Thursday, February 13, 2014

DRM and copyright law

Cory Doctorow has an interesting article on the Guardian Technology Blog this week exploring some of the issues with Digital Rights Management (DRM). He highlights the issue of what I see as "mission creep". Various countries, including US and Europe generally, have laws on what is generally termed "non-circumvention", making it illegal to reverse engineer and tamper with a protection system designed to uphold a copyright-holder's rights. But in practice, this law is apparently being applied to the protection of "rights" that it is not clear the copyright holder actually held in the first place. In other words, inventors of DRM systems can effectively make up laws as they go along.

On this point, it is worth remembering that the broader issue of "what rights we actually want copyright holders to have in the digital era" predates current DRM systems and laws such as the Digital Millenium Copyright Act. Before the millenium, developers were already battling with issues around the legality of reverse engineering under different circumstances.

He also raises the issue that a stifling of public information on the security of DRM systems can lead to less security for end users (he cites the infamous case of Sony installing malware on users' machines which, because of how it modified the filing system, in turn made it easier for other viruses to proliferate undetected). Unfortunately, this appears to be another case of the law being misused: in principle, exceptions should be allowed to the "non-circumvention" law for the purposes of security research. Clearly, this provision isn't filtering down to the security community in practice...

No comments: