DMCA hammer comes down on tech service vendor
This just in: A district court in Boston has used the DMCA to grant a preliminary injunction against a third party service vendor who tried to fix StorageTek tape library backup systems for legitimate purchasers of the system.
How is this a DMCA violation? Well, it turns out that StorageTek allegedly uses some kind of algorithmic "key" to control access to its "Maintenance Code", the module that allows the service tech to debug the storage system. The court found that third party service techs who used the key without StorageTek's permission "circumvented" to gain access to the copyrighted code in violation of the DMCA, even though they had the explicit permission of the purchasers to fix their machines.
What does this ruling mean? If it stands up on appeal, it means StorageTek has a monopoly on service for all of its machines. No independent vendor will be able to compete with them for service contracts because no independent vendor will be authorized to "access" the maintenance code necessary to debug the machine.
The DMCA was meant to stop digital piracy, not inhibit legitimate competition in the computer services market. How many more markets will we allow this law to kill before someone fixes it?
p.s. The Court also found, in a bizarre twist of logic, that while it is legal to load a program into RAM for repairs, it's illegal to allow it to persist in RAM while you fix it. I don't even know where to begin with that one.
Quote: "The Court also found, in a bizarre twist of logic, that while it is legal to load a program into RAM for repairs, it's illegal to allow it to persist in RAM while you fix it."
So you can work on it if it's in DRAM, but not if it's in SRAM? :-)
Posted by: Timothy Campbell | July 10, 2004 at 08:31 AM
No, you're splitting hairs now. This has nothing to do with RAM technology. To prevent persistence in RAM, you just just have to disable caching of info from your hard drive. As long as you go to the disk each and everytime you need the data, you are fine :-) [I can't find a good registry setting to do this in Windows, though - maybe Linux has something]
Posted by: R Hyre | July 11, 2004 at 02:21 AM
>The DMCA was meant to stop digital piracy
No, it wasn't. The DMCA doesn't stop anyone from copying anything - it stops you from USING what you already have.
>not inhibit legitimate competition in the computer services market.
No, actually, that's exactly what the DMCA is for.
The DMCA was created to stop people from accessing what they've rightfully bought, without sanction from the manufacturer. It doesn't address copying at all, only accessing.
As this case shows, it's working exactly as intended.
Posted by: Karl | July 11, 2004 at 06:50 PM
I would not like to be the CIO that signs the PO for a new STK system today, THEN finds out about the ruling. Just how long till they are out on the street. New purchases are bound to be held up, as potential customers come to find out about this. Who will be the next OEM to try to assert the same position? Either this is stopped dead in its tracks immediately (by no new POs) or third party maintenance is over and the total cost of ownership just goes through the roof.
Posted by: | July 12, 2004 at 04:10 AM
I wonder what it would actually take for the DMCA to be repealed?
Someone successfully prosecutes the Republican Party or a prominent Party Member for a DMCA violation? Microsoft is successfully prevented from coopting a market because of DMCA protection?
Am I optimistic in thinking it might be as easy as a massive terrorist act perpetrated against our electronic infrastructure that experts would agree could have been prevented if practicing security research were legal in the USA?
Or are we just completely fucked, for good?
I don't know if anyone has articulated it yet, but most of the participants in our "information economy" keep going on the waning belief that a law this absurd must certainly be struck down eventually. But will it? Really?
Posted by: | July 12, 2004 at 06:41 AM
While I can't speak for my agency you can be sure that I will be on the lookout for these issues when buying storage in the future; and we're not exactly the world's smallest customer.
Posted by: Donald P. Welker | July 12, 2004 at 07:33 AM
Can you say "restraint of trade?"
Sounds like grounds for a counter-suit for abusing monoply power with respect to maintaining StorageTek backup systems.
Existing StorageTek customers may have grounds for a class-action lawsuit to order StorageTek to give "permission" to anyone wanting to service StorageTek equipment.
Posted by: davidwr | July 12, 2004 at 07:48 AM
>What does this ruling mean? If it stands up on appeal, it means StorageTek has a monopoly on service for all of its machines. No independent vendor will be able to compete with them for service contracts because no independent vendor will be authorized to "access" the maintenance code necessary to debug the machine<
Wonder whether customers could get around this by having stronger contracts, perhaps expanding on the typical "no shutdown devices" term to include no devices denying maintenance? While I'm sure most buyers don't pay much attention to the terms of their purchase until there is a problem, this is certainly something potential buyers should consider. And of course, it would require great convincing to a maintenance provider that the contract in fact protects him.
We recently had a similar problem when moving from one software to another, and needed the data in the old software converted to the new. The new contractor (who apparently had done such conversions for other customers previously) was threatened that if he looked at the old software, he'd be sued. We had to end up paying the old contractor to export the data into a generic format, so the new contractor would clearly not be violating any proprietary rights when he picked up the exported data and imported it into the new SW. Vendors are trying to be clever and trying to force customers to remain beholden to them forever!
