January 8, 2015 | By Jeremy Malcolm

Consumers Deserve Protection Against the Scourge of DRM—Will the UN Help?

Normally when you buy a product that has a hidden defect, consumer protection law in your state or country comes to the rescue. For example, if you purchase a product—say, a book—it comes with an implicit promise that it will be fit for the ordinary purposes that books are used for, such as allowing you to read it, quote from it, lend it to others, summarize it on your blog, and donate or recycle it when you're done.

If the book can't be used in these common-sense ways, and you weren't warned about that before handing over your money, consumer protection laws will generally give you the right to a remedy such as a refund of what you paid.

There is no reason why digital products such as e-books should be treated any differently than physical products such as paper books in this regard. Yet in practice, they too often are, and the blame falls on DRM. Say that you have a Kindle e-book reader, and you want to lend the e-book to a friend or family member who has a NOOK. Bad luck—you can't legally do so; and if you try (using circumvention software), you may expose yourself to legal liability thanks to the anti-circumvention provisions of the Digital Millennium Copyright Act and its equivalents in many other countries. The same is true for users who need to manipulate content for accessibility reasons, who need to access copyrighted code to repair their devices or vehicles, or need to circumvent DRM for research and journalism (such as exposing security vulnerabilities that put users at risk).

When DRM prevents lawful uses of content, including scholarship, remix, and other fair uses, it restricts users' freedom of expression. One approach to fixing the problem is to include an exception in anti-circumvention laws allowing users to circumvent DRM for purposes that copyright law would otherwise permit. This is the approach taken by the Marrakesh Treaty for the blind and visually impaired, for example.

But often DRM isn't just an infringement of your speech rights under copyright law, but more fundamentally an infringement of your rights as a consumer (you might be prevented not only from lending a book, but even from reading it). That's why a new wave of consumer protection laws around the world are also beginning to address the problems of DRM, by holding purveyors of digital products to the same standards as their physical counterparts.

For example, since 2011, Europe has had a Consumer Rights Directive [PDF] that requires vendors of digital products to disclose up-front any DRM restrictions or interoperability issues, in clear and comprehensible language. And last October, the Organization for Economic Cooperation and Development (OECD) issued a new recommendation [PDF] that, in addition to similar obligations to disclose DRM, would also require tech vendors to warn consumers about product updates that could adversely affect their access or use of the product, and to provide redress if a product they purchased becomes less accessible as a result.

These measures only scratch the surface of the problem, but they are the start of a welcome change of perspective. However, they have significant limits. The Consumer Rights Directive only applies within Europe, and the OECD recommendation only to the OECD's 34 members. What we really need in this globally-interconnected digital age is a universal consumer protection standard that could help drag counties from all around the world (not least the United States!) up to the same level in their protection of digital consumers.

This month we may have that chance. The United Nations Conference on Trade and Development (UNCTAD) will be convening a meeting of experts on 22 and 23 January 2015 to recommend changes to a 30 year-old document called the United Nations Guidelines for Consumer Protection, a non-binding but influential standard for consumer protection authorities from around the world. This week EFF is sending a strong call to UNCTAD to ensure that these revisions address the scourge of DRM.

In our submission, we explain that

DRM is a quintessential consumer protection issue—in that it attempts to control what users can and can't do with the media and hardware they purchase. Just as it would be an actionable consumer wrong to sell a movie disc that won't play due to a manufacturing flaw, so too consumer law should offer redress if the disc won't play due to DRM restrictions.

Supporting groundwork on this issue done by global NGO Consumers International, EFF's submission makes a simple case for the inclusion in the Guidelines of language encouraging consumer authorities to address four separate aspects of the DRM problem, which we've described as access; control; privacy; and information, disclosure and notification.

The language we're proposing on access would ensure that by default, the consumer is entitled to use a digital product in the same ways as they can use an equivalent analog product; for example, if you're told that you're “buying” a movie, you don't expect that your ability to watch it will some day disappear. Our proposal on control would ensure that DRM can't be used to stop you from using digital products in ways that would otherwise be reasonable, lawful and safe—securing your right to tinker, in other words. The language on privacy would prohibit vendors from collecting your personal data without your consent, and require them to notify you of data breaches. Finally the proposal on information, disclosure and notification would require vendors to inform you of any DRM they ship with your digital products, as well as important interoperability limitations.

Whilst we think that there is a compelling case for these straightforward and consumer-friendly guidelines, we know that others at the meeting will disagree. The United States, in particular, has been vocal in its opposition to the inclusion of DRM-related provisions.

What can you do to help to make sure that these new consumer guidelines see the light of day? We encourage you to contact your representatives who will be attending the UNCTAD meeting, to tell them why DRM is a problem for you, and to ask them to support our proposals. For Americans, that's the Office of International Affairs at the Federal Trade Commission (FTC), and for other countries, here is a directory of national consumer protection authorities.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

In Xilinx ruling, Federal Circuit suggests trolls still able to drag you to their distant lairs. https://www.eff.org/deeplinks...

Feb 17 @ 3:14pm

A ruling in Microsoft's fight against gag orders covering government requests for user data https://www.eff.org/deeplinks...

Feb 17 @ 2:14pm

As cities like San Jose consider using "smart city" tech, they need to protect residents' privacy. https://www.eff.org/deeplinks...

Feb 17 @ 11:36am
JavaScript license information