Submit to Digest

Copyright Office’s Ruling on Exemptions to the Digital Millennium Copyright Act: Allowing Consumers, Repairers, and Hackers to Fix their Own Devices

Copyright Cybersecurity Reports

Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 83 Fed. Reg. 54010 (Oct. 26, 2018) (to be codified at 37 C.F.R. pt. 201).

Summary of Ruling:

In reviewing the Digital Millennium Copyright Act (“DMCA”), the United States Copyright Office, a subsidiary of the Library of Congress, ruled on changes to section 1201. The ruling went into effect on Sunday, October 28, 2018, and will, among other changes, grant electronic repairers the legal ability to hack electronic devices, such as smartphones.

Section 1201 of the DMCA, 17 U.S.C. §1201, makes it a violation to "circumvent a technological measure that effectively controls access” to copyrighted works. It does however, include a "fail-safe." Every three years, the Librarian of Congress, reviews the DMCA and its exceptions. Based upon the recommendations of the Register of Copyrights the Librarian of Congress considers each type of copyrighted works to determine whether they are, or are likely to be, adversely affected by the prohibition against circumvention. After a rulemaking proceeding, the Librarian of Congress publishes a modified list of classes of copyrighted works that are included in the DMCA exemption, which becomes established for the next three years, until the subsequent review.

During its Seventh Triennial Proceeding to Determine Exemptions to the Prohibition on Circumvention, the United State Copyright Office ruled to create multiple exemptions including, but not limited to:

  • Motion pictures for the use of captioning and/or adding audio description by educational disability service officers
  • E-books for those who are blind, visually impaired, or have print disabilities
  • Computer programs for purposes of good-faith security research

However, it has been the exemptions for commonly-used technologies, such as phones and home appliances, that have primarily attracted the public's attention. The ruling applies these exemptions for the purpose of diagnosing, maintaining, or repairing the device or system. The DMCA defines “maintenance” as “the servicing of the device or system in order to make it work in accordance with its original specifications and any changes to those specifications authorized for that device or system” and “repair” as “the restor[ation] of the device or system to the state of working in accordance with its original specifications and any changes to those specifications authorized for that device or system.”

New freedoms afforded by this most recent  ruling, according to the founder of the blog iFixit, Kyle Wiens, include:

  • Jailbreaking ‘voice assistant devices’
  • Unlocking new phones
  • Legally permitting third-parties to perform repairs on behalf of the owner

In response to this ruling, companies may make their embedded software more difficult to break. It is important to note however, that this type of response from companies is not anomalous. Companies have already made the acquisition of necessary parts for repair difficult, by encouraging the Department of Homeland Security to crack down on off-brand parts. Moreover, there are still rules allowing those who develop tools for repair to use them and sell their services, but preventing them from distributing or selling the tools themselves.

Industry representatives contend that digital locks on these devices stop intellectual property theft and keep consumers from compromising the devices. These representatives warn that the relaxing of the DMCA opens consumers up to privacy and security threats from dishonest repairers.   

On the other hand, others assert that the right of consumers should overwhelm the potential risks, and that consumers and repairers should not be exposed to liability simply for altering the software in their own devices. Proponents also argue that while the risk of dishonest business dealings exists, the risk is not significantly higher than that which would be found in any other business transaction. Speaking with Consumer Reports, Cory Doctorow, a technology journalist and supporter of the rights of consumers to fix their devices, states: “[t]he way that we address this historically is by having a multiplicity of vendors and service providers who act as checks on one another.”

According to the Washington Post, advocates of the right of consumers to fix their devices still hope for more comprehensive changes, including compelling manufacturers to share instructional manuals and tools to help fix the software of the devices. Still, for those who believe that product owners should be able to fix and alter the software of their own devices, this ruling is a victory.