Posted by: whits-end | July 12, 2004 at 08:27 AM
An interesting parallel to what's happening in the auto industry. A number of car nmanufacturers are withholding maintenance codes from independent auto shops (ie. non dealer owned and operated), claiming that the codes are proprietary. Since the codes are needed to diagnose problems, they're hurting the indy shops. I can't rememeber the act that passes a number of years ago (maybe someone can refresh my memory) that forced mfgrs to allow 3rd party repairs to thier vehicles. Hopefully some sane court will apply the same ruling to this case: If you purchased a product, you have the right to repair it as you see fit. The scary thing is that if this goes through, the auto mfgrs now can try to use the DCMA to limit access to thier codes and all us new car owners get the pleasure of a wallet reaming by the dealer repair shops.
Posted by: Neural | July 12, 2004 at 09:13 AM
I love this stuff.. IBM Global Services supports and maintains STK products and so does Siemen's and GSSCS (Logicon). I wonder why STK hasn't gone after IBM or these other large companies. Obviously, the small business is an easy target and these other larger companies have other strategic OEM agreements with STK. I suspect a TPO of any sort who services these large storage tape systems must have access to the event codes otherwise they couldn't provide reliable service.
Again, a consumer is screwed because of less choices.
Posted by: Bob Good | July 12, 2004 at 11:42 AM
>What does this ruling mean? If it stands up on appeal, it means StorageTek has a monopoly on service for all of its machines. No independent vendor will be able to compete with them for service contracts because no independent vendor will be authorized to "access" the maintenance code necessary to debug the machine.<
This is partly correct. However there are many licensed StorageTek repair facilities in the U.S. IBM, Unisys, et al. have nothing to worry about as they have signed agreements with STK. STK was protecting their trading partners as well as their customers.
Posted by: Seth | July 12, 2004 at 12:52 PM
Indpendent auto repair shops faught for years to be able to do repairs on automobiles without having warranties voided by manufacturers. A law was finally passed to allow this. It also allows for third party parts to be used as long as they meet OEM specifications. Now comes the DMCA, which can negate any such law.
Until the consumer refuses to purchase products with this type of lock-out by manufacturers of equipment, we will see more of it until there is nothing left in the US but consumers who have no money with which to consume. We have already endangered our economy by moving manufacturing out of our borders. Now we will lose the service industry as well because it will be illegal to repair anything manufactured by someone else.
I refuse to purchase Lexmark because of their stand on third party cartridges for printers. I will refuse to purchase products from Sony or any other manufacturer that does the same thing. I choose my service repair companies for my appliances and will purchase those appliances based on my ability to choose who enters my home to fix them. I will not purchase CD's or DVD's I cannot copy for my own personal use or equipment that will not allow me to enjoy it as I see fit in my own home, car or RV.
I encourage consumers to take a stand now, before we find ourselves without the abiltiy to make choices for ourselves at all.
When will our (cough) leaders realize they are crippling this country?
Posted by: LDG | July 12, 2004 at 08:00 PM
> When will our (cough) leaders realize they are crippling this country? <
Not just your country mate. Australia, has just signed a trade agreement with the USA, which forces various parts of the DMCA and other US laws upon us in order to protect US trade partners.
http://www.efa.org.au/Issues/IP/index.html#fta
Presumably other countries that sign similar agreements with the US will find themseleves in a similar position as the DMCA spreads across the globe.
I think I'll have a lie down... Ive just depressed myself thinking baout it.
Posted by: Wylie | July 13, 2004 at 01:58 AM
The major concern I have here is I'm a repair technician for one of the world's largest companies and if my client wanted, since I'm a contractor, they could easily have me arrested for the same thing as what's described in this article.
As for the ability to change/modify laws, when does that become over-ridden by another law? If the DMCA is so vague about changing anything related to digital content and this law is for digital content, would that mean we can't change the law? In my mind, its like tossing your hard drive icon in the trash on Macintosh System 6.
Posted by: Josh | July 13, 2004 at 08:44 AM
We have spent 20 years developing both products and services which by-pass security on computer systems. In both our data recovery and computer forensic work we have had to by-pass password and other security systems on operating systems, hardware products such as disks, skipping past end-of-data on tapes which have been subjected to "secure" erasure and recovering data from disks which have been "securely" erased.
Most of our business in Europe and we are based in the UK. We of course have our own collection of possibly well-intentioned legislation which we operate around. It doesnt bode too well for our US subsiduary however.
The implication is that we need to approach the software and hardware manufacturers to look for a licence to by-pass their poor attempts at security.
I would doubt that the US legislation would get past the anti-cartel laws in the European Union.
Posted by: Gordon Stevenson | July 14, 2004 at 02:48 AM
Actually, there are many independant service providers who maintain StorageTek-manufactured equipment, and who manage to do so withing infringing on legitimate proprietary firmware. This particular service organization was singled out due to evidence of their having acquired and used copyrighted materials.
Posted by: Geoff Warmuth | July 14, 2004 at 09:22 AM
The maintenance code in question was written by StorageTek engineers and is proprietary property. If CHE writes their own code and uses it to diagnose problems, they wouldn't be in this legal jam. If CHE wants to compete they should use their own code to compete not pirate the vendor code. StorageTek paid engineers to develop and maintain this code. Allowing CHE to pirate the code is no different than allowing a competing ballclub to use your bench.
Posted by: Ed Lisivick | July 15, 2004 at 06:15 AM