It’s time for another post on the OzDMCA – that is, the forthcoming Australian law implementing Article 17.4.7 of the Australia-US Free Trade Agreement – an article based very closely on the (in)famous US law, the DMCA. I’m prompted to write by a recent Slashdot thread on this, as well as the recent Linux Australia campaign seeking to highlight the dangers of a DMCA-style law in Australia. The Linux Australia pages have a general explanation of the issues on DVDs (see here), and on some of the issues in music (see here).

I’m also prompted by the fact that it is now July, 2006, and we have not seen any exposure draft of the legislation. Given the timeline, I think we can only assume that either (a) the Department have decided to consult only with some limited set of stakeholders, or (b) that any consultation is going to be extremely brief.

Now, as I’ve said numerous times before (see my submission, 2 years ago, to the Senate Select Committee, and my submission, last year, to the LACA Inquiry) – anti-circumvention law is hard. It also has really strong potential to have nasty effects if implemented badly. And the risks of bad implementation are high, because the AUSFTA text is really problematic – it has a structure that has some ‘lamentable and inexcusable’ flaws (the quote is from LACA).

I’ve been wondering for some time whether we need to enact laws that look like the DMCA. I think there are areas where the AUSFTA text does have space to do things that are sensible.

So in this post, I’m going to outline two things Australia could do in implementing the OzDMCA, which would reduce its bad effects.

What are anti-circumvention laws, and why should we care?

Anti-circumvention laws are the laws which apply to the technologies (called ‘technological protection measures, or ‘TPMs’, a.k.a. DRM) used by copyright owners to prevent infringement of copyright and to control uses of copyright material. I’ll use DRM because that’s the more common ‘English’ word for what we’re talking about. Anti-circumvention laws are supposed to protect copyright owners by limiting the use and distribution of, technologies which ‘hack’ or avoid DRM. Examples of DRM include:

  • CSS (Content Scrambling System) – used to encrypt (and prevent copying of) movies distributed on DVD
  • Anti-copying protection on music CDs; and
  • Apple’s FairPlay system, used to limit what you do with music purchased from the iTunes store.

Anti-circumvention law is controversial, because DRM isn’t just used to protect copyright owners’ copyright rights. DRM can cause problems for consumers, because they can be used to prevent consumers doing things they expect to be able to do with stuff they’ve bought. For example:

Copyright owners argue this allows them to experiment with new business models and to provide more choice (buy a ‘once only’ version cheap, or a more expensive ‘keep forever’ version). Quite possibly. But there’s no doubting that the effects of contemporary DRM gets in the way of consumers: and the only real limit on what copyright owners can do here is consumer acceptance. We don’t really know how much of a limit that is. There is certainly no requirement on copyright owners to implement all the features that are possible or desirable.

DRM can also be used to extend copyright owners’ control beyond what copyright provides. The classic consumer example here is region-coding. Part of the CSS ‘system’ (and it’s been explained here by my LawFont colleague, Sarah) is regional playback control (region-coding) which prevents Australian-bought DVD players from playing US-bought disks. [and yes, before all you lawyers out there point out parallel importation laws, remember that buying a movie overseas and bringing it back for personal use is not illegal].

Finally – and most disturbingly – TPMs can be used in ways that limit competition in hardware and software markets. Why? Well, let’s take that iTunes/iPod example again:

  • Buy music from iTunes, and music is encrypted using FairPlay;
  • Only iPods have the key to decrypt FairPlay. That means that only iPods (and not iAudios, iRivers or any of those other MP3 players) will play iTunes music;
  • Thus we get barrier to entry in market for MP3 players. The more music people buy from iTunes, the higher the ‘switching costs’, and the more ‘locked in’ they are to a particular device (a story in The Economist this month sought to argue that this wasn’t true, that ‘[t]he market is young and customers’ commitment may not yet be deep… a rival to the iPod, were it good enough, could tempt audiophiles to abandon their iTunes collections’. Maybe. But doesn’t it depend on how much you’ve bought?)
  • And we have a barrier to entry in the online music market. Apple iPods only recognise FairPlay (and unprotected files – ie MP3s). That means that other prospective sellers of music online can’t use DRM and still sell music that people can listen to on iPods.

Here’s the basic point. If the maker of a device (like a DVD player), or software has to get authorisation, or permission, from copyright owners before they can make their device, then competition in the device market is reduced, because copyright owners may impose some defined set of features on all producers of devices. A condition of permission can be that your device won’t have certain features or won’t do certain things. For example, if you have to get permission from the movie studios to make a DVD player, they can impose conditions, segment markets, impose (or prevent) features being introduced. And, by the way, the market does not take care of this. If you want to make a DVD player, it needs to play Hollywood movies. If the Hollywood movie owners insist on certain features, you ain’t got a choice, and you can’t prove in some alternative ‘market’ the benefits of your player. As I said: the only real limit on conditions is consumer acceptance.

What law we have now

OK. So far, I’ve talked about why DRM – especially when backed up by law – can be problematic. How problematic – well, that depends on what the law does.

