyrighted works. In conducting such rulemaking, the
Librarian shall examine—
(i) the availability for use of copyrighted works;
(ii) the availability for use of works for nonprofit archival, preservation, and
educational purposes;
(iii) the impact that the prohibition on the circumvention of technological
measures applied to copyrighted works has on criticism, comment, news
reporting, teaching, scholarship, or research;
(iv) the effect of circumvention of technological measures on the market for
or value of copyrighted works; and
(v) such other factors as the Librarian considers appropriate.
(D) The Librarian shall publish any class of copyrighted works for which the
Librarian has determined, pursuant to the rulemaking conducted under
1
subparagraph (C), that noninfringing uses by persons who are users of a
copyrighted work are, or are likely to be, adversely affected, and the prohibition
contained in subparagraph (A) shall not apply to such users with respect to such
class of works for the ensuing 3-year period.
(E) Neither the exception under subparagraph (B) from the applicability of the
prohibition contained in subparagraph (A), nor any determination made in a
rulemaking conducted under subparagraph (C), may be used as a defense in any
action to enforce any provision of this title other than this paragraph.
(2) No person shall manufacture, import, offer to the public, provide, or
otherwise traffic in any technology, product, service, device, component, or part
thereof, that—
(A) is primarily designed or produced for the purpose of circumventing a
technological measure that effectively controls access to a work protected under
this title;
(B) has only limited commercially significant purpose or use other than to
circumvent a technological measure that effectively controls access to a work
protected under this title; or
(C) is marketed by that person or another acting in concert with that person
with that person's knowledge for use in circumventing a technological measure
that effectively controls access to a work protected under this title.
(3) As used in this subsection—
(A) to “circumvent a technological measure” means to descramble a
scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass,
remove, deactivate, or impair a technological measure, without the authority of
the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the
measure, in the ordinary course of its operation, requires the application of
information, or a process or a treatment, with the authority of the copyright
owner, to gain access to the work.
(b) Additional Violations.—(1) No person shall manufacture, import, offer to
the public, provide, or otherwise traffic in any technology, product, service,
device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing
protection afforded by a technological measure that effectively protects a right
of a copyright owner under this title in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to
circumvent protection afforded by a technological measure that effectively
protects a right of a copyright owner under this title in a work or a portion
thereof; or
2
(C) is marketed by that person or another acting in concert with that person
with that person's knowledge for use in circumventing protection afforded by a
technological measure that effectively protects a right of a copyright owner
under this title in a work or a portion thereof.
(2) As used in this subsection—
(A) to “circumvent protection afforded by a technological measure” means
avoiding, bypassing, removing, deactivating, or otherwise impairing a
technological measure; and
(B) a technological measure “effectively protects a right of a copyright owner
under this title” if the measure, in the ordinary course of its operation, prevents,
restricts, or otherwise limits the exercise of a right of a copyright owner under
this title.
(c) Other Rights, Etc., Not Affected.
***
(3) Nothing in this section shall require that the design of, or design and
selection of parts and components for, a consumer electronics,
telecommunications, or computing product provide for a response to any particular
technological measure, so long as such part or component, or the product in which
such part or component is integrated, does not otherwise fall within the
prohibitions of subsection (a)(2) or (b)(1).
***
(d) Exemption for Nonprofit Libraries, Archives, and Educational Institutions.
***
(e) Law Enforcement, Intelligence, and Other Government Activities.—This
section does not prohibit any lawfully authorized investigative, protective,
information security, or intelligence activity of an officer, agent, or employee of
the United States, a State, or a political subdivision of a State, or a person acting
pursuant to a contract with the United States, a State, or a political subdivision of a
State. For purposes of this subsection, the term “information security” means
activities carried out in order to identify and address the vulnerabilities of a
government computer, computer system, or computer network.
(f) Reverse Engineering.—(1) Notwithstanding the provisions of subsection
(a)(1)(A), a person who has lawfully obtained the right to use a copy of a
computer program may circumvent a technological measure that effectively
controls access to a particular portion of that program for the sole purpose of
identifying and analyzing those elements of the program that are necessary to
3
achieve interoperability of an independently created computer program with other
programs, and that have not previously been readily available to the person
engaging in the circumvention, to the extent any such acts of identification and
analysis do not constitute infringement under this title.
(2) Notwithstanding the provisions of subsections (a)(2) and (b), a person may
develop and employ technological means to circumvent a technological measure,
or to circumvent protection afforded by a technological measure, in order to
enable the identification and analysis under paragraph (1), or for the purpose of
enabling interoperability of an independently created computer program with other
programs, if such means are necessary to achieve such interoperability, to the
extent that doing so does not constitute infringement under this title.
(3) The information acquired through the acts permitted under paragraph (1),
and the means permitted under paragraph (2), may be made available to others if
the person referred to in paragraph (1) or (2), as the case may be, provides such
information or means solely for the purpose of enabling interoperability of an
independently created computer program with other programs, and to the extent
that doing so does not constitute infringement under this title or violate applicable
law other than this section.
(4) For purposes of this subsection, the term “interoperability” means the ability
of computer programs to exchange information, and of such programs mutually to
use the information which has been exchanged.
(g) Encryption Research.—
(1) Definitions.—For purposes of this subsection—
(A) the term “encryption research” means activities necessary to identify
and analyze flaws and vulnerabilities of encryption technologies applied to
copyrighted works, if these activities are conducted to advance the state of
knowledge in the field of encryption technology or to assist in the
development of encryption products; and
(B) the term “encryption technology” means the scrambling and
descrambling of information using mathematical formulas or algorithms.
(2) Permissible acts of encryption research.—Notwithstanding the provisions
of subsection (a)(1)(A), it is not a violation of that subsection for a person to
circumvent a technological measure as applied to a copy, phonorecord,
performance, or display of a published work in the course of an act of good faith
encryption research if—
(A) the person lawfully obtained the encrypted copy, phonorecord,
performance, or display of the published work;
(B) such act is necessary to conduct such encryption research;
4
(C) the person made a good faith effort to obtain authorization before the
circumvention; and
(D) such act does not constitute infringement under this title or a violation
of applicable law other than this section, including section 1030 of title 18 and
those provisions of title 18 amended by the Computer Fraud and Abuse Act of
1986.
(3) Factors in determining exemption.—In determining whether a person
qualifies for the exemption under paragraph (2), the factors to be considered
shall include—
(A) whether the information derived from the encryption research was
disseminated, and if so, whether it was disseminated in a manner reasonably
calculated to advance the state of knowledge or development of encryption
technology, versus whether it was disseminated in a manner that facilitates
infringement under this title or a violation of applicable law other than this
section, including a violation of privacy or breach of security;
(B) whether the person is engaged in a legitimate course of study, is
employed, or is appropriately trained or experienced, in the field of
encryption technology; and
(C) whether the person provides the copyright owner of the work to which
the technological measure is applied with notice of the findings and
documentation of the research, and the time when such notice is provided.
(4) Use of technological means for research activities.—Notwithstanding the
provisions of subsection (a)(2), it is not a violation of that subsection for a
person to—
(A) develop and employ technological means to circumvent a technological
measure for the sole purpose of that person performing the acts of good faith
encryption research described in paragraph (2); and
(B) provide the technological means to another person with whom he or she
is working collaboratively for the purpose of conducting the acts of good faith
encryption research described in paragraph (2) or for the purpose of having
that other person verify his or her acts of good faith encryption research
described in paragraph (2).
(5) Report to congress.—[Omitted.]
(h) Exceptions Regarding Minors.—[Omitted.]
5
(i) Protection of Personally Identifying Information.—
(1) Circumvention permitted.—Notwithstanding the provisions of subsection
(a)(1)(A), it is not a violation of that subsection for a person to circumvent a
technological measure that effectively controls access to a work protected under
this title, if—
(A) the technological measure, or the work it protects, contains the
capability of collecting or disseminating personally identifying information
reflecting the online activities of a natural person who seeks to gain access to
the work protected;
(B) in the normal course of its operation, the technological measure, or the
work it protects, collects or disseminates personally identifying information
about the person who seeks to gain access to the work protected, without
providing conspicuous notice of such collection or dissemination to such
person, and without providing such person with the capability to prevent or
restrict such collection or dissemination;
(C) the act of circumvention has the sole effect of identifying and disabling
the capability described in subparagraph (A), and has no other effect on the
ability of any person to gain access to any work; and
(D) the act of circumvention is carried out solely for the purpose of
preventing the collection or dissemination of personally identifying
information about a natural person who seeks to gain access to the work
protected, and is not in violation of any other law.
(2) Inapplicability to certain technological measures.—This subsection does
not apply to a technological measure, or a work it protects, that does not collect
or disseminate personally identifying information and that is disclosed to a user
as not having or using such capability.
(j) Security Testing.—
(1) Definition.—For purposes of this subsection, the term “security testing”
means accessing a computer, computer system, or computer network, solely for
the purpose of good faith testing, investigating, or correcting, a security flaw or
vulnerability, with the authorization of the owner or operator of such computer,
computer system, or computer network.
(2) Permissible acts of security testing.—Notwithstanding the provisions of
subsection (a)(1)(A), it is not a violation of that subsection for a person to
engage in an act of security testing, if such act does not constitute infringement
under this title or a violation of applicable law other than this section, including
6
section 1030 of title 18 and those provisions of title 18 amended by the
Computer Fraud and Abuse Act of 1986.
(3) Factors in determining exemption.—In determining whether a person
qualifies for the exemption under paragraph (2), the factors to be considered
shall include—
(A) whether the information derived from the security testing was used
solely to promote the security of the owner or operator of such computer,
computer system or computer network, or shared directly with the developer
of such computer, computer system, or computer network; and
(B) whether the information derived from the security testing was used or
maintained in a manner that does not facilitate infringement under this title or
a violation of applicable law other than this section, including a violation of
privacy or breach of security.
(4) Use of technological means for security testing.—Notwithstanding the
provisions of subsection (a)(2), it is not a violation of that subsection for a
person to develop, produce, distribute or employ technological means for the
sole purpose of performing the acts of security testing described in subsection
(2), provided such technological means does not otherwise violate section
(a)(2).
***
7
!
17 U.S.C.
United States Code, 2011 Edition
Title 17 - COPYRIGHTS
CHAPTER 12 - COPYRIGHT PROTECTION AND MANAGEMENT SYSTEMS
§1203. Civil remedies
(a) Civil Actions.—Any person injured by a violation of section 1201 or 1202 may
bring a civil action in an appropriate United States district court for such violation.
(b) Powers of the Court.—In an action brought under subsection (a), the court—
(1) may grant temporary and permanent injunctions on such terms as it deems
reasonable to prevent or restrain a violation, but in no event shall impose a prior
restraint on free speech or the press protected under the 1st amendment to the
Constitution;
(2) at any time while an action is pending, may order the impounding, on such terms
as it deems reasonable, of any device or product that is in the custody or control of the
alleged violator and that the court has reasonable cause to believe was involved in a
violation;
(3) may award damages under subsection (c);
(4) in its discretion may allow the recovery of costs by or against any party other
than the United States or an officer thereof;
(5) in its discretion may award reasonable attorney's fees to the prevailing party; and
(6) may, as part of a final judgment or decree finding a violation, order the remedial
modification or the destruction of any device or product involved in the violation that
is in the custody or control of the violator or has been impounded under paragraph (2).
(c) Award of Damages.—
(1) In general.—Except as otherwise provided in this title, a person committing a
violation of section 1201 or 1202 is liable for either—
(A) the actual damages and any additional profits of the violator, as provided in
paragraph (2), or
(B) statutory damages, as provided in paragraph (3).
(2) Actual damages.—The court shall award to the complaining party the actual
damages suffered by the party as a result of the violation, and any profits of the violator
that are attributable to the violation and are not taken into account in computing the
actual damages, if the complaining party elects such damages at any time before final
judgment is entered.
1
!
(3) Statutory damages.—(A) At any time before final judgment is entered, a
complaining party may elect to recover an award of statutory damages for each
violation of section 1201 in the sum of not less than $200 or more than $2,500 per act
of circumvention, device, product, component, offer, or performance of service, as the
court considers just.
(B) At any time before final judgment is entered, a complaining party may elect to
recover an award of statutory damages for each violation of section 1202 in the sum of
not less than $2,500 or more than $25,000.
(4) Repeated violations.—In any case in which the injured party sustains the burden
of proving, and the court finds, that a person has violated section 1201 or 1202 within 3
years after a final judgment was entered against the person for another such violation,
the court may increase the award of damages up to triple the amount that would
otherwise be awarded, as the court considers just.
(5) Innocent violations.—
(A) In general.—The court in its discretion may reduce or remit the total award of
damages in any case in which the violator sustains the burden of proving, and the
court finds, that the violator was not aware and had no reason to believe that its acts
constituted a violation.
(B) Nonprofit library, archives, educational institutions, or public broadcasting
entities.—
(i) Definition.—In this subparagraph, the term “public broadcasting entity” has
the meaning given such term under section 118(f).
(ii) In general.—In the case of a nonprofit library, archives, educational
institution, or public broadcasting entity, the court shall remit damages in any case
in which the library, archives, educational institution, or public broadcasting entity
sustains the burden of proving, and the court finds, that the library, archives,
educational institution, or public broadcasting entity was not aware and had no
reason to believe that its acts constituted a violation.
2
!
17 U.S.C.
United States Code, 2011 Edition
Title 17 - COPYRIGHTS
CHAPTER 12 - COPYRIGHT PROTECTION AND MANAGEMENT SYSTEMS
§1204. Criminal offenses and penalties
(a) In General.—Any person who violates section 1201 or 1202 willfully and for
purposes of commercial advantage or private financial gain—
(1) shall be fined not more than $500,000 or imprisoned for not more than 5
years, or both, for the first offense; and
(2) shall be fined not more than $1,000,000 or imprisoned for not more than 10
years, or both, for any subsequent offense.
(b) Limitation for Nonprofit Library, Archives, Educational Institution, or Public
Broadcasting Entity.—Subsection (a) shall not apply to a nonprofit library, archives,
educational institution, or public broadcasting entity (as defined under section 118(f)).
(c) Statute of Limitations.—No criminal proceeding shall be brought under this
section unless such proceeding is commenced within 5 years after the cause of action
arose.
3
2000 WL 127311
Only the Westlaw citation is currently available.
United States District Court, W.D. Washington.
REALNETWORKS, INC., Plaintiff,
v.
STREAMBOX, INC., Defendant.
No. 2:99CV02070. | Jan. 18, 2000.
Opinion
ORDER ON PLAINTIFF’S MOTION FOR PRELIMINARY INJUNCTION
PECHMAN, J.
INTRODUCTION
*1 Plaintiff RealNetworks, Inc. (“RealNetworks”) filed this action on December 21,
1999. RealNetworks claims that Defendant Streambox has violated provisions of the
Digital Millennium Copyright Act (“DMCA”), 17 U.S.C. § 1201 et seq., by distributing
and marketing [a] product[] known as the Streambox VCR . . . .
***
FINDINGS OF FACT
[RealNetworks sold an A/V streaming solution to content owners. An end user would
install RealPlayer software, which would connect to the content owner’s RealServer. The
two components used a “secret handshake” to prevent interoperability and a “copy
switch” to indicate when the user was prohibited from saving a copy. Streambox sold
software that would mimic the secret handshake and ignore the copy switch, allowing
users to save copies of streamed media.]
***
CONCLUSIONS OF LAW
***
Parts of the VCR Are Likely to Violate Sections 1201(a)(2) and 1201(b)
1
7. Under the DMCA, the Secret Handshake that must take place between a RealServer
and a RealPlayer before the RealServer will begin streaming content to an end-user
appears to constitute a “technological measure” that “effectively controls access” to
copyrighted works. See 17 U.S.C. § 1201(a)(3)(B) (measure “effectively controls access”
if it “requires the application of information or a process or a treatment, with the authority
of the copyright holder, to gain access to the work”). To gain access to a work protected
by the Secret Handshake, a user must employ a RealPlayer, which will supply the
requisite information to the RealServer in a proprietary authentication sequence.
8. In conjunction with the Secret Handshake, the Copy Switch is a “technological
measure” that effectively protects the right of a copyright owner to control the
unauthorized copying of its work. See 17 U.S.C. § 1201(b)(2)(B) (measure “effectively
protects” right of copyright holder if it “prevents, restricts or otherwise limits the exercise
of a right of a copyright owner”); 17 U.S.C. § 106(a) (granting copyright holder exclusive
right to make copies of its work). To access a RealMedia file distributed by a RealServer,
a user must use a RealPlayer. The RealPlayer reads the Copy Switch in the file. If the
Copy Switch in the file is turned off, the RealPlayer will not permit the user to record a
copy as the file is streamed. Thus, the Copy Switch may restrict others from exercising a
copyright holder’s exclusive right to copy its work.
9. Under the DMCA, a product or part thereof “circumvents” protections afforded a
technological measure by “avoiding, bypassing, removing, deactivating or otherwise
impairing” the operation of that technological measure. 17 U.S.C. §§ 1201(b)(2)(A),
1201(a)(2)(A). Under that definition, at least a part of the Streambox VCR circumvents
the technological measures RealNetworks affords to copyright owners. Where a
RealMedia file is stored on a RealServer, the VCR “bypasses” the Secret Handshake to
gain access to the file. The VCR then circumvents the Copy Switch, enabling a user to
make a copy of a file that the copyright owner has sought to protect.
10. Given the circumvention capabilities of the Streambox VCR, Streambox violates the
DMCA if the product or a part thereof: (i) is primarily designed to serve this function; (ii)
has only limited commercially significant purposes beyond the circumvention; or (iii) is
marketed as a means of circumvention. 17 U.S.C. §§ 1201(a)(2)(A-C), 1201(b)(b)(A-C).
These three tests are disjunctive. Id. A product that meets only one of the three
independent bases for liability is still prohibited. Here, the VCR meets at least the first
two.
*8 11. The Streambox VCR meets the first test for liability under the DMCA because at
least a part of the Streambox VCR is primarily, if not exclusively, designed to circumvent
the access control and copy protection measures that RealNetworks affords to copyright
owners. 17 U.S.C. §§ 1201(a)(2)(A), 1201(b)(c)(A).
12. The second basis for liability is met because portion of the VCR that circumvents the
2
Secret Handshake so as to avoid the Copy Switch has no significant commercial purpose
other than to enable users to access and record protected content. 17 U.S.C. §
1201(a)(2)(B), 1201(b)(d)(B). There does not appear to be any other commercial value
that this capability affords.
***
*9 18. Streambox also argues that the VCR does not violate the DMCA because the Copy
Switch that it avoids does not “effectively protect” against the unauthorized copying of
copyrighted works as required by § 1201(a)(3)(B). Streambox claims this “effective”
protection is lacking because an enterprising end-user could potentially use other means
to record streaming audio content as it is played by the end-user’s computer speakers.
This argument fails because the Copy Switch, in the ordinary course of its operation
when it is on, restricts and limits the ability of people to make perfect digital copies of a
copyrighted work. The Copy Switch therefore constitutes a technological measure that
effectively protects a copyright owner’s rights under section. 1201(a)(3)(B).
***
CONCLUSION
Consistent with the findings of fact and conclusions of law above, the Court hereby
ORDERS that:
During the pendency of this action, Defendant Streambox, Inc. and its officers, agents,
servants, employees and attorneys, and those persons in active concert and participation
with Streambox, Inc. who receive actual notice of this Preliminary Injunction, are
restrained and enjoined from manufacturing, importing, licensing, offering to the public,
or offering for sale . . . versions of the Streambox VCR or similar products that
circumvent or attempt to circumvent RealNetworks’ technological security measures, and
from participating or assisting in any such activity . . . .
***
3
111 F.Supp.2d 294
United States District Court,
S.D. New York.
UNIVERSAL CITY STUDIOS, INC., et al., Plaintiffs,
v.
Shawn C. REIMERDES, et al., Defendants.
No. 00 Civ. 0277 (LAK). | Aug. 17, 2000. | As Amended Sept. 6, 2000.
***
OPINION
KAPLAN, District Judge.
***
*303 Plaintiffs, eight major United States motion picture studios, distribute many of their
copyrighted motion pictures for home use on digital versatile disks (“DVDs”), which
contain copies of the motion pictures in digital form. They protect those motion pictures
from copying by using an encryption system called CSS. CSS-protected motion pictures
on DVDs may be viewed only on players and computer drives equipped with licensed
technology that permits the devices to decrypt and play—but not to copy—the films.
Late last year, computer hackers devised a computer program called DeCSS that
circumvents the CSS protection system and allows CSS-protected motion pictures to be
copied and played on devices that lack the licensed decryption technology. Defendants
quickly posted DeCSS on their Internet web site, thus making it readily available to much
of the world. Plaintiffs promptly brought this action under the Digital Millennium
Copyright Act (the “DMCA”) to enjoin defendants from posting DeCSS and to prevent
them from electronically “linking” their site to others that post DeCSS. Defendants
responded with what they termed “electronic civil disobedience”—increasing their efforts
to link their web site to a large number of *304 others that continue to make DeCSS
available.
Defendants contend that their actions do not violate the DMCA and, in any case, that the
DMCA, as applied to computer programs, or code, violates the First Amendment. This is
the Court’s decision after trial, and the decision may be summarized in a nutshell.
Defendants argue first that the DMCA should not be construed to reach their conduct,
principally because the DMCA, so applied, could prevent those who wish to gain access
to technologically protected copyrighted works in order to make fair—that is, noninfringing—use of them from doing so. They argue that those who would make fair use
1
of technologically protected copyrighted works need means, such as DeCSS, of
circumventing access control measures not for piracy, but to make lawful use of those
works.
Technological access control measures have the capacity to prevent fair uses of
copyrighted works as well as foul. Hence, there is a potential tension between the use of
such access control measures and fair use. Defendants are not the first to recognize that
possibility. As the DMCA made its way through the legislative process, Congress was
preoccupied with precisely this issue. Proponents of strong restrictions on circumvention
of access control measures argued that they were essential if copyright holders were to
make their works available in digital form because digital works otherwise could be
pirated too easily. Opponents contended that strong anti-circumvention measures would
extend the copyright monopoly inappropriately and prevent many fair uses of
copyrighted material.
Congress struck a balance. The compromise it reached, depending upon future
technological and commercial developments, may or may not prove ideal. But the
solution it enacted is clear. The potential tension to which defendants point does not
absolve them of liability under the statute. There is no serious question that defendants’
posting of DeCSS violates the DMCA.
Defendants’ constitutional argument ultimately rests on two propositions—that computer
code, regardless of its function, is “speech” entitled to maximum constitutional protection
and that computer code therefore essentially is exempt from regulation by government.
But their argument is baseless.
Computer code is expressive. To that extent, it is a matter of First Amendment concern.
But computer code is not purely expressive any more than the assassination of a political
figure is purely a political statement. Code causes computers to perform desired
functions. Its expressive element no more immunizes its functional aspects from
regulation than the expressive motives of an assassin immunize the assassin’s action.
In an era in which the transmission of computer viruses—which, like DeCSS, are simply
computer code and thus to some degree expressive—can disable systems upon which the
nation depends and in which other computer code also is capable of inflicting other harm,
society must be able to regulate the use and dissemination *305 of code in appropriate
circumstances. The Constitution, after all, is a framework for building a just and
democratic society. It is not a suicide pact.
***
II. The Digital Millennium Copyright Act
2
***
B. Posting of DeCSS
1. Violation of Anti–Trafficking Provision
***
a. Section 1201(a)(2)(A)
(1) CSS Effectively Controls Access to Copyrighted Works
During pretrial proceedings and at trial, defendants attacked plaintiffs’ Section
1201(a)(2)(A) claim, arguing that CSS, which is based on a 40–bit encryption key, is a
weak cipher that does not “effectively control” access to plaintiffs’ copyrighted works.
They reasoned from this premise that CSS is not protected under this branch of the statute
at all. Their post-trial memorandum appears to have abandoned this argument. In any
case, however, the contention is indefensible as a matter of law.
First, the statute expressly provides that “a technological measure ‘effectively controls
access to a work’ if the measure, in the ordinary course of its operation, requires the
application of information or a process or a treatment, with the authority of the copyright
owner, to gain access to a work.”138 One cannot gain access to a CSS-protected work on a
DVD without application of the three keys that are required by the software. One cannot
lawfully gain access to the keys except by entering into a license with the DVD CCA
*318 under authority granted by the copyright owners or by purchasing a DVD player or
drive containing the keys pursuant to such a license. In consequence, under the express
terms of the statute, CSS “effectively controls access” to copyrighted DVD movies. It
does so, within the meaning of the statute, whether or not it is a strong means of
protection.139
This view is confirmed by the legislative history, which deals with precisely this point.
The House Judiciary Committee section-by-section analysis of the House bill, which in
this respect was enacted into law, makes clear that a technological measure “effectively
controls access” to a copyrighted work if its function is to control access:
“The bill does define the functions of the technological measures that are covered—that
is, what it means for a technological measure to ‘effectively control access to a work’ ...
and to ‘effectively protect a right of a copyright owner under this title’ .... The practical,
common-sense approach taken by H.R.2281 is that if, in the ordinary course of its
operation, a technology actually works in the defined ways to control access to a work
... then the ‘effectiveness’ test is met, and the prohibitions of the statute are applicable.
This test, which focuses on the function performed by the technology, provides a
sufficient basis for clear interpretation.”140
3
Further, the House Commerce Committee made clear that measures based on encryption
or scrambling “effectively control” access to copyrighted works,141 although it is well
known that what may be encrypted or scrambled often may be decrypted or unscrambled.
As CSS, in the ordinary course of its operation—that is, when DeCSS or some other
decryption program is not employed—“actually works” to prevent access to the protected
work, it “effectively controls access” within the contemplation of the statute.
Finally, the interpretation of the phrase “effectively controls access” offered by
defendants at trial—viz., that the use of the word “effectively” means that the statute
protects only successful or efficacious technological means of controlling access—would
gut the statute if it were adopted. If a technological means of access control is
circumvented, it is, in common parlance, ineffective. Yet defendants’ construction, if
adopted, would limit the application of the statute to access control measures that thwart
circumvention, but withhold protection for those measures that can be circumvented. In
other words, defendants would have the Court construe the statute to offer protection
where none is needed but to withhold protection precisely where protection is essential.
The Court declines to do so. Accordingly, the Court holds that CSS effectively controls
access to plaintiffs’ copyrighted works.142
***
2. Statutory Exceptions
[The court rejects defenses under the DMCA’s reverse engineering, encryption research,
and security testing exceptions. It also declines to fashion a fair use exception.]
***
III. The First Amendment
[The defendants raise First Amendment arguments against DMCA’s prohibition on
dissemination of computer code (i.e. speech). While the court acknowledges some
legitimacy to the defendants’ concerns, it sustains the DMCA’s anti-trafficking
provisions and even allows (narrow) injunctive relief against linking to circumvention
tools.]
***
VI. Conclusion
In the final analysis, the dispute between these parties is simply put if not necessarily
simply resolved.
4
*346 Plaintiffs have invested huge sums over the years in producing motion pictures in
reliance upon a legal framework that, through the law of copyright, has ensured that they
will have the exclusive right to copy and distribute those motion pictures for economic
gain. They contend that the advent of new technology should not alter this long
established structure.
Defendants, on the other hand, are adherents of a movement that believes that
information should be available without charge to anyone clever enough to break into the
computer systems or data storage media in which it is located. Less radically, they have
raised a legitimate concern about the possible impact on traditional fair use of access
control measures in the digital era.
Each side is entitled to its views. In our society, however, clashes of competing interests
like this are resolved by Congress. For now, at least, Congress has resolved this clash in
the DMCA and in plaintiffs’ favor. Given the peculiar characteristics of computer
programs for circumventing encryption and other access control measures, the DMCA as
applied to posting and linking here does not contravene the First Amendment.
Accordingly, plaintiffs are entitled to appropriate injunctive and declaratory relief.
SO ORDERED.
Footnotes
139
RealNetworks, Inc. v. Streambox, Inc., No. 2:99CV02070, 2000 WL 127311, *9
(W.D.Wash. Jan.18, 2000).
140
HOUSE COMM. ON JUDICIARY, SECTION–BY–SECTION ANALYSIS OF H.R.2281
AS PASSED BY THE UNITED STATES HOUSE OF REPRESENTATIVES ON
AUGUST 4, 1998 (“SECTION–BY–SECTION ANALYSIS”), at 10 (Comm.Print 1998)
(emphasis in original).
141
H.R.REP. NO. 105–551(II), 105th Cong., 2d Sess. (“COMMERCE COMM.REP. ”), at 39
(1998).
142
Defendants, in a reprise of their argument that DeCSS is not a circumvention device, argue
also that CSS does not effectively control access to copyrighted works within the meaning
of the statute because plaintiffs authorize avoidance of CSS by selling their DVDs. Def.
Post–Trial Mem. 10–13. The argument is specious in this context as well. See supra note
137.
5
387 F.3d 522
United States Court of Appeals,
Sixth Circuit.
LEXMARK INTERNATIONAL, INC., Plaintiff–Appellee,
v.
STATIC CONTROL COMPONENTS, INC., Defendant–Appellant.
No. 03–5400. | Argued: Jan. 30, 2004. | Decided and Filed: Oct. 26, 2004. | Rehearing
Denied Dec. 29, 2004. | Rehearing En Banc Denied February 15, 2005.
***
SUTTON, Circuit Judge.
This copyright dispute involves two computer programs, two federal statutes and three
theories of liability. The first computer program, known as the “Toner Loading
Program,” calculates toner level in printers manufactured by Lexmark International. The
second computer program, known as the “Printer Engine Program,” controls various
printer functions on Lexmark printers.
The first statute, the general copyright statute, 17 U.S.C. § 101 et seq., has been with us
in one form or another since 1790 and grants copyright protection to “original works of
authorship fixed in any tangible medium of expression,” id. § 102(a), but does not
“extend to any idea, procedure, process, system, method of operation, concept, principle,
or discovery,” id. § 102(b). The second federal statute, the Digital Millenium Copyright
Act (DMCA), 17 U.S.C. § 1201 et seq., was enacted in 1998 and proscribes the sale of
products that may be used to “circumvent a technological measure that effectively
controls access to a work” protected by the copyright statute.
*529 These statutes became relevant to these computer programs when Lexmark began
selling discount toner cartridges for its printers that only Lexmark could re-fill and that
contained a microchip designed to prevent Lexmark printers from functioning with toner
cartridges that Lexmark had not re-filled. In an effort to support the market for competing
toner cartridges, Static Control Components (SCC) mimicked Lexmark’s computer chip
and sold it to companies interested in selling remanufactured toner cartridges.
Lexmark brought this action to enjoin the sale of SCC’s computer chips . . . . It claimed
that SCC’s chip violated the DMCA by circumventing a technological measure designed
to control access to the Toner Loading Program. And it claimed that SCC’s chip violated
the DMCA by circumventing a technological measure designed to control access to the
Printer Engine Program.
After an evidentiary hearing, the district court decided that Lexmark had shown a
likelihood of success on each claim and entered a preliminary injunction against SCC. As
1
we view Lexmark’s prospects for success on each of these claims differently, we vacate
the preliminary injunction and remand the case for further proceedings.
I.
A.
***
The Two Computer Programs. The first program at issue is Lexmark’s “Toner Loading
Program,” which measures the amount of toner remaining in the cartridge based on the
amount of torque (rotational force) sensed on the toner cartridge wheel. Maggs Aff. ¶ 24,
JA 709. * * * The Toner Loading Program is located on a microchip contained in
Lexmark’s toner cartridges.
The second program is Lexmark’s “Printer Engine Program.” * * * The program controls
a variety of functions on each printer—e.g., paper feed and movement, and printer motor
control. D. Ct. Op. ¶ 24, at 5. Unlike the Toner Loading Program, the Printer Engine
Program is located within Lexmark’s printers.
***
Lexmark’s Prebate and Non–Prebate Cartridges. Lexmark markets two types of toner
cartridges for its laser printers: “Prebate” and “Non–Prebate.” Prebate cartridges are sold
to business consumers at an up-front discount. In exchange, consumers agree to use the
cartridge just once, then return the empty unit to Lexmark; a “shrink-wrap” agreement on
the top of each cartridge box spells out these restrictions and confirms that using the
cartridge constitutes acceptance of these terms. Id. ¶¶ 13–14, at 3. Non–Prebate cartridges
are sold without any discount, are not subject to any restrictive agreements and may be
re-filled with toner and reused by the consumer or a third-party remanufacturer. Id. ¶¶
15–18, at 3–4.
To ensure that consumers adhere to the Prebate agreement, Lexmark uses an
“authentication sequence” that performs a “secret handshake” between each Lexmark
printer and a microchip on each Lexmark toner cartridge. Both the printer and the chip
employ a publicly available encryption algorithm known as “Secure Hash Algorithm–1”
or “SHA–1,” which calculates a “Message Authentication Code” based on data in the
microchip’s memory. If the code calculated by the microchip matches the code calculated
by the printer, the printer functions normally. If the two values do not match, the printer
returns an error message and will not operate, blocking consumers from using toner
cartridges that Lexmark has not authorized. Yaro Decl. ¶ 7, JA 82 (“To prevent
unauthorized toner cartridges from being used with Lexmark’s T520/522 and T620/622
laser printers, Lexmark utilizes an authentication sequence.”).
2
SCC’s Competing Microchip. SCC sells its own microchip—the “SMARTEK” chip—
that permits consumers to satisfy Lexmark’s authentication sequence each time it would
otherwise be performed, i.e., when the printer is turned on or the printer door is opened
and shut. SCC’s advertising boasts that its chip breaks Lexmark’s “secret code” (the
authentication sequence), which “even on the fastest computer available today ... would
take Years to run through all of the possible 8–byte combinations to break.” D. Ct. Op. ¶
103, at 19. SCC sells these chips to third-party cartridge remanufacturers, permitting
them to replace Lexmark’s chip with the SMARTEK chip on refurbished Prebate
cartridges. These recycled cartridges are in turn sold to consumers as a low-cost
alternative to new Lexmark toner cartridges.
Each of SCC’s SMARTEK chips also contains a copy of Lexmark’s Toner Loading
Program, which SCC claims is necessary to make its product compatible with Lexmark’s
printers. The SMARTEK chips thus contain an identical copy of the Toner Loading
Program that is appropriate *531 for each Lexmark printer, and SCC acknowledges that it
“slavishly copied” the Toner Loading Program “in the exact format and order” found on
Lexmark’s cartridge chip. Id. ¶¶ 92, 96, at 18. A side-by-side comparison of the two data
sequences reveals no differences between them. Able Decl. ¶¶ 10–15, JA 502–05.
The parties agree that Lexmark’s printers perform a second calculation independent of
the authentication sequence. After the authentication sequence concludes, the Printer
Engine Program downloads a copy of the Toner Loading Program from the toner
cartridge chip onto the printer in order to measure toner levels. Before the printer runs the
Toner Loading Program, it performs a “checksum operation,” a “commonly used
technique” to ensure the “integrity” of the data downloaded from the toner cartridge
microchip. D. Ct. Op. ¶ 77, at 14. Under this operation, the printer compares the result of
a calculation performed on the data bytes of the transferred copy of the Toner Loading
Program with the “checksum value” located elsewhere on the toner cartridge microchip.
If the two values do not match, the printer assumes that the data was corrupted in the
program download, displays an error message and ceases functioning. If the two values
do match, the printer continues to operate.
***
IV.
***
In filing its complaint and in its motion for a preliminary injunction, Lexmark invoked
the [DMCA] ban on distributing devices that circumvent access-control measures placed
on copyrighted works. See id. § 1201(a)(2). According to Lexmark, SCC’s SMARTEK
3
chip is a “device” marketed and sold by SCC that “circumvents” Lexmark’s
“technological measure” (the SHA–1 authentication sequence, not the checksum
operation), which “effectively controls access” to its copyrighted works (the Toner
Loading Program and Printer Engine Program). Lexmark claims that the SMARTEK chip
meets all three tests for liability under § 1201(a)(2): (1) the chip “is primarily designed or
produced for the purpose of circumventing” Lexmark’s authentication sequence, 17
U.S.C. § 1201(a)(2)(A); (2) the chip “has only limited commercially significant purpose
or use other than to circumvent” the authentication sequence, id. § 1201(a)(2)(B); and (3)
SCC “market[s]” the chip “for use in circumventing” the authentication sequence, id. §
1201(a)(2)(C). The district court agreed and concluded that Lexmark had shown a
likelihood of success under all three provisions.
B.
We initially consider Lexmark’s DMCA claim concerning the Printer Engine Program,
which (the parties agree) is protected by the general copyright statute. In deciding that
Lexmark’s authentication sequence “effectively controls access to a work protected under
[the copyright provisions],” the district court relied on a definition in the DMCA saying
that a measure “effectively controls access to a work” if, “in the ordinary course of
operation,” it “requires the application of information, or a process or treatment, with the
authority of the copyright owner, to gain access to the work.” 17 U.S.C. § 1201(a)(3).
Because Congress did not explain what it means to “gain access to the work,” the district
court relied on the “ordinary, customary meaning” of “access”: “the ability to enter, to
obtain, or to make use of,” D. Ct. Op. at 41 (quoting Merriam–Webster’s Collegiate
Dictionary 6 (10th ed.1999)). Based on this definition, the court concluded that
“Lexmark’s authentication sequence effectively ‘controls access’ to the Printer Engine
Program because it controls the consumer’s ability to make use of these programs.” D. Ct.
Op. at 41 (emphasis added).
We disagree. It is not Lexmark’s authentication sequence that “controls access” to the
Printer Engine Program. See 17 U.S.C. § 1201(a)(2). It is the purchase of a Lexmark
printer that allows “access” to the program. Anyone who buys a Lexmark printer may
read the literal code of the Printer Engine Program directly from the printer memory, with
or without the benefit of the authentication sequence, and the data from the program may
be translated into readable source code after which copies may be freely distributed.
Maggs *547 Hr’g Test., JA 928. No security device, in other words, protects access to the
Printer Engine Program Code and no security device accordingly must be circumvented
to obtain access to that program code.
The authentication sequence, it is true, may well block one form of “access”—the “ability
to ... make use of” the Printer Engine Program by preventing the printer from functioning.
But it does not block another relevant form of “access”—the “ability to [ ] obtain” a copy
of the work or to “make use of” the literal elements of the program (its code). Because
4
the statute refers to “control[ling] access to a work protected under this title,” it does not
naturally apply when the “work protected under this title” is otherwise accessible. Just as
one would not say that a lock on the back door of a house “controls access” to a house
whose front door does not contain a lock and just as one would not say that a lock on any
door of a house “controls access” to the house after its purchaser receives the key to the
lock, it does not make sense to say that this provision of the DMCA applies to otherwisereadily-accessible copyrighted works. Add to this the fact that the DMCA not only
requires the technological measure to “control[ ] access” but also requires the measure to
control that access “effectively,” 17 U.S.C. § 1201(a)(2), and it seems clear that this
provision does not naturally extend to a technological measure that restricts one form of
access but leaves another route wide open. See also id. § 1201(a)(3) (technological
measure must “require [ ] the application of information, or a process or a treatment ... to
gain access to the work”) (emphasis added). See The Chamberlain Group, Inc. v. Skylink
Techs., Inc., 381 F.3d 1178, at *1183, 2004 U.S.App. LEXIS 18513, at *52 (Fed.Cir.
Aug. 31, 2004) (“Chamberlain’s proposed construction of the DMCA ignores the
significant differences between defendants whose accused products enable copying and
those, like Skylink, whose accused products enable only legitimate uses of copyrighted
software.”).
Nor are we aware of any cases that have applied this provision of the DMCA to a
situation where the access-control measure left the literal code or text of the computer
program or data freely readable. And several cases apply the provision in what seems to
us its most natural sense. See, e.g., 321 Studios v. Metro Goldwyn Mayer Studios, Inc.,
307 F.Supp.2d 1085, 1095 (N.D.Cal.2004) (deciding that the “CSS” encryption program,
which prevents viewing of DVD movies and copying of the data encoded on the DVD,
effectively controls access to copyrighted DVD movies); Universal City Studios, Inc. v.
Reimerdes, 111 F.Supp.2d 294, 318 (S.D.N.Y.2000), aff’d sub nom., Corley, 273 F.3d
429; Sony Computer Entm’t Am. Inc. v. Gamemasters, 87 F.Supp.2d 976, 987
(N.D.Cal.1999) (deciding that technological measure on PlayStation game console,
which prevented unauthorized games from being played, effectively controlled access to
copyrighted CD–ROM video games, which the facts of the case do not describe as either
encrypted or unencrypted); see also RealNetworks, 2000 WL 127311, at *3 (noting that
the technological measure at issue was a “successful means of protecting against
unauthorized duplication and distribution” of copyrighted digital works); Pearl
Investments, LLC v. Standard I/O, Inc., 257 F.Supp.2d 326, 349–50 (D.Me.2003)
(determining that plaintiff’s “encrypted, password-protected virtual private network,”
which blocked access to data including plaintiff’s copyrighted computer software, was a
technological measure that effectively controlled access to that work).
***
Lexmark counters that several cases have embraced a “to make use of” definition of
“access” in applying the DMCA. While Lexmark is partially correct, these cases (and
5
others as well) ultimately illustrate the liability line that the statute draws and in the end
explain why access to the Printer Engine Program is not covered.
In the essential setting where the DMCA applies, the copyright protection operates on
two planes: in the literal code governing the work and in the visual or audio manifestation
generated by the code’s execution. For example, the encoded data on CDs translates into
music and on DVDs into motion pictures, while the program commands in software for
video games or computers translate into some other visual and audio manifestation. In the
cases upon which Lexmark relies, restricting “use” of the work means restricting
consumers from making use of the copyrightable expression in the work. See 321
Studios, 307 F.Supp.2d at 1095 (movies contained on DVDs protected by an encryption
algorithm cannot be watched without a player that contains an access key); Reimerdes,
111 F.Supp.2d at 303 (same); Gamemasters, 87 F.Supp.2d at 981 (Sony’s game console
prevented operation of unauthorized video games). As shown above, the DMCA applies
in these settings when the product manufacturer prevents all access to the copyrightable
material and the alleged infringer responds by marketing a device that circumvents the
technological measure designed to guard access to the copyrightable material.
