Last week, the US Court of Appeals for the 5th Circuit released a controversial decision interpreting Section 1201(a) of the DMCA in MGE UPS Inc v GE Consumer and Industrial, Inc. 2010 WL 2820006 (5th Cir.2010). Prof. Geist has suggested that the case decided that the “DMCA is limited to guarding access controls only to the extent that circumvention would violate the copyright rights of the copyright owner.” His summary of the case is neither accurate nor complete. Here’s why.
The MGE case
The MGE case involved uninterruptible power supply (“UPS”) machines manufactured by MGE, some of which require the use of MGE’s copyrighted software programs Pacret and Muguet during servicing. The software requires connection of an external hardware security key (a “dongle”) to the laptop serial port. When the software is activated, it searches for a properly programmed dongle before it will fully launch. Once launched, the software will go through a second series of protocol exchanges with the data located on the UPS machine’s microprocessors to confirm that MGE software is communicating with MGE hardware. If the protocol exchange is successful, MGE’s software proceeds to collect system status information for the technician.
MGE’s dongle does not prevent the literal code or text of MGE’s copyrighted computer software from being freely read and copied once access to its programs is obtained. The dongle does not use any encryption or other form of protection to prevent copyright violations.
After MGE introduced its security technology, software hackers published information on the Internet disclosing general instructions on how to defeat the external security features of a hardware key. Once the software is cracked and the security key is defeated, the software can be accessed and used without limitation. MGE did not adduce any evidence that any of the defendant’s employees were responsible for altering (circumventing) the Pacret and Muguet software such that a dongle was not required to use the software.
The Court gave two reasons for finding no DMCA violations. The defendants had only used software that had already been circumvented. There was no evidence that they had circumvented the MGE TPM. The DMCA’s anti-circumvention provision does not apply to the use of copyrighted works after the technological measure has been circumvented, targeting instead the act of circumvention itself. Universal City Studios, Inc. v. Corley, 273 F.3d 429, 443 (2d Cir.2001). The DMCA case, therefore, had to fail.
“Moreover, the DMCA’s anti-circumvention provision does not apply to the use of copyrighted works after the technological measure has been circumvented, targeting instead the circumvention itself. Universal City Studios, Inc. v. Corley, 273 F.3d 429, 443 (2d Cir.2001)… Without proving GE/PMI actually circumvented the technology (as opposed to using technology already circumvented), MGE does not present a valid DMCA claim. See id. (“[T]he DMCA targets the circumvention of digital walls guarding copyrighted material (and trafficking in circumvention tools), but does not concern itself with the use of those materials after circumvention has occurred.)
Because the DMCA does not apply to mere use of a copyrighted work, and because MGE has not shown that GE/PMI circumvented MGE’s software protections in violation of the DMCA, the district court did not err in granting GE/PMI’s Rule 50(a) motion dismissing MGE’s DMCA claim.”
That ground alone should have disposed of the case. However, the Court also stated, in what is arguably obiter dicta, that the DMCA case also failed because MGE had not shown that its dongle protected its software against an infringement of a right under the Copyright Act. Citing a previous decision of the Federal Circuit in Chamberlain Group, Inc. v. Skylink Techs., Inc., 381 F.3d 1178 (Fed.Cir.2004) the Court stated that:
“The DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners. See Chamberlain Group, Inc. v. Skylink Techs., Inc., 381 F.3d 1178, 1202 (Fed.Cir.2004). The Federal Circuit, in analyzing the DMCA’s anti-circumvention provision, concluded that it “convey[s] no additional property rights in and of themselves; [it] simply provide[s] property owners with new ways to secure their property.” Id. at 1193-94. Indeed, “virtually every clause of § 1201 that mentions ‘access’ links ‘access’ to ‘protection.’ ” Id. at 1197. Without showing a link between “access” and “protection” of the copyrighted work, the DMCA’s anti-circumvention provision does not apply. The owner’s technological measure must protect the copyrighted material against an infringement of a right that the Copyright Act protects, not from mere use or viewing.”
