German Court: Open Source Project Liable For 3rd Party DRM-Busting Coding

Diamonddavej writes "TorrentFreak reports a potentially troubling court decision in Germany. The company Appwork has been threatened with a 250,000 Euro fine for functionality committed to its open-source downloader (JDownloader2) repository by a volunteer coder without Appwork's knowledge. The infringing code enables downloading of RTMPE video streams (an encrypted streaming video format developed by Adobe). Since the code decrypted the video streams, the Hamburg Regional Court decided it represented circumvention of an 'effective technological measure' under Section 95a of Germany's Copyright Act and it threatened Appwork with a fine for 'production, distribution and possession' of an 'illegal' piece of software."

Re:Does the copyright need an owner?

[fuzzyfuzzyfungus]

Section three of Article 7 of the Berne Convention states:

"(3) In the case of anonymous or pseudonymous works, the term of protection granted by this Convention shall expire fifty years after the work has been lawfully made available to the public. However, when the pseudonym adopted by the author leaves no doubt as to his identity, the term of protection shall be that provided in paragraph (1). If the author of an anonymous or pseudonymous work discloses his identity during the above-mentioned period, the term of protection applicable shall be that provided in paragraph (1). The countries of the Union shall not be required to protect anonymous or pseudonymous works in respect of which it is reasonable to presume that their author has been dead for fifty years."

Virtually everyone is a Berne Convention signatory; but actual implementation in domestic law has been both spottier and more...complex... than the convention text itself. It seems unlikely that something of clearly recent authorship would find itself presumed to be uncopyrighted merely because an author could not be found; but I'd imagine that, in practice, the more risk-averse would be very, very, jumpy about taking 'anonymous coward' at his word that they are authorized to use a given piece of code under the terms of whatever license, that he is even the author, and so forth. That might hinder adoption.

Hamburg regional court

[dunkelfalke]

is known for its cowtowing to the intellectual property holders. That is why they try to go to that particular court if they sue for copyright infridgement.

Re:Hamburg regional court

Or to put it differently: Hamburg is the East Texas of Germany.

Re:"effective technological measure"

[sumdumass]

The law is a direct result of the WCT or WIPO Copyright Treaty. The judge is likely interpreting "effective" within respect to that. It is under article 11 I think but i'm on my phone right now and it is a bit hard to check.

Anyways, i believe effective would mean anything non trivial or ancillary at the time of creation. So if a cipher is so easy to break that they teach doing so as part of security lessons, using that couldn't be effective. But requiring something that isn't known or readily done could be if it isn't blatently obvious.

Re:"effective technological measure"

[squiggleslash]

Well perhaps, but to play Devil's advocate: this isn't a game.

There are two parts to DRM when combined with an anti-circumvention law. The first is the one that exists anyway: to attempt to make it as difficult as practically possible for someone to gain unrestricted access to the raw content. The other - which the DMCA (and its apparent German equivalent) adds - is to add legal liabilities for creating, possessing and/or using the tools, however easy, that break that encryption, should they ever come into being.

Us nerds have a tendency to misread laws and assume that rather than it being a reflection of the intent of the authors, that the language used is arbitrary and written by dolts to be interpreted in the widest possible context. Specifically we look at words like "effective" and rather than interpreting it in the context of the rest of the law, we go off on tangents and ask whether something is effective using other definitions within different contexts.

Is, for example, CSS effective? Well, I'd argue it is in context. It requires you use a specialized tool, designed specifically to break CSS, in order to access the content. It meets the definition in context. It doesn't meet the definition if you change the subject and say "Well, in 1998 it protected content, but does it now? Is it easy to find the tools needed to circumvent it?", but that's not the definition of effective that's implied by the context of the legislation - which is why better lawyers than us are not making that claim when protecting, say, Real Networks.

As for ROT-13.... well, maybe it is, maybe it isn't. My guess is it wouldn't, because ROT-13 doesn't require knowledge of any secrets beyond the fact it's being used to begin with, and the "tool" used to decrypt it is already built-in to a billion email, USENET, and so on clients. At the very least, if SuperdooperRayVD 4K discs in 2020 are encrypted using ROT-13, they'd have great difficulty persuading judges that millions of pre-existing USENET clients from the 1990s are illegal.