The copyrightable expression in the Printer Engine Program, by contrast, operates on
only one plane: in the literal elements of the program, its source and object code. Unlike
the code underlying video games or DVDs, “using” or executing the Printer Engine
Program does not in turn create any protected expression. Instead, the program’s output is
purely functional: the Printer Engine Program “controls a number of operations” in the
Lexmark printer such as “paper feed[,] paper movement[,][and] motor control.” Lexmark
Br. at 9; cf. Lotus Dev., 49 F.3d at 815 (determining that menu command hierarchy is an
“uncopyrightable method of operation”). And unlike the code underlying video games or
DVDs, no encryption or other technological measure prevents access to the Printer
Engine Program. Presumably, it is precisely because the Printer Engine Program is not a
conduit to protectable expression that explains why Lexmark (or any other printer
company) would not block access to the computer software that makes the printer work.
Because Lexmark’s authentication sequence does not restrict access to this literal code,
the DMCA does not apply.
Lexmark next argues that access-control measures may “effectively control access” to a
copyrighted work within the meaning of the DMCA even though the measure may be
evaded by an “ ‘enterprising *549 end-user.’ ” Lexmark Br. at 46 (quoting RealNetworks,
2000 WL 127311, at *9). Doubtless, Lexmark is correct that a precondition for DMCA
liability is not the creation of an impervious shield to the copyrighted work. See
RealNetworks, 2000 WL 127311, at *9; Reimerdes, 111 F.Supp.2d at 317–18 (rejecting
argument that an encryption measure does not “effectively control access” because it is
only a “weak cipher”); see also 17 U.S.C. § 1201(a)(3). Otherwise, the DMCA would
apply only when it is not needed.
6
But our reasoning does not turn on the degree to which a measure controls access to a
work. It turns on the textual requirement that the challenged circumvention device must
indeed circumvent something, which did not happen with the Printer Engine Program.
Because Lexmark has not directed any of its security efforts, through its authentication
sequence or otherwise, to ensuring that its copyrighted work (the Printer Engine
Program) cannot be read and copied, it cannot lay claim to having put in place a
“technological measure that effectively controls access to a work protected under [the
copyright statute].” 17 U.S.C. § 1201(a)(2)(B).
Nor can Lexmark tenably claim that this reading of the statute fails to respect Congress’s
purpose in enacting it. Congress enacted the DMCA to implement the Copyright Treaty
of the World Intellectual Property Organization, and in doing so expressed concerns
about the threat of “massive piracy” of digital works due to “the ease with which [they]
can be copied and distributed worldwide virtually instantaneously.” S.Rep. No. 105–190,
at 8 (1998). As Congress saw it, “copyrighted works will most likely be encrypted and
made available to consumers once payment is made for access to a copy of the work.
[People] will try to profit from the works of others by decoding the encrypted codes
protecting copyrighted works, or engaging in the business of providing devices or
services to enable others to do so.” H.R.Rep. No. 105–551, pt. 1, at 10. Backing with
legal sanctions “the efforts of copyright owners to protect their works from piracy behind
digital walls such as encryption codes or password protections,” Corley, 273 F.3d at 435,
Congress noted, would encourage copyright owners to make digital works more readily
available, see S.Rep. No. 105–190, at 8. See also Nimmer § 12A.02[B][1].
Nowhere in its deliberations over the DMCA did Congress express an interest in creating
liability for the circumvention of technological measures designed to prevent consumers
from using consumer goods while leaving the copyrightable content of a work
unprotected. In fact, Congress added the interoperability provision in part to ensure that
the DMCA would not diminish the benefit to consumers of interoperable devices “in the
consumer electronics environment.” 144 Cong. Rec. E2136 (daily ed. Oct. 13, 1998)
(remarks of Rep. Bliley). See generally Anti–Circumvention Rulemaking Hearing, at 44–
56, at http://www.copyright.gov/1201/2003/hearings/transcript-may9.pdf (testimony of
Professor Jane Ginsburg) (Section 1201(a) does not “cover[ ] the circumvention of a
technological measure that controls access to a work not protected under [the Copyright]
title. And if we’re talking about ball point pen cartridges, printer cartridges, garage doors
and so forth, we’re talking about works not protected under this title.”).
C.
In view of our conclusion regarding the Printer Engine Program, we can dispose quickly
of Lexmark’s DMCA claim regarding the Toner Loading Program. The SCC chip does
not provide *550 “access” to the Toner Loading Program but replaces the program. And
to the extent a copy of the Toner Loading Program appears on the Printer Engine
7
Program, Lexmark fails to overcome the same problem that undermines its DMCA claim
with respect to the Printer Engine Program: Namely, it is not the SCC chip that permits
access to the Printer Engine Program but the consumer’s purchase of the printer. One
other point deserves mention. All three liability provisions of this section of the DMCA
require the claimant to show that the “technological measure” at issue “controls access to
a work protected under this title,” see 17 U.S.C. § 1201(a)(2)(A)-(C), which is to say a
work protected under the general copyright statute, id. § 102(a). To the extent the Toner
Loading Program is not a “work protected under [the copyright statute],” which the
district court will consider on remand, the DMCA necessarily would not protect it.
D.
[The panel finds that SCC may also have a valid reverse engineering defense under
1201(f).]
V.
Because Lexmark failed to establish a likelihood of success on any of its claims, whether
under the general copyright statute or under the DMCA, we vacate the district court’s
preliminary injunction and remand the case for further proceedings consistent with this
opinion.
8
404 F.Supp.2d 1030
United States District Court,
N.D. Illinois,
Eastern Division.
AGFA MONOTYPE CORP., and International Typeface Corp., Plaintiffs,
v.
ADOBE SYSTEMS, INC., Defendant.
No. 02 C 6320. | Jan. 13, 2005.
MEMORANDUM OPINION AND ORDER
LEINENWEBER, District Judge.
Plaintiffs Agfa Monotype Corporation and International Typeface Corp. (hereinafter, the
“Plaintiffs”) are the owners and distributors of approximately 3,300 copyrighted fonts in
TrueType format typefaces (the “TrueType Fonts”). Defendant *1031 Adobe Systems,
Inc. (hereinafter, “Adobe”) is the owner and developer of Adobe Acrobat (“Acrobat”).
In essence, this case boils down to Plaintiffs’ contention that Acrobat 5.0 allows users to
complete forms and change text annotations using Plaintiffs’ TrueType Fonts when such
users have not obtained a license from Plaintiffs to edit documents using their fonts.
Specifically, Plaintiffs argue that two specialized features of Version 5.0 of Adobe
Acrobat (“Acrobat 5.0”) violate Section 1201 of the Digital Millennium Copyright Act
(the “DMCA”) by permitting the circumvention of their TrueType Fonts’ embedding bits.
Before the Court are Plaintiffs’ and Defendant’s Motions for Summary Judgment, and
Defendant’s Motion to Strike.
I. BACKGROUND
The following facts are material and undisputed. Defendant designed and produced
Acrobat 5.0, as well as prior and subsequent versions of Adobe Acrobat, to create
portable electronic documents in the Portable Document Format (“PDF”). Adobe Acrobat
enables a computer user (the “Creator”) to create and send PDF documents to another
computer user (the “Recipient”) who receives the electronic document so that the
Recipient can view and print the PDF documents in the same format that the Creator sent
them in. To accomplish this task, Adobe Acrobat stores a copy of the font data in the
electronic document transmitted, a process that is called “font embedding.” The font is
embedded temporarily on the computer system on which it is downloaded.
A. Font Embedding and TrueType Specifications
A font is copied when it is embedded. (Pl. ASOF ¶ 53). Fonts are embedded through
1
embedding bits. Embedding bits indicate to other programs capable of reading them, such
as Adobe Acrobat, the font embedding licensing rights that the font vendor granted with
respect to the particular font. (Def. SOF ¶ 32). The software application decides whether
or not to embed the font based upon the embedding bit. See id. ¶ 36. An embedding bit
cannot be read by a computer program until that program has already accessed the font
data file. See id. ¶ 121. TrueType Fonts are not encrypted, scrambled, or authenticated.
See id. ¶ 137. A TrueType Font data file can be accessed regardless of the font’s
embedding permissions. See id. ¶ 122. A program seeking to access a TrueType Font
need not submit a password or complete an authorization sequence to access, use or copy
TrueType Fonts. See id. ¶¶ 96–97.
The specifications for TrueType Fonts have been available for free download from
Microsoft’s website since 1995, and are some 360 pages in length. One subject addressed
very briefly in the specifications are embedding bits. The TrueType specification
provides four levels of embedding bit restrictions: (1) Restricted, (2) Print & Preview, (3)
Editable, and (4) Installable. * * *
B. Adobe Acrobat
* * * Defendant released Acrobat 5.0 in or around March 2001. At issue in this case are
two specialized features of Acrobat 5.0, the FreeText tool and the Form tool as modified
from prior versions of Adobe Acrobat, which Plaintiffs contend violate the DMCA. (Def.
SOF ¶ 44). In particular, Plaintiffs allege that Acrobat 5.0 made it possible for the first
time to embed in a form field or a free text annotation any TrueType Font whose
embedding bit is not set to “Restricted,” including fonts whose embedding bit is set to
“Print and Preview” (sometimes referred to herein as the “Any Font Feature”). Although
the FreeText Tool and Forms Tool also existed in Adobe Acrobat 4.0, the tools have
increased functionality in Acrobat 5.0. Unlike Adobe Acrobat 4.0, through Acrobat 5.0, a
Recipient of PDF could theoretically embed and use Plaintiffs’ TrueType Fonts to edit a
form field or free text annotation even if the embedding bit was not set to “Editable.”
Defendant modified the pre-existing contested features to create the Any Font Feature in
Acrobat 5.0 by adding only two lines of code that instructed the existing font embedding
software to embed the fonts in form fields and text annotations. See id. ¶¶ 156–157.
Defendant was aware that the changes made in Acrobat 5.0 would permit its users to
embed TrueType Fonts in a Form field or Free Text annotation even if the embedding bit
were set to “Preview and Print” only. Defendant removed the Any Font Feature with the
release of Adobe Acrobat 5.05.
[The court notes that the purpose of the new feature was to enable users to fill out forms
with their preferred fonts.]
C. Circumvention Evidence
2
Defendant released Acrobat 5.0 in or around March 2001. Defendant terminated its
production and distribution of Acrobat 5.0 on or about December 2001 with the release of
Adobe Acrobat 5.05. Plaintiffs do not allege that Adobe Acrobat 5.05, or any previous or
subsequent version of Adobe Acrobat, violates the DMCA. Plaintiffs have not submitted
any evidence establishing actual unauthorized use of their fonts by any Acrobat 5.0 user.
Neither Plaintiffs nor Defendant are aware of any person other than Plaintiffs who has
used an embedded Plaintiffs’ TrueType Font to complete a form or change an annotation
without a license. In fact, Defendant submitted contrary undisputed evidence obtained
from a random sample of one million PDF files on the World Wide Web. Of these files,
only 1,096 files (.11%) contained form fields or free text annotations which had
embedded fonts. Of the 1,096 files, only 21 PDF files had Plaintiffs’ TrueType Fonts
embedded in a form field or free text annotation. Each of the 21 PDF files containing
Plaintiffs’ TrueType Fonts had an “Editable” embedding bit meaning that Plaintiffs had
specifically authorized embedding for editing purposes.
***
III. DISCUSSION
Plaintiffs contend that Acrobat 5.0 violates the DMCA because two of its specialized
features, the FreeText Tool and Forms Tool, allow certain of Plaintiffs’ TrueType Fonts
to be embedded in “form fields” and “free text annotations.” Plaintiffs contend that such
embedding constitutes “editable embedding,” because a Recipient of an electric
document can use the embedded fonts to change the contents of a form field or free text
annotation. Plaintiffs further contend that such “editable embedding” is only possible
because Acrobat 5.0 allows the embedding bits set by Plaintiffs to be “circumvented” in
violation of the DMCA. Section 1201 of the DMCA addresses liability for circumventing
systems that protect copyrights, and is divided into two sections: access measures under
Section 1201(a) and rights measures under Section 1201(b). See 17 U.S.C. § 1201.
Although Plaintiffs contend that they are entitled to summary judgment under both
Sections 1201(a)(2) and 1201(b)(1) of the DMCA, Plaintiffs concede that Defendant’s
“liability under Section 1201(b)(1) is clear, while liability under Section 1201(a)(2) is
less obvious.” (Pl. Supp. Mem. at 22). Defendants contend that Acrobat 5.0 does not
violate Section 1201(a)(2) or Section 1201(b)(1) of the DMCA and it is entitled to
summary judgment.
A. 17 U.S.C. § 1201(a)(2) Liability
***
Citing RealNetworks, Inc. v. Streambox, Inc., 2000 WL 127311 (W.D.Wash.2000),
Plaintiffs contend that a 2–bit embedding bit, which is similar to a Copy Switch that
contains the content owner’s copying preferences regarding streaming to end-users, is an
3
technological measure that effectively controls access. RealNetworks, however, also
involved the “Secret Handshake” technological measure, a secret authentication sequence
that “by design” prevents streaming “unless this authentication sequence takes place.” Id.
at *2. Defendant distinguishes RealNetworks from the instant case because the
RealNetworks court held that “in conjunction with the Secret Handshake, the Copy
Switch is a ‘technological measure that effectively protects the rights of a copyright
owner.’ ” Id. at *7 (emphasis added). Here, embedding bits, which are not secret and
require no password or authorization, are the only alleged “technological measure,” and
there is nothing to work in conjunction with the embedding bits to control access.
The Court concludes that the undisputed facts establish that Plaintiffs’ embedding bits,
without more, do not “effectively control access to a work protected under th[e
Copyright] title.” 17 U.S.C. § 1201(a)(2)(A). An embedding bit is a passive entity that
does nothing by itself. The embedding bit must be downloaded and accessed in order for
a software system to interpret its embedding permissions. Since the specifications for the
TrueType Font have been available for free download from the Internet since 1995, it is
clearly not secret or undisclosed. Embedding bits are not encrypted, scrambled or
authenticated, and software applications, such as Acrobat 5.0, need not enter a password
or authorization sequence to obtain access to the embedding bits or the specification for
the TrueType font.
