I never expected to stumble upon a Digital Millennium Copyright Act (DMCA) story while standing beneath an unshielded light bulb in my garage, but that was before I picked up the manual for my garage door opener.

I recently moved houses, and during a Saturday largely spent clearing a terrific mass from my new garage, I came across a tattered copy of the owner's manual for the garage door opener, thoughtfully left behind for my use. I read through the manual looking for information on how to acquire another remote control unit, when my eye was caught by the sort of statement one does not expect to find in any sort of literature relating to the humble garage door.

"If this Security+ garage door opener is operated with a non-rolling code transmitter, the technical measure in the receiver of the garage door opener, which provides security against code-theft devices, will be circumvented," said the manual. "The owner of the copyright in the garage door opener does not authorize the purchaser or supplier of the non-rolling code transmitter to circumvent that technical measure."

The notice, in all its glory

Bizarre. Though the words "Digital Millennium Copyright Act" were never mentioned, the law's anticircumvention provisions were clearly being referenced here. But those provisions were designed to make breaking the digital rights management (DRM) on DVDs, music downloads, and computer games illegal—and by doing so would help keep DRM-busting devices off of the market. What was this nonsense about circumventing technical measures doing in my garage door opener manual, and why did the manual go out of its way to make it clear that I was not "authorized" to use a specific sort of remote control?

"Code grabbers," DRM, and the garage door

The picture became a little clearer when I flipped back to the front page; the opener was made by Chamberlain, the largest garage door opener company in the US.

Those who have followed tech law for some time will remember that Chamberlain was at the center of a seminal DMCA case back in 2003-2004. Chamberlain sued a Canadian company called Skylink, which made universal garage door openers, on the grounds that Skylink's devices were bypassing a DRM scheme and that Skylink was therefore "trafficking" in circumvention devices under the DMCA.

DRM, what hath you wrought?

For years, garage door remote controls were simple devices that beamed an RF signal at a garage door, which then opened. The setup was insecure, even when each remote and opener unit used an unchanging but unique shared key (a "non-rolling code") to authenticate the "open" command. As the federal appeals court noted in its write-up of the case, "According to Chamberlain, the typical GDO is vulnerable to attack by burglars who can open the garage door using a 'code grabber.' Chamberlain says that code grabbers allow burglars in close proximity to a homeowner operating her garage door to record the signal sent from the transmitter to the opener, and to return later, replay the recorded signal, and open the garage door."

"Code grabbing" appears to be something of an urban myth, however; the court went on to say that "Chamberlain concedes, however, that code grabbers are more theoretical than practical burgling devices; none of its witnesses had either firsthand knowledge of a single code grabbing problem or familiarity with data demonstrating the existence of a problem. Nevertheless, Chamberlain claims to have developed its rolling code system specifically to prevent code grabbing." A footnote reveals that competitor Skylink offered a snarkier explanation for Chamberlain's move to a "rolling code" system: Chamberlain's openers suffered from "inadvertent GDO [garage door opener] activation by planes passing overhead, not as a security measure."

("Oh, snap!" as they say in the legal world.)

Chamberlain's new, secure, definitely-not-triggered-by-low-flying-aircraft innovation was the rolling code. New "Security+" transmitters would broadcast a two-part signal containing a device identification code (fixed) and then a security code (changing). Every time the garage door opens, the opener and the remote agree to change the security code, and they have a few billion choices to pick from. A "code grabber" who rolled up to the house and attempted to open the garage using a recorded signal would find himself locked out.

Straightforward stuff—but how did Skylink bypass it? The company didn't make a rolling code transmitter, instead relying on a bit of trickery. The Skylink universal remote opens Chamberlain garage doors by sending out the correct device identification code and then three signals, none of which have any connection to the expected security code. The first signal, because it is incorrect, is ignored by the opener. The second signal is also an incorrect code, but coming so close to the first, it triggers to opener to look for a third security code to follow milliseconds later, one which differs from the second code by a value of three. If this happens, the opener triggers its own "resynchronization" sequence, resets the code windows it has been using, and (crucially) opens the garage door.

It was a nifty bit of trickery, but Chamberlain argued that it violated section 1201(a) of the Copyright Act, the section against circumventing technical protection measures. Skylink claimed numerous defenses, including the fact that it was protected by 1201(f) on reverse engineering. In addition, Skylink argued that the rolling code was not DRM, since it did not protect access to some copyrighted computer code but to "an uncopyrightable process" (the opening of a garage door).

