LawFont.com

I’ve been getting hassled by a few people to respond to a particular issue – or rather, two related issues, arising from the current Exposure Draft of Australia’s new DMCA:

1. Does the TPM Exposure Draft, as drafted, actually deal with the Lexmark/Skylink ‘issue’ (that is, does it solve the ‘TPMs used to control aftermarkets’ issue); and
2. Are the interoperability provisions actually useless, and if not – or indeed, if so – what do they mean?

These issues are of real importance in the Exposure Draft, and for many stakeholders. So let’s have a go at them, shall we? The first one we’ll have a go at is the Lexmark/Skylink issue. The next post – the more important one – deals with the interoperability issue.

Let’s think about Lexmark and Skylink

A number of people have pointed out to me, either in commentary on the blog, or in emails, that the TPM Exposure Draft may not deal with ‘the Skylink issue’. What is this issue? In simple terms, it is about ‘aftermarkets’. The DMCA has been used – or rather, attempted to be used, because these attempts have been largely unsuccessful – in the United States, to bolster technological means used to restrict aftermarkets in spare parts. There are two well-known cases in this area: Lexmark and Skylink. The following summaries draw on the judgments and the EFF paper ‘Unintended Consequences’.

In Lexmark, the well-known printer manufacturer was selling two types of toner cartridges for its laser printers: “Prebate” and “Non-Prebate.” Prebate cartridges were sold to business consumers at an up-front discount. In exchange, consumers agreed to use the cartridge just once. To make sure users didn’t ‘cheat’, Lexmark added an ‘authentication sequence’ that performed a ‘secret handshake’ between each Lexmark printer and a microchip on each Lexmark toner cartridge. In other words, embedded software was used to check whether the cartridge was an authorised one. If not, the printer wouldn’t work. Static Control Components (Static Control) reverse-engineered the authentication sequence/handshake and sold “Smartek” chips, that could be used by third party cartridge manufacturers, as a replacement for Lexmark’s chip in refilled Prebate cartridges. The refilled cartridges with Smartek chips could then be sold to consumers at a lower cost than Lexmark cartridges. Lexmark sued under the US DMCA, arguing that the Smartek chips ‘circumvented’ a technological measure which “effectively controlled access to a work’. The ‘work’ here was one of two computer programs used to achieve the ‘secret handshake’: the ‘Toner Loading Program’ or the ‘Printer Engine Program’. At first instance, Lexmark was successful in obtaining an injunction, which was later overturned by the 6th Circuit – after 19 months of litigation.

In Skylink, we had a similar scenario. Chamberlain Group was a manufacturer of automated Garage Door Openers which invoked the DMCA against competitor Skylink Technologies, which was making ‘universal garage door openers’ which could be purchased by customers with Chamberlain Garage doors (Chamberlain, also, made universal openers by the way). Chamberlain claimed that Skylink had violated the DMCA because its clicker bypassed an “authentication regime” between the Chamberlain remote opener and the mounted garage door receiver unit. The embedded computer programs in the opener and ‘clicker’ were protected by a technological measure which ‘effectively controlled access’ to the computer programs. Skylink defeated Chamberlain both at the district court and court of appeals: again, after months of expensive litigation.

In both cases, what we have, in effect, is an attempt to leverage sales of an original platform or system (the Lexmark printer; the garage door opener) into aftermarket monopolies for ‘spare parts’ (toner cartridges, garage door openers). We also have an argument which, if it succeeds, means that a whole bunch of un-copyright things (ie, not movies, not DVDs, not software) would be affected by anti-circumvention law.

When the House of Reps Legal and Constitutional Affairs Committee considered TPM exceptions and the new TPM regime late last year, it specifically recommended that this ‘aftermarket’ problem be dealt with. Specifically, it recommended that:

While there are certainly those who argue that this kind of ‘locking’ of aftermarkets can, in some cases, be good social policy, the LACA represents the majority view: as reflected in even the more conservative, pro-copyright academic positions, and submissions to the LACA (including by such bodies as the Law Council). Ginsburg pretty well sums up the silliness of the argument made in Lexmark and Skylink:

The Australian government has taken the same view – and has attempted to fix the problem. The AG’s press release when the Exposure Draft was released said as much:

So the million dollar question is – has the government succeeded, in the Draft, in achieving that aim?

There are two ways that aim could be achieved. You could exclude this kind of access control measure from the definition of TPM, or exclude the kind of actions involved from liability. Second, it might be that the interoperability exceptions – one of the few general exceptions in the Act.

Before diving into the detail to work out whether in fact this is excluded, one thing to note. It is not obvious that the legislation will be effective, in its current form, to prevent ‘aftermarket’ cases like Lexmark from succeeding. Why? Two reasons. First, copyright protects so much. The simplest computer program is protected under our law, and (subject to any exceptions), any reproduction of such a program will be an infringement. And because Australia has a highly specific set of exceptions, we can’t do what they do in the US – in event of silly result, think about fair use. Second, because the legislation – that is, the Exposure Draft – is so very complex, and difficult to read and understand, that its effects are not necessarily predictable ahead of time.

