Copyright The Copyright Wars:

Scientists on the Front Lines Congress shall have the power ... To promote the progress of science and the useful arts, by securing for limited times to Barbara Simons authors and inventors the exclusive rights to their respective writings and discoveries.

“When Congress sits idly by in the face of these activities, we essentially sanction the Internet as History of Copyright a haven for thievery.” Sen Fritz Hollings • Statute of Queen Ann (1710) “Any attempt to inject a regulatory into – first recognized rights of creators the design of our products will irreparably • US haven of copyright “piracy” in 19th century damage the high-tech industry: it will substantially retard innovation, investment in – Translations not covered until 1870 • Harriet Beecher Stowe and German translation of new technologies, and will reduce the Uncle Tom’s Cabin - 1853 usefulness of our products to consumers.” – International protection not covered until 1891 Leslie Vadasz, Executive VP Intel Corp • Dickens A Christmas Carol Senate Commerce Comm. hearing, Feb. 28, 2002 – $2.50 in UK; $0.06 in US

Intellectual Property Issues Length of Copyright

• Originally for 14 years • Copyright laws – renewable for 14 years if author living – Digital Millenium Copyright Act (DMCA) * • Copyright Act of 1976: – Consumer Broadband & Digital Television Promotion Act (CBDTPA) – retroactively extended to up to 75 years • Security Systems Standards and Certification Act (SSSCA) • Sony Bono Copyright Term Extension Act 1998 – No Electronic Theft Act (NET Act) * – extended yet another 20 years • Related legislation – currently author’s life + 70 years – “works for hire”: the shorter of 95 years from publication or – Database bill 120 years from creation – Mass contract (shrinkwrap) law: UCITA - formerly Uniform Commercial Code (UCC) - Article 2B

1 Digital Millenium Copyright Act Eldred v. Ashcroft (DMCA) ‘98 • Eric Eldred published • Implements World Intellectual Property materials Organization (WIPO) treaty and more • Did Congress overstep authority by adding 20 • Passed in ‘98 and signed into law years to length of copyright? • Criminalizes technologies and technological – Encourages “progress of science and useful arts”? devices – Dead creators? – Micky Mouse • Selected over alternative (Boucher/Campbell)

User rights under Copyright The DMCA

• First sale: I can give you my copy • Outlaws reverse engineering except for – Early 20th century publishers attempted to kill compatibility, encryption & security research used book market by “licensing” a minimum price (with notification of copyright holder), privacy • Fair use protection, and to protect minors against porn – for purposes such as criticism, comment, news • Since makes technologies or devices that are reporting, teaching (including multiple copies for primarily designed for circumvention illegal, classroom use), scholarship, or research, is not an infringement of copyright. could criminalize some computer security R&D – A defense?

ACM’s Fair Use Policy DMCA - definitions

Permission to make digital or hard copies of part or all • “Technological measure for protecting copyright”? of this work for personal or classroom use is granted • “Effectively controls access to a work”? with or without fee provided that copies are not made or – Strong/weak encryption? distributed for profit or commercial advantage and that copies bear this notice and full citation on the first page – Data compression? . . . . To copy otherwise, to republish, to post on – Obscure human language? services, or to redistribute to lists, requires specific – Compilation? Could decompilation become illegal? permission and/or a fee. • “Primarily designed” for circumvention? – VCRs? Breaking encryption?

2 DMCA: Criminal Penalties Digital Era Copyright Enhancement (Boucher/Campbell) • Circumvention of “copyright protection” or of • Prohibits altering or deleting copyright “integrity of copyright management management information for purposes of information” for commercial advantage or infringement private financial gain: • Prohibits enforcement of terms in "shrink- – first offense: <= $500K or <= 5 years prison, or both wrap" and "click-on" agreements when they – subsequent offenses: <= $1M or <= 10 years prison, or both reduce privileges recognized by copyright law • Incorporates fair use and first sale rights

Who drafted the DMCA? Digital Era Copyright Enhancement

• “Also unresolved … on the policy side [is] • Ensures right of librarians & archivists to the language of a draft for anti- preserve copies of copyrighted works using circumvention legislation. That proposed latest technology law must be agreed upon by movie studios, • Protects author's work under traditional computer and consumer companies”. legal understandings while allowing – “