Australia already has anti-circumvention laws. But at the moment, those laws have some important limits:

  • There is no ban on the technical act of circumvention; and
  • DRM, to be protected by the law, has to be designed ‘to prevent or inhibit the infringement of copyright in a work’ (not just any old access control fits)

The first is quite important. At the time the Australian laws were originally drafted, system administrators pointed out that they circumvent protections all the time, just to make things work. Parliamentary Committees pointed out they weren’t going to be liable for circumventing. The first point also ensures the law doesn’t go too far into the private domain – what you do in your own home is your own business. The second one is important too: it stands in the way, in Australia, of the kind of cases we have seen in the United States, where garage-door openers and printer cartridges have been the subject of DMCA litigation.

The US doesn’t like our current law. That’s one of the reasons we got landed with what we did when we negotiated a Free Trade Agreement with them.

Why there is a problem with the AUSFTA

Implementing the AUSFTA will make big changes to Australian law. We have to:

  • Protect access controls – seemingly more generally;
  • Ban the act of circumvention, as well as the sale of circumvention devices; and
  • Limit exceptions to a narrow list.

Back in February, a House of Reps Committee Report (LACA) expressed all colours of concern about the law. The text of the AUSFTA is really complex, and I’ve gone through parts of it in my writings: see the submissions cited above. But in summary, there are two key concerns about the AUSFTA text.

  1. It seems to require that all technical access controls – not just those relating to copyright infringement – will be given the protection by law. So yes, that includes the no-fast-forward rules, or just any old encryption – anything at all that controls any act of access.
  2. it seems that exceptions will be completely ineffective. In particular, we have a complicated system of exceptions that has more limited exceptions to the ban on distributing circumvention tools, than the ban on circumventing.What’s really weird is that the text of the Agreement suggests that Parliament can create exceptions to allow people to circumvent access controls – but Parliament cannot create an exception that would allow anyone to supply a tool to do so.So, you can imagine that Parliament decides that blind people should be able to circumvent access controls to use their reader software. No one could set up or advertise a service to help the blind person circumvent.On a scale of stupid to ludicrous, that rates as monumentally ludicrous.

Why it doesn’t have to be like that: the language of AUSFTA is not cut and dried

I’ve spent quite a lot of time, in the past, pointing out how wonderfully inflexible the AUSFTA language is (see my piece in Policy here, and my supplementary submission here).

But can we do something else? Can we avoid the nastiest, most stoopid effects? It’s clear we don’t have to have every bit of the DMCA (as Mark Jennings from the International Law Office in AGs pointed out to LACA) – it is the treaty language, not the DMCA, that we need to enact. But is there any flexibility here?

I want to suggest there is. Of course, the problem with trying to ‘re-interpret’ the AUSFTA is that the US will object if they don’t like it, right?

Flexibility Number 1: Linking circumvention to infringement of copyright

The first thing Australia could do is to enact the laws in a way that links liability to the nefarious act – that is, copyright infringement.

How could we do that?

Well, if you look at the text, we have to ban circumvention and circumvention technologies – but circumvent itself is not defined. In the DMCA, ‘circumvent’ is defined basically as a technical act – just ‘avoiding’ the DRM. Problem with that is it captures a whole lot of perfectly legitimate stuff.

So why not define circumvent to include only those acts that infringe, or facilitate infringement of, copyright? In other words, the acts that would be banned would be:

  • Bypassing/avoiding DRM to infringe or facilitate infringement;
  • Selling devices/services that are primarily designed, marketed, or have no significant commercial purpose other than to bypass DRM for infringement or to facilitate infringement.

Why would this help? Well, let’s see:

  • It would avoid the really stoopid cases that have arisen in the US – you know, the garage door opener cases, or printer cartridge cases;
  • It would avoid the problem of the chilling effect on research: where people like Professor Ed Felten being threatened with DMCA consequences if he published or spoke on some of his encryption research. If the banned acts are those that facilitate infringement, researchers could act with more confidence;
  • It would mean that if you produced, say, a device or program that just played a DVD – without allowing copying – then you would be ok. Your device would not be facilitating infringement. This helps the competition issue, right?

Most notably, this method of implementing the law would target the actual wrong that the provisions are meant to target: copyright infringement and piracy – without creating a general ‘access right’ or right of absolute control in copyright owners.

Oh, and there are two other benefits to this approach. First, it avoids the ‘pointless exception’ problem. Where a narrower range of devices are banned, a narrower range of exceptions is required.

Imagine for a moment that the Parliament enacts the exception that is in the AUSFTA to allow people to circumvent in order to prevent collection of private information (the privacy exception – Art 17.4.7(e)(v)).

Now, the problem identified by LACA as a ‘lamentable and inexcusable flaw’ is that it seems that the government can’t create an exception that will allow anyone to sell devices or programs, or provide a service to do that. It looks like an ineffective exception, right (or a geeks-only exception).

But what if we take the approach of defining circumvention as an act that infringes or facilitates infringement of copyright? Then, if you can provide the service, or device, in a way that doesn’t then allow everyone to break open the DRM and widely distribute copies, you are allowed to do that. So the bad guys of the world – the Kazaas, who say their technology has substantial non-infringing uses, but who are really in it for the infringement – get caught. But your honest down the street computer expert who just wants to help their client protect their privacy? They’re ok. Seems to make sense, right?

