So this is totally bogus, again. Bonus points for the DMCA notice obviously not being written by a lawyer.
(a)(3)(A) to “circumvent a technological measure” means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner; and
(B) a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
[edited in response to correction by wtallis]
Phil Zimmermann asked this question in the context of export controls on "cryptography technology", i.e. the PGP software. MIT Press published the source code in 1995. But the US dropped its objections and this wasn't specifically tested in court (AFAIK, though similar questions were).
https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_i...
> (2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—
> (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
An implementation of the algorithm without the necessary key would still be a "component, or part thereof".
Related: GitHub's statement from the last time they removed a prominent repository to a "circumvention technology" DMCA claim:
https://github.blog/2020-11-16-standing-up-for-developers-yo... ("Standing up for developers: youtube-dl is back")
https://news.ycombinator.com/item?id=25111726
(edited to remove inaccurate information from misread)
The answer is, of course it's automatically copyrighted
> (2)No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that (A)is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
Although, i'm not sure if DMCA notices commonly used for infringing content also work for violations of section 1201.
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
DeDRM tools are obviously not the ordinary course of operation for the DRM system chosen by the copyright owner, and using (for a different purpose than intended) a decryption key that the copyright owner has taken deliberate steps to hide from the consumer stretches any notion of "with the authority of the copyright owner". Copyright licenses usually come with strings attached, especially with regards to what kinds of uses are being authorized.
Among them are exceptions for assistive technologies and research.
No, you're not—unless you fall under one of the several exceptions that are all far narrower than "if you own a license". Some of those exceptions are spelled out in the statute, and others are made on a temporary basis by the Librarian of Congress.
https://web.archive.org/web/20211231094826/https://github.co...
Click the green Code button, then Download ZIP.
Also, see https://news.ycombinator.com/item?id=29932282 for a newer hash.
# clone the old repo noDRM/DeDRM_tools forked from
git clone https://github.com/apprenticeharper/DeDRM_tools
cd DeDRM_tools
# fetch the commit hash archive.org tells us about:
git fetch origin 8c819c71376ab76445dd79d5cf2b28b6c0c2819e
git checkout -b noDRM FETCH_HEADOf course, if they really don't want my money, there's always libgen.
As anti-DRM circumvention laws are a requirement of membership of the WTO, there are very few functioning countries that do not have them. The US law is not exceptional, nor even particularly stringent in this area.
Pirate Bay is still up, and the MPAA has legal guns much bigger than anybody involved with ebooks. It's just a matter of time before noDRM comes back.
Cut off one head, 100 grow back. All these efforts by copyright maximalist do is free recruitment for the Anti-Copyright crowd
Every enforcement action they make, stronger the animosity towards copyright grows, their short term gains, will prove to be their downfall
This is always a fucking lie, and I wish we (as a community) would band together to make it more painful for giant companies to just spam DMCA takedowns as part of their DRM strategy.
Ignoring the entire issue with the fact that there probably wasn't any copyrighted material in the repo to begin with and that code is speech, and speech is protected in the US - in other words, taking the most charitable (for corporations) interpretation of the DMCA and assuming that neither of those holds true, a fair use provision still should hold!
Circumvention for purposes of transposing your media to a different platform (time-shifting, archival) are already explicitly allowed per USC and rulings (if I'm not mistaken).
I don't have the energy to type more. All in all, the DMCA needs some fangs pulled. Or fangs added, in the "perjury" category for entities that send out bad faith takedowns for code that they don't like. Has anyone ever been held legally responsible for a bad-faith DMCA takedown request? Don't think I've seen it.