As can be seen from the above, Prof. Geist’s summary of the case is not accurate. The MGE case did not state that the “DMCA is limited to guarding access controls only to the extent that circumvention would violate the copyright rights of the copyright owner”; in other words it did not hold that circumvention of an access control TPM is illegal only when done for an infringing purpose. Rather it stated that there must merely be a link between “access” which the TPM protects and “protection” of some right of the copyright owner, e.g., the TPM must only protect a work from some unauthorized act covered by copyright.
Accordingly, even under the MGE decision, infringement as a purpose of the circumvention need not be shown. The circumvention of an access control TPM would violate the DMCA as long as the TPM protects a work against some unauthorized act that the copyright holder has the right to control. There would still be liability, for example, if the access control TPM is circumvented for a non-infringing purpose, such a fair use, as long as the TPM also prevents other uses not authorized by the copyright owner.
Prof. Geist’s summary of the case is also incomplete. Readers of his blog would be left with the impression that the MGE case is rightly decided and that it reflects the state of US law. However, both assumptions would be inaccurate.
In suggesting that a technological measure must protect copyrighted material against an infringement of a right that the Copyright Act protects, the Court misinterpreted Section 1201(a) of the DMCA and, as other commentators have pointed out (such as here and here) has created a split in the US courts which have construed the anti-circumvention provisions of the DMCA not to require any proof that an access control TPM must protect a work against some unauthorized act covered by copyright.
The MGE decision is contrary to the legislative history of the DMCA
The relevant provisions of the DMCA are as follows:
Section 1201 of the DMCA
VIOLATIONS REGARDING CIRCUMVENTION OF TECHNOLOGICAL MEASURES-
(1)(a) No person shall circumvent a technological measure that effectively controls access to a work protected under this title …
(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
(B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.
(3) As used in this subsection—
(A) to `circumvent a technological measure’ means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure `effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
(b) ADDITIONAL VIOLATIONS- (1) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof;
(B) has only limited commercially significant purpose or use other than to circumvent protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof; or
(C) is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title in a work or a portion thereof.
Section 1201 of the DMCA divides technological measures into two categories: measures that prevent unauthorized access to a copyrighted work and measures that prevent unauthorized copying of a copyrighted work. Making or selling devices or services that are used to circumvent either category of technological measure is prohibited in certain circumstances. As to the act of circumvention in itself, the provision prohibits circumventing the first category of technological measures, but not the second.
The DMCA “anti-trafficking” provisions are similar, except that section 1201(a)(2) covers those who traffic in technology that can circumvent “a technological measure that effectively controls access to a work;” whereas section 1201(b)(1) covers those who traffic in technology that can circumvent “protection afforded by a technological measure that effectively protects a right of a copyright owner.” In other words, although both sections prohibit trafficking in a circumvention technology, the focus of s. 1201(a)(2) is circumvention of technologies designed to prevent access to a work, and the focus of s. 1201(b)(1) is circumvention of technologies designed to prevent copying of the work or some other act that infringes a copyright.
The legislative history shows that although the prohibitions in ss. 1201(a) and (b) are worded similarly and employ similar tests, they are designed to protect two distinct rights and to target two distinct classes of devices. The legislative history of s. 1201(a) shows that Congress had intended to confer upon copyright owners the ability to preclude unauthorized access to a work using TPMs without the need for any proof that the circumvention of the TPM would result in an infringement or facilitate an infringement. For example, the Senate Report stated the following:
Although sections 1201(a)(2) and 1201(b) of the bill are worded similarly and employ similar tests, they are designed to protect two distinct rights and to target two distinct classes of devices. Sub-section 1201(a)(2) is designed to protect access to a copyrighted work. Section 1201(b) is designed to protect the traditional copyright rights of the copyright owner. As a consequence, subsection 1201(a)(2) prohibits devices primarily designed to circumvent effective technological measures that limit access to a work. Subsection 1201(b), on the other hand, prohibits devices primarily designed to circumvent effective technological protection measures that limit the ability of the copyrighted work to be copied, or otherwise protect the copyright rights of the owner of the copyrighted work. The two sections are not interchangeable, and many devices will be subject to challenge only under one of the subsections. For example, if an effective technological protection measure does nothing to prevent access to the plain text of the work, but is designed to prevent that work from being copied, then a potential cause of action against the manufacturer of a device designed to circumvent the measure lies under subsection 1201(b), but not under subsection 1201(a)(2). Conversely, if an effective technological protection measure limits access to the plain text of a work only to those with authorized access, but provides no additional protection against copying, displaying, performing or distributing the work, then a potential cause of action against the manufacturer of a device designed to circumvent the measure lies under subsection 1201(a)(2), but not under subsection 1201(b).
This, in turn, is the reason there is no prohibition on conduct in 1201(b) akin to the prohibition on circumvention conduct in 1201(a)(1). The prohibition in 1201(a)(1) is necessary because prior to this Act, the conduct of circumvention was never before made unlawful. The device limitation in 1201(a)(2) enforces this new prohibition on conduct. The copyright law has long forbidden copyright infringements, so no new prohibition was necessary. The device limitation in 1201(b) enforces the longstanding prohibitions on infringements.
Professor Jane C. Ginsburg summarized the legislative history on this point as follows:
… there is considerable evidence from the text and from the legislative history that Congress did intend to create an additional copyright regime, based on the control over access to digitally distributed works of authorship. The text indicates that the “access” that section 1201(a) protects goes beyond traditional copyright prerogatives; it distinguishes “access” from a “right of the copyright owner under this title.” Some activities subject to access controls do not implicate traditional copyright owner rights such as reproduction and public performance. For example, an access control may limit the number of viewings of a motion picture distributed on a DVD. But if the viewings occur at home, they likely do not come within the traditional scope of exclusive rights. Thus, suppose I purchase a time-loaded or limited-viewing DVD, for a lower price than an unlimited viewing DVD, and that I circumvent an access protection in order to obtain unlimited number of private viewings of the film for an unlimited time. I have not committed copyright infringement, because the public performance right does not reach the extra viewings. I have, however, defeated the purpose of offering the film on a pay per-view or similar basis. The legislative history indicates that the DMCA was designed in part specifically to foster a variety of business models offering the public a diversity of levels of access, for a diversity of prices. As the House Commerce Committee reported:
[A]n increasing number of intellectual property works are being distributed using a “client-server” model, where the work is effectively “borrowed” by the user (e.g., infrequent users of expensive software purchase a certain number of uses, or viewers watch a movie on a pay-per-view basis). To operate in this new environment, content providers will need both the technology to make new uses possible and the legal framework to ensure they can protect their work from piracy.
Acts prohibited: Section 1201 prohibits the act of circumventing an access control, and the “trafficking” in devices that circumvent either access controls or “rights” controls. It does not prohibit the act of circumventing a rights control, in part because the results of that act will be directly infringing (or will qualify for an exception), and in part because the most economically significant act is the distribution of the device that will allow the end-user to circumvent. By contrast, circumvention of an access control does not directly result in an infringement. If circumvention of an access control is not unlawful, then, arguably, dissemination of a device that enables circumvention of an access control would not be wrongful either. By making the act of access circumvention unlawful, the DMCA lay a stronger foundation for prohibiting the dissemination of enabling devices as well.
In considering the legislative history of Section 1201(a), Columbia Professor June Besek also explained that, “providing copyright owners with the ability to preclude unlimited access was a goal of the DMCA, not just an unforeseen and unfortunate consequence.”
MGE is inconsistent with prior decisions interpreting the DMCA
A number of cases have interpreted the access control and trafficking in access control device prohibitions provisions of the DMCA provisions explicitly rejecting any contention that such claims are tied to any requirement that the access control TPM also prevent unauthorized copying or another act that would be infringing.
For example, an injunction was obtained in Universal City Studios, Inc. v. Reimerdes to restrain the dissemination of the DeCSS program under the anti-trafficking access control prohibition in s. 1201(a)(2). The principal issue was whether that provision of the DMCA applied to conduct that was non-infringing such as fair use. The Court held that Congress had explicitly considered the issue and had made a clear policy choice to make the anti-trafficking access control provision apply even where the uses of the circumvention device would be for non-infringing purposes. Congress specifically decided not to permit statutory defenses to infringement such as fair use to be grounds for not violating the anti-trafficking access control provision or the anti-circumvention prohibition in s. 1201(a)(1)(A). Instead it crafted a series of exemptions to those provisions, exemptions which would have been redundant if the statutory exemptions to infringement also applied as defenses to the anti-trafficking access control provision and the anti-circumvention provision.
The Second Circuit in Corley affirmed the decision in Reimerdes. In doing so it confirmed that fair use is not a defense to unauthorized circumvention of TPMs.
[The Appellants] … contend that subsection 1201(c)(1), which provides that “[n]othing in this section shall affect rights, remedies, limitations or defenses to copyright infringement, including fair use, under this title,” can be read to allow the circumvention of encryption technology protecting copyrighted material when the material will be put to “fair uses” exempt from copyright liability. We disagree that subsection 1201(c)(1) permits such a reading. Instead, it clearly and simply clarifies that the DMCA targets the circumvention of digital walls guarding copyrighted material (and trafficking in circumvention tools), but does not concern itself with the use of those materials after circumvention has occurred. Subsection 1201(c)(1) ensures that the DMCA is not read to prohibit the “fair use” of information just because that information was obtained in a manner made illegal by the DMCA. The Appellants’ much more expansive interpretation of subsection 1201(c)(1) is not only outside the range of plausible readings of the provision, but is also clearly refuted by the statute’s legislative history.
Another case which reached a similar conclusion is Real Networks Inc. v. Streambox, Inc. The case involved an interpretation of the anti-trafficking access control prohibition in s. 1201(a)(2) and the anti-trafficking rights control prohibition in s. 1201(b)(2). Streambox’s primary defense was that its anti-circumvention tools allowed “consumers to make `fair use’ copies of RealMedia files, notwithstanding the access control and copy protection measures that a copyright owner may have placed on that file.” The Court rejected the contention that the anti-trafficking provisions had a linkage to a showing that the potential uses had to be infringing or to facilitate infringement. The Court held that the fair use defense to copyright infringement did not apply to the anti-trafficking provisions in the DMCA. The DMCA was interpreted in this way in Sony Computer Entertainment America Inc. v. GameMasters as well. There a California court enjoined the sale of a device that circumvented technological measures used by Sony to prevent access to software embedded in Sony’s PlayStation console.
The holding in the MGE case clearly conflicts with the above authorities. So how did the MGE case reach the conclusion it did? Besides (apparently) failing to consider the legislative history, the Court also inaptly relied on dicta from the Chamberlain and Lexmark cases without appreciating what was in issue or what was decided in those cases.
The Chamberlain case involved an attempt by Chamberlain to prevent a competitor, Skylink, from bypassing a security system in order to make its universal transmitters interoperable with Chamberlain’s Security+ line of garage door openers. Chamberlain contended that this violated s1201(a)(2) of the anti-trafficking clause of the DMCA. Chamberlain’s allegation was simply that the only way for the transmitter to interoperate with a Security+ GDO was by “accessing” copyrighted software, something which the court held the copyright holder had consented to. This meant that it was impossible for Chamberlain to prove that any circumvention was carried out “without the authority of the copyright owner,” a statutory prerequisite for all section 1201 violations. That was the ratio of the case. However, even the Chamberlain dicta cited in the MGE opinion are inapposite. There was no conceivable way that unauthorized access to the GDO protected by the TPM could have led to infringement of a right protected by copyright: it simply allowed the user to open a garage door. The TPM was designed to be used to bar the interoperability of an independent product, not to protect any copyright related interest that Chamberlain had in its software.