For the foregoing reasons, the embedding bits used in connection with Plaintiffs’
TrueType Fonts do not “in the ordinary course of [their] operation, require[ ] the
application of information, or a process or a treatment, with the authority of the copyright
owner, to gain access” to Plaintiffs’ TrueType Fonts. Id. § 1201(a)(3)(B). Plaintiff has
failed to prove that its copyrighted TrueType Fonts are “effectively controlled by a
technological measure, *1037 which has been circumvented.” Chamberlain, 381 F.3d at
1203.
***
B. 17 U.S.C. § 1201(b)(1) Liability
***
To prove liability in this case under Section 1201(b)(1)(a), Plaintiffs must establish that
Acrobat 5.0, or the parts thereof, are “primarily designed or produced for the purpose of
circumventing a protection afforded by a technological measure that effectively protects a
right of copyright owner” as such terms are defined under the DMCA. Here, even if the
operation of Acrobat 5.0 implicated Plaintiffs’ reproduction right of copyright as
Plaintiffs contend, a conclusion that is not entirely clear to the Court based upon the
particular facts of this case, the Court finds that Plaintiffs have failed to establish
Defendant’s liability under Section 1201(b) of the DMCA.
4
First, based on the evidence presented, the Court agrees with the Defendant that the
embedding bits, without more, do not “prevent[ ], restrict[ ], or otherwise limit[ ] the
exercise of a right of copyright,” Id. § 1201(b)(2)(B), and consequently do not
“effectively protect[ ] the right of copyright owner.” Id. Second, the Court’s extensive
review of the record does not reveal evidence to establish that Defendant designed or
produced the FreeText Tool, Forms Tools, Any Font Feature, or Acrobat 5.0 “primarily ”
to circumvent Plaintiffs’ embedding bits. To the contrary, as discussed more thoroughly
Sections I and III(A) of this Memorandum, Acrobat 5.0 as a whole and the parts thereof
were not primarily designed or promoted for font embedding purposes and has many
other commercially significant purposes. Finally, Defendant did not market the Any
Fonts Feature, embedding bits, or circumvention of embedding bits in connection with
the extensive marketing materials for Acrobat 5.0. Additionally, Acrobat 5.0 as a whole,
as well as the parts thereof, clearly have more than a limited commercially significant
purpose or use other than circumventing the embedding bits associated with Plaintiffs’
TrueType Fonts.
Accordingly. Plaintiffs have failed to establish Defendant’s potential liability under
Section 1201(b) of the DMCA, and accordingly, Plaintiffs’ Motion with respect to
Section 1201(b) is denied, and Defendant’s Motion for Summary Judgment with respect
to such section is granted. Due to its disposition of the Summary Judgment Motions, the
Court need not address Defendant’s Motion to Strike, and accordingly, such motion is
denied as moot.
IV. CONCLUSION
For the foregoing reasons, Plaintiffs’ Motion for Summary Judgment is DENIED and
Defendant’s Motion for Summary Judgment is GRANTED. Defendant’s Motion to
Strike is DENIED AS MOOT.
IT IS SO ORDERED.
5
2006 WL 3500868
United States District Court,
E.D. Michigan,
Southern Division.
AUTO INSPECTION SERVICES, INC., Plaintiff,
v.
FLINT AUTO AUCTION, INC., Priority Inspection, Inc., Inviso, Inc., John Luce,
William Williams, Jr., Angie Compton, Lawrence Cubit, Kenneth J. Moffitt, Scott
Braley, and John Does 1-10, Defendants.
No. 06-15100. | Dec. 4, 2006.
***
OPINION AND ORDER
LAWRENCE P. ZATKOFF, District Judge.
I. INTRODUCTION
*1 This matter is presently before the Court upon Plaintiff’s Motion for a Preliminary
Injunction. The preliminary injunction hearing was held on November 30, 2006. For the
reasons set forth below, Plaintiff’s motion will be DENIED.
II. BACKGROUND
A. The Parties and Events Leading to the Present Dispute
Plaintiff Auto Inspection Services, Inc. (“AIS”), developed automotive inspection
software (“the Program”) that is utilized as a uniform method of inspecting vehicles after
the term of lease or use has expired. In March 2004, AIS registered the Program with the
United States Copyright Office, and currently owns the copyright for the Program. In
order to protect against unauthorized use of the Program, AIS included a quality control
feature as part of the software, which allowed it to monitor all information collected
using the Program. For example, when an vehicle inspector collected data of a vehicle
and entered it into the Program, the data had to be sent to AIS for quality control
inspection before the information could be forwarded to the owner of the vehicle. In this
way, AIS could monitor who was using the Program to protect against unauthorized use.
Defendants Flint Auto Auction, Inc., Inviso, Inc., and Priority Inspections, Inc.
(collectively “FAA”) are also in the auto inspection business. FAA began designing and
programming its own automotive software in 1990, including three separate inspection
programs, using both an in-house computer staff and outside firms such as Technical
Edge. Prior to the 1990s, FAA’s primary clients consisted of automotive dealers who
1
participated in dealer auctions at FAA’s facility in Flint. Eventually, FAA attracted larger
clients such as General Motors and GMAC.
GMAC, as part of its business of reselling cars at the end of their leases, began using the
internet to conduct sales, making inspections a critical element in the business. GMAC
approached FAA to conduct these inspections in the summer of 2003, and suggested that
FAA use AIS’s inspection software. GMAC had previously approved AIS’s software,
which it required to contain uniform elements and provided detailed instructions for
writing the software. Such instructions were necessary for uniformity in GMAC’s
inspections. Consequently, the inspectors GMAC dealt with, such as FAA and AIS, used
software that was substantially similar. Further, GMAC requires that the inspection
software be continuously updated in order to continue conducting inspections for GMAC.
The next update is December 1, 2006, the day after the hearing.
On October 27, 2003, FAA and AIS entered into a non-exclusive licensing agreement in
which AIS permitted FAA to make use of the Program while performing inspections for
GMAC. AIS loaded the software directly on to Panasonic Toughbook computers and
provided the computers to FAA. AIS reserved the right to terminate the agreement and
require the return or destruction of all copies of the Program if FAA failed to abide by its
terms.
*2 In May 2004, AIS, through its quality control process, learned that an unauthorized
user, Columbus Fair Auto Auction (“CFAA”), had made use of the Program using FAA’s
license. However, CFAA had previously contacted AIS with regard to possibly using the
software and there is some suggestion that AIS authorized the use it now complains of.
Nevertheless, AIS immediately issued a cease and desist letter pursuant to the license
agreement, requiring FAA to stop use of the Program and return all copies to AIS. FAA
agreed that it would be in the parties’ best interest to terminate the agreement and
complied with AIS’s requests.
Following the end of the business relationship, AIS alleges that FAA continued to make
use of the Program in violation of its copyrights. AIS has submitted an affidavit of a
former FAA employee, Jacob Kniss. Mr. Kniss worked for FAA from 2001 to 2006 as an
auto inspector, during which time he became familiar with the inspection software. Mr.
Kniss stated that FAA’s software is the same or substantially similar to the Program, and
that FAA is still currently using a substantially similar program. See Kniss Aff. ¶¶ 2, 10.
FAA states that following the end of the business relationship with AIS, it set forth to
develop its own inspection program to take the place of AIS’s Program. FAA hired
Technical Edge to develop the software and provided the programmers with GMAC’s
program requirements, and a description of FAA’s needs. Technical Edge’s designer,
Randall Phillips, used the GMAC requirements, FAA’s needs, and their own in-house
libraries as the basis for the software.
2
***
IV. ANALYSIS
A. Likelihood of Success on the Merits
***
2. Digital Millennium Copyright Act
*8 AIS asserts that it has a substantial likelihood of success on the merits of its claim
under the Digital Millennium Copyright Act (“DMCA”), 17 U.S.C. § 1201 et seq.
Section 1201(a)(1) of the DMCA states that “no person shall circumvent a technological
measure that effectively controls access to a work protected under this title.”
Circumventing a technological measure means “to descramble a scrambled work, to
decrypt an encrypted work, or otherwise bypass, remove, deactivate, or impair a
technological measure, without authority of the copyright owner.” 17 U.S.C. §
1201(a)(3)(A). A technological measure effectively controls access to the work “if the
measure in the ordinary process of its operation, requires the application of information
or a process or a treatment, with the authority of the copyright owner, to gain access to
the work.” 17 U.S.C. § 1201(a)(3)(B). The effectiveness test is met if the technological
measure actually works to control access. See Universal City Studios v. Reimerdes, 111
F.Supp.2d 294, 318 (S.D.N.Y.2000).
As an initial matter, it is questionable that AIS’s user detection feature constitutes a
technological measure that controls access to a protected work. The protected work in
this case is the source code of the Program. The user detection feature is a part of the
program itself and in no way controls access to the source code; rather, it merely alerts
AIS as to who is using the Program. Consequently, the user detection feature would not
prevent anyone from gaining access to the source code and copying it verbatim. See, e.g.,
Lexmark, 387 F.3d at 549 (“Because Lexmark has not directed any of its security efforts,
through its authentication sequence or otherwise, to ensuring that its copyrighted work
(the Printer Engine Program) cannot be read and copied, it cannot lay claim to having put
in place a ‘technological’ measure that effectively controls access to a work protected
under [the copyright statute].”). Moreover, this feature only comes into play after a user
has conducted an inspection, and does not prevent unauthorized users from accessing the
Program.
***
V. CONCLUSION
The record does not demonstrate that AIS has a strong likelihood of success on the
3
merits. Further, AIS, without the benefit of a presumption, has not demonstrated that it
will be irreparably harmed if an injunction is not issued. On the other hand, issuing an
injunction could seriously harm FAA’s business. Consequently, FAA has shown good
cause as to why the Court should not grant a preliminary injunction. * * *
4
307 F.Supp.2d 521
United States District Court,
S.D. New York.
I.M.S. INQUIRY MANAGEMENT SYSTEMS, LTD., Plaintiff,
v.
BERKSHIRE INFORMATION SYSTEMS, INC., Defendant.
No. 03 Civ. 2183(NRB). | Feb. 23, 2004.
***
MEMORANDUM AND ORDER
BUCHWALD, District Judge.
Plaintiff I.M.S. Inquiry Management Systems, Ltd., (“plaintiff” or “I.M.S.”) commenced
this action on March 28, 2003, against defendant Berkshire Information Systems, Inc.,
(“defendant” or “Berkshire”) seeking damages and injunctive relief for defendant’s
alleged unauthorized use of plaintiff’s computer system and the content thereof. In
Plaintiff’s First *523 Amended Complaint (“Amended Complaint” or “Am. Compl.”),
filed on May 6, 2003, plaintiff claims that [defendant violated the Computer Fraud and
Abuse Act and the Digital Millennium Copyright Act.]
Pursuant to Fed.R.Civ.P. 12(b)(6), defendant moves to dismiss these claims, asserting
that plaintiff fails to state a claim under which relief may be granted. * * *
For the following reasons, defendant’s motion is denied in part and granted in part.
I. BACKGROUND
The following factual background and allegations are derived from plaintiff’s amended
complaint and are taken as true for purposes of this motion.
I.M.S., a Canadian Corporation, is engaged in the service of providing advertising
tracking information to publishers, advertisers, and others. I.M.S. operates a web-based
service known as “e-Basket”, which is used by I.M.S.’s clients to track magazine
advertising. e-Basket is available exclusively to I.M.S. clients. Each I.M.S. client is
issued a unique user identification and password which allows the client to access the eBasket service and information in I.M.S.’s computers through an I.M.S. website. The eBasket content is selected by I.M.S. and arranged into categories and sub-categories, a
process which involves substantial creativity, time and effort. According to I.M.S., the eBasket service contains copyrightable subject matter.
1
Berkshire has introduced and operates a competing tracking service called
“Marketshareinfo.com”. I.M.S. alleges that in or around March of 2002, Berkshire, or an
agent thereof, intentionally and without authorization accessed I.M.S.’s e-Basket service,
and gathered and copied content therefrom for use in Marketshareinfo.com. Specifically,
Berkshire’s unauthorized access spanned eight different webpages of e-Basket content,
including that which would ordinarily be used by I.M.S. clients. Through its unauthorized
access, I.M.S. contends that Berkshire copied roughly eighty-five percent of I.M.S.’s
report formats. Marketshareinfo.com was launched after Berkshire accessed e-Basket,
and I.M.S. alleges that Marketshareinfo.com incorporates original copyrightable elements
of e-Basket, including the selection and arrangement of informational category headings
and I.M.S.-compiled market data.
To gain access to e-Basket, I.M.S. alleges that Berkshire obtained a user identification
and password issued to a third party, thereby knowingly inducing that third party to
breach an agreement it had with I.M.S.
According to I.M.S., Berkshire’s unauthorized access of I.M.S.’s computers is causing
I.M.S. irreparable harm, has impaired the integrity and availability of I.M.S.’s data, and
has caused I.M.S. to *524 incur costs of more than $5,000 in damage assessment and
remedial measures.
***
III. THE COMPUTER FRAUD AND ABUSE ACT
[The court concludes that IMS has stated a claim under 1030(a)(2)(C).]
***
V. DIGITAL MILLENNIUM COPYRIGHT ACT
Congress enacted the Digital Millennium Copyright Act (“DMCA”) in 1998 to
“strengthen copyright protection in the digital age.” Universal City Studios, *531 Inc. v.
Corley, 273 F.3d 429, 435 (2d Cir.2001). Plaintiff claims that defendant, by accessing
I.M.S.’s computer system through the unauthorized use of a password issued to a party
other than defendant, violated the DMCA’s bar on circumventing a technological
measure that effectively controls access to protected work.
***
Defendant challenges whether the facts as alleged manifest a “circumvention” as that
term is defined in the subsection. According to defendant, the DMCA was passed to
combat unauthorized disabling of digital walls which otherwise safeguard copyrighted
2
materials available on the Internet and the decryption of encrypted content, such as that
found on a DVD. See Mem. at 13 (citing Universal City Studios, Inc., 273 F.3d 429).