1. There is no general exception for format shifting. If there was, DMCA 1201 would have zero legal weight.
2. Even if there was, it would not materially impact the legal status of this DMCA 512 takedown request
This is because DMCA 1201 circumvention exceptions only apply to half of the law. Section 1201 renders two different acts illegal:
1. You can't circumvent DRM, unless for specific purposes.
2. You can't tell anyone how to circumvent DRM, regardless of purpose. This is the sort of violation being alleged here.
Depending on how you look at it, either Congress assumed a black market would exist for DRM circumvention technology anyway; or they assumed people who need lawful circumvention would in-house everything and destroy it when they no longer needed it. That's the sort of question a court might have to interpret if someone was a bit more careful than, say, publishing the DRM unlock straight onto GitHub. But that's not this case. In this case, the law does not facilitate any fair use argumentation whatsoever.
It's not a lie, the DMCA 1201 exception process is just hilariously toothless.
I'm curious: why would this be the case? This is a restriction of speech that doesn't contain copyrighted content enacted by a copyright law. This seems like charging someone, by using an anti-burglary law, because they taught someone else how to pick a lock .
Alice uses DRM to protect her copyrighted work.
Bob uses the exact same DRM to stop you from copying public domain works, for example.
You publish some code to break Bob's DRM. Is that illegal?
The law shouldn't enable Bob to do that. But if you can have tools to break Bob's DRM, the tools will break Alice's DRM because they're the same, and then the law is pointless and might as well be repealed.
But if it's not legal to break Bob's DRM, then obviously the law is ridiculous and needs to be repealed, if it isn't already unconstitutional as a result.
We should not still have this.
Because the DMCA, like most US law, is written by corporations without regard for the common folk.
The RIAA and MPAA literally don't give a shit what happens so long as they get to keep gouging the public with their antiquated business models.
They can't compete so they resort to litigation to protect their bottom line(s).
Hungary has such a law.
So, most likely this GitHub takedown is perfectly legal.
The notice didn't claim copyright violation. It claimed (accurately) that this code worked around their DRM.
That said, I guess it was shortsighted from the founding father but I guess at the time people would be often oppressed by governments not by neighbors and friends and I think this is something we need to solve as it's the challenge of our times
(1) there is a separate "right of petition" in the first amendment in parallel with the rights of freedom of speech and press; the right of petition relates to asking the government to change its behavior;
(2) the courts have a notion of "core political speech", which is some of the most strongly protected speech; and
(3) the courts have a different notion of "commercial speech", which is some of the least-protected speech.
Free speech by anyone to anyone is protected from government restriction. It is the government that is forbidden from punishing speech not the government that must be party to the speech else free speech would have nearly zero meaning.
> Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
What is oft said is that the first amendment doesn't protect you from non governmental consequences for your speech. For example you can be fired for your speech but you may not be imprisoned nor silenced by the government.
When a private entity avails itself of remedies provided by the government to limit or punish your speech your constitutional rights are infringed because it is the government acting to limit your speech even if its on behalf of a claimant.
This is mostly true. But there are some special exemptions.
The real gotcha is that the courts have generally taken a dim view towards using the courts themselves to restrict someone’s speech. The Supreme Court basically doesn’t want (or maybe didn’t want given their recent changes) congress to launder free speech violations to civil lawsuits enforced by the courts. That’s kind of a neat trick that you’d generally want to suppress, which if I understand is why there are first amendment issues around defamation lawsuits, despite being purely between individuals.
How does this work with the DMCA? I dunno. But to my (non lawyer) eyes it does seem kinda like it effectively criminalizes speech, and I wonder if it should stand up to judicial scrutiny.
It depends. For example the 1st amendment protects a great deal of speech that in other countries would be slander, even though in that case the plaintiff is another civil entity and not the government.
is it really? i've never thought of it like that.
People shouldn't host anti-DRM stuff on any US site.
Quite an extreme stance I know, but then Ive never had a problem getting enough drm free content to fill my boots to the end of time.
I share his concerns, but when I weight my choices, I sometimes choose the DRM'ed content. The DRM may make my purchase a "rental", but it's often still an experience I choose to have, despite the cons. I have walked away from my fair share of DRM'ed content on principle, but I don't have such a hard-line stance.
