The legal context for DRM is copyright law. Some relevant aspects of US copyright law have similarities with those of EU countries by virtue of their common derivation from the WIPO Copyright Treaty of 1996 (cf. WIPO 1996), which were enacted in the US and EU via the Digital Millennium Copyright Act (DMCA) of 1998 and European Union Copyright Directive (EUCD) of 2001 respectively.

However, there is an important difference between the two laws, which leads to divergent ways of contextualizing DRM within the legal framework. Most EU countries have Private Copying provisions in their copyright laws, which allow consumers to create copies of legitimately obtained content for their own use or that of family members. Private copying laws can conflict with DRMs that restrict such activities.

Fair Use and First Sale
The US has no Private Copying concept in its copyright law. Instead, it has two relevant concepts: Fair Use (USC 17 §107) and First Sale (USC 17 §109) (cf. USC 17).

Fair Use is similar to Fair Dealing in UK copyright law. It is a set of principles that guide courts when deciding whether uses of copyrighted works are defensible against infringement charges. The principles include such considerations as the purpose and character of the use, including whether the use is of commercial nature, and the effect of the use on the market for the work.

US case law has established precedents for types of uses being considered presumptively fair, such as criticism, parody, and academic research. However, because Fair Use is based on abstract principles (not facts) and decided by courts, it is impossible to conceive of a DRM scheme that "upholds Fair Use." This has been a source of contention between US advocacy organizations – such as the Electronic Frontier Foundation, Public Knowledge, and – and the media industry.

Contention over Fair Use also affects another part of US copyright law, the aforementioned DMCA. Although the primary purpose of DMCA was to bring the US into compliance with the WIPO Treaty, it is mainly known as shorthand for one of its provisions (USC 17 §12.01, also known as "DMCA 1201"), which criminalizes distribution of technology for circumvention (hacking) of DRM schemes – which are known as Technical Protection Measures (TPMs) in the law. (The anticircumvention provision is also derived from the WIPO Treaties, and there are now anticircumvention laws in most EU countries as well.)

DMCA 1201 forbids circumvention of TPMs even if the purpose of the circumvention turns out to be one that a court finds to be Fair Use. It comes down to a question of whether content rights holders or consumers should get the benefit of the doubt about content uses. The media industry feels that allowing exceptions to the anticircumvention law (beyond the current narrow and temporary exceptions for things like encryption research and accessing content in obsolete data formats) undermines DRM by making those exceptions subject to court decisions, and therefore, as a practical matter, gives the benefit of the doubt to consumers.

First Sale, on the other hand, says that once someone has legitimately obtained a copyrighted work, the publisher of that work can have no further claim or influence on any further distribution of the work. First Sale law has thus enabled such services as public libraries, video rental stores, and so on. Media industry interests argue that First Sale does not apply to digitally distributed works (as opposed to physically distributed digital works, such as CDs and DVDs) because they are made available under license agreements (EULAs or "clickwrap" agreements) and not via copyright. Therefore, First Sale currently does not apply to content packaged with DRM.

Secondary infringement liability
The other primary principle in US copyright law that bears on DRM is the theory of secondary infringement liability. If someone infringes copyright and another party is somehow involved, the latter party could be legally liable; this is called secondary liability.

Most countries have some form of secondary copyright infringement liability law. US law has had two types of secondary liability, known as contributory and vicarious infringement. Contributory means knowingly aiding and abetting infringement, while vicarious means being able to control infringing activities but choosing not to for one’s own gain.

A key legal principle that governs applicability of secondary liability to technology providers in the US is the 1984 Supreme Court decision in Sony v. Universal (cf. Sony 1984), known as the Betamax case because it established the legality of Sony’s Betamax videocassette recorders (which, ironically, lost out to the VHS format in the market) over the film industry’s objections. With Betamax, the Supreme Court established the principle of "significant noninfringing uses," meaning that if a technology can be shown to have significant uses that do not infringe copyright, the maker or distributor of that technology should not be liable for infringement.

