Re: TrueType/OpenType and anti-circumvention laws

To: Paul Wise <pabs@debian.org>
Cc: debian-legal@lists.debian.org, Felix Lechner <felix.lechner@lease-up.com>
Subject: Re: TrueType/OpenType and anti-circumvention laws
From: "P. J. McDermott" <pj@pehjota.net>
Date: Mon, 5 Feb 2024 03:30:10 -0500
Message-id: <[🔎] 20240205033010.18f0db9a.pj@pehjota.net>
Reply-to: debian-legal@lists.debian.org, "P. J. McDermott" <pj@pehjota.net>, Felix Lechner <felix.lechner@lease-up.com>
In-reply-to: <[🔎] a48a47f6ae6f40aa5e05dd0e24f2e533c788e23b.camel@debian.org>
References: <20240115060547.7e74fc51.pj@pehjota.net> <[🔎] a48a47f6ae6f40aa5e05dd0e24f2e533c788e23b.camel@debian.org>

On 2024-02-05 at 10:34, Paul Wise wrote:
> On Mon, 2024-01-15 at 06:05 -0500, P. J. McDermott wrote:
> 
> > Paul Wise mentioned[8] on the fonts team list in 2021 a couple programs
> > ("embed"[9], a derivative "ttembed"[10], and "ttfpatch"[11]) that unset
> > the DRM/TPM bits, enabling full use of the fonts.  "embed" was written
> > by a font designer who noticed that his fonts had restrictive embedding
> > permissions and that a tool he used (which was intended for font users,
> > not designers) didn't allow lowering the restrictions.  
> 
> PS: for thread completeness, I note the embed author recieved DMCA
> legal threats, but did not remove the tool from their website:
> 
> http://carnage-melon.tom7.org/embed/dmca.html

Thanks, that's a very interesting read.

I'm surprised to see that Paul F. Stack alleged that embed violates
subsection 1201(a) (circumvention by descrambling, decrypting, etc.
of a TPM that "effectively controls access".  Tom Murphy 7 clearly
explains why that doesn't apply per the definitions in 1201(a)(3): a bit
field doesn't "[require] the application of information" etc. (e.g. a
descrambling or decryption key).  Instead, it actually requires other
programs (not embed) to proactively check and obey the bit field.  So
even if embed didn't exist, unauthorized exercise of a right (1201(b),
not unauthorized access to a work under 1201(a)) could be performed
simply because another program lacks the extra code to check the bit
field).

Only subsection 1201(b) (circumvention of not a TPM, but of "protection
afforded" by a TPM that "limits the exercise of a right") could apply
here.  However, 1201(b) doesn't prohibit the act of circumvention itself
like 1201(a)(1) does.  It only prohibits trafficking in technology etc.
that circumvents, like 1201(a)(2) does.

Stack seemed to pretend (or somehow believe) that 1201(a) applies,
specifically to rely on the prohibition of the act of circumvention (not
focusing on the trafficking in embed), in an attempt to scare Murphy
into believing he's vicariously liable for contributory infringement in
every (non-specified) act of circumvention by embed users (with a threat
that the statutory damages of each act add up).  It's not until his last
"memorandum" in which Stack ever mentioned 1201(b) at all, let alone
alleging any violation of it.  Further, Stack oddly quoted from 1201(b)
and at the end of that same paragraph made a remark about the DMCA not
affecting contributory infringement, as if to suggest (flat out wrongly)
that Murphy could be liable for acts of circumvention under 1201(b)
(which as I noted does not actually prohibit such circumvention).  Stack
was careful to not explicitly say that Murphy is liable for contributory
infringement by embed users under 1201(b) (there cannot possibly be any
such infringement by users in the first place) but apparently wanted
Murphy to believe that he could be liable.  That is either a bad faith
scare tactic or ignorance of the law (which is not good for a lawyer).
Either way, this seems like an unserious legal threat, which if brought
in court, any decent copyright defense attorney could probably have
dismissed, perhaps even summarily and/or with prejudice.

The DeCSS case cited by Stack could have been relevant here, except
that it alleged misappropriation of the CSS descrambling key as a trade
secret, and DVD CCA never alleged violation of the DMCA (1201(a), which
in that case would have been relevant).

Back to the matter at hand, subsection 1201(a) doesn't apply because no
information (e.g. a descrambling or decryption key) is needed to access
a font.  Subsection 1201(b) could apply, making distribution of a
program like embed or ttembed possibly illegal.  But 1201(b) (unlike
1201(a)) doesn't prohibit the use of such a program.  Does anyone know
whether other jurisdictions have laws stricter than the US DMCA, i.e.
laws that prohibit the use of programs like embed and ttembed (the
act of circumventing "protection afforded" by a TPM that "limits the
exercise of a right")?

Has there ever been a legal threat (let alone a court case) alleging
that a program like embed or ttembed violates subsection 1201(b) (or
an international equivalent thereof)?  Perhaps such a threat isn't
financially worthwhile, because statutory civil damages (1203(c)(3)) are
at most $2,500 per device/product/etc. (i.e. one program), and there can
be no contributory infringement that multiplies such damages for each
act of circumvention by users.  And actual damages (which can be sought
instead of, not in addition to, statutory damages) would be hard if not
impossible to prove.

-- 
Patrick "P. J." McDermott:  http://www.pehjota.net/
Lead Developer, ProteanOS:  http://www.proteanos.com/
Founder and CEO, Libiquity: http://www.libiquity.com/

Reply to:

References:
- Re: TrueType/OpenType and anti-circumvention laws
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: TrueType/OpenType and anti-circumvention laws
Next by Date: Re: hard linking libboost copyright files
Previous by thread: Re: TrueType/OpenType and anti-circumvention laws
Next by thread: hard linking libboost copyright files
Index(es):
- Date
- Thread