At least with games there's a lot you could play together on GOG, most movies never get an official DRM-free release.
Unless of course he's using it as a way of avoiding getting sucked into too much entertainment in general. But there is such a thing as moderation.
e.g. Although I'd be happy for <evil firm X> to go bankrupt or desist from making the world a better place, I'd also be plenty happy knowing I'm not giving them money to make the world a better place.
I find that frustrating but a lot of that has to do with the contract that the author signed to be able to write the book in the first place.
I wish I could just skip all DRM free content but that is not the world I find myself in.
https://workupload.com/file/DzgMhFtcxdj
Decentralized source code is required.
If another entity can take your repo it isn't your repo.
If another entity can ninja commit to your repo with a bot it isn't your repo.
If your code can be taken down by a corporation or government, it isn't your repo.
Other than recent EU court rulings potentially expanding what constitutes fair-use in that territory the situation is not looking good in the West.
I'm constantly amazed at how many people don't understand what "fair use" actually means. Many seem to think it means "I should be able to do this" or even "I'm only using part of a copyrighted work". This issue has come up recently on Twitch with restreaming of TV shows, movies, anime and, more generally, with Youtube and other content.
Fair use [1] is a specific legal doctrine specific to the United States copyright system. Other countries have different legal standards (eg UK's fair dealing [2]). Fair use is a four part legal test and all four factors have to apply for it to fall under the legislation and precedents of US copyright law.
None of this is a commentary of the ethics of defeating DRM. From a purely legal point of view, defeating DRM puts you in violation of copyright law and all the case law (eg AACS decryption [3]) puts such efforts well outside "fair use".
Now I think the copyright situation is ridiculous, not least of which because of a certain unnamed rodent that seems to completely dictate US copyright law (eg wait for another copyright extension beyond death plus 70 years before 2025).
Personally I think copyright should be much shorter (eg 20 years total) with possible extensions that you have to pay an ever-increasing amount for.
But to anyone who wants to release tools on defeating DRM, just know you do so at your own (legal) peril and fair use doesn't apply and won't save you.
[1]: https://en.wikipedia.org/wiki/Fair_use
[2]: https://en.wikipedia.org/wiki/Fair_dealing
[3]: https://en.wikipedia.org/wiki/AACS_encryption_key_controvers...
The authors of this library can't possibly defend themselves by claiming fair use and they damn well know it. The real question is whether the tool really does break encryption or if the tool is just an implementation of the algorithm that doesn't comply with their terms and conditions. Theoretically, a white-room reverse engineered implementation could be written without signing any contract and the terms and conditions would only serve to cut off their access after violation, but you'd probably have a hard time convincing a judge of that. I don't favour their chances in a lawsuit, but as they don't publish any keys, it's clear that they don't really break anything.
There could still be a violation going on if they hold one of those silly American software patents, but that would be solvable by only distributing the tools in countries where these patents can't be enforced. That also wouldn't be covered by a DMCA takedown of course, they'd need to start an actual lawsuit for that.
Irony will then dictate that the house of the mouse will make a movie out of the bestselling book of 2002, and not pay a dime to the original author.
The rest of your fair use argument is ok btw.
I hate mice, have had to deal with infestations a couple times now. Dirty, scumbags, causing me economic harm and trampling over my rights.
Plus the comp. you are talking about has known links to a repressive dictatorship. Burn-em I say.
Also, don’t bother replying to me with any “but you’re licensing it…” nonsense. No. Look up an ebook on Amazon and you’ll see a “Buy” button next to it, with no mention of a license. As long as stores advertise that I’m buying a book, then that’s what I’m purchasing.
Just went to Amazon and tried. It says "Deliver to..." with a list of devices. No "buy" button.