A further benefit would be that this method of interpretation would encourage copyright owners to use TPMs to control infringement, rather than any use. You see, under this rule, the more tightly the TPM is tied to controlling infringement (rather than other things, like playing games bought in another country), the more likely it is that circumventing the TPM would be illegal.

Ah, but can we do this? Would it be consistent with the text of the AUSFTA? It’s not entirely straightforward, but there is an argument here, I think.

Firstly, we have to interpret the treaty in accordance with the ordinary meaning of the text (the main principle of treaty interpretation). Most of the dictionary definitions of ‘circumvent’ to be found in the Macquarie Dictionary refer to ‘surrounding or encompassing as by strategem’, or ‘gaining advantage by artfulness or deception, outwit, overreach’. [These aren’t the only meanings in the dictionary. But they are there] That is, the meanings here incorporate an element of wrongdoing. That’s consistent with this argument – nefariousness is what gets targeted.

We also have to interpret the treaty in a way that is consistent with its ‘object and purpose’. Well, this interpretation arguably does. Repeatedly, during consultations on AUSFTA, government officials noted that:

The anticircumvention provisions really go towards piracy rather than viewing what is a legitimate copy of copyright material. The anticircumvention provisions I think have to be seen in that context. They are not really aimed at stopping people from carrying out legitimate copyright activities
(Toni Harmer, quoted in Senate Select Committee final report, here)

There’s also arguably some foundation in the text for this approach. AUSFTA Article 17.4.7 says the protection is for measures ‘that authors … use in connection with the exercise of their rights and that restrict unauthorised acts’ (again, as Jennings pointed out, ‘unauthorised’ means not just ‘unauthorised by copyright owners’, but also ‘unauthorised by law’). Again, that link to infringement.

It’s not what the DMCA says, of course, as I’ve already noted. BUT it is arguably consistent with US cases, like Storage Tek, which held that ‘[t]o the extent that [the defendant’s] activities do not constitute copyright infringement or facilitate copyright infringement, [the plaintiff] is foreclosed from maintaining an action under the DMCA’.

I have to underline that such an implementation would be different from what the US have done. And, it would be opposed by most copyright owners, because it would enable ‘unauthorised’ devices that play, for example, DVDs or other TPM-protected media – and unauthorised devices might not obey all the rules set by a copyright owner (like, ‘no skipping no-fly zones’, or ‘no playing outside the region’). By tying the wrong to infringement, this implementation would not enforce a general right of control for copyright owners.

So the biggest barriers to this interpretation are probably the political ones: that is, the US reaction. Not, of course, a barrier to be underestimated. But if you want a ‘bad guy’ rule, rather than a ‘everyone not authorised by copyright owners’ rule, this might be one way to do it.

One final point while I’m on this line. If the government decides not to go the whole way, and define circumvent to be linked to infringement, I would argue that circumvent shouldn’t be defined at all. Any attempt to define it by reference to the technical act contravenes the principle of technological neutrality, and is going to lead to the kinds of problems we had in Stevens v Sony – which arose from the attempt to be too specific.

Flexibility 2: thinking about the way the circumvention provisions are written

There’s another thing. I was tossing around some ideas with my wonderful colleague David Brennan the other day. David, vainly trying to prove that he is a smarter lawyer than me, pointed out that the DMCA is drafted in a really interesting way.

The civil remedy provisions in the DMCA are written differently from ordinary copyright. If a person infringes copyright, the US law says, ‘The legal or beneficial owner of an exclusive right under a copyright is entitled …to institute an action for any infringement’ (17 USC 501). Then, under 17 USC 504, the infringer ‘is liable’ for either actual, or statutory damages at the copyright owner’s election. In other words, damages are a right of the copyright owner.

Compare the DMCA. Under the DMCA, an action can be brought by ‘Any person injured by a violation’ (17 US 1203). Then, there are a series of remedies that the court may order (including damages, injunctions, etc). These are all, in other words, discretionary.

Put these two together. It would seem, firstly, that the right to bring an action under the DMCA is contingent on injury being suffered. Further, the remedies of the court are discretionary.

Now think about how that might interact with the ‘pointless exceptions’ problem. Couldn’t the government:

  • Create broad remedial discretion;
  • Make injury a precondition, before any remedy is granted under the OzDMCA; and
  • Even specifically provide that where someone provides a tool, or service, to someone who has the benefit of an exception, there is no injury and hence no remedy?

As far as I can see, there is nothing in the text of the AUSFTA that would prevent this approach. On the contrary – this is exactly what the US has done (apart from the last of the dot points). So it must be consistent with the treaty text.

This second ‘flexibility’ would – because it is consistent with what the US has done – be easier to implement without US objection, you would think.

And in conclusion…

If you’ve stuck this post out till now, congratulations. If you’re here because you want me to cut to the chase – well, here’s the chase. We don’t have to have a draconian law that prevents competition and is anti-consumer. If we end up with such a law, it will, in my view, be a legislative failure on the government’s part.