Let’s take the scenario in Lexmark first, and try applying the Exposure Draft. In Lexmark, here’s how the sequence worked:

1. There is the ‘first stage’ of the process that goes on – the ‘authentication sequence’ between printer cartridge and printer, that is done whenever the printer is turned on or the printer cartridge door closed. In this sequence, basically the printer and cartridge both calculate a ‘Message Authentication Code’ based on data in the microchip’s memory. If they match, the printer works fine. Otherwise, you get an error message.
2. A second process also occurred: what is called a ‘checksum calculation‘. This second calculation happens after, and independently of the authentication sequence. In this process, the Printer Engine Program downloads a copy of the Toner Loading Program from the toner cartridge chip onto the printer to measure toner levels. The printer then compares the result of a calculation performed on the data bytes of the transferred copy of the Toner Loading Program with the “checksum value” located elsewhere on the toner cartridge microchip. If the two values don’t match, the printer assumes that the data is corrupted – and displays an error. This second, checksum operation only works if the Toner Loading Program is exactly the same as Lexmark’s Toner Loading Program. So, each SMARTEK chip included an exact copy of Lexmark’s Toner Loading Program on it

In the US, Lexmark made two key arguments:

1. First, that the copy of the Toner Loading Program on the Smartek chip was a copyright infringement. This argument was rejected – first because the program was not protected by copyright (it was pure function, no expression, and a lock-out code), and second, the copy was in any event a ‘fair use’.
2. Second, that the Smartek chip was a ‘device’, marketed and sold by Static Control, which ‘circumvents’ Lexmark’s ‘technological measure’ (the authentication sequence), which ‘effectively controlled access’ to Lexmark’s copyright works, the Toner Loading Program and Printer Engine Program.

Would the first argument succeed here in Australia? Is there copyright infringement? I think it’s true to say that the computer program would be protected here. We have lower standards of originality and no equivalent doctrine to that in the US which says that a purely functional program is not protectible. Moreover, we don’t have fair use. For Static Control to avoid liability for copyright infringement, section 47D (interoperability) would have to succeed. This requires:

• the making of a copy of the original program, by someone who owns a copy, for the purpose of obtaining the information necessary to make an independent program, or article, which will interoperate with the original program or another program;
• the copy is made only to the extent reasonably necessary to obtain the information;
• to the extent that the new program reproduces or adapts the original program, it does so only to the extent necessary to enable it to interoperate with, the original program or another program
• the information isn’t otherwise readily available.

Now, it’s pretty clear that this section isn’t drafted with the Lexmark type situation in mind. The interoperability provisions were drafted coming out of the CLRC Computer Software report, from back in 1994, with the situation in mind where you have to copy a whole program to work out the ‘interface’ for the purposes of making something interoperable (where that interface information hasn’t been published). Clearly, it is not imagining a situation where you have to copy a whole program (even a small one) to make an interoperable article. But it does envisage that the original program may have to be copied to make the interoperable program/article. In short, I would say that while it is definitely not a slam dunk, there’s a strong argument that there is no infringement here.

Even more importantly for present purposes – what about that second argument? Do we have an ACTPM here? Well, let’s work through it: is the authentication sequence an ‘access control TPM’ within the meaning of the Exposure Draft?

1. Is it used by, with the permission of, or on behalf of, the owner or the exclusive licensee of the copyright in a work? You would have to say yes.
2. Is it designed, in the normal course of its operation, to prevent or inhibit the doing of an act comprised in the copyright, and which infringes copyright? Well, here’s the interesting thing. The authentication sequence happens before the printer loads the copy of the Toner Loading Program to do the checksum. So if the court finds that the copy of the Toner Loading Program on the chip is an infringement, and thus that the copy that goes onto the printer is an infringing copy (a copy made from an infringement), then maybe you argue the authentication sequence was designed to prevent or inhibit that act which infringes copyright. Maybe. It’s not a really strong argument, but maybe it’s possible.
3. However, there’s a final point. And that is, to be an ACTPM, the authentication would have to be preventing/inhibiting the infringing act, by preventing those who do not have the permission of the owner or exclusive licensee from gaining access to the work. And that’s where I suspect the argument falls down. While you might argue that the authentication sequence is designed to prevent the infringing copy from being made, it doesn’t do that by preventing ‘access’ to the work. The authentication sequence does prevent ‘access’ to the Printer program, but not the Toner Loading Program.

What I’m really thinking in the end is that the various qualifications here work, because in the end, the ACTPM does have to be applied to the same work which is being infringed. And that keeps Lexmark out. I think! Tell me if I’m wrong!