Amazon US: "Buy now with 1-Click®"
Amazon DE set to English: "Buy now with 1-Click®" (German: "Jetzt kaufen mit 1-Click®")
Amazon FR: "Acheter en 1-Click®" [Buy with 1-Click] (there is no English option that I can see)
Amazon JP set in English: "Submit Order" (Japanese: "注文を確定する")
It's not universal, but many of the sites use "Buy Now". The "Deliver to:" box is below this, and sets which device the purchase is sent to.
It says that right below "*Buy* now with 1-Click ®"
def secret_transform_profile10(input_hash):
...
# This 64-byte master key is basically all that distinguishes
# the open source "open for everyone" version from the so-called
# "open source" closed-source-version that's actually being used
# by book distributors.
...
masterkey = "b3a0..."
By the way I got an idea to gather all these illegal values in one repo: https://github.com/cryptonek/illegal-numbers I'm counting on your help!
PS. If someone is able to provide me all Git history of DeDRM repo, drop me an email to address that I used in a commit. I will force-push the repo with original state.
What does kindle and other proprietary DRMs offer? none of it.
What do companies adopting Readium LCP offer? all of the above.
The original https://github.com/apprenticeharper/DeDRM_tools is still open, everybody can use it, Amazon, Adobe, B&N, Kobo don't bother, so it can be used, updated without bits of Readium LCP. LCP which is moving in the right direction IMO: being able to give an ebook to a friend by simply giving the password is great.
Plus, why do some people want to keep and share with the world ebooks they had for free from a public library: they totally crush the only solution which makes litterature available to everyone: if this spreads, libraries will not be able to get ebooks from major publishers anymore. Is it what they really want?
I knew it was going to happen, but it's still soooo annoying. Hooray for De-DRM and usenet, I't probably faster to re-download then to get the De-DRM set up.
> The user noDRM is actively promoting the activity of cracking both library loans and one-off purchases:
> https://github.com/noDRM/DeDRM_tools/issues/2#issuecomment-9...
> This departs from the policy of the user [private], from which noDRM has forked the repository DeDRM_tools. The user [private] does not provide circumvention material for the LCP solution, therefore it is not part of our request for takedown.
The youtube-dl fiasco from a while ago comes to mind in particular, in regards to DRM on books, i think that this comment on Reddit summarizes why it might be important:
> You know exactly why they don't treat it like a physical book. Because then they can rewrite the rules, you don't own it and they make more money.
(e.g. practices that feel like they should be illegal, but aren't, due to the state of education/healthcare industries in the US)
Some ideas for this thought experiment:
GitHub - clearly not the best option, since they're obligated to follow the regional DMCA laws.
GitLab/Gitea/Gogs/... - a self hosted service is probably better, even if takes more effort to run, but at that point the host itself would receive abuse complaints
DMCA Ignored Hosting - apparently a thing, but who knows how resistant they are once the larger corporations would start throwing their weight around
Tor/Onion Sites - probably not a good option, because currently the technologies are used by a number of shady individuals, and even without that factor, the user experience tends to generally be pretty poor (hard to onboard people, probably way slower)
Actually, my father recently read some standards online for the industry he is employed in - not only did he have to pay for viewing them, but he could also not save anything because of the DRM in place in the browser (the closest you can get is screenshots, but on text heavy documents that is pretty useless unless you use your own OCR, which many don't know how to do).
Now, maybe that's just a European perspective, but that felt pretty unfair. Especially considering the fact that these standards had information in them which could save lives. Why should you put things like that behind a paywall!?
Because they would lose their safe harbor protection under the DMCA, and could be sued directly by the rights holder. And because this work probably is in violation of the anti circumvention portion of the DMCA, so a lawsuit could be very expensive
Your code can be hidden without any notification, just showing "该文件疑似存在违规内容,无法显示" (The file is suspected to contain illegal content and cannot be displayed). You even don't know which part has the issue and how to modify.
A famous example would be how clowwindy, the author of the ShadowSocks VPN, was "invited for a cup of tea by the Chinese police".[0]
noDRM published its code on GitHub. A DRM developer now claims it provides illegal tools, so GitHub disabled the repo.
