I think you need the password and authorization from the copyright owner. The law provides this definition:
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
DeDRM tools are obviously not the ordinary course of operation for the DRM system chosen by the copyright owner, and using (for a different purpose than intended) a decryption key that the copyright owner has taken deliberate steps to hide from the consumer stretches any notion of "with the authority of the copyright owner". Copyright licenses usually come with strings attached, especially with regards to what kinds of uses are being authorized.
Someone downvoted you earlier, I imagine for not liking this situation. I don't like it either, but I worked with lawyers fighting the DMCA for a long time and many courts have interpreted it the way you describe. I wish people wouldn't downvote the proverbial messenger for reporting on the legal status quo!
I would argue that the failure in the presence of an alternate means to facilitate decryption is a negater of the whole "effectively" clause. That's okay though. Civil disobedience is the best way to go I'm afraid.
At first glance, the "effectively" does seem rather silly, especially when applied to weak DRM that's more or less trivially cracked. But the "ordinary course of its operation" is what gives it force, by protecting DRM from being disqualified as ineffective when subjected to conditions beyond ordinary operation. It's not a question of whether the DRM is robust against attack, but whether it normally presents any real barrier to non-hackers.
"Effectively" in legal terms means "to have an effect" (as in any effect at all), not that it has to be "effective" as in "good at it's job."
The plain English meaning of the word isn't really useful here.
All "effectively" in laws such as this (and the European equivalents) means that there has to actually be some mechanism of protection, i.e. you can't just have a file full of junk binary in the directory called "DRM" that doesn't do anything and claim circumvention by deleting it. But there is clearly an effect here.
Didn’t realize that, but I am still interested in whether or not a ‘DMCA notice’ can be used for the entire statute or just in removing duplicate copies of infringing content.
The DMCA notice process is specifically about copyright infringement. The circumvention prohibited by chapter 12, section 1201 is not included in the definition of copyright infringement provided in chapter 5, and chapter 12 defines its own set of remedies for violations (both civil and criminal). So it seems completely unjustified to use the formal DMCA notice process for this kind of complaint—there's no copyright infringement here, so there's no need for a takedown process that protects online providers from being liable for their users' infringing activities.
There are various notices with different rules, and it's somewhat dumbing it down to refer to a singular "DMCA notice", which generally here is used to refer to a copyright takedown request but has never actually really mean that.
> a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.
DeDRM tools are obviously not the ordinary course of operation for the DRM system chosen by the copyright owner, and using (for a different purpose than intended) a decryption key that the copyright owner has taken deliberate steps to hide from the consumer stretches any notion of "with the authority of the copyright owner". Copyright licenses usually come with strings attached, especially with regards to what kinds of uses are being authorized.