Despite Betamax, a federal appeals court (one level below the Supreme Court) found that both contributory and vicarious liability applied to centralized peer-to-peer file-sharing networks (i.e., file-sharing services that maintain central directories of files available) in its 2001 decision in A&M Records v Napster (cf. Napster 2001). As a result, developers created file-sharing network software that did not rely on central directories, such as Grokster, Morpheus, BearShare, and LimeWire. There was no theory of secondary liability that applied to the developers of the client software for these networks.

The foregoing should set the scene for recent developments on the legal front in the US.

The future of Fair Use?
Regarding Fair Use, there is a growing recognition of a fundamental incompatibility between Fair Use guidelines (and the fact that only a court can decide on them) and technological means of controlling access to copyrighted works.

In his book Free Culture (cf. Lessig 2004), Lawrence Lessig of Stanford University laments that while Fair Use is meant to be a narrow "wedge" between infringement and non-infringement that applies to a small set of borderline content use cases and helps courts decide on them, it has been overburdened with responsibility of determining the legality of many digital content use cases because they all happen to involve copying (of bits), thereby making them subject to copyright law. Some of these use cases are analogous to content uses in the physical world that do not involve copying: for example, broadcasting music over a standard radio signal does not require copying, while streaming it over the Internet does.

In general, because digital technology can be used to implement an almost infinite variety of content distribution models instantaneously, it becomes counterproductive to rely on Fair Use principles – let alone case precedents from the physical content world – to judge whether each and every case infringes: it would overload the court system, make it necessary to hire lawyers where ordinarily none would be necessary, and generally superimpose a physical-world timeline on a digital paradigm.

Some legal scholars and advocacy groups argue that Fair Use should be kept intentionally principle-based – i.e., imprecise – because it is meant to handle exactly those cases that precise laws cannot handle. Yet in an era where technology underpins more and more content uses, this attitude seems increasingly outmoded.

Someday, someone is going to have to do something about Fair Use – either scrap it in favour of more a priori decidable criteria (perhaps along the lines of Private Copying) or augment it with such. Without this, it becomes very difficult to enable technology to control access to technologically distributed content; there are too many fallbacks into the traditional legal system. (Of course, this is precisely what some of those legal scholars and advocacy groups intend.)

With this in mind, the state of California enacted a law in 2004 that requires anyone who digitally transmits copyrighted works (e.g., through e-mail) to more than 10 other people to include the identities of the sender and the work (cf. California 2004). In other words, California has decided that private copying is probably OK for up to 10 "friends," beyond which it is probably not. Unfortunately, this law attracted very little attention. But it is the kind of law that seems inevitable in the future.

There is some momentum in Congress to amend DMCA 1201 to allow for circumvention of TPMs to facilitate Fair Uses of content: two separate pieces of legislation along these lines have been introduced. One is the Digital Media Consumer Rights Act (cf. DMCRA 2003), which (among other things) would roll back DMCA to allow circumventions for noninfringing purposes. The bill has some chance of passage in the near future; its sponsors are bipartisan. The IT and telecoms industries as well as many of the aforementioned advocacy groups back DMCRA; the media industry opposes it.

As for First Sale, there is a sense that some digitally-distributed content products could someday fall under it if a judge decides that a particular license agreement has terms that are similar enough to copyright usage terms that the product should be judged as if it were copyright (this is known in America as the "If it looks like a duck, waddles like a duck, and quacks like a duck, it must be a duck" principle), thereby setting a precedent. This has not happened yet, however.

Grokster and secondary liability
The media industry has tried to get US government to do something that would bring decentralized P2P networks like Grokster and Morpheus under the regime of secondary infringement liability. The first attempt was to lobby Congress to pass a law that would make it illegal to "induce infringement of copyright." This was known as the "Induce Act," in 2004 (cf. Induce 2004). It failed: Senator Orrin Hatch, the bill’s sponsor, refused to take the bill forward when the various sides in the debate could not agree on reasonable criteria for judging "inducement."

Around the same time, a federal appeals court dealt the media industry a setback when it ruled that secondary liability did not apply to the decentralized P2P networks Grokster and Morpheus. The media industry responded to these setbacks by getting the Supreme Court to hear the Grokster case.

