Digg this story   Add to del.icio.us   (page 5 of 6 ) previous  next 
Mod Your iPhone – For Fun or Profit?
Mark Rasch, 2007-09-04

Story continued from Page 4


DMCA and Anti Circumvention

Another statute that AT&T might try to use is the Digital Millennium Copyright Act, or DMCA. The statute was intended to prevent people from pirating CD’s, DVD’s and electronic books which had copy protection on them and to implement the provisions of the World Intellectual Property Organization on protection of digital copyrighted works. But the language was much broader than that. The statute 17 USC 2701 makes it a crime to “circumvent a technological measure that effectively controls access to a [copyrighted work].” Okay, so you can’t break a copy protection to get “access” to a copyrighted book, song, video, etc., right?

Not exactly. The statute has been used to go after a host of people who really could care less about “accessing a copyrighted work” or, for that matter, infringing a copyright. Thus, if you wanted to refill your ink cartridges to your printer, you would have to alter the software code on the little gold strip on the cartridge to allow the printer to accept the newly inked cartridge. Similarly, if you wanted to use an “after market” garage door opener, in order for it to send the right signal to the garage door to open it, you would have to access to software “lock” on the proprietary garage door.

As more and more of our lives are controlled by software, companies are using software (subject to both copyright law, EULA’s and the DMCA) as a “lock” to keep us from doing things with their products or services unless we pay the beaucoup bucks – even if we otherwise have a right to, say, open our garage door. The results of these cases have been mixed, but mostly, if you circumvent a technological measure to control access to a copyrighted work (the software) (ed. in favor of, against?)

What is worse, the WIPO Treaty was aimed at circumvention of protection measures designed to prevent access to copyrighted works “and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.” The U.S. statutory implementation of that treaty does not include the language about doing things that are “permitted by law.” Moreover, the modders, if they infringe the rights of anyone, infringe the rights of Apple, not AT&T.

One basic question is whether the modders are circumventing a technological measure that effectively controls access to a protected copyrighted work. Perhaps. Clearly Apple, in developing its iPhone software, has gone to some length to keep modders from seeing the source code and from doing exactly what they have been trying to do. While you can debate whether the measures “effectively” control access to the iPhone software, remember that the prevention need not be perfect – this would undermine the entire statutory regime.

When Congress passed the DMCA, they included a provision that authorized – nay required – the Library of Congress, upon the recommendation of the Register of Copyrights, in consultation with the Assistant Secretary for Communications and Information of the Department of Commerce, to consider reasonable exemptions to the provisions of the DMCA. This was because Congress realized that the statue might be overreaching and that technology would change over time. Thus, every three years the Library of Congress considers exemptions to the DMCA. On November 17, 2006 the Library of Congress published these recommendations. , one of which recommended exemption from the DMCA’s coverage of:

“Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communications network.”


Basically, in plain English, “unlocking your phone.” These were formalized in a rulemaking published in the Federal Register

The Library of Congress noted that software locks prevent users from using the phones they paid for with another provider, and that phone companies were using the DMCA to attempt to keep people from switching services. In granting the exemption, the Librarian of Congress noted that unlocking the phone is not an infringing act. (“There is no evidence in the record of this rulemaking that demonstrates or even suggests that obtaining access to the mobile firmware in a mobile handset that is owned by a consumer is an infringing act.”) Similarly, switching from one provider to another is not an infringement. In fact, all the consumer is trying to do is to do what the phone is designed to do – make phone calls. The report noted:

“This is a non-infringing activity by the user. But for the software lock . . . it appears that there would be nothing to stand in the way of a consumer being able to engage in this non-infringing use of a lawfully purchased mobile handset and the software that operates it. Indeed, there does not appear to be any concern about protecting access to the copyrighted work [the software] itself. The purpose of the software lock appears to be limited to restricting the owner’s use of the mobile handset to support a business model, rather than to protect access to a copyrighted work.”


Put simply, since unlocking the phone just allows you to do what you could otherwise do, doesn’t affect the value of the underlying copyrighted work (the software), and is merely an effort to protect a “business model”, the Library of Congress essentially concluded that you shouldn’t be able to use the copyright law to do something other than to protect a copyright. So as it currently stands, the DMCA doesn’t prevent the unlocking.

But there is a rub – sort of. The language of the exemption states that it applies “when circumvention is accomplished for the SOLE PURPOSE of lawfully connecting to a wireless telephone communications network.” If you are selling the unlocking software, or giving it away, then your purpose is to make money, not to connect to a network. Thus, your SOLE purpose is not to connect. This is just plain silly. First, if you look at the exemption, it’s clear that the phone companies told the Library of Congress that they were worried that hacking the phone software might also affect other DRM models, like access to ringtones, online music, video, etc., through the cell phone. They asked the Library of Congress to make it clear that the DMCA exemption for unlocking didn’t affect their ability to protect these OTHER services. To accommodate the phone companies, the Librarian responded essentially by saying that the exemption was focused ONLY on circumventions to unlock – hence the words “sole purpose.”

If you read the history of the “sole purpose” provision, it becomes plain that it’s not a “personal exemption” clause allowing YOU to unlock YOUR phone, but not allowing someone to provide you the software. The Federal Register notice notes:

“The copyright owners who did express concern about the . . . exemption are owners of copyrights in music, sound records and audiovisual works that are offered for downloading onto cellular phones. They expressed concern that the proposed exemption might permit circumvention of access controls that protect their works when they have been downloaded onto cellular phones. The record on this issue was fairly inconclusive, but in any event, the proponents of the exemption provided assurances that there was no intention that the exemption be used to permit unauthorized access to those works. Rather, the exemption is sought for the sole purpose of permitting owners of cellular phone handsets to switch their handsets to a different network.”


The reason they wrote “sole purpose” was to make it clear that the exemption was to permit unlocking for service transfer, and not for any OTHER purpose. The argument that this is a “personal unlocking” exemption fails to distinguish between the “purpose” of the software and the “motive” of the author. The sole PURPOSE is to unlock the phone to permit service transfer. The MOTIVE of the software developers may be to make money. How do you “permit owners of cellular phone handsets to switch their handsets to a different network” without allowing them to have the tools to do so?

Story continued on Page 6 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 5 of 6 ) previous  next 
Comments Mode:
Mod Your iPhone – is a Federal Felony 2007-09-05
bernieS (1 replies)
Re: Mod Your iPhone ? is a Federal Felony 2007-10-03
Mark D. Rsch (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus