Eight major motion picture studios, along with the DVD CCA, joined together to bring charges against those distributing the DeCSS utility over the internet. In particular, the plaintiffs acted under the provisions of the Digital Millenium Copyright Act (DMCA) by demanding that Internet service providers remove DeCSS from their servers and, where the identities of the individuals responsible were known, that those individuals stop posting DeCSS.
The plaintiffs' sole claim was for violation of the anti-circumvention provisions of the DMCA. They maintained that posting of DeCSS was a direct violation of Section1201(a)(2) of the statute, which prohibits unauthorized offering of products that circumvent technological measures that effectively control access to copyrighted works.
Section 1201(a)(2) of the Copyright Act, part of the DMCA, provides that:
No person shall . . . offer to the public, provide or otherwise traffic in any technology . . . that---
¬ is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under [the Copyright Act];
¬ has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under [the Copyright Act]; or
¬ is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under [the Copyright Act].
Indeed, the CSS is a technological measure that effectively controls access to plaintiffs' copyrighted movies because it requires the application of information or a process, with the authority of the copyright owner, to gain access to those works. It was undisputed that DeCSS defeats CSS and decrypts copyrighted works without the authority of the copyright owners. As there is no evidence of any commercially significant purpose of DeCSS other than circumvention of CSS, defendants' actions likely violated Section 1201(a)(2)(B).
Defendants claimed, however, to fall under Section 1201(f) of the statute, which provides that, notwithstanding Section 1201(a)(2)---
"a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs . . . to the extent that any such acts of identification and analysis do not constitute infringement under this title."19
They contended that DeCSS was necessary to achieve interoperability between computers running on the Linux system and DVDs and that this exception therefore is satisfied. This contention fails for three reasons.
The court rejected this contention for three reasons:
¬ The defendants offered no evidence to support their claim.
¬ Even assuming that DeCSS runs under Linux, it concededly runs under Windows---a far more widely used operating system---as well. It therefore cannot reasonably be said that DeCSS was developed "for the sole purpose" of achieving interoperability between Linux and DVDs.
¬ Most importantly, the legislative history makes it abundantly clear that Section 1201(f) permits reverse engineering of copyrighted computer programs only and does not authorize circumvention of technological systems that control access to other copyrighted works, such as movies. In consequence, the reverse engineering exception does not apply.
Section 1201(g) provides in relevant part that:
Notwithstanding the provisions of subsection (a)(2), it is not a violation of that subsection for a person to---
¬ develop and employ technological means to circumvent a technological measure for the sole purpose of that person performing the acts of good faith encryption research described in paragraph (2), as listed below; and
¬ provide the technological means to another person with whom he or she is working collaboratively for the purpose of conducting the acts of good faith encryption research described in paragraph (2) or for the purpose of having that other person verify his or her acts of good faith encryption research described in paragraph (2).
Paragraph (2) in relevant part permits circumvention of technological measures in the course of good faith encryption research if:
¬ the person lawfully obtained the encrypted copy, phonorecord, performance, or display of the published work;
¬ such act is necessary to conduct such encryption research;
¬ the person made a good faith effort to obtain authorization before the circumvention; and
¬ such act does not constitute infringement under this title . . . .
Rejection of Encryption Research
Claim
In order to determine if this was a case of good faith encryption research, the Court considered factors including whether the results of the putative encryption research were disseminated in a manner designed to advance the state of knowledge of encryption technology versus facilitation of copyright infringement, whether the person in question engaged in legitimate study of or work in encryption, and whether the results of the research were communicated in a timely fashion to the copyright owner.
There was a complete failure of proof by defendants on all of these factors. There was no evidence that any of them is engaged in encryption research, let alone good faith encryption research. It appeared that DeCSS was being distributed in a manner specifically intended to facilitate copyright infringement. There was no evidence that defendants made any effort to provide the results of the DeCSS effort to the copyright owners. In addition, there was no suggestion that any of them made a good faith effort to obtain authorization from the copyright owners.
Defendants contended also that their actions should be considered exempt security testing under Section 1201(j) of the statute. This exception, however, is limited to "assessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting [of a] security flaw or vulnerability, with the authorization of the owner or operator of such computer system or computer network.”
However, the record did not indicate that DeCSS had anything to do with testing computers, computer systems, or computer networks. Certainly defendants sought, and plaintiffs' granted, no authorization for defendants' activities. This exception could therefore have no bearing in the case.
The defendants contended that the Digital Millenium Copyright Act violated The First Ammendment. They agreed with many commentators in claiming that, "copyright law restricts speech: it restricts you from writing, painting, publicly performing, or otherwise communicating what you please."
However, this argument has been rejected by the Supreme Court, which holds that copyright is an "engine of free expression" because it "supplies the economic incentive to create and disseminate ideas."
In addition, in enacting the DMCA, Congress found that the restriction of technologies for the circumvention of technological means of protecting copyrighted works "facilitate[s] the robust development and world-wide expansion of electronic commerce, communications, research, development, and education" by "mak[ing] digital networks safe places to disseminate and exploit copyrighted materials."
Thus, this claim by the defendants was deemed invalid and the injunction was issued.