United States: Circuit Court Decisions Weaken, Strengthen Hand of Software Owners Using Technological Protection Measures

Within one late summer week, two federal courts of appeals rendered decisions that will have a significant effect on the rights of copyright holders. In Storage Technology Corporation v. Custom Hardware Engineering, 2005 U.S. App. Lexis 18131 (Fed. Cir. Aug. 24, 2005), a divided panel of the Federal Circuit weakened the position of software copyright owners by reading expansively the right to copy given independent service operators under 17 U.S.C. § 117(c), and reading narrowly an express contractual term that sought to preclude third-party use of plaintiff’s maintenance program. One week later, in Davidson & Associates v. Jung, 2005 U.S. App. Lexis 18973 (8th Cir. Sept. 1, 2005), the Eighth Circuit strengthened the hand of software owners, interpreting the Digital Millennium Copyright Act’s circumvention bar expansively and upholding a contractual prohibition on reverse engineering against a preemption challenge.

StorageTek. The plaintiff in the Federal Circuit’s StorageTek case sold large data storage systems. "Maintenance Code" software was pre-loaded on the systems, but was not licensed to the purchasers. Though the code booted up automatically when the system was turned on, access to the program and its diagnostic data were protected by a password scheme. Defendant Custom Hardware Engineering ("CHE") was an independent service organization in competition with StorageTek for the business of servicing StorageTek systems. CHE circumvented the password protection measures, then used the diagnostic data generated by the Maintenance Code in order to provide maintenance for the StorageTek systems.

StorageTek sued CHE, asserting copyright, circumvention and trade secret claims.

Although CHE had created a copy of Maintenance Code in RAM when it booted up the system for services, the Court held that CHE had been entitled to create the copy under the Computer Maintenance Competition Assurance Act, 17 U.S.C. § 117(c). This Act provides it is not an infringement for one authorized by the owner of a machine to make a copy of a computer program, if it is made "solely by virtue of activation of a machine . . . for purposes only of maintenance or repair of that machine."

StorageTek contended that CHE was not eligible under § 117(c) because CHE did not – as required by § 117(c) condition (1) – destroy the copy of the Maintenance Code "immediately" after completion of repair or maintenance. Rather CHE used the copy for the entire period of CHE’s service contract. The Federal Circuit held that since "maintenance" is a continuous process that includes ongoing monitoring, destruction of the RAM copy at the conclusion of the service contract was "immediate" enough.

StorageTek also maintained that CHE’s use of the diagnostic Machine Code was inconsistent with condition (2) of § 117(c). This requires that if a copy is made of "any computer program or part thereof that is not necessary" for the machine to be activated, it "not [be] accessed or used other than to make such new copy by virtue of the [machine’s] activation."

The StorageTek majority acknowledged that condition (2) would bar accessing freestanding diagnostic programs. Notwithstanding, the court held, because the Maintenance Code and the functional code that operated the system were thoroughly entangled, loading the Maintenance Code into RAM was "necessary" to activate the machine, and condition (2) did not consequently bar the § 117(c) defense.

The Federal Circuit’s convoluted argument never explained why "entanglement" should make part of a program "necessary," within the meaning of the statute, for machine activation. Whether entangled with functional code or not, the part of the code performing maintenance functions was simply not necessary for machine activation. Since CHE used that code for servicing, it should not have been entitled to immunity from infringement under § 117(c). Moreover, condition (1) of § 117(c) also makes the defense unavailable unless the new copy created by machine activation is used in "no other manner" than machine activation. CHE used the copy in another manner, viz., to maintain the StorageTek systems.

In an equally strained alternative holding, the Federal Circuit also found that, notwithstanding contract language expressly providing that a purchaser could not "permit another person to use" the maintenance code, the purchasers were entitled both to load the code and to authorize others to use it. The court’s reasoning is too detailed, too case-specific and (frankly) too unpersuasive to be worth parsing at length. The key lesson would seem to be that software owners’ license agreements must be extraordinarily explicit about the point if they want to bar third-party use.

The Federal Circuit also rejected StorageTek’s circumvention claim. In Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d 1178 (Fed. Cir. 2004), the Federal Circuit held that circumventing an accesscontrolling technological protection measure was only unlawful if the circumvention "infringes or facilitates infringing a right protected by the Copyright Act." Since the court had concluded that CHE’s copying was protected by § 117(c), CHE could not be liable for circumvention. The ruling confirms an important point: Although a number of other courts have held to the contrary, under Chamberlain and StorageTek, defenses to the underlying copyright infringement are defenses to circumvention claims.

Finally, regarding the trade secret claim, the court held there was no violation because (1) the fault symptom codes generated by StorageTek’s Maintenance Code had themselves not previously been kept secret, and (2) the reasons a particular machine no longer owned by StorageTek is malfunctioning cannot be a secret.