Defendant argues that it is not accused of having “hacked” into plaintiff’s website, and
that “[t]he disconnect between the harm the statute is designed to address and the acts of
which [p]laintiff complains” warrants dismissal of this claim. Mem. at 13.
Whether accessing copyrighted work by unauthorized use of an otherwise legitimate,
owner-issued password qualifies as circumvention under the DMCA appears to be a
question of first impression in this Circuit and in all others.
A. Was An Effective Technological Measure In Place?
An action under the DMCA requires “circumvent[ion of] a technological measure that
effectively controls access to a work protected under this title.” 17 U.S.C. § 1201(a). A
“technological measure that effectively controls access” is defined as one that “in the
ordinary course of its operation ... requires the application of information, or a process or
a treatment, with the authority of the copyright owner, to gain access to the work.” Id., at
§ 1201(a)(3).
I.M.S.’s password protection fits within this definition. In order to gain access to the eBasket service, a user in the ordinary course of operation needs to enter a password,
which is the application of information. Indeed, the Second Circuit in Universal Studios
confirmed that “[t]he DMCA ... backed with legal sanctions the efforts of copyright
owners to protect their *532 works from piracy behind digital walls such as encryption
codes or password protections.” Universal Studios, 273 F.3d at 435 (emphasis added).
B. Was The Technological Measure Circumvented?
It is of course the case, as defendant propounds, that the DMCA addresses activity such
as decryption, descrambling, deactivation and impairment, and that these are all forms of
circumvention under the subsection commonly involving technologically-sophisticated
maneuvers. One might associate these activities with the breaking and entering (or
hacking) into computer systems.
On the other hand, other actions proscribed by the DMCA, connote broader application
of the anti-circumvention prohibition, such as the terms “avoid” and “bypass”. These
actions are far more open-ended and mundane, and do not necessarily involve some kind
of tech-based execution. Notwithstanding this, defendant argues that it has not even
committed any act of avoidance or bypass, as it is accused of confronting IMS’s
password-controlled access in the way precisely intended: “[A]ll [I.M.S.] accuses
Berkshire of doing is using IMS’s own customer’s valid password and user
[identification] to view IMS’s e-Basket system exactly as the customer itself might have
done.” Rep. Mem. at 10.
3
We agree that plaintiff’s allegations do not evince circumvention as that term is used in
the DMCA. Circumvention requires either descrambling, decrypting, avoiding,
bypassing, removing, deactivating or impairing a technological measure qua
technological measure. In the instant matter, defendant is not said to have avoided or
bypassed the deployed technological measure in the measure’s gatekeeping capacity. The
Amended Complaint never accuses defendant of accessing the e-Basket system without
first entering a plaintiff-generated password.
More precisely and accurately, what defendant avoided and bypassed was permission to
engage and move through the technological measure from the measure’s author. Unlike
the CFAA, a cause of action under the DMCA does not accrue upon unauthorized and
injurious access alone; rather, the DMCA “targets the circumvention of digital walls
guarding copyrighted material.” Universal Studios, 273 F.3d 429, 443 (emphasis in
original).
Although whether an activity qualified as circumvention was not the question posed to
the court, Universal Studios is instructive as a matter of reference. There, the offending
circumvention was a DVD decryption program, DeCSS, which enabled the viewing of
movies without using a DVD player. See Universal Studios, 273 F.3d at 452. The security
device that prevented access to DVD movies without a DVD player, CSS, was described
“[i]n its basic function ... [as] a lock on a homeowner’s door, a combination of a safe, or a
security device attached to a store’s products.” Id., at 452–53. Likewise, “[i]n its basic
function, [DeCSS, the decryption program] is like a skeleton key that can open a locked
door, a combination that can open a safe, or a device that can neutralize the security
device attached to a store’s products. DeCSS enables anyone to gain access to a DVD
movie without using a DVD player.” Universal Studios, 273 F.3d at 453.
Defendant is alleged to have accessed plaintiff’s protected website without plaintiff’s
authorization. Defendant did not surmount or puncture or evade any technological
measure to do so; instead, it used a password intentionally issued by *533 plaintiff to
another entity. As an analogy to Universal Studios, the password defendant used to enter
plaintiff’s webservice was the DVD player, not the DeCSS decryption code, or some
alternate avenue of access not sponsored by the copyright owner (like a skeleton key, or
neutralizing device). Plaintiff, however, did not authorize defendant to utilize the DVD
player. Plaintiff authorized someone else to use the DVD player, and defendant borrowed
it without plaintiff’s permission. Whatever the impropriety of defendant’s conduct, the
DMCA and the anti-circumvention provision at issue do not target this sort of activity.
***
CONCLUSION
For the foregoing reasons, defendant’s motion is denied with respect to plaintiff’s CFAA
4
claims, and granted for plaintiff’s copyright infringement and DMCA claims. * * *
IT IS SO ORDERED.
5
381 F.3d 1178
United States Court of Appeals,
Federal Circuit.
The CHAMBERLAIN GROUP, INC., Plaintiff–Appellant,
v.
SKYLINK TECHNOLOGIES, INC., Defendant–Appellee.
No. 04–1118. | DECIDED: Aug. 31, 2004. | Rehearing and Rehearing En Banc Denied
Oct. 22, 2004.
***
GAJARSA, Circuit Judge.
The Chamberlain Group, Inc. (“Chamberlain”) appeals the November 13, 2003 summary
judgment of the United States District Court for the Northern District of Illinois (“District
Court”) in favor of Skylink Technologies, Inc. (“Skylink”), finding that Skylink is not
violating the anti-trafficking provisions of the Digital Millennium Copyright Act
(“DMCA”), 17 U.S.C. § 1201 et seq., and dismissing all other claims, including claims of
patent infringement. Chamberlain Group, Inc. v. Skylink Techs., Inc., 292 F.Supp.2d
1040 (N.D.Ill.2003) (“Chamberlain II ”). * * *
Chamberlain’s claims at issue stem from its allegation that the District Court incorrectly
construed the DMCA as placing a burden upon Chamberlain to prove that the
circumvention of its technological measures enabled unauthorized access to its
copyrighted software. But Skylink’s accused device enables only uses that copyright law
explicitly authorizes, and is therefore presumptively legal. Chamberlain has neither
proved nor alleged a connection between Skylink’s accused circumvention device and the
protections that the copyright laws afford Chamberlain capable of overcoming that
presumption. Chamberlain’s failure to meet this burden alone compels a legal ruling in
Skylink’s favor. We therefore affirm the District Court’s summary judgment in favor of
Skylink.
BACKGROUND
A. The Applicable Statute
* * * The matter on appeal involves only Chamberlain’s allegation that Skylink is
violating the DMCA, specifically the anti-trafficking provision of § 1201(a)(2).
***
1
B. The Dispute
***
The technology at issue involves Garage Door Openers (GDOs). A GDO typically
consists of a hand-held portable transmitter and a garage door opening device mounted in
a homeowner’s garage. The opening device, in turn, includes both a receiver with
associated signal processing software and a motor to open or close the garage door. In
order to open or close the garage door, a user must activate the transmitter, which sends a
radio frequency (RF) signal to the receiver located on the opening device. Once the
opener receives a recognized signal, the signal processing software directs the motor to
open or close the garage door.
When a homeowner purchases a GDO system, the manufacturer provides both an opener
and a transmitter. Homeowners who desire replacement or spare transmitters can
purchase them in the aftermarket. Aftermarket consumers have long been able to
purchase “universal transmitters” that they can program to interoperate with their GDO
system regardless of make or model. Skylink and Chamberlain are the only significant
distributors of universal GDO transmitters.1 Chamberlain places no explicit restrictions
on the types of transmitter that the homeowner may use with its system at the time of
purchase. Chamberlain’s customers therefore assume that they enjoy all of the rights
associated with the use of their GDOs and any software embedded therein that the
copyright laws and other laws of commerce provide.
This dispute involves Chamberlain’s Security+ line of GDOs and Skylink’s Model 39
universal transmitter. Chamberlain’s Security+ GDOs incorporate a copyrighted “rolling
code” computer program that constantly changes the transmitter signal needed to open
the garage door. Skylink’s Model 39 transmitter, which does not incorporate rolling code,
nevertheless allows users to operate Security+ openers. Chamberlain alleges that
Skylink’s transmitter renders the Security+ insecure by allowing unauthorized users to
circumvent the security inherent in rolling codes. Of greater legal significance, however,
Chamberlain contends that because of this property of the Model 39, Skylink is in
violation of the anti-trafficking clause of the DMCA’s anticircumvention provisions,
specifically § 1201(a)(2).
The code in a standard (i.e., non-rolling code) GDO transmitter is unique but fixed. Thus,
according to Chamberlain, the typical GDO is vulnerable to attack by burglars who can
open the garage door using a “code grabber.” According to Chamberlain, code grabbers
allow burglars in close proximity to a homeowner operating her garage door to record the
signal sent from the transmitter to the opener, and to return later, replay the recorded
signal, and open the garage door. Chamberlain concedes, however, that code grabbers are
more theoretical than practical burgling devices; none of its witnesses had either firsthand
knowledge of a single code grabbing problem or familiarity with data demonstrating
2
*1184 the existence of a problem. Nevertheless, Chamberlain claims to have developed
its rolling code system specifically to prevent code grabbing.2
The essence of the rolling code system is that the transmitted signals are broken into
fixed and variable (or “rolling”) components. The entire transmitted signal is a bit string.
The fixed component serves to identify the transmitter. The rolling component cycles
through a lengthy cycle of bit strings only some of which are capable of opening the door
at any given time, ostensibly so that a burglar replaying a grabbed code is unlikely to
send a valid signal—and therefore unlikely to open the garage door.
A user wishing to set up a new transmitter for use with her Security+ GDO must switch
the opener to “program mode” and send a signal from the transmitter to the opener. The
opener stores both the fixed and rolling components of the transmitted signal. When the
user switches the opener back to “operate mode,” the system is set and the user may
operate the opener with the newly programmed transmitter. In Chamberlain’s transmitter,
a computer program increases the rolling code by a factor of three each time the user
activates the transmitter. When the transmitted signal reaches the receiver, a program in
the opener checks to see whether the rolling code received was identical to one of the
most recently received 1,024 rolling codes (the “rear window”). If so, it will not activate
the motor. If, on the other hand, the rolling code received is among the next 4,096 binary
signals (the “forward window”), the receiver will activate the motor.
Not all recognized binary rolling signals are in either the forward or rear windows. If the
transmitter sends a single signal outside of either window, the receiver will ignore it. If,
however, the transmitter sends two signals outside either window in rapid succession, the
opener will again access its programming, this time to determine whether the two signals
together comprise a “resynchronization” sequence. If the signals differ by three, the
receiver will reset the windows and activate the motor. According to Chamberlain,
resynchronization accommodates the possibility that homeowners using the same
transmitter for multiple residences may transmit so many signals while out of range of the
opener that they exhaust the entire forward window.
Skylink began marketing and selling universal transmitters in 1992. Skylink designed its
Model 39, launched in August 2002, to interoperate with common GDOs, including both
rolling code and non-rolling code GDOs.3 Although Chamberlain concedes that the
Model 39 transmitter is capable of operating many different GDOs, it nevertheless asserts
that Skylink markets the Model 39 transmitter for use in circumventing its copyrighted
rolling code computer program. Chamberlain supports this allegation by pointing to the
Model 39’s setting that operates only Chamberlain’s rolling code GDOs.
Skylink’s Model 39 does not use rolling code technology. Like Chamberlain’s products,
however, the Model 39’s binary signal contains two components. The first corresponds to
the Chamberlain’s fixed *1185 component identifying the transmitter, and the second
3
simulates the effect of the Chamberlain’s rolling code. Like the Chamberlain fixed
component, the primary role of the Model 39’s identifying component is in
programming; a homeowner wishing to use a Model 39 in conjunction with a
Chamberlain GDO must program the opener to recognize his newly purchased
transmitter. When the homeowner actually uses the transmitter, it broadcasts three fixed
codes in rapid succession. The first binary signal combines the identifying component
with an arbitrary binary sequence. The second binary signal subtracts 1800 from the first
signal. The third signal adds three to the second signal. The combination of these three
codes transmitted with every press of the Model 39 transmitter button will either cause
the Chamberlain GDO to operate in response to the first fixed code or cause the GDO to
resynchronize and operate in response to the second and third fixed codes. Chamberlain
characterizes this procedure as a circumvention of an important security measure; a code
grabber that recorded the Model 39’s three codes could later play them back and activate
a Chamberlain rolling code GDO without authorization.
These facts frame the dispute now before us on appeal. Though only Chamberlain’s
DMCA claim is before us, and though the parties dispute whether or not Skylink
developed the Model 39 independent of Chamberlain’s copyrighted products,4 it is
nevertheless noteworthy that Chamberlain has not alleged either that Skylink infringed its
copyright or that Skylink is liable for contributory copyright infringement. What
Chamberlain has alleged is that because its opener and transmitter both incorporate
computer programs “protected by copyright” and because rolling codes are a
“technological measure” that “controls access” to those programs, Skylink is prima facie
liable for violating § 1201(a)(2). In the District Court’s words, “Chamberlain claims that
the rolling code computer program has a protective measure that protects itself. Thus,
only one computer program is at work here, but it has two functions: (1) to verify the
rolling code; and (2) once the rolling code is verified, to activate the GDO motor, by
sending instructions to a microprocessor in the GDO.” Chamberlain I, 292 F.Supp.2d at
1028.
***
DISCUSSION
***
D. The Statute and Liability under the DMCA
The essence of the DMCA’s anticircumvention provisions is that §§ 1201(a),(b) establish
causes of action for liability. They do not establish a new property right. The DMCA’s
text indicates that circumvention is not infringement, 17 U.S.C. § 1201(c)(1) (“Nothing in
this section shall affect rights, remedies, limitations, or defenses to copyright
4
infringement, including fair use, under this title.”), and the statute’s structure makes the
point even clearer. This distinction between property and liability is critical. Whereas
copyrights, like patents, are property, liability protection from unauthorized *1193
circumvention merely creates a new cause of action under which a defendant may be
liable. The distinction between property and liability goes straight to the issue of
authorization, the issue upon which the District Court both denied Chamberlain’s and
granted Skylink’s motion for summary judgment.