In June 2005, with its decision in MGM v Grokster (cf. Grokster 2005), the Supreme Court unanimously did what the lower court and Congress would not do: establish an "inducement" principle in copyright law. "Inducement to infringe" is, in fact, a well-known principle in patent law. An implementer of technology that infringes a "method" patent does not actually infringe itself; it "induces" someone who uses the technology to "practice the method" that infringes the patent.

The Supreme Court established a set of criteria that determine inducement to infringe copyright: the developer of the technology must actively market the technology for infringing purposes, and its business model must depend on infringement. Those who merely invent technology that could possibly be used for infringing purposes but do not meet those criteria are not liable. The court did not overturn Betamax, but the line between "substantial noninfringing uses" and "inducement" has yet to be explored in the courts.

The Supreme Court found that both Grokster and Streamcast (the firm that developed the Morpheus software) met the inducement criteria. It vacated the lower court’s summary judgment in the case, which means not that the two firms were found guilty, but that the case is referred back to the lower court, which must now hold a trial and take the Supreme Court’s decision (i.e., the inducement principle) into consideration.

Soon after Grokster, the music industry sent cease-and-desist letters to many P2P network software developers based in the US, and most of them chose to shut themselves down. One that did not, LimeWire, is implementing a hash-based filtering scheme to show that it "respects copyright," although the scheme it intends to use has been shown to be easily hackable. Grokster settled the case by selling its assets – essentially its list of subscriber information – to a service called Mashboxx (discussed in Part 2 of this article) and shutting itself down. Streamcast intends to fight the case, which could take years.

Mandating DRM
The media industry has also been lobbying Congress to pass legislation that makes DRM technology mandatory in digital media rendering hardware and software. A previous attempt, the so-called Hollings Bill of 2002 (after its sponsor, Sen. Ernest Hollings) (cf. Hollings 2002), failed over forceful opposition from the IT industry (led by Intel) and even some media companies with their own interests in IT. The negotiations over this bill revealed a schism in the media industry between companies with hard-line attitudes towards DRM, mainly Disney and News Corp., and those with more liberal attitudes, such as Time Warner.

The latest attempts to impose DRM-type technology on IT and consumer electronics industries are the Broadcast Flag and the so-called Analog Hole bill. A lineup of "usual suspects" has formed around these bills as well as past ones mentioned above (e.g., the Induce Act): the media industry is in favour, while IT, telecoms, and consumer advocacy groups are against.

Broadcast Flag (cf. FCC 2003) would require digital television receivers to detect a simple "flag" (bit of data) that would act as a signal that the content is not to be copied. This was established in late 2003, not as a law but as a regulation through the Federal Communications Commission (FCC), the body that regulates radio, television, telecoms, and so on. The FCC chose to adopt the regulation, but a federal appeals court found that it was overstepping its authority in doing so (cf. USCA 2005).

Now Congress is considering legislation that would explicitly empower the FCC to adopt Broadcast Flag. This legislation is considered unlikely to pass this year, mainly because it is a small provision tacked onto a major telecommunications reform bill in which much larger-scale differences have yet to be reconciled between the two houses of Congress. But it could be reintroduced next year, along with related legislation that would extend the Broadcast Flag concept to satellite radio.

The so-called Analog Hole bill (formally known as the Digital Transition Content Security Act of 2005) (cf. Analog Hole 2005) is meant to address illegal analogue copying of video content, such as through analogue outputs of video players. The bill would require certain types of video playback equipment to include digital video watermarking technology – specifically that of a startup company called VEIL Interactive – that can forensically catch pirated content once it has been distributed, even if it was converted to high-quality analogue.

The Analog Hole bill is problematic because it effectively enshrines a specific technology firm’s products into law, even though the technology has established competition and has not even really been used in the situations that the bill covers. Additionally, the bill purports to solve a problem that is shorter-term and narrower than that envisioned in the Hollings Bill. For these and other reasons, the Analog Hole bill is also deemed unlikely to pass.


About the author: Bill Rosenblatt is president of GiantSteps Media Technology Strategies, a consultancy based in New York, USA that focuses on digital content technology issues for content providers and technology vendors. He is editor of the newsletter DRM Watch ( and author of Digital Rights Management: Business and Technology (John Wiley & Sons, 2001).

Status: first posted 05/05/06; licensed under Creative Commons