In 2005, Sony BMG Music Entertainment began a new DRM initiative that involved a program called MediaMax, which was designed to allow CD purchasers to burn 3 copies of the album before locking the disc down, preventing further copies from being made. Utilized on over 100 music CDs, the MediaMax DRM software was extraordinarily restrictive, as the CDs could be played only through Sony BMG’s proprietary music player, which the user had to install on their computer. The albums themselves did not disclose these requirements to consumers, as nothing on the packaging alerted potential buyers to these restrictions. It was only upon inserting the CD into a computer and being greeted with a EULA that a purchaser discovered the presence of the MediaMax DRM. In addition to limiting copying, the proprietary player collected information about users’ listening habits, and sent the information back to Sony BMG.
What proved truly problematic, however, was the fact that the MediaMax software created a serious security vulnerability on users’ computers, which allowed hackers to take full control over affected computers running Windows. To add insult to injury, the files causing the security vulnerability installed themselves before a user accepted or declined the EULA! The final nail in the MediaMax coffin was the way in which the software was installed to the computer: the DRM software altered the kernel of the Window’s operating system and utilized a “cloaking” mechanism that made detection of the software by Windows impossible. Thus, in order to remove the software, users had to go to Sony BMG’s website, disclose personal information including their email address, wait for an email from Sony BMG, and then install additional software to remove the DRM.
Consumer reaction to the discovery of the DRM scheme was one of outrage. Sony faced a number of class-action lawsuits around the United States, which were eventually settled. The Federal Trade Commission also took action against Sony BMG, and these charges were similarly settled. While no binding legal precedent came out of the Sony BMG case, it stands as a clear example of DRM that stepped far out of bounds in the minds of consumers and the US government alike.
Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001)
One of the first cases to interpret the DMCA anti-circumvention statute, Corley concerned the use of decryption software that circumvented encryption methods employed by film studios on DVDs. The court rejected Corley’s argument that the DMCA could be read to allow circumvention of DRM when the unlocked content is used under the fair use exemptions to copyright infringement. The court further declined to accept the contention that once an individual has purchased a DVD, and therefore has permission from the copyright holder to view the content, § 1201(a)(3)(A) of the DMCA then allowed the purchaser to unlock the content for viewing on other platforms. However, the court did state that “the DMCA targets the circumvention of digital walls guarding copyrighted material…, but does not concern itself with the use of those materials after circumvention has occurred.” 443.
MGE UPS Systems, Inc. v. General Electric, 622 F.3d 361 (5th Cir. 2010)
Plaintiff in this case brought suit under the DMCA against General Electric for utilizing a software “crack” that circumvented MGE’s proprietary DRM software. MGE’s UPS machines, which were utilized by power companies to troubleshoot power outage issues, required that an external security key be plugged into a laptop in order to use the UPS machine. However, hackers had made available online software that “cracked” MGE’s DRM solution, removing the need for a security key. GE employees acquired this crack from an undisclosed source, and began using the circumvention software.
In a curious turn of events, GE was able to dismiss the DMCA claim brought by MGE. The court, following the Corley case, found that the DMCA’s prohibitions against anti-circumvention did not “encompass use of a copyrighted work subsequent to a circumvention merely because that use would have been subject to a technological measure that would have controlled access to the work, but for that circumvention. So broad a construction would extend the DMCA beyond its intended purposes to reach extensive conduct already well-regulated by existing copyright laws.” 366.
Vernor v. Autodesk, Inc., 621 F. 3d 1102 (9th Cir. 2010).
This case illustrates the tension between copyright holders’ desire to protect their works and the consumer’s belief and desire to have full rights in the product they’ve paid for, including the right to exercise the First-Sale Doctrine. Timothy Vernor purchased a copy of Autodesk’s software at a yard sale, and subsequently listed the software for sale on eBay. Autodesk requested that the listing be removed, which prompted this suit.
Autodesk premised their argument on the claim that the software itself was never actually sold to consumers, only a license to use the software. Vernor countered with the argument that he had never actually installed the software itself or purchased the software from Autodesk, and therefore was not subject to any licensing agreements or restrictions.
The court sided with Autodesk, despite the above argument. The opinion states that Autodesk only sells a license to use the work, and that the original owner of the work was not entitled to sell that license to Vernor in the first place, meaning that there had not been a transfer of title. Vernor, therefore, was not entitled to sell what he did not rightly own, and was precluded from listing the software for sale on eBay.
The court premised its ruling on the holding that “a software user is a licensee rather than an owner of a copy where the copyright owner (1) specifies that the user is granted a license; (2) significantly restricts the user’s ability to transfer the software; and (3) imposes notable use restrictions.” 621 F. 3d at 1111.