The Lexmark case involved an attempt by Lexmark to prevent third parties from using unauthorized printer cartridges with its printers. Lexmark claimed infringement of a program that controlled the printer’s operation. Lexmark sought to control access to the program and to printer operation, through use of an “authentication sequence,” which was satisfied only when Lexmark-approved toner cartridges were used. The defendant sold a microchip that performed the authentication sequence, thereby allowing customers to use Lexmark printers without using Lexmark-approved toner. Lexmark sued, claiming that the defendant had circumvented the authentication sequence in violation of the DMCA. The Sixth Circuit ruled against Lexmark. The chief ground for doing so was that all three of the anti-circumvention liability provisions of the DMCA require the claimant to show that the “technological measure” at issue “controls access to a work protected under this title” which is to say a work protected under the general copyright statute. The Court found that one of Lexmark’s programs protected by the TPM was so trivial that it did not qualify as a “work protected under [the copyright statute],” … so the DMCA necessarily would not protect it. In the case of another program involved in the case, which was subject to copyright protection, the Court also held that the authentication sequence did not effectively control access to the program within the meaning of the DMCA, because alternative means approved by the copyright owner could be used to access the program.
It is also striking that the MGE decision absolved the defendant of liability under the DMCA in a case in which the defendant, assuming it circumvented the dongle at all (rather than simply taking advantage of a program from which dongle protection had previously been removed), used its resulting access to infringe copyright, a conclusion that even the defendant did not dispute. The Chamberlain and Lexmark cases are thus entirely inapposite to the facts in the MGE case.
The Fifth Circuit’s apparent conclusion that the circumvention of a dongle that controls access to a computer program does not amount to a violation of section 1201(a)(1) also flies in the face of a full decade of administrative precedent in U.S. law. Under section 1201(a)(1)(C), the U.S. Copyright Office holds a proceeding every three years to consider whether the prohibition on circumvention of access controls is unduly impeding non-infringing uses of copyright works, and is authorized to adopt limited exceptions to the prohibition in order to remedy these problems. In all four such proceedings that have been held since the first one in 2000, an exception has been recognized to permit the circumvention of dongles under specific circumstances (generally, when the dongle is obsolete and no longer supported by the software publisher). In the most recent proceeding, earlier this week, an exception to section 1201(a)(1) to allow by-passing of dongles was once again recognized. Since, under the statute, the Copyright Office is allowed to adopt an exception only as to conduct that would otherwise be a violation of section 1201(a)(1); AND since the basis for adopting an exception is to foster non-infringing conduct that would otherwise be unduly burdened by the DMCA prohibition; it seems incontrovertible that a dongle controlling access to a computer program is an access control technology whose circumvention (absent any exception) is a violation of section 1201(a)(1); and that this is so even when the use of the software program that the dongle prevents is not itself an infringement of copyright. The MGE decision does not even refer to this unbroken series of decisions, by the expert agency in U.S. copyright matters, that are entirely inconsistent with the Court’s conclusions.
The above analysis shows that the MGE case is in conflict with prior decisions and does not reflect the state of US law on this issue, except perhaps in the three states comprising the 5th Circuit.
Prof. Geist’s assertions about the MGE case cannot be supported. As noted above, the MGE case did not state that the “DMCA is limited to guarding access controls only to the extent that circumvention would violate the copyright rights of the copyright owner”. Moreover, Prof. Geist’s statement is not complete. It carefully avoids the legislative history of the provisions in issue and fails to point out that the decision, which can still be subject to an en banc review and a cert motion to the US Supreme Court, diverges from the other leading cases decided under the DMCA and the administrative precedent under U.S. law.