Looking at the python file they are complaining about, it simply implements the "encryption profile" that is mentioned. There is no circumvention; it still requires the user password. It is also clearly a novel implementation, so there is no copyright violation here. Their "algorithm" or whatever is obviously not protected under DMCA.
So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.
Unfortunately, there are cases in which courts said approximately that implementing an algorithm (especially an algorithm that is a secret¹) without permission can be a violation of §1201. Recall
(a)(3)(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
¹ yes, I know that it's weird to regard the algorithm as a secret when implementations are given out to the user
What happens if you print out the source code and publish it as a book? Can the courts prohibit a book?
Phil Zimmermann asked this question in the context of export controls on "cryptography technology", i.e. the PGP software. MIT Press published the source code in 1995. But the US dropped its objections and this wasn't specifically tested in court (AFAIK, though similar questions were).
I'd be surprised if the courts actually held that implementing an algorithm was an act of circumvention. I expect they'd rather hold that to be in violation of a different paragraph:
> (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
> (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
An implementation of the algorithm without the necessary key would still be a "component, or part thereof".
Section 1201 also makes it illegal to circumvent DRM measures or manufacture/import/provide tools that do.
> (2)No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that (A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
Although, i'm not sure if DMCA notices commonly used for infringing content also work for violations of section 1201.
Damn. I rely on this software to read ebooks on my Remarkable tablet. I do this because I like giving at least a few pennies of royalty percentage to the author, and as far as I understand it, it's legal on my end to circumvent DRM for the sole purpose of interoperability for my legally-purchased content.
Of course, if they really don't want my money, there's always libgen.
I doubt it. This is DeCSS all over again; means will be found. Already anyone with an immediate need has downloaded the master snapshot, and can use that until an alternative distribution channel is set up.
Pirate Bay is still up, and the MPAA has legal guns much bigger than anybody involved with ebooks. It's just a matter of time before noDRM comes back.
This is always a fucking lie, and I wish we (as a community) would band together to make it more painful for giant companies to just spam DMCA takedowns as part of their DRM strategy.
Ignoring the entire issue with the fact that there probably wasn't any copyrighted material in the repo to begin with and that code is speech, and speech is protected in the US - in other words, taking the most charitable (for corporations) interpretation of the DMCA and assuming that neither of those holds true, a fair use provision still should hold!
Circumvention for purposes of transposing your media to a different platform (time-shifting, archival) are already explicitly allowed per USC and rulings (if I'm not mistaken).
I don't have the energy to type more. All in all, the DMCA needs some fangs pulled. Or fangs added, in the "perjury" category for entities that send out bad faith takedowns for code that they don't like. Has anyone ever been held legally responsible for a bad-faith DMCA takedown request? Don't think I've seen it.
So, the thing about circumvention exceptions is that...
1. There is no general exception for format shifting. If there was, DMCA 1201 would have zero legal weight.
2. Even if there was, it would not materially impact the legal status of this DMCA 512 takedown request
This is because DMCA 1201 circumvention exceptions only apply to half of the law. Section 1201 renders two different acts illegal:
1. You can't circumvent DRM, unless for specific purposes.
2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
Depending on how you look at it, either Congress assumed a black market would exist for DRM circumvention technology anyway; or they assumed people who need lawful circumvention would in-house everything and destroy it when they no longer needed it. That's the sort of question a court might have to interpret if someone was a bit more careful than, say, publishing the DRM unlock straight onto GitHub. But that's not this case. In this case, the law does not facilitate any fair use argumentation whatsoever.
It's not a lie, the DMCA 1201 exception process is just hilariously toothless.
>2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
I'm curious: why would this be the case? This is a restriction of speech that doesn't contain copyrighted content enacted by a copyright law. This seems like charging someone, by using an anti-burglary law, because they taught someone else how to pick a lock .
You're not allowed to circumvent for format shifting, but you are allowed to circumvent to access a work you have rights to. So these takedowns on GitHub should not be happening.
Unfortunately the DMCA also covers technology that works around DRM, not just copyright violation. Anyone wanting to share any anti-DRM software is advised to use a non-US site; GitHub probably doesn't have a choice about things like this once someone reports it.
The notice didn't claim copyright violation. It claimed (accurately) that this code worked around their DRM.
By "non-US" you probably mean "non-WTO". WIPO/TRIPS was specifically used to policy-launder DMCA 1201 into US law despite the objections of the tech community in the US. EU law has very similar provisions and I'm told "copypaste 1201 language into your local law" is a common ask during USTR negotiations.
As Italian, I think you should take my words with mistrust, but as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
That said, I guess it was shortsighted from the founding father but I guess at the time people would be often oppressed by governments not by neighbors and friends and I think this is something we need to solve as it's the challenge of our times
What you describe isn't exactly the law in the U.S., but it gets at some real things:
(1) there is a separate "right of petition" in the first amendment in parallel with the rights of freedom of speech and press; the right of petition relates to asking the government to change its behavior;
(2) the courts have a notion of "core political speech", which is some of the most strongly protected speech; and
(3) the courts have a different notion of "commercial speech", which is some of the least-protected speech.
> as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
Free speech by anyone to anyone is protected from government restriction. It is the government that is forbidden from punishing speech not the government that must be party to the speech else free speech would have nearly zero meaning.
> Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
What is oft said is that the first amendment doesn't protect you from non governmental consequences for your speech. For example you can be fired for your speech but you may not be imprisoned nor silenced by the government.
When a private entity avails itself of remedies provided by the government to limit or punish your speech your constitutional rights are infringed because it is the government acting to limit your speech even if its on behalf of a claimant.
> as far as I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
This is mostly true. But there are some special exemptions.
The real gotcha is that the courts have generally taken a dim view towards using the courts themselves to restrict someone’s speech. The Supreme Court basically doesn’t want (or maybe didn’t want given their recent changes) congress to launder free speech violations to civil lawsuits enforced by the courts. That’s kind of a neat trick that you’d generally want to suppress, which if I understand is why there are first amendment issues around defamation lawsuits, despite being purely between individuals.
How does this work with the DMCA? I dunno. But to my (non lawyer) eyes it does seem kinda like it effectively criminalizes speech, and I wonder if it should stand up to judicial scrutiny.
> I understood recently about US is that the speech is protected between the citizen and the government, not between civil entities, as business/corps and citizen
It depends. For example the 1st amendment protects a great deal of speech that in other countries would be slander, even though in that case the plaintiff is another civil entity and not the government.
Thanks. From the additional context in the link, it sounds like Readium might believe that this implementation is infringing on their proprietary ebook format code. I wonder if the taken down repo was a clean room implementation? If not they might have a case, if it looks similar
Doesn't matter if it is clean room or not. In the US, it isn't legal to share anti-DRM technology. Perhaps you could get some court to decide that this law violates the 1st Amendment, but that would be an uphill climb.
People shouldn't host anti-DRM stuff on any US site.
Personally I'm actually of the opinion that people should just forget about working around DRM preventing legal access to content and just forget about DRM encumbered content altogether. Having work arounds adds value to otherwise worthless file formats. Dont support it, dont recommend it. dont even talk about it other than to say "meh, DRM'd you couldnt pay me enough to use it".
Quite an extreme stance I know, but then Ive never had a problem getting enough drm free content to fill my boots to the end of time.
It's a lot of content though. Basically every movie/TV show these days is DRM encumbered either in the streaming app, cable box, the download file or on the disc. Besides some indie stuff the only non-DRM video content I can think of is OTA TV which for me is a whopping 3 channels of not great stuff. Even movie theaters are technically DRM encumbered these days.
You remind me of a relative I've lost nearly all connection with because he now has a hard line stance on DRM. We used to watch movies and enjoy talking about them, but he wont watch anything that requires streaming. And worse, we used to enjoy playing the same video games and talking about them, but he wont use Steam, and he wont purchase video game consoles anymore.
I share his concerns, but when I weight my choices, I sometimes choose the DRM'ed content. The DRM may make my purchase a "rental", but it's often still an experience I choose to have, despite the cons. I have walked away from my fair share of DRM'ed content on principle, but I don't have such a hard-line stance.
Tell him to up his game and use torrents already. It might not help for games (I think Steam has done a pretty effective job of pulling people into its gravity). But it would certainly fix the divide over movies.
Unless of course he's using it as a way of avoiding getting sucked into too much entertainment in general. But there is such a thing as moderation.
Generally I find that recommending individual, uncoordinated action as a solution to a system issue to be generally unsuccessful. Something like this either needs a coordinated response like a boycott, or a political solution.
It depends on the metric for success: if the metric for success is that it ends the practice you oppose, then yes clearly individual, uncoordinated action won't do that. if the metric for success is that it extricates you from having to compromise on your principles, then it's quite easy to achieve success.
e.g. Although I'd be happy for <evil firm X> to go bankrupt or desist from making the world a better place, I'd also be plenty happy knowing I'm not giving them money to make the world a better place.
Yes and users aren't going to boycott so it goes back to one of the main reasons we have a government, to battle ludicrous policies that an old government passed.
What really sucks is that there are authors whos work I want to support but who have chosen (or more likely their publisher has chosen) to us a DRMd format.
I find that frustrating but a lot of that has to do with the contract that the author signed to be able to write the book in the first place.
I wish I could just skip all DRM free content but that is not the world I find myself in.
Readit News
So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.
[edited in response to correction by wtallis]
Phil Zimmermann asked this question in the context of export controls on "cryptography technology", i.e. the PGP software. MIT Press published the source code in 1995. But the US dropped its objections and this wasn't specifically tested in court (AFAIK, though similar questions were).
https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_i...
> (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
> (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
An implementation of the algorithm without the necessary key would still be a "component, or part thereof".
Related: GitHub's statement from the last time they removed a prominent repository to a "circumvention technology" DMCA claim:
https://github.blog/2020-11-16-standing-up-for-developers-yo... ("Standing up for developers: youtube-dl is back")
https://news.ycombinator.com/item?id=25111726
(edited to remove inaccurate information from misread)
The answer is, of course it's automatically copyrighted
> (2)No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that (A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
Although, i'm not sure if DMCA notices commonly used for infringing content also work for violations of section 1201.
https://www.law.cornell.edu/uscode/text/17/1201
Among them are exceptions for assistive technologies and research.
https://web.archive.org/web/20211231094826/https://github.co...
Click the green Code button, then Download ZIP.
Also, see https://news.ycombinator.com/item?id=29932282 for a newer hash.
Of course, if they really don't want my money, there's always libgen.
Pirate Bay is still up, and the MPAA has legal guns much bigger than anybody involved with ebooks. It's just a matter of time before noDRM comes back.
Cut off one head, 100 grow back. All these efforts by copyright maximalist do is free recruitment for the Anti-Copyright crowd
Every enforcement action they make, stronger the animosity towards copyright grows, their short term gains, will prove to be their downfall
Deleted Comment
This is always a fucking lie, and I wish we (as a community) would band together to make it more painful for giant companies to just spam DMCA takedowns as part of their DRM strategy.
Ignoring the entire issue with the fact that there probably wasn't any copyrighted material in the repo to begin with and that code is speech, and speech is protected in the US - in other words, taking the most charitable (for corporations) interpretation of the DMCA and assuming that neither of those holds true, a fair use provision still should hold!
Circumvention for purposes of transposing your media to a different platform (time-shifting, archival) are already explicitly allowed per USC and rulings (if I'm not mistaken).
I don't have the energy to type more. All in all, the DMCA needs some fangs pulled. Or fangs added, in the "perjury" category for entities that send out bad faith takedowns for code that they don't like. Has anyone ever been held legally responsible for a bad-faith DMCA takedown request? Don't think I've seen it.
1. There is no general exception for format shifting. If there was, DMCA 1201 would have zero legal weight.
2. Even if there was, it would not materially impact the legal status of this DMCA 512 takedown request
This is because DMCA 1201 circumvention exceptions only apply to half of the law. Section 1201 renders two different acts illegal:
1. You can't circumvent DRM, unless for specific purposes.
2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
Depending on how you look at it, either Congress assumed a black market would exist for DRM circumvention technology anyway; or they assumed people who need lawful circumvention would in-house everything and destroy it when they no longer needed it. That's the sort of question a court might have to interpret if someone was a bit more careful than, say, publishing the DRM unlock straight onto GitHub. But that's not this case. In this case, the law does not facilitate any fair use argumentation whatsoever.
It's not a lie, the DMCA 1201 exception process is just hilariously toothless.
I'm curious: why would this be the case? This is a restriction of speech that doesn't contain copyrighted content enacted by a copyright law. This seems like charging someone, by using an anti-burglary law, because they taught someone else how to pick a lock .
The notice didn't claim copyright violation. It claimed (accurately) that this code worked around their DRM.
> Yes, I am the copyright holder.
That said, I guess it was shortsighted from the founding father but I guess at the time people would be often oppressed by governments not by neighbors and friends and I think this is something we need to solve as it's the challenge of our times
(1) there is a separate "right of petition" in the first amendment in parallel with the rights of freedom of speech and press; the right of petition relates to asking the government to change its behavior;
(2) the courts have a notion of "core political speech", which is some of the most strongly protected speech; and
(3) the courts have a different notion of "commercial speech", which is some of the least-protected speech.
Free speech by anyone to anyone is protected from government restriction. It is the government that is forbidden from punishing speech not the government that must be party to the speech else free speech would have nearly zero meaning.
> Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
What is oft said is that the first amendment doesn't protect you from non governmental consequences for your speech. For example you can be fired for your speech but you may not be imprisoned nor silenced by the government.
When a private entity avails itself of remedies provided by the government to limit or punish your speech your constitutional rights are infringed because it is the government acting to limit your speech even if its on behalf of a claimant.
This is mostly true. But there are some special exemptions.
The real gotcha is that the courts have generally taken a dim view towards using the courts themselves to restrict someone’s speech. The Supreme Court basically doesn’t want (or maybe didn’t want given their recent changes) congress to launder free speech violations to civil lawsuits enforced by the courts. That’s kind of a neat trick that you’d generally want to suppress, which if I understand is why there are first amendment issues around defamation lawsuits, despite being purely between individuals.
How does this work with the DMCA? I dunno. But to my (non lawyer) eyes it does seem kinda like it effectively criminalizes speech, and I wonder if it should stand up to judicial scrutiny.
It depends. For example the 1st amendment protects a great deal of speech that in other countries would be slander, even though in that case the plaintiff is another civil entity and not the government.
Deleted Comment
is it really? i've never thought of it like that.
Deleted Comment
People shouldn't host anti-DRM stuff on any US site.
Quite an extreme stance I know, but then Ive never had a problem getting enough drm free content to fill my boots to the end of time.
I share his concerns, but when I weight my choices, I sometimes choose the DRM'ed content. The DRM may make my purchase a "rental", but it's often still an experience I choose to have, despite the cons. I have walked away from my fair share of DRM'ed content on principle, but I don't have such a hard-line stance.
At least with games there's a lot you could play together on GOG, most movies never get an official DRM-free release.
Unless of course he's using it as a way of avoiding getting sucked into too much entertainment in general. But there is such a thing as moderation.
e.g. Although I'd be happy for <evil firm X> to go bankrupt or desist from making the world a better place, I'd also be plenty happy knowing I'm not giving them money to make the world a better place.
I find that frustrating but a lot of that has to do with the contract that the author signed to be able to write the book in the first place.
I wish I could just skip all DRM free content but that is not the world I find myself in.