Skip to content ↓ | Skip to navigation ↓

In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for:

  • circumventing DRM (Sec. 1201(a)(1)(A)), whether or not copyright infringement takes place, and
  • manufacturing, importing, or offering to the public, any technology, product, service, device or component for the purpose of circumventing DRM (Sec. 1201(a)(2)).

The DMCA included some limited exceptions that allow circumventing DRM by:

  • A nonprofit library, archives, or educational institution to review a work solely to determine whether to acquire a copy of that work (Sec. 1201(d));
  • A federal or state employee or contractor performing lawfully authorized investigative, protective, information security or intelligence activity (Sec. 1201(e));
  • A lawful user of a computer program solely to reverse engineer portions of the program to enable interoperability with other programs that have not previously been readily available to the person doing the reverse engineering (Sec. 1201(f));
  • A bona fide encryption researcher using a lawfully-obtained copy to identify and analyze flaws and vulnerabilities of encryption technologies applied to the copyrighted work if the researcher made a good faith effort to obtain authorization before the circumvention (Sec. 1201(g));
  • A person performing good-faith security testing of a computer or network with the authorization of the owner or operator of the computer or network (Sec. 1201(j))

Rules Reviewed Every Three Years

The DMCA also included a recognition that the prohibitions on circumventing DRM could get in the way of (otherwise lawful) use of copyrighted works. To address this, the DMCA includes a requirement (Sec. 1201(a)(1)) that the Register of Copyrights review specific types of (otherwise lawful) use that may be impeded by the DMCA and recommend rules to exempt such uses from the DMCA prohibitions for consideration and adoption by the Librarian of Congress.

Examples of exemptions that have been granted include:

  • Unlocking electronic books for which the DRM prevented the use of read-aloud software or screen readers;
  • Unlocking or jailbreaking digital devices to allow use with alternative wireless networks or to allow the addition or removal of applications; and
  • Unlocking electronic control units that control the operations of cars, commercial and farm vehicles (except for vehicle telematics and entertainment systems) when necessary to allow the owner of the vehicle to diagnose, repair or lawfully modify the vehicle.

2018 Rules Broaden the Right to Repair

As part of the 2018 rule-making cycle, the Register of Copyrights proposed and the Librarian of Congress approved new exemptions to broaden the right of lawful users to circumvent DRM in order to repair their own devices.

Effective October 28, 2018, a new exemption allows circumventing the DRM in computer programs that control the functioning of a lawfully acquired smartphone or home appliance or home system, such as a refrigerator, thermostat, HVAC or electrical system, when necessary to allow the diagnosis, maintenance or repair of the device.

Note that this exemption is specific to smartphones and home appliances or system, so it does not apply to personal computers or video game systems. It is also limited to maintenance and repair activities. “Maintenance” is defined as:

servicing of the device or system in order to make it work in accordance with its original specifications and any changes to those specifications authorized for that device or system

“Repair” is defined as:

restoring of the device or system to the state of working in accordance with its original specifications and any changes to those specifications authorized for that device or system

…But Vendors Don’t Have to Make It Easy

Notably, the new exemption does not:

  • Require vendors to facilitate the permitted DRM circumvention; or
  • Allow the import, sale or offer of tools to facilitate the permitted DRM circumvention.

In other words, although you won’t go to jail if you try to circumvent the DRM in your smart appliance or maintenance or repair, the vendor can still use techniques that stop the appliance from running if any home repair or maintenance is attempted. As noted by Jason Koebler in Motherboard, “as DRM becomes legal to crack, companies are committed to making it much harder to do so.”