Re: Formal objection to Encrypted Media Extensions progressing to Proposed Recommendation without greater user protection

On Tue, Aug 16, 2016 at 3:00 PM, Mark Watson <watsonm@netflix.com> wrote:
>>
>> IANAL, but I think a case could be made that Clear Key is not an
>> "effective" protection measure, since the key is available, well, in the
>> clear. Certainly, no one would call it a "DRM".
>>
>>
>> I think whether or not it is an 'effective' protection measure is
>> separable from whether or not its covered by the DMCA.
>
>
> I was referring to the DMCA language: '... technology that effectively
> controls ...' IIRC. But, for sure, IANAL, as I said. If W3C would like to
> get a legal opinion on this than that might be useful. I expect if the
> opinion was that Clear Key rendered the EME specification itself subject to
> DMCA then we should consider removing Clear Key from the specification.

This is actually a pretty different legally than an intuitive
interpretation might suggest.

(Also, Harry, not sure we should ask Wendy to contribute a legal
opinion given that could be interpreted as being part of her W3C
duties and I don't think that's in scope for her job... although not
sure if she would agree and uncertain considering the reorg.)

In that spirit, and emphasizing that I'm not a lawyer but have a good
grasp of the legal landscape here:

First, legally, that phrase is defined in the DMCA itself and it
basically says, "a technological measure 'effectively controls access
to a work' if the measure, in the ordinary course of operation,
requires the application of information, or a process or a treatment,
with the authority of the copyright owner, to gain access to the
work."

You may be able to argue this either way with ClearKey: a null key is
an application of information, although it's not very interesting
information. But it wouldn't be done with the authority of the
copyright owner.

However, "effective control" has been interpreted in a number of cases
in US Courts, so that now there are a few different interpretations
and lines of legal analysis that a Court could consider (e.g., in the
Lexmark case, there was a way to get the "work" without using the
access control, so not effective). Here is where I'll have to point
you to a (short) law review article that discusses this in depth: Ryan
Iwahashi, "How to Circumvent Technological Protection Measures without
Violating the DMCA: An Examination of Technological Protection
Measures under Current Legal Standards", 26 Berkeley Tech. L.J. 491
(2011). Available at:
http://scholarship.law.berkeley.edu/btlj/vol26/iss1/17

(I'm not aware of any more recent developments, but I'm sure there have been.)

This is why civil society and the public interest community is so
interested in some clear protections, especially arrived at in a
collaborative setting and infrastructurally in standards like at the
W3C: the DMCA here is unfortunately a large source of uncertainty and
modulo passing a law (omg, good luck), other kinds of assurances such
as a non-aggression covenant are key.

best, Joe

-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
1401 K ST NW STE 200, Washington DC 20005-3497
e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

Received on Friday, 19 August 2016 18:38:06 UTC