What NoDRM allows is for that lending period to be broken, so that patrons (readers) can read the ebook they have borrowed forma public library indefinitely.
The practical consequence is that copyright owners (authors, publishers., etc) would in most cases cease to make ebooks available for lending.
In some cases Readium LCP is also used by ebook vendors (retailers), mostly small European ones, as an alternative to Adobe's RMSDK, but the LCP platform is constructed such that if you buy the ebook from one vendor that you can read it on the app of any other vendor using Readium LCP, even if their authentication server is different (Adobe always requires authentication through a central Adobe server, meaning the end user needs an account both with Adobe AND the vendor/library, something not required with Readium LCP). IT is the most interpoerable system available in the publishing ecosystem
The Readium LCP software system (as distinct from the Readium the reading applications) was created a community effort to offer readers a user-friendly alternative to proprietary DRM systems. IT plays a particularly strong role in libraries ebook lending where it’s rule it is to ensure that a loan is just that a loan.
I understand the misgivings some have about the DMCA, copyright law and associated copyright protections, and the capitalist system in general. However, please set these aside for a moment and look at the situation from the perspective of readers, authors and others.
Readium LCP is fundamentally a trust system. It relies on copyright holders and that is not just large media companies, but small independent publishers, authors, agents and similar.
The largest consumer publisher (Penguin Random House) is but less than 1/100th the size of Apple or Amazon. Also the earning of an average author in the UK is in the neighborhood of a mere £7,00 per year.
If beg everyone to consider what the practical ramifications would be of destroying trust in a community-driven platform hat spent years to generate. It means library lending of ebooks would cease entirely or revert to the old system such as Adobe’s RMSDK (reader mobile software development kit) with all the usability issues so familiar to anyone who does software development in the publishing ecosystem.
Aside: the acronym LCP originally stood for “lightweight content protection system” it is “lightweight” by design. For “marketing" reasons (or what I call “trust building”) it was later changed to stand for “licensed content protection”.
Also note that this is a discussion about consumer publishing “trade publishing in the vernacular of the industry) which is distinct from academic publishing (scientific journals, textbooks, etc.) a market dominated by Elsevier, Springer Nature and similar where Readium LCP is hardly used.
Disclaimer: Yes, I personally engage in weekly Readium engineering calls, but neither me not my organisation use or contribute to Readium LCP. WE use and contribute to the general Readium ebook reading software. I can attest that Readium comes with all the issues and problems of a community-driven open software system, but please recognise it for what it is, a community-driven , not-for profit effort.
That’s a non-sequitur. RMS would have something pithy to say about pretty handcuffs or such, but all I have to offer is: the user friendly alternative to DRM is having no DRM.
> The largest consumer publisher (Penguin Random House) is but less than 1/100th the size of Apple or Amazon.
Won’t someone think of the billionaires?
None of this changes the fact that the removed tools where the primary means for most people to unencumber content they own.
You have one paragraph dismissing DMCA and copyright, but that's the primary issue here. The fact that it's Readium issuing the DMCA notice instead of Amazon is immaterial in my opinion. The effect is the same.
The anti-circumvention portion of the DMCA is a completely separate thing, and as far as I am aware running afoul of it does not give anyone the right to claim copyright over the code you wrote. The claimant's correct path to a remedy (if any) is to sue the authors of the "circumvention device" and prove the case in court, rather than fraudulently abusing the DMCA takedown process as a shortcut.
If Microsoft/Github wants to show us how enlightened they have become, they should sue this claimant for fraud and tortious interference. Standing up for one's customers against bogus legal action could even become a selling point of SaaS.
No they didn't:
> "We are the copyright owner of the official LCP encryption profile used by ebook distributors worldwide"
> What files should be taken down? Please provide URLs for each file, or if the entire repository, the repository’s URL. ... https://github.com/noDRM/DeDRM_tools
> the content of the repo was illegally obtained. The repo and its forks must be shut down entirely.
