Until recently, it appeared that most smart product reverse engineering efforts would retain protected status. A split in authority on the Digital Millennium Copyright Act makes that less certain.
In today’s automated world, products from toasters to automobiles are equipped with embedded software that allows them to share information with other devices, sense and respond to external data, and operate more intelligently.
This environment creates opportunities for enterprising companies to build useful aftermarket products that interact with and complement “smart” products manufactured by others. For instance, certain electronics manufacturers develop and sell universal remote controls that can be programmed to operate all the televisions, DVD players, game consoles, and other gadgets in a typical living room.
A business that wants to manufacture components or complementary products for another company’s smart device typically must reverse engineer the original product; in other words, the business
would work backward to understand how the original product was built. Reverse engineering smart products often involves “decompiling” their embedded software to reproduce human readable source code that can be analyzed and understood. Once a product engineer understands how the software works, he or she can develop complementary products with new software code that can share information and instructions with the software in the original product.
What happens, however, if the software in an original product—for instance the televisions and other smart products that might be operated by a universal remote control—is encrypted to prevent third parties and third-party products from accessing this embedded software? One option for aftermarket manufacturers is to bypass or circumvent the controls. In addition to the technical challenges that an aftermarket manufacturer confronts when it opts to bypass security controls in the smart products
of others, a company that takes this path without first obtaining permission from the original manufacturer will have to consider whether its actions are consistent with the Digital Millennium Copyright Act, (DMCA), 17 U.S.C. §1201 et. seq.
Congress enacted the DMCA in 1998 to encourage online marketing and distribution of “the movies, music, software, and literary works that are the fruit of American creative genius.” S. Rep. No. 105-90 (105th Congress, 2d Session, May 11, 1998). The DMCA was passed to assuage industry fears that “[d]ue to the ease with which digital works can be copied and distributed worldwide virtually instantaneously, copyright owners will hesitate to make their works readily available on the Internet without reasonable assurance that they will be protected against massive piracy.” Id.
The entertainment and software industries already had encrypted their products and implemented other security measures to combat piracy. Through the DMCA, Congress piggybacked on those efforts by prohibiting the unauthorized circumvention of industry-deployed security measures to copy or gain access to copyright-protected works. As enacted, the DMCA includes three “anti-circumvention” subsections that prohibit the following:
- Circumvention of technological measures that effectively control access to copyright protected works, 17 U.S.C. 1201(a)(1)(a);
- Trafficking in technologies that are primarily designed for the purpose of circumventing access control measures, 17 U.S.C. §1201(a)(2); and
- Trafficking in technologies that are primarily designed for the purpose of circumventing measures that protect the rights of copyright owners. 17 U.S.C. §1201(b)(1).