- From: Joseph Lorenzo Hall <joe@cdt.org>
- Date: Fri, 19 Aug 2016 14:37:17 -0400
- To: Mark Watson <watsonm@netflix.com>
- Cc: Harry Halpin <hhalpin@w3.org>, "public-html-media@w3.org" <public-html-media@w3.org>
On Tue, Aug 16, 2016 at 3:00 PM, Mark Watson <watsonm@netflix.com> wrote: >> >> IANAL, but I think a case could be made that Clear Key is not an >> "effective" protection measure, since the key is available, well, in the >> clear. Certainly, no one would call it a "DRM". >> >> >> I think whether or not it is an 'effective' protection measure is >> separable from whether or not its covered by the DMCA. > > > I was referring to the DMCA language: '... technology that effectively > controls ...' IIRC. But, for sure, IANAL, as I said. If W3C would like to > get a legal opinion on this than that might be useful. I expect if the > opinion was that Clear Key rendered the EME specification itself subject to > DMCA then we should consider removing Clear Key from the specification. This is actually a pretty different legally than an intuitive interpretation might suggest. (Also, Harry, not sure we should ask Wendy to contribute a legal opinion given that could be interpreted as being part of her W3C duties and I don't think that's in scope for her job... although not sure if she would agree and uncertain considering the reorg.) In that spirit, and emphasizing that I'm not a lawyer but have a good grasp of the legal landscape here: First, legally, that phrase is defined in the DMCA itself and it basically says, "a technological measure 'effectively controls access to a work' if the measure, in the ordinary course of operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." You may be able to argue this either way with ClearKey: a null key is an application of information, although it's not very interesting information. But it wouldn't be done with the authority of the copyright owner. However, "effective control" has been interpreted in a number of cases in US Courts, so that now there are a few different interpretations and lines of legal analysis that a Court could consider (e.g., in the Lexmark case, there was a way to get the "work" without using the access control, so not effective). Here is where I'll have to point you to a (short) law review article that discusses this in depth: Ryan Iwahashi, "How to Circumvent Technological Protection Measures without Violating the DMCA: An Examination of Technological Protection Measures under Current Legal Standards", 26 Berkeley Tech. L.J. 491 (2011). Available at: http://scholarship.law.berkeley.edu/btlj/vol26/iss1/17 (I'm not aware of any more recent developments, but I'm sure there have been.) This is why civil society and the public interest community is so interested in some clear protections, especially arrived at in a collaborative setting and infrastructurally in standards like at the W3C: the DMCA here is unfortunately a large source of uncertainty and modulo passing a law (omg, good luck), other kinds of assurances such as a non-aggression covenant are key. best, Joe -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
Received on Friday, 19 August 2016 18:38:06 UTC