Technological protection measures (TPMs) can be an effective tool to protect software products from unauthorised access or use. The Federal Court has recently clarified the circumstances in which TPMs are legally enforceable in Australia.
What’s a TPM?
A TPM is any tool that restricts access to, or use of, digital materials.
Common examples include passwords, paywalls, watermarks and ‘read-only’ files.
These measures are primarily a practical obstacle to unauthorised access or use. However, TPMs are also legally enforceable under the Copyright Act 1968 (Cth) if they:
- ‘control access to’ a copyright work or other subject-matter (Access Control TPMs) or
- prevent, inhibit, or restrict the doing of an act comprised in copyright (Copy Control TPMs).
In Australia, a person must not knowingly circumvent an Access Control TPM.[1] Additionally, a person must not knowingly manufacture, import, distribute, offer, provide or communicate a circumvention device, or provide or offer a circumvention service, for an Access Control TPM or a Copy Control TPM.[2]
Recent guidance from the Federal Court
What happened?
Take-Two Interactive Software, Inc markets the computer game ‘Grand Theft Auto V’.
Mr Anderson is a senior developer of ‘the Infamous Mod’. The Infamous Mod is a computer program that allows users to access unofficial features (such as ‘teleportation’ or ‘invincibility’) while playing Grand Theft Auto V in online multiplayer mode (GTA Online).
The Federal Court initially made orders against Mr Anderson on the basis that he had infringed copyright in the GTA Online computer code, induced users to breach the terms of service, and contravened the Australian Consumer Law.[3]
In Take-Two Interactive Software, Inc v Anderson (No 2) [2024] FCA 1459, the Court went on to find that Mr Anderson had also knowingly manufactured, distributed, offered, provided and communicated circumvention devices for Access Control TPMs and Copy Control TPMs.
When does a TPM ‘control access to’ computer code?
The Court’s decision clarifies the circumstances in which a TPM will ‘control access to’ computer code.
First, the TPM must control initial access – it is not enough that it revokes or terminates access that has already been granted. Accordingly, the Court drew a distinction between:
- TPMs that operate before the relevant code is accessed (eg by preventing players from opening GTA Online), and thereby control access to it, and
- TPMs that operate after the code is accessed (eg by closing GTA Online), and therefore do not control access to it.
Second, a TPM may control access under certain circumstances. Here the Court found that a TPM which prevents players from accessing code in GTA Online – but does not prevent them from accessing the same code when playing in ‘offline mode’ – nonetheless ‘controls access’ to that code.
Accordingly, the Court found that some (but not all) of the asserted measures were Access Control TPMs. The Court separately found that other measures were Copy Control TPMs.
Key takeaways
The Court’s decision clarifies the requirements for the enforceability of TPMs in Australia.
Notably, the Australian position now contrasts with that in the United States. The Court of Appeals for the Ninth Circuit has found that a TPM may ‘effectively control access’ by revoking access.[4] It has also found in the US that a TPM that ‘restricts one form of access but leaves another route wide open’ – for example, by preventing access in online mode but not in offline mode – does not effectively control access.[5]
Accordingly, software developers should be mindful that a different standard now applies in Australia.
Although TPMs may be useful even if they are not legally enforceable, the most effective TPM strategy will be one which includes at least some enforceable Access Control TPMs and Copy Control TPMs.
[1] Copyright Act 1968 (Cth) s 116AN(1).
[2] Copyright Act 1968 (Cth) ss 116AO(1), 116AP(1).
[3] Take-Two Interactive Software, Inc v Anderson [2021] FCA 1024.
[4] MDY Industries, LLC v. Blizzard Entertainment, Inc., 629 F.3d 928 (9th Cir, 2010), [20].
[5] MDY Industries, LLC v. Blizzard Entertainment, Inc., 629 F.3d 928 (9th Cir, 2010), [17]-[18], quoting Lexmark International v. Static Control Components, 387 F.3d 522 (6th Cir, 2004).