A plaintiff alleging copyright infringement need prove only “(1) ownership of a valid
copyright, and (2) copying of constituent elements of the work that are original.” Feist
Pub., Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 361, 111 S.Ct. 1282, 113 L.Ed.2d 358
(1991); see also Harris Custom Builders, Inc. v. Hoffmeyer, 92 F.3d 517, 519 (7th
Cir.1996). “[T]he existence of a license, exclusive or nonexclusive, creates an affirmative
defense to a claim of copyright infringement.” I.A.E., Inc. v. Shaver, 74 F.3d 768, 775
(7th Cir.1996). In other words, under Seventh Circuit copyright law, a plaintiff only
needs to show that the defendant has used her property; the burden of proving that the use
was authorized falls squarely on the defendant. Id. The DMCA, however, defines
circumvention as an activity undertaken “without the authority of the copyright owner.”
17 U.S.C. § 1201(a)(3)(A). The plain language of the statute therefore requires a plaintiff
alleging circumvention (or trafficking) to prove that the defendant’s access was
unauthorized—a significant burden where, as here, the copyright laws authorize
consumers to use the copy of Chamberlain’s software embedded in the GDOs that they
purchased. The premise underlying this initial assignment of burden is that the copyright
laws authorize members of the public to access a work, but not to copy it. The law
therefore places the burden of proof on the party attempting to establish that the
circumstances of its case deviate from these normal expectations; defendants must prove
authorized copying and plaintiffs must prove unauthorized access.
The distinction between property and liability also addresses an important policy issue
that Chamberlain puts into stark focus.10 According to Chamberlain, the 1998 enactment
of the DMCA “renders the pre-DMCA history in the GDO industry irrelevant. By
prohibiting the trafficking and use of circumvention technology, the DMCA
fundamentally altered the legal landscape.... Any analysis of practices within the GDO
industry must now be undertaken in light of the DMCA.” Chamberlain reiterated and
strengthened this assertion at oral argument, claiming that the DMCA overrode all preexisting consumer expectations about the legitimate uses of products containing
copyrighted embedded software. Chamberlain contends that Congress empowered
manufacturers to prohibit consumers from using embedded software products in
conjunction with competing products when it passed § 1201(a)(1). According to
Chamberlain, all such uses of products containing copyrighted software to which a
technological measure controlled access are now per se illegal under the DMCA unless
the manufacturer provided consumers with explicit authorization. Chamberlain’s
interpretation of the DMCA would therefore grant manufacturers broad exemptions from
5
both the antitrust laws and the doctrine of copyright misuse.
Such an exemption, however, is only plausible if the anticircumvention provisions
established a new property right capable of conflicting with the copyright owner’s other
legal responsibilities—which as we have already explained, they do not. The
anticircumvention provisions convey no additional property rights in and *1194 of
themselves; they simply provide property owners with new ways to secure their property.
Like all property owners taking legitimate steps to protect their property, however,
copyright owners relying on the anticircumvention provisions remain bound by all other
relevant bodies of law. Contrary to Chamberlain’s assertion, the DMCA emphatically did
not “fundamentally alter” the legal landscape governing the reasonable expectations of
consumers or competitors; did not “fundamentally alter” the ways that courts analyze
industry practices; and did not render the pre-DMCA history of the GDO industry
irrelevant.
What the DMCA did was introduce new grounds for liability in the context of the
unauthorized access of copyrighted material. The statute’s plain language requires
plaintiffs to prove that those circumventing their technological measures controlling
access did so “without the authority of the copyright owner.” 17 U.S.C. § 1201(3)(A).
Our inquiry ends with that clear language. We note, however, that the statute’s structure,
legislative history, and context within the Copyright Act all support our construction.
They also help to explain why Chamberlain’s warranty conditions and website postings
cannot render users of Skylink’s Model 39 “unauthorized” users for the purposes of
establishing trafficking liability under the DMCA.
E. Statutory Structure and Legislative History
***
Because the DMCA is a complex statute creating several new causes of action, each
subject to numerous exceptions, we must also ensure that our construction makes sense
given the statute’s entirety. We must therefore consider briefly the relationship among the
liabilities created under §§ 1201(a)(1), (a)(2), and (b). Statutory structure and legislative
history both make it clear that § 1201 applies only to circumventions reasonably related
to protected rights. Defendants who traffic in devices that circumvent access controls in
ways that facilitate infringement may be subject to liability under § 1201(a)(2).
Defendants who use such devices may be subject to liability under § 1201(a)(1) whether
they infringe or not. Because all defendants who traffic in devices that circumvent rights
controls necessarily facilitate infringement, they may be subject to liability under §
1201(b). Defendants who use such devices may be subject to liability for copyright
infringement. And finally, defendants whose circumvention devices do not facilitate
6
infringement are not subject to § 1201 liability.
The key to understanding this relationship lies in § 1201(b),12 which prohibits trafficking
in devices that circumvent technological measures tailored narrowly to protect an
individual right of the copyright owner while nevertheless allowing access to the
protected work. Though § 1201(b) parallels the anti-trafficking ban of § 1201(a)(2), there
is no narrowly tailored ban on direct circumvention to parallel § 1201(a)(1). This
omission was intentional.
The prohibition in 1201(a)(1) [was] necessary because prior to [the DMCA], the
conduct of circumvention was never before made unlawful. The device limitation in
1201(a)(2) enforces this new prohibition in conduct. The copyright law has long
forbidden copyright infringements, so no new prohibition was necessary. The device
limitation in 1201(b) enforces the longstanding prohibitions on infringements.
S.Rep. No. 105–90 at 12 (1998).
Prior to the DMCA, a copyright owner would have had no cause of action against *1196
anyone who circumvented any sort of technological control, but did not infringe. The
DMCA rebalanced these interests to favor the copyright owner; the DMCA created
circumvention liability for “digital trespass” under § 1201(a)(1). It also created
trafficking liability under § 1201(a)(2) for facilitating such circumvention and under §
1201(b) for facilitating infringement (both subject to the numerous limitations and
exceptions outlined throughout the DMCA).13
The importance of “rebalancing” interests in light of recent technological advances is
manifest in the DMCA’s legislative history. Though the Supreme Court has recognized
that interim industrial developments may erode the “persuasive effect of legislative
history,” New York v. FERC, 535 U.S. 1, 23, 122 S.Ct. 1012, 152 L.Ed.2d 47 (2002),
Congressional intent evident in relatively recent legislation like the DMCA may provide
useful context in interpreting the statutory language. Though “we do not resort to
legislative history to cloud a statutory text that is clear,” Ratzlaf v. United States, 510
U.S. 135, 147–48, 114 S.Ct. 655, 126 L.Ed.2d 615 (1994), we nevertheless recognize that
“words are inexact tools at best, and hence it is essential that we place the words of a
statute in their proper context by resort to the legislative history.” Tidewater Oil Co. v.
United States, 409 U.S. 151, 157, 93 S.Ct. 408, 34 L.Ed.2d 375 (1972).
The most significant and consistent theme running through the entire legislative history
of the anticircumvention and anti-trafficking provisions of the DMCA, §§ 1201(a)(1),(2),
is that Congress attempted to balance competing interests, and “endeavored to specify,
with as much clarity as possible, how the right against anti-circumvention would be
qualified to maintain balance between the interests of content creators and information
users.” H.R.Rep. No. 105–551, at 26 (1998). The Report of the House Commerce
Committee concluded that § 1201 “fully respects and extends into the digital environment
7
the bedrock principle of ‘balance’ in American intellectual property law for the benefit of
both copyright owners and users.” Id.
The crux of the present dispute over statutory construction therefore stems from a dispute
over the precise balance between copyright owners and users that Congress captured in
the DMCA’s language.
Defendants argue ... that the DMCA should not be construed to reach
their conduct [or product] ... because the DMCA, so applied, could
prevent those who wish to gain access to technologically protected
copyrighted works in order to make ... non-infringing use of them from
doing so.... Technological access control measures have the capacity to
prevent fair uses of copyrighted works as well as foul. Hence, there is a
potential tension between the use of such access control measures and
fair use, [as well as the much broader range of explicitly noninfringing
use].... As the DMCA made its way through the legislative process,
Congress was preoccupied with precisely this issue. Proponents of
strong restrictions on circumvention of access control measures argued
that they were *1197 essential if copyright holders were to make their
works available in digital form because digital works otherwise could be
pirated too easily. Opponents contended that strong anticircumvention
measures would extend the copyright monopoly inappropriately and
prevent many fair uses of copyrighted material. Congress struck a
balance....
Reimerdes, 111 F.Supp.2d at 304 (citations omitted). We must understand that balance to
resolve this dispute.
F. Access and Protection
Congress crafted the new anticircumvention and anti-trafficking provisions here at issue
to help bring copyright law into the information age. Advances in digital technology over
the past few decades have stripped copyright owners of much of the technological and
economic protection to which they had grown accustomed. Whereas large-scale copying
and distribution of copyrighted material used to be difficult and expensive, it is now easy
and inexpensive. The Reimerdes court correctly noted both the economic impact of these
advances and their consequent potential impact on innovation. Congress therefore crafted
legislation restricting some, but not all, technological measures designed either to access
a work protected by copyright, § 1201(a), or to infringe a right of a copyright owner, §
1201(b).
Though as noted, circumvention is not a new form of infringement but rather a new
8
violation prohibiting actions or products that facilitate infringement, it is significant that
virtually every clause of § 1201 that mentions “access” links “access” to “protection.”
The import of that linkage may be less than obvious. Perhaps the best way to appreciate
the necessity of this linkage—and the disposition of this case—is to consider three
interrelated questions inherent in the DMCA’s structure: What does § 1201(a)(2) prohibit
above and beyond the prohibitions of § 1201(b)? What is the relationship between the
sorts of “access” prohibited under § 1201(a) and the rights “protected” under the
Copyright Act? and What is the relationship between anticircumvention liability under §
1201(a)(1) and anti-trafficking liability under § 1201(a)(2)? The relationships among the
new liabilities that these three provisions, §§ 1201(a)(1),(a)(2),(b), create circumscribe
the DMCA’s scope—and therefore allow us to determine whether or not Chamberlain’s
claim falls within its purview. And the key to disentangling these relationships lies in
understanding the linkage between access and protection.
Chamberlain urges us to read the DMCA as if Congress simply created a new protection
for copyrighted works without any reference at all either to the protections that copyright
owners already possess or to the rights that the Copyright Act grants to the public.
Chamberlain has not alleged that Skylink’s Model 39 infringes its copyrights, nor has it
alleged that the Model 39 contributes to third-party infringement of its copyrights.
Chamberlain’s allegation is considerably more straightforward: The only way for the
Model 39 to interoperate with a Security+ GDO is by “accessing” copyrighted software.
Skylink has therefore committed a per se violation of the DMCA. Chamberlain urges us
to conclude that no necessary connection exists between access and copyrights. Congress
could not have intended such a broad reading of the DMCA. Accord Corley, 273 F.3d at
435 (explaining that Congress passed the DMCA’s anti-trafficking provisions to help
copyright owners protect their works from piracy behind a digital wall).
Chamberlain derives its strongest claimed support for its proposed construction *1198
from the trial court’s opinion in Reimerdes, a case involving the same statutory provision.
See Reimerdes, 111 F.Supp.2d at 304. Though Chamberlain is correct in considering
some of the Reimerdes language supportive, it is the differences between the cases, rather
than their similarities, that is most instructive in demonstrating precisely what the DMCA
permits and what it prohibits.
The facts here differ greatly from those in Reimerdes. There, a group of movie studios
sought an injunction under the DMCA to prohibit illegal copying of digital versatile discs
(DVDs). Reimerdes, 111 F.Supp.2d at 308. The plaintiffs presented evidence that each
motion picture DVD includes a content scrambling system (CSS) that permits the film to
be played, but not copied, using DVD players that incorporate the plaintiffs’ licensed
decryption technology. Id. The defendant provided a link on his website that allowed an
individual to download DeCSS, a program that allows the user to circumvent the CSS
protective system and to view or to copy a motion picture from a DVD, whether or not
the user has a DVD player with the licensed technology. Id. The defendant proudly
9
trumpeted his actions as “electronic civil disobedience.” Id. at 303, 312. The court found
that the defendant had violated 17 U.S.C. § 1201(a)(2)(A) because DeCSS had only one
purpose: to decrypt CSS. Id. at 319, 346.
Chamberlain’s proposed construction of the DMCA ignores the significant differences
between defendants whose accused products enable copying and those, like Skylink,
whose accused products enable only legitimate uses of copyrighted software.
Chamberlain’s repeated reliance on language targeted at defendants trumpeting their
“electronic civil disobedience,” id. at 303, 312, apparently led it to misconstrue
significant portions of the DMCA. Many of Chamberlain’s assertions in its brief to this
court conflate the property right of copyright with the liability that the anticircumvention
provisions impose.
Chamberlain relies upon the DMCA’s prohibition of “fair uses ... as well as foul,”
Reimerdes, 111 F.Supp.2d at 304, to argue that the enactment of the DMCA eliminated
all existing consumer expectations about the public’s rights to use purchased products
because those products might include technological measures controlling access to a
copyrighted work. But Chamberlain appears to have overlooked the obvious. The
possibility that § 1201 might prohibit some otherwise noninfringing public uses of
copyrighted material, see, e.g. RealNetworks, Inc. v. Streambox, Inc., No. 2:99CV02070,
2000 WL 127311, at *8, 2000 U.S. Dist. LEXIS 1889, at *23, (W.D.Wash., Jan.18,
2000); Reimerdes, 111 F.Supp.2d at 323, arises simply because the Congressional
decision to create liability and consequent damages for making, using, or selling a “key”
that essentially enables a trespass upon intellectual property need not be identical in
scope to the liabilities and compensable damages for infringing that property; it is,
instead, a rebalancing of interests that “attempt[s] to deal with special problems created
by the so-called digital revolution.” Aimster, 334 F.3d at 655.
[The panel lists prior instances of DMCA liability in the lower courts, and notes that
those cases all had some connection to copyright issues.]
