With the "lack of permission" issue off the table, by faking the user agent aren't they are basically just requesting the information without identifying themselves and receiving it? I can't see how that could be construed as circumvention under the DMCA.
I hope I am wrong, by the way. I'm not saying picscout isn't breaking any laws ... i just don't think they are violating the DMCA circumvention laws.
Not quite. The answer will be long and I'm going to follow it with further stuff.
First, I'm not a lawyer. My training is mechanical engineering, but I self host and organize my own web site. So, I can describe a little what I mean about user agents. My illustration will use blocking with .htaccess as an example of a method to block user agents. People who know more about .htaccess should feel free to correct my mis-usage of terms etc. (I'm sure to do so.)
This is going to be long because I assume lots of people don't know what certain things are. So what are the different things that get recorded when something hits a page. Here's a slightly edited example of something that I would see if something I blocked hit the address "mydomain.com/blog/name_of_page".
180.175.7.236 - - [12/Dec/2011:01:17:22 -0800] "GET /blog/name_of_page/ HTTP/1.1" 403 521 "-"
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1" The part that is the useragent string is on the far right and shown in bold. I can tell I successfully blocked it because the '403' appears after "HTTP/1.1" . In contrast "200" appearing where 403 appears would mean my server sent them the page. I'll explain how I blocked this later and relate that to user agent.
But for now: What is a useragent? I found a long, good explanation is here:
http://whatsmyuseragent.com/WhatsAUserAgent.asp My short approximate explanation is this:
When you surf the web, you will be using some sort of utility. This is typically a browser. I often use Firefox 8.0.1 on the mac. Firefox 8.0.1 is a useragent. This user agent will identify itself to the web site you visit by leaving a "useragent string". The string I leave is
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:8.0.1) Gecko/20100101 Firefox/8.0.1
This string tells them what utility I used to download the page. Because lots of people use Firefox 8.0.1 on the Mac, the useragent string along doesn't tell them who I am.
In contrast, when google crawler visits, it doesn't use Firefox 8.0.1. It uses a different useragent. In fact it has more than one possible agent-- one agent looks at pages. one looks at images. The different crawlers tell me who they are. One says
Googlebot/2.1 (
http://www.googlebot.com/bot.html) another says
Googlebot-Image/1.0 (
http://www.googlebot.com/bot.html)
Needless to say even the braindead can figure out these are representing themselves as google, and guess they are "bots". But you can also look these up at Googles site. Note: They leave web site to learn more! These are nicely behaved bots.
Meanwhile a pesky chinese spider sometimes uses useragent strings like this:
Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
To block anything with this useragent, my .htaccess file contains a bit of code that looks like this:
Options +FollowSymlinks
RewriteEngine on
# agents
RewriteCond %{HTTP_USER_AGENT} Baidu [nc,or]
RewriteCond %{HTTP_USER_AGENT} ^$ [or]
RewriteCond %{HTTP_USER_AGENT} Ezooms [nc,or]
RewriteCond %{HTTP_USER_AGENT} picscout [nc,or]
RewriteCond %{HTTP_USER_AGENT} java [nc,or]
# methods
RewriteCond %{REQUEST_METHOD} ^PROPFIND$ [NC,OR]
RewriteCond %{REQUEST_METHOD} ^OPTIONS$ [NC,OR]
# referrers
RewriteCond %{HTTP_REFERER} (getty|picscout) [NC]
RewriteRule .* - [F]
I've edited my block down so that I don't fill the comment-- but I've left a few key things in there, and you can ask about why they are there if you like.
For now, the "RewriteCond %{HTTP_USER_AGENT} Baidu [nc,or]" blocks anything that contains "Baidu" in the user agent. So, if something visits and shows my server "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" it is blocked. Period. When I look at my server logs, if the useragent says
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)"
The access code will say "403".
Now, in principle, if anything visits using the Baidu useragent-- a program--, it will either
a) tell the truth and leave an agent that contains "Baidu" in it,
b) leave no user agent, in which case, I will see a "-" where the useragent string belongs or
c) leaven a false user agent which is presenting false information or lying.
So (b) is "requesting the information without identifying themselves and receiving it?" but (c) is lying.
Now, if you look at the code I use to block user agents, you'll also see:
"RewriteCond %{HTTP_USER_AGENT} ^$ [or]"
This command will block anything that refuses to provide a useragent. So, that eliminates the possibility that they would gain access by merely not identifying themselves.. Because I refuse to supply pages both to visitors with Baidu in their UA string and visitors with no UA string, someone wants to use the baidu bot to crawl my site, they must lie. They can't just not tell me what useragent they used.
The text budhappi left suggests lying about the USERAGENT to gain access that is otherwise refused violates DMAC. If that is true, then anything surfing using the baidu-bot and avoiding being blocked would be violating DMAC. (But this is a legal issue, and you lawyers can decide what the DMCA says. I can only tell you what the block does.)
With regard to picscout, I've tried to block them by blocking connections with "picscout" in the UA string. But I'm not sure that appears in their UA string. Picscouts page doesn't seem to reveal what their UA string is-- which makes things a bit difficult technically, and likely legally. (Legal people could maybe look into whether we can send letter to groups whose bot refuses to tells us what the UA string is.)
Next post will discuss a related topic, but I think I've now discussed the answer to the question you actually asked.