Here's Bill Rosenblatt on the latest version of the "make DRM interoperable" legislation in France:

The Sénat-approved legislation calls for setting up a government regulator (l'autorité de régulation des mesures techniques) that will judge requests for DRM interoperability on a case-by-case basis. All this will accomplish is a perpetual lobbying effort on the part of consumer electronics firm, content service providers, and already-overtaxed consumer advocacy organizations like UFC-Que Choisir (the French equivalent of Consumers Union in the US). . . First of all, one of our objections to the Assemblee Nationale legislation still applies here: it is not possible to wave a magic wand at DRM technology and make it "interoperable" -- especially a simple DRM like Apple's FairPlay, but this is probably true for all DRMs, if "interoperability" is to happen with devices outside of the DRM's intended ecosystem. . . Furthermore, the stipulation that the "Vendor S" should not grant unintended content rights will kill off interoperability attempts in another way. There is not much point in offering competitive devices for a given content service unless those devices offer new content rights. . .

And also as follows:

Now we come to the part of the Sénat bill that is truly a step backward: provisions that confer copyright infringement liability on technology vendors if their DRMs are hacked. The US media industry tried to get a provision like this included in the Digital Millennium Copyright Act of 1998, but it failed in negotiations with the telecommunications industry. The DMCA makes hackers liable but does not implicate developers of the technology they hack. We believe that the shortcoming of the DMCA is that by transferring liability to the hackers, it lowers technology vendors' incentives to create DRM that actually works.

This French legislation goes too far the other way; it steps beyond the intent of the European Union Copyright Directive (EUCD) that the legislation is supposed to implement. In addition to stifling innovation, it enshrines into law what really ought to be a contractual provision between content owners and technology vendors -- as it is for other security technology applications

I have wondered whether the DMCA reduces incentives to craft effective DRM; I think that in theory it would do so, but in practice not so much because the media side knows that even with the DMCA, enforcement is still an uphill battle. It is hard to tell because there have been other obstacles to effective DRM, such as the restriction on key lengths in the (now relaxed) US encryption export laws. The DMCA does stipulate that copyright protection must be "effective" and I'll have to look into the litigation of that term, if any.

What about the expansion of liability to media host technologies? Last year, during meetings with Italian and Spanish national IP enforcers, I got the sense that they were really desperate for an expansion of IP liability to technology vendors, broadband networks, and so on. They were tired of pursuing moving targets. This matter had additional urgency for them because of their sense that Internet piracy was increasingly linked to terrorism and organized crime, and that it was displacing physical counterfeiting. This is not so much a factor in the United States (that is, it may be a factor, but organized crime and terrorism even after 9/11 are not such a burning issue as in Italy and Spain).

To me, broad liability for host or carrier technology providers does not make sense. It exposes them to liability for something over which they have only partial control (particularly if the DRM must be interoperable); the weakness of DRM may lie in many aspects of its design; furthermore, with technological advances, all security is a moving target. Was it intended to catch only very careless behavior, such as leaving a key unencrypted? (ghost of Xing). Unless the window of liability is quite narrow the likely result is that tech companies are likely to become more hostile to working with DRM-protected content *at all* and force them into more decisively into the reliant on piracy camp (traffic in content that has been decrypted).

But I wonder how further litigation over this on tort or contract grounds would fare in the United States. I have heard mutterings, for example, that the weaknesses of CSS were known and not revealed to the media side in the negotiations over whether to go to DVD. The tendency in public and press discussions is to view the lobbying of content organizations in favor of expanded liability as being motivated by some sort of inexplicable demonic force of techno-phobia, but there is relevant business history here. Does it make sense to insulate host "technology" entirely? Is that the rule here? It seems to me that Grokster (the case) means that tech is not absolutely insulated from liability. What is the responsibility of the content companies themselves? Surely that is not negligible, but need it be absolute? Probably not.

This started out being just another blurb on France, but it seems to have gotten out of hand. Monday morning. Too many questions.

posted by Solveig Singleton @ 11:58 AM | DMCA, DRM & Watermarks, etc., International

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment(0)