Making criminals of customers



The case went badly for Chamberlain, both at the federal courthouse here in Chicago and then when the Court of Appeals took up the case in 2004. Both times, some of the highest judges in the country found the argument preposterous; if true, not only would a third-party competitor who made garage door openers be guilty of trafficking in illicit devices, but every homeowner who used a Skylink remote would themselves have violated the DMCA's anticircumvention rules.

Both federal courts that looked at the case "declined to adopt a construction with such dire implications." In other words, they refused to say that hundreds of thousands of garage-door owning Americans were breaking federal law by purchasing cheap replacement remotes. (One wonders whether this logic would be extended to ripping a DVD onto a laptop just before a flight; the exact same consequences follow.)

But beyond this reductio ad absurdum, the courts also found a more technical reason for tossing Chamberlain's case: the company had never proved that "the circumvention of its technological measures enabled unauthorized access to its copyrighted software," with the key word being "unauthorized." If Chamberlain had only made clear in advance that certain uses were unauthorized, who knows? It might have prevailed.

As the appeals court noted when reviewing the lower court's decision, "The District Court agreed that Chamberlain’s unconditioned sale implied authorization... Chamberlain places no explicit restrictions on the types of transmitter that the homeowner may use with its system at the time of purchase. Chamberlain’s customers therefore assume that they enjoy all of the rights associated with the use of their GDOs and any software embedded therein that the copyright laws and other laws of commerce provide."

The lawyers speak



So—a 2004 two-court judicial smackdown, complete with summary judgment in favor of Skylink. The issue wasn't even a close call. So why was I standing in my garage on a cool November Saturday, staring down at text telling me I could not use non-rolling code transmitters? I checked the date on the manual; it was from 2006, and other recent manuals on Chamberlain's website contain the same statement.

I checked in with several lawyers who had participated in the Chamberlain/Skylink case. Matt Schruers filed an amicus brief in the case on behalf of computer industry trade group CCIA, which argued that the DMCA could not be used merely to prevent competition. When I asked Schruers what he made of the notice, he was intrigued.

"I keep seeing the Chamberlain door openers in the Costco and I've wondered what they were up to these days," he said. As for the notice, he said it looked like "an effort to write around the conclusion that the Federal Circuit reached" by clearly refusing authorization to use Skylink's non-rolling code universal remote.

Seth Greenstein, who litigated a similar case involving Lexmark toner and ink cartridges (see below), agreed that the notice in my manual was an attempt to bypass a part of the court's logic. "The element relevant to your question is that the access enabled by the circumvention must be unauthorized," he said. "The court found the unrestricted sale of the GDO implicitly authorized the purchaser to use the opener, including the right to acquire replacement controls. The new text ostensibly remedies that prior omission."

But Schruers didn't think the text was likely to stand up in court. "The revocation of authorization would, at a minimum, need to be part of an explicit contract between the buyer and seller," he pointed out, which appears to be lacking here.

"All that being said," he added, "nothing seems to prevent Chamberlain from attempting to prohibit certain conduct in their documentation, even if the prohibition is unenforceable. By way of example, DVDs marked 'for home use' or 'non-commercial private use only' are not legally restricted as such. Unless there is a contract, those representations are not true. A given use, e.g., classroom showing, is permitted or infringing depending on copyright law, not what is printed on the packaging—unless there is a contract including that restriction. Rightsholders still print such claims on the packaging, however. They might as well print that infringers are obligated to forfeit their first-born child."

Jonathan Band, a DC lawyer who also worked on the CCIA brief and is now in private practice, noted that Chamberlain also had to overcome a second hurdle. "While the case was on appeal," he said, "Chamberlain added the language that you saw in an effort to argue with respect to new openers that there was no authorization. [But] the Federal Circuit decided the case on other grounds, i.e., that there was no nexus between the circumvention and infringement. Thus, the Chamberlain language does not affect the Federal Circuit's rationale."

I went back to the appeals court decision and found the section that Band was referencing. While the court did speak extensively about "authorization," it also made the following crucial point: "The essence of the DMCA’s anticircumvention provisions is that sections1201(a),(b) establish causes of action for liability. They do not establish a new property right. The DMCA's text indicates that circumvention is not infringement."

Translated into English, the court is saying that DMCA anticircumvention rules only provide new liability for accessing copyrighted material without authorization, but that circumvention itself was not a copyright violation. Since Skylink's remote did not make copies of Chamberlain code and did not provide access to that code, the necessary "nexus" between bypassing the DRM and infringing on Chamberlain copyrights was missing.

We contacted Chamberlain to get their side of the story but received no response.