Davidson & Associates v. Jung. Plaintiff Davidson & Associates (referred to by its dba "Blizzard") developed computer games that could be played in an online multiplayer mode at Blizzard’s Battle.net servers. To prevent infringing copies of Blizzard games from being played online, purchasers were required to enter a "CD Key" that was printed on a sticker attached to the product packaging. Based on this code the games initiated an authentication sequence or "secret handshake" with the Battle.net server before online gaming was permitted.

The outside packaging of nearly all Blizzard games displayed a notice that the game and service were subject to an end-user license agreement (EULA) and to Terms of Use (TOU). Before installing a Blizzard game, a purchaser was required to select and click on a button marked "I agree," manifesting acceptance of the EULA and TOU. The EULA prohibited reverse engineering and the TOU barred users from engaging in emulation or from hosting or providing "matchmaking" services for Blizzard games.

Defendants, who had agreed to the EULA and TOU, nonetheless reverse engineered the Blizzard games, then developed an alternative online gaming environment on their own server at bnetd.org. Their bnetd.org server provided matchmaking services for multi-player game play and emulated Battle.net. But, unlike Battle.net, bnetd.org did not prevent infringing copies of Blizzard games from being played online.

Blizzard sued for breach of the EULA and TOU and for unlawful circumvention, and won summary judgment on both claims. The Eighth Circuit affirmed in an opinion so confusing and cryptic at points as to border on incoherence. Below, we summarize the outcomes and attempt to extracted possible "holdings" from the decision.

Regarding the EULA – TOU contract claims: Davidson stands for two propositions:

• EULAs and TOUs are enforceable contracts when assent is manifested through click-on license agreements.

• A contractual prohibition against reverse engineering is enforceable against the defense that such contract provisions are "preempted" by the Copyright Act.

Regarding the Circumvention claim: The Eighth Circuit determined that the bnetd.org server and emulator were a circumventing technology under 17 U.S.C. § 1201(a)(2), and that the reverse engineering defense under § 1201(f) did not apply.

The court does not state what it was that the technological protection measure was protecting from unauthorized access, and the prima facie violation is not clear. CD Key and the secret handshake prevented unauthorized access to Battle.net, but the defendants did not facilitate unauthorized (or any other) access to Battle.net. Rather, they afforded access to their own, emulating server. Interpreting broadly, and without the benefit of much analysis by the court, the Eighth Circuit was arguably holding:

• When a party provides access to a non-infringing, emulating server as an alternative to a server protected by the publisher’s access controls, this constitutes "circumvention" of the access controls employed by the publisher’s server.

Section 1201(f)(1) exempts a circumventor from liability when the circumvention’s "sole purpose [is] identifying and analyzing those elements of [a] program that are necessary to achieve interoperability of an independently created computer program . . . to the extent any such acts of identification do not constitute [copyright] infringement." The Eighth Circuit read the non-infringingacts- of-identification proviso as requiring that "the alleged circumvention [does] not constitute infringement." (Emphasis added.)

The Eighth Circuit rejected defendants’ argument that this reverse engineering defense applied, apparently on the basis that "Appellants’ circumvention in this case constitutes infringement." By way of explanation, the court alluded to the fact that defendants’ bnetd.org server allowed Blizzard game users to access Battle.net mode features and to play on the bnetd.org server regardless of whether they had a valid CD key.

However, making a server available for the exchange of game data among Blizzard players (some of whom use infringing copies) would not appear to constitute direct copyright infringement by defendants. Neither would such actions appear to constitute contributory infringement since defendants did not apparently participate in or contribute to the creation of any "pirated" copies of Blizzard games. Although the Eighth Circuit does not trouble to explain its analysis, the following theories might explain the outcome:

• A circumvention defendant is not entitled to the reverse engineering defense of § 1201(f) if its reverse engineering allows a direct infringer to use an infringing copy interoperably with the defendants’ independently created program.

• The "non-infringement" requirement of the § 1201(f)(1) defense is violated by acts that would make a party secondarily liable as well as by direct infringement. Each time an unauthorized copy of a Blizzard game is launched, a new infringing copy is made in the RAM of the infringer’s computer. The defendants – by supplying an otherwise unavailable service to the infringer at that time – provided an incentive for the creation of the infringing RAM copy and facilitated the Battle.net mode use of that copy. Hence, they should be deemed (contributory) infringers.

The first point is suggestive of "accessory after the fact" liability, not secondary liability under copyright. The second point evokes the new "inducement of infringement" doctrine, but without meeting the high standard for copyright inducement set forth by the Supreme Court in MGM v. Grokster.

The reasoning in neither StorageTek nor Davidson is especially satisfying, and neither case is likely to be the last word on its subject. Meanwhile, however, these circuit court decisions cannot be ignored.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.