> I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.
> I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.
In addition, the larger context of a DMCA Takedown Request is to assert expedient takedown of a copy of work that you have copyright ownership over. Adding a bunch of backpedaling filler to a DMCA Takedown Request does not alter its basic purpose.
edit: Sheesh it looks like Microsoft is actually encouraging claimants to write these fraudulent DMCA notices regarding circumvention technology [0]. So this is basically another extralegal "Content ID" process, and Microsoft being overzealous with takedowns makes them a terrible option for hosting your stuff. I'd love to see the law produce some justice here for once, but the real answer to these corporate-bought one-sided laws is IPFS and the like.
[0] https://docs.github.com/en/github/site-policy/guide-to-submi...
Like it or not, anticircumvention measures are black-letter law in much of the world. In the USA, producing or distributing software designed to circumvent DRM can subject you to civil and criminal penalties.
According to 17 U.S.C. section 512, it is not necessary for the material itself to be infringing in order for a DMCA notice to be valid. If "an activity using the material" is infringing, the material must be removed upon receipt of a takedown notice.
Therefore, it is likely that takedown notices are as legitimate for material that violates Section 1201 as they are for copyrighted material.
This is copyright law working as intended, nothing more.
You cut off a few words that probably carry real meaning:
> "does not have actual knowledge that the material or an activity using the material on the system or network is infringing;"
So there's a (somewhat ambiguous) restriction that the only activities this clause is concerned with are those happening on the system or network operated by the service provider that wants safe harbor protection against liability for their users' infringement.
And to determine what activities can qualify as copyright infringement, you have to look in section 501 and the other sections it references; section 512 does not alter the definition of copyright infringement, it just adds nuance to who can be held liable for infringement.
I don't get your comment. Are you happy that the law is being enforced, or happy that the law is like that?
I know enough people in creative industries to know that digital distribution just isn't viable without DRM -- and that creatives want an environment with strongly enforced copyright. As a society we value the livelihood of artists over the convenience of their audience, and that's why we pass laws like the DMCA. The Napster era has totally destroyed interesting music scenes because the musicians couldn't put food on the table making music. DRM enforces copyright in an environment where infringement would otherwise be rampant because of how easy it is -- computers being, like VCRs, general purpose copyright infringement machines. Geez, even the concept of hypertext, as elucidated by Ted Nelson, had DRM built in because other people's IP rights become a fact of life you have to reckon with the minute you deal with readable material!
Of course, DRM schemes fail, and that's where the law comes in. Section 1201 delegitimizes markets for DRM exploits that would otherwise return us to a situation where infringement is rampant, easy, and undetectable. It drives circumvention activity underground, adding friction to the process and making it more difficult than simply buying the material.
There's a real simple principle that geeks don't seem to get: If you want access to digital content without being sued or jailed, just buy it legitimately and don't fucking break the DRM. Abide by the terms the author or publisher has set, or don't buy the content at all. The droit d'auteur, as a moral principle, means that said author or publisher has a moral right to determine how their work is to be exhibited or viewed.
I'm not going to go off on how the rest of your reply feels extremely wrong to me, but I will respond to this. What if I bought content legitimately but the DRM prevents me from viewing/using it as I wish? If I buy a book, I can read it in any way I want, I can use glasses or photocopy it so the letters get big enough to read it without discomfort. I can also tear it apart, replace the order of the pages, or even make a collage with the words if I so wish.
I can't do any of the above with DRM'd content.
Why would you want to live in a reality in which the author of a work can dictate how a copy of their content can be watched or consumed even after the consumer has bought it? Even the reason for copyright itself as stated in the Copyright Act is "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
It's supposed to be an incentive for artists to make more works as they have a government-guaranteed monopoly over their creations. That monopoly is intended to incentivize potential artists, not to be a moral guide for what rights they should indefinitely have.