First up on today's menu: more DMCA legal shenanigans, with a United States copy-protection software developer filing suit against a graduate student at Princeton University under s1201 of the Digital Millennium Copyright Act 1998.

SunnComm Technology alleges that one J Halderman engaged in circumvention of a protection measure when publishing a research paper, which detailed how to deactivate (or perhaps more accurately, subvert the activation of) a system designed to prevent CDs being duplicated or copied to a user's hard disk.

The ridiculous part of all this is that the 'circumvention technique' described by the research consists of little more than using the SHIFT key to disable a program from automatically executing when a protected CD is inserted, a process which Halderman successfully tested on a recently released audio CD published by Arista Records/BMG. Unfortunately, SunnComm has not taken too kindly to the publication of so obvious a method of circumvention, claiming that Halderman's paper incorrectly disparaged the 'robustness and efficacy' of the mechanism, harming their reputation:

This is an opinion that seems to be shared by their shareholders, evidently. Now, forgive my youthful naivety on matters of substantive law, but such a claim seems more suited to a tort action in defamation than a filing under a criminal provision of the DMCA. Their action seems destined to fail, at any rate. As one commentator has dubbed it, 'press shift to initiate lawsuit'. Fred von Lohmann, a cyberlawyer with the EFF was also vocal in his condemnation of the suit:

In order to successfully sue Halderman under the DMCA, SunnComm needs to prove that the circumvention method his paper described constitutes a device 'primarily designed or produced to circumvent'. Given that the SHIFT key is a standard feature of every computer keyboard, that the association of this 'device' with disabling autorun is a standard feature on all Microsoft, Apple, and many Linux operating systems, and that it performs many other functions (for instance, Capitalisation), it seems ludicrous to classify it as a device primarily designed to circumvent copy-proteciton mechanism. Arugably, it does not even constitute a 'device'.

Even if using a particular key to willfully disable a software protection measure does comprise a circumvention measure, Halderman's report probably falls under one of the exceptions to s1201: ss(d) (exemption for educational institutions), ss(g) (encryption research allowed), or ss(j) (testing access controls allowed with consent).

SunnComm also claims that by disabling the autorun mechanism a file is 'deleted'; strictly speaking, this is not correct, either. Rather, a file is prevented from being created. This is a critical distinction, because users ought to have control over which files are copied onto their digital property (though it would be a harder case to make that they should have control over all files already there). Were this action to succeed, a precedent would be created for denying end users the ability to disable potentially intrusive or malicious programs (eg, mal/spyware) that come bundled with CDs or DVDs and are subjected to "blanket protection" by the DMCA. Publishers could install 'helper' utilities that advertise their other CDs, monitor a user's listening habits, or even disable access to P2P sharing applications - yet under the DMCA, users would be powerless to attempt a removal of these devices, or publically disclose the full extent of their operation.

Sadly, this case highlights an all too frequent trend in American technology law: instead of using the incisive, voluntarily contributed research of a concerned member of the public (for which the company would otherwise have been charged an exorbitant amount of money) to improve their product, SunnComm has taken cover behind vaguely-worded provisisions to protect their own lack of foresight and poorly researched product. Anyone who invested in this company's copy-protection mechanism has only themself to blame, not Halderman.