Apple uses DMCA as a weapon against an open source iTunes hack
A simple effort by an open source developer to make his iPod's data legible by a Linux-based program, could balloon into a test of copyright so important that the fate of global trade agreements could hang in the balance.
In the fall of 2007, as a way of protecting the link between its iPods and iPhones and the iTunes music store databases (iTunesDB) stored on those devices, Apple began employing a hashing algorithm. The result was that transactions between a device and the music store were masked, with a side benefit being that iPods could only conduct transactions through iTunes using only Apple's software -- which is a big problem for computer users with Linux.
For example, users of a third-party iTunes work-alike for Linux called YamiPod discovered their late-model iPods would not work with their software, while older models worked just fine. The issue here isn't really so much trying to set up a competitive store to Apple's, but rather to make database transactions work for Linux users.
Within a few weeks, Apple's scheme was cracked, and the details of the scheme made it appear downright laughable, almost like using plastic traffic cones to block an entrance.
This year, Apple reworked the hashing scheme to make it more difficult to crack. And that effort, in a sense, was successful; this time, instead of a few weeks to crack, it took several. As independent engineer Sam Odio wrote on his blog at the time, "Apple changed the hashing scheme. And here we are to reverse it yet again."
Last November 11, Apple sent Odio a takedown notice, indicating that the "reversing" to which he referred could be construed as a violation of the Digital Millennium Copyright Act, and characterizing Odio's project as an assault on FairPlay, Apple's DRM system.
"FairPlay is considered anti-circumvention technology under the Digital Millennium Copyright Act," wrote attorney Ian Ramage. "The DMCA explicitly prohibits the dissemination of information that can be used to circumvent such technology." Ramage went on to ask that the information be taken down; when it wasn't, the next day, he sent a new message with this threat: "Failure to do so will result in legal liability."
Yesterday, the Electronic Frontier Foundation announced it would represent Odio in court, if necessary. In Odio's defense, senior staff attorney Fred von Lohmann is preparing to argue that the iTunesDB file stored on individual users' iPods no more belongs to Apple than does every Web page that has ever appeared in Safari.
"The iTunesDB file is not authored by Apple, nor does it appear that Apple has any copyright interest in it," von Lohmann wrote yesterday. "Instead, the iTunesDB file on every iPod is the result of the individual choices each iPod owner makes in deciding what music and other media to put on her iPod. In other words, the iTunesDB file is to iTunes as this blog post is to Safari -- when I use Safari to produce a new work, I own the copyright in the resulting file, not Apple."
The contents of that database reflect the choices of its user, regardless of the format it is produced in, von Lohmann goes on to argue. And as such, those choices could conceivably be constitutionally protected under the First Amendment. What's more, he points out, a DMCA exception has already been written into law for the express purpose of permitting individuals to make contents interoperable between technologies or devices they own.
But von Lohmann -- probably knowingly -- touched upon an issue in US law that has come up from time to time, and may yet be unresolved: the issue of who, truly, owns a database. Like an episode of TV's "Law & Order," the first half of the story is about one thing, until the second half twists the story to become about something else entirely.
In both US and European law, there's a concept called sui generis database protection (from the Latin meaning "unto its own"), which is the idea that a database is essentially the intellectual property of the creator of the database technology. So any attempt to reverse-engineer the format to get at the contents, under this concept, would be a rejection of the principle.
European law currently makes provisions for this principle, which was necessary given that so many EU member countries had different legal definitions of a database's IP -- to the extent that software publishers were unwilling to publish in countries foreign to their own. US law, on the other hand, largely rejects this principle, but only to a certain extent. The guiding principle for America is a 1991 Supreme Court case, Feist v. Rural Telephone (two publishers of telephone directories), in which it was determined that the contents of a database were not protected by copyright if those contents failed a certain standard of creativity. It's not a creative process, in other words, to compile a list of who lives where; so if a competitor's list was literally scanned from the pages of the other directory, it may be a violation of something, but not copyright law. In other words, no "authorship" took place.
There have been many legal challenges to Feist since that time, including legislation still being considered though never passed by Congress that would deem it a crime to copy a published database for the purposes of doing harm to its publishers, or for otherwise doing business with the database that was unauthorized by its publishers. Consider such legislation a new concept of "circumventing" copyright law: making copying data for unauthorized purposes illegal despite the state of copyright.
Pressure on lawmakers to pass such a law comes from groups such as the World Trade Organization, which are looking for guarantees that database technology imported into the US not be circumvented by users looking to get at databases' contents.
So a valid argument could be made that Apple has no specific claim to copyright of the data in a user's iTunesDB, so if that user tried his own means to get at that data, Apple could not claim harm. But the EFF's von Lohmann is making a very dangerous attachment to that argument: specifically, that the contents of an iTunes database reflect users' personal choices and tastes, and are thus considered expressions.
If they are expressions, as von Lohmann suggests, then Apple could very well turn the whole argument on its ear, employing the Feist standard to suggest that expression implies authorship, and if the database is truly authored...it fails the Feist test for exception to copyright. As ridiculous as this may sound on the surface, a legally plausible argument under current US law could be concocted for one company's claim of copyright over a database because some other party authored its contents.
There's a very good possibility that the name "Odio" could join the name "Feist" one day, as one of the pinnacle cases of US copyright law. And since we know how that process works already, we could be talking about this case well past 2012.