From Copyright and Technology:
Last week, the European Parliament moved the EU’s new Copyright Directive along in its legislative process; it passed out of the Legal Affairs Committee and is due for a plenary vote next month. One of the most controversial provisions of the new Directive is the forbodingly-named Article 13. Article 13 would require online services to take responsibility for proactively examining content uploaded to the services for copyright and either ensuring that the content is properly licensed or blocking it from being available.
. . . .
I want to focus on a different problem than the ones being argued over elsewhere: whether copyright owners would actually get what they want if Article 13 were enacted. In its current form, I think the answer is no.
Copyright owners want a legal means of ensuring that online services will either take licenses to their content or keep it off their networks. Article 13 won’t help much with either of these. First of all, Article 13 does nothing at all to improve online services’ ability to license content. Licensing writ large is still a huge mess, and the difficulty in obtaining proper licenses is not just a matter of paying royalties; it’s a blizzard of paperwork, deal-making with individual licensors, and legal uncertainty in some cases. The problem is especially intractable for general-purpose online services, which could potentially be held responsible for licensing all types of copyrighted material; and it’s even harder in the European Union because of the complexity of licensing content among 28 Member States.
Of course, this is far easier said than done, various efforts to improve the situation have failed, and the copyright owner interests involved in the Article 13 deliberations realize this. So they are turning their attention to the filtering requirement.
. . . .
The American experience with DRM anticircumvention law, Section 1201 of the 1998 Digital Millennium Copyright Act (DMCA 1201), is one indicator of why Article 13 is unlikely to deliver what copyright owners want regarding filtering. DMCA 1201 is the law against circumventing DRMs and other technical measures that control access to copyrighted works. (Europe has an equivalent in the EU Copyright Directive of 2001, but it hasn’t been tested in courts anywhere near as much in Europe as DMCA 1201 has here.)
DMCA 1201 does not impose requirements on consumer device companies or online services to use DRM. (A different law proposed in 2002 would have done that, but it failed in the Senate.) Instead, it imposes liability on anyone caught hacking DRMs. The way it was designed, deliberations over the nature and security strength of DRMs take place in the private sector between copyright owners and technology companies (consumer device makers or online service providers). Liability for hacks is intended to be on the hacker, not the technology companies.
Still, courts have interpreted the law to say something about the security strength of DRMs, namely that there is barely any such requirement. The law states that a technology that “effectively controls access to a work” must, “in the ordinary course of its operation, require the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” In his 2000 Universal v. Reimerdes district court decision, Judge Lewis Kaplan interpreted this to mean that the law must protect weak technologies — such as the CSS encryption scheme for DVDs at issue in the case — or otherwise would have no purpose in existing. This holding, while not central to the plaintiffs’ ultimate victory in the case, has not helped copyright owners.
As a result, the market has largely passed DMCA 1201 by; its importance in the world of commercial content has diminished considerably. Today, DRM hacks are basically irrelevant in the music and video spaces. Music is streamed through services that are very convenient, easy to use, and sometimes free. Streams are protected with DRM, yet no one really talks about hacks to those schemes. Movie and TV DRMs, on the other hand, are highly secure and were not designed to rely on the legal backstop of anticircumvention law.
The only place where anticircumvention law really matters for commercial content anymore is e-books. At least some of the major e-book DRMs have hacks available if you know where to look for them. In the e-book world, the effect of anticircumvention law is that to break a DRM, you have to find a DRM removal tool, have a very modest degree of technical savvy to use it, and take standard measures against the malware that some removal tools come with. Put another way, thanks to anticircumvention law, there’s no “Import from Nook” option on Amazon Kindle devices and apps, or vice versa, to make the job easier. This has been the state of play since the early 2010s. More recently, anticircumvention law has even been losing relevance for e-books in countries where e-book DRM is going away, such as Germany, the Netherlands, and much of Eastern Europe.
In other words, both technology and the market have bypassed the need for DRM hack prevention. The law lost most of its relevance despite the fact that it was carefully designed to relegate deliberations about quality and security strength of DRMs to the market instead of to regulations.
Link to the rest at Copyright and Technology