This article, written by Parker Higgins, was originally published by the Electronic Frontier Foundation on Nov. 13.
Forget extra cupholders or power windows: the new Renault Zoe comes with a “feature” that absolutely nobody wants. Instead of selling consumers a complete car that they can use, repair, and upgrade as they see fit, Renault has opted to lock purchasers into a rental contract with a battery manufacturer and enforce that contract with digital rights management (DRM) restrictions that can remotely prevent the battery from charging at all.
We’ve long joined makers and tinkerers in warning that, as software becomes a part of more and more everyday devices, DRM and the legal restrictions on circumventing it will create hurdles to standard repairs and even operation. In the U.S., a car manufacturer who had wrapped its onboard software in technical restrictions could argue that attempts to get around those are in violation of the Digital Millennium Copyright Act (DMCA)—specifically section 1201, the notorious “anti-circumvention” provisions. These provisions make it illegal for users to circumvent DRM or help others do so, even if the purpose is perfectly legal otherwise. Similar laws exist around the world, and are even written into some international trade agreements—including, according to a recently leaked draft, the Trans-Pacific Partnership Agreement.
Since the DMCA became law in 1998, Section 1201 has resulted in countless unintended consequences. It has chilled innovation, stifled the speech of legitimate security researchers, and interfered with consumer rights. Section 1201 came under particular fire this year because it may prevent consumers from unlocking their own phones to use with different carriers. After a broadly popular petition raised the issue, the White House acknowledged that the restriction is out of line with common sense.
The problem extends beyond inconvenience. In plenty of cases, DRM has led to users losing altogether the ability to watch, listen to, read, or play media that can’t be “authenticated.” Video games with online components now routinely reach an end-of-life period where the company providing the authentication decides it’s no longer worth it to operate the servers. That raises the frightening possibility of a company like Renault deciding that it’s not cost-effective anymore to verify new batteries—and leaving car owners high and dry.
And these are all just the problems with the DRM running as expected. Unfortunately, the intentional restrictions created by DRM can also create security vulnerabilities that can be exploited by other bad actors. The most prominent example may be the “rootkit” that Sony included on music CDs and which led in some cases to further malware infection. The stakes may be even higher when it comes to cars. Security researchers uncovering security problems in cars already face restrictions on publishing; that stands to get worse as DRM enters the picture.
As our friends at iFixit say, if you can’t fix it, you don’t own it. Users need the right to repair the things they buy, and that is incompatible with blanket restrictions on circumventing DRM.
Copyright maximalists like to point to the 1201 safety valve—a rulemaking procedure to identify narrow exemptions. But the process happens every three years in the Copyright Office, and it’s pretty dysfunctional: the exemptions require extensive work, must be justified from scratch each time, and have no established appeal process. Permission to “jailbreak” cars can’t even be considered until 2015, and even if it is granted, consumers may be wary to invest in a new car if their right to repair it could be revoked three years later.
There’s a better way, but it requires legislation. Representative Zoe Lofgren and a group of bipartisan sponsors have proposed the Unlocking Technology Act, to limit the anti-circumvention provisions to cases where there is actual infringement. That’s a common sense change that is long overdue.
More fundamentally, though, users must push back on the creeping imposition of DRM in more and more places. As EFF Fellow and former staff member Cory Doctorow has noted, computers are increasingly devices that we depend on for our own health and safety. It’s critically important, then, that consumers actually own our stuff. Stay tuned: We’ll be pushing hard on this issue on many fronts in the coming year, and we’ll need your help.