Digital rights management (DRM) projects are not leaving anytime soon. But your right to prevent these mechanisms in certain circumstances is being affixed to copyright law in the US. This dramatically grows consumer protections when it comes to repairing and maintaining the original functionality of an owner of electronic devices.
The Acting Register recommended a new exemption allowing for the circumvention of TPMs. Restricting access to the firmware that controls smartphones and home appliances and home systems. For the purposes of diagnosis, maintenance, or repair, the document states.
Furthermore, the Library of Congress and the US Copyright Office described the new set of exemptions to the Digital Millennium Copyright Act (DMCA). It is a “final rule” document (PDF) spanning 85 pages. In it are some new protections that legally allow consumers and repair shops to hack the firmware. Firmware on devices like smartphones, tablets, smart TVs, mobile computing devices, and several other gadgets. Where technological protection measures (TPMs, but not the same as a Trusted Platform Module) stand between the consumer and a functioning product.
When required, the new rules give consumers the right to bypass DRM and TPM. In general for “the maintenance of a device or system. In order to make it work in accordance with its original specifications.” It also protects consumers when breaking DRM is required to repair a device.
However, it doesn’t mean that it’s now lawful to circumvent DRM in order to access other copyrighted products. In other words, this isn’t the US Congress calling out DRM as wrong and giving consumers a legal pass to do whatever they want with the protected content.
There’s also a section on video games that cover situations. When the copyright owner or its authorized representative has halted to provide access to an external computer server. Necessary to facilitate an authentication process to enable gameplay.
However, the exceptions are broad and even covers computer programs. Where the circumvention is undertaken on a lawfully acquired device or machine on which the computer program operates. Or is undertaken on a computer, computer system, or computer network on which the program operates. With the authorization of the owner or operator of such computer, computer system, or computer network, solely for the purpose of good-faith security research and does not violate any applicable law, including without limitation the Computer Fraud and Abuse Act of 1986.”
Also, In such cases, a new exception allows for “copying and modification of the computer program to restore access to the game for personal, local gameplay on a personal computer or video game console.”
How this all works practically, it is to be seen. As Motherboard notes, there’s nothing (yet) stopping manufacturers from being particularly devious with anti-repair mechanisms. For example, into the MacBook Pro that stops the systems from functioning when it’s been opened and repaired by someone who is not authorized to do so. The mechanism relies on embedded software that dials into Apple’s servers to verify an authorized repair.
These exceptions seem to say that users would be able to prevent the embedded software in that example. Predestinately, having permission and the ability to do something doesn’t always go hand-in-hand.
“Getting an exemption to reset the device is pretty different from having access to the firmware to actually do that,” Nathan Proctor, head of US PIRG’s right to repair campaign, told Motherboard.
That is true, but this is still an overall win for consumers, and a needed step in the right direction.