Furthermore, though the severance of access from protection appears plausible taken out
of context, it would also introduce a number of irreconcilable problems in statutory
construction. The seeming plausibility arises because the statute’s structure could be seen
to suggest that § 1201(b) strengthens a copyright owner’s abilities to protect its
recognized rights, while § 1201(a) strengthens a copyright owner’s abilities to protect
access to its work without regard to the legitimacy (or illegitimacy) of the actions that the
accused access enables. Such an interpretation is consistent with the Second Circuit’s
description: “[T]he focus of subsection 1201(a)(2) is circumvention of technologies
designed to prevent access to a work, and the focus of subsection 1201(b)(1) is
circumvention of technologies designed to permit access to a work but prevent copying
of the work or some other act that infringes a copyright.” Corley, 273 F.3d at 440–41
(emphasis in original).
10
It is unlikely, however, that the Second Circuit meant to imply anything as drastic as
wresting the concept of “access” from its context within the Copyright Act, as
Chamberlain would now have us do. Were § 1201(a) to allow copyright owners to use
technological measures to block all access to their copyrighted works, it would
effectively create two distinct copyright regimes. In the first regime, the owners of a
typical work protected by copyright would possess only the rights enumerated in 17
U.S.C. § 106, subject to the additions, exceptions, and limitations outlined throughout the
rest of the Copyright Act—notably but not solely the fair use provisions of § 107.14
Owners who feel that technology has put those rights at risk, and who incorporate
technological measures to protect those rights from technological encroachment, gain the
additional ability to hold traffickers in circumvention devices liable under § 1201(b) for
putting *1200 their rights back at risk by enabling circumventors who use these devices
to infringe.
Under the second regime that Chamberlain’s proposed construction implies, the owners
of a work protected by both copyright and a technological measure that effectively
controls access to that work per § 1201(a) would possess unlimited rights to hold
circumventors liable under § 1201(a) merely for accessing that work, even if that access
enabled only rights that the Copyright Act grants to the public. This second implied
regime would be problematic for a number of reasons. First, as the Supreme Court
recently explained, “Congress’ exercise of its Copyright Clause authority must be
rational.” Eldred v. Ashcroft, 537 U.S. 186, 205 n. 10, 123 S.Ct. 769, 154 L.Ed.2d 683
(2003). In determining whether a particular aspect of the Copyright Act “is a rational
exercise of the legislative authority conferred by the Copyright Clause ... we defer
substantially to Congress. It is Congress that has been assigned the task of defining the
scope of the limited monopoly that should be granted to authors ... in order to give the
public appropriate access to their work product.” Id. at 204–05, 123 S.Ct. 769 (citation
omitted) (emphasis added). Chamberlain’s proposed construction of § 1201(a) implies
that in enacting the DMCA, Congress attempted to “give the public appropriate access”
to copyrighted works by allowing copyright owners to deny all access to the public. Even
under the substantial deference due Congress, such a redefinition borders on the
irrational.
That apparent irrationality, however, is not the most significant problem that this second
regime implies. Such a regime would be hard to reconcile with the DMCA’s statutory
prescription that “[n]othing in this section shall affect rights, remedies, limitations, or
defenses to copyright infringement, including fair use, under this title.” 17 U.S.C. §
1201(c)(1). A provision that prohibited access without regard to the rest of the Copyright
Act would clearly affect rights and limitations, if not remedies and defenses. Justice
Souter has remarked that “[n]o canon of statutory construction familiar to me specifically
addresses the situation in which two simultaneously enacted provisions of the same
statute flatly contradict one another. We are, of course, bound to avoid such a dilemma if
11
we can, by glimpsing some uncontradicted meaning for each provision.” Reno v.
American–Arab Anti–Discrimination Comm., 525 U.S. 471, 509, 119 S.Ct. 936, 142
L.Ed.2d 940 (1999) (Souter, J., dissenting). Chamberlain’s proposed construction of §
1201(a) would flatly contradict § 1201(c)(1)—a simultaneously enacted provision of the
same statute. We are therefore bound, if we can, to obtain an alternative construction that
leads to no such contradiction.
Chamberlain’s proposed severance of “access” from “protection” in § 1201(a) creates
numerous other problems. Beyond suggesting that Congress enacted by implication a
new, highly protective alternative regime for copyrighted works; contradicting other
provisions of the same statute including § 1201(c)(1); and ignoring the explicit
immunization of interoperability from anticircumvention liability under § 1201(f);15 the
broad policy *1201 implications of considering “access” in a vacuum devoid of
“protection” are both absurd and disastrous. Under Chamberlain’s proposed construction,
explicated at oral argument, disabling a burglar alarm to gain “access” to a home
containing copyrighted books, music, art, and periodicals would violate the DMCA;
anyone who did so would unquestionably have “circumvent[ed] a technological measure
that effectively controls access to a work protected under [the Copyright Act].” §
1201(a)(1). The appropriate deterrents to this type of behavior lie in tort law and criminal
law, not in copyright law. Yet, were we to read the statute’s “plain language” as
Chamberlain urges, disabling a burglar alarm would be a per se violation of the DMCA.
In a similar vein, Chamberlain’s proposed construction would allow any manufacturer of
any product to add a single copyrighted sentence or software fragment to its product,
wrap the copyrighted material in a trivial “encryption” scheme, and thereby gain the right
to restrict consumers’ rights to use its products in conjunction with competing products.16
In other words, Chamberlain’s construction of the DMCA would allow virtually any
company to attempt to leverage its sales into aftermarket monopolies—a practice that
both the antitrust laws, see Eastman Kodak Co. v. Image Tech. Servs., 504 U.S. 451, 455,
112 S.Ct. 2072, 119 L.Ed.2d 265 (1992), and the doctrine of copyright misuse,
Assessment Techs. of WI, LLC v. WIREdata, Inc., 350 F.3d 640, 647 (7th Cir.2003),
normally prohibit.
***
Finally, the requisite “authorization,” on which the District Court granted Skylink
summary judgment, points to yet another inconsistency in Chamberlain’s proposed
construction. The notion of authorization is central to understanding § 1201(a). See, e.g.,
S. Rep. 105–90 at 28 (1998) ( “Subsection (a) applies when a person has not obtained
authorized access to a copy or a phonorecord that is protected under the Copyright Act
and for which the copyright owner has put in place a technological measure that
effectively controls access to his or her work.”). Underlying Chamberlain’s argument on
12
appeal that it has not granted such authorization lies the necessary assumption that
Chamberlain is entitled to prohibit legitimate purchasers of its embedded software from
“accessing” the software by using it. Such an entitlement, however, would go far beyond
the idea that the DMCA allows copyright owner to prohibit “fair uses ... as well as foul.”
Reimerdes, 111 F.Supp.2d at 304. Chamberlain’s proposed construction would allow
copyright owners to prohibit exclusively fair uses even in the absence of any feared foul
use. It would therefore allow any copyright owner, through a combination of contractual
terms and technological measures, to repeal the fair use doctrine with respect to an
individual copyrighted work—or even selected copies of that copyrighted work. Again,
this implication contradicts § 1201(c)(1) directly. Copyright law itself authorizes the
public to make certain uses of copyrighted materials. Consumers who purchase a product
containing a copy of embedded software have the inherent legal right to use that copy of
the software. What the law authorizes, Chamberlain cannot revoke.17
Chamberlain’s proposed severance of “access” from “protection” is entirely inconsistent
with the context defined by the total statutory structure of the Copyright Act, other
simultaneously enacted provisions of the DMCA, and clear Congressional intent. See
Tidewater Oil, 409 U.S. at 157, 93 S.Ct. 408. It “would lead to a result so bizarre that
Congress could not have intended it.” Central Bank, 511 U.S. at 188, 114 S.Ct. 1439. The
statutory structure and the legislative history both make it clear that the DMCA granted
copyright holders additional legal protections, but neither rescinded the basic bargain
granting the public noninfringing and fair uses of copyrighted materials, § 1201(c), nor
prohibited various beneficial uses of circumvention technology, such as those exempted
under §§ 1201(d),(f), (g), (j). See Reimerdes, 111 F.Supp.2d at 323.
We therefore reject Chamberlain’s proposed construction in its entirety. We conclude that
17 U.S.C. § 1201 prohibits only forms of access that bear a reasonable relationship to the
protections that the Copyright Act otherwise affords copyright owners. While such a rule
of reason *1203 may create some uncertainty and consume some judicial resources, it is
the only meaningful reading of the statute. Congress attempted to balance the legitimate
interests of copyright owners with those of consumers of copyrighted products. See
H.R.Rep. No. 105–551, at 26 (1998). The courts must adhere to the language that
Congress enacted to determine how it attempted to achieve that balance. See Gwaltney,
484 U.S. at 56, 108 S.Ct. 376.
As we have seen, Congress chose to create new causes of action for circumvention and
for trafficking in circumvention devices. Congress did not choose to create new property
rights. That is the choice that we have identified. “It is not for us to resolve the issues of
public policy implicated by the choice we have identified. Those issues are for
Congress.” Corley, 273 F.3d at 458. Were we to interpret Congress’s words in a way that
eliminated all balance and granted copyright owners carte blanche authority to preclude
all use, Congressional intent would remain unrealized.
13
Congress chose words consistent with its stated intent to balance two sets of concerns
pushing in opposite directions. See H.R.Rep. No. 105–551, at 26 (1998).18 The statute
lays out broad categories of liability and broad exemptions from liability. It also instructs
the courts explicitly not to construe the anticircumvention provisions in ways that would
effectively repeal longstanding principles of copyright law. See § 1201(c).19 The courts
must decide where the balance between the rights of copyright owners and those of the
broad public tilts subject to a fact-specific rule of reason. Here, Chamberlain can point to
no protected property right that Skylink imperils. The DMCA cannot allow Chamberlain
to retract the most fundamental right that the Copyright Act grants consumers: the right to
use the copy of Chamberlain’s embedded software that they purchased.
G. Chamberlain’s DMCA Claim
[29]
The proper construction of § 1201(a)(2) therefore makes it clear that Chamberlain
cannot prevail. A plaintiff alleging a violation of § 1201(a)(2) must prove: (1) ownership
of a valid copyright on a work, (2) effectively controlled by a technological measure,
which has been circumvented, (3) that third parties can now access (4) without
authorization, in a manner that (5) infringes or facilitates infringing a right protected by
the Copyright Act, because of a product that (6) the defendant either (i) designed or
produced primarily for circumvention; (ii) made available despite only limited
commercial significance other than circumvention; or (iii) marketed for use in
circumvention of the controlling technological measure. A plaintiff incapable of
establishing any one of elements (1) through (5) will have failed to prove a prima facie
case. A plaintiff capable of proving elements (1) through (5) need prove only one of
(6)(i), (ii), or (iii) to shift the burden back to the defendant. At that point, the various
affirmative defenses enumerated throughout § 1201 become relevant.
The District Court analyzed Chamberlain’s allegations in precisely the appropriate
manner—a narrow focus on Skylink’s behavior, intent, and product within the broader
context of longstanding expectations throughout the industry. The District Court assumed
that Chamberlain met the first element, copyright *1204 ownership, and for the purposes
of its summary judgment motions accepted Chamberlain’s evidence of the second
element, technological access control. The District Court granted Skylink’s motion for
summary judgment because Chamberlain failed to meet its burden on the fourth element,
the lack of authorization. Chamberlain emphatically contests this conclusion on appeal,
though mostly by reiterating arguments that the District Court correctly rejected.
Chamberlain, however, has failed to show not only the requisite lack of authorization, but
also the necessary fifth element of its claim, the critical nexus between access and
protection. Chamberlain neither alleged copyright infringement nor explained how the
access provided by the Model 39 transmitter facilitates the infringement of any right that
the Copyright Act protects. There can therefore be no reasonable relationship between the
14
access that homeowners gain to Chamberlain’s copyrighted software when using
Skylink’s Model 39 transmitter and the protections that the Copyright Act grants to
Chamberlain. The Copyright Act authorized Chamberlain’s customers to use the copy of
Chamberlain’s copyrighted software embedded in the GDOs that they purchased.
Chamberlain’s customers are therefore immune from § 1201(a)(1) circumvention
liability. In the absence of allegations of either copyright infringement or § 1201(a)(1)
circumvention, Skylink cannot be liable for § 1201(a)(2) trafficking. The District Court’s
grant of summary judgment in Skylink’s favor was correct. Chamberlain failed to allege a
claim under 17 U.S.C. § 1201.
CONCLUSION
The DMCA does not create a new property right for copyright owners. Nor, for that
matter, does it divest the public of the property rights that the Copyright Act has long
granted to the public. The anticircumvention and anti-trafficking provisions of the
DMCA create new grounds of liability. A copyright owner seeking to impose liability on
an accused circumventor must demonstrate a reasonable relationship between the
circumvention at issue and a use relating to a property right for which the Copyright Act
permits the copyright owner to withhold authorization—as well as notice that
authorization was withheld. A copyright owner seeking to impose liability on an accused
trafficker must demonstrate that the trafficker’s device enables either copyright
infringement or a prohibited circumvention. Here, the District Court correctly ruled that
Chamberlain pled no connection between unauthorized use of its copyrighted software
and Skylink’s accused transmitter. This connection is critical to sustaining a cause of
action under the DMCA. We therefore affirm the District Court’s summary judgment in
favor of Skylink.
AFFIRM
***
Footnotes
8
Two amici urging us to affirm raised additional arguments that warrant mention. Amicus
Computer and Communications Industry Association (CCIA) urges us to consider the
import of 1201(f), which explicitly allows circumvention for the purposes of achieving
interoperability. Amicus Consumers Union (CU) urges us to consider the policy
implications of Chamberlains proposed construction to consumers and to aftermarket
competitors. According to CU, Chamberlains proposed construction of the DMCA would
15
enable copyright owners to engage in a number of practices that would otherwise be
considered copyright misuse, an antitrust violation, or a violation of state unfair
competition laws. At oral argument, Chamberlain conceded that its proposed construction
would, indeed, alter virtually all existing consumer expectations concerning the publics
rights to use purchased products containing copyrighted software protected by a
technological measure—effectively confirming CUs fears.
17
It is not clear whether a consumer who circumvents a technological measure controlling
access to a copyrighted work in a manner that enables uses permitted under the Copyright
Act but prohibited by contract can be subject to liability under the DMCA. Because
Chamberlain did not attempt to limit its customers use of its product by contract, however,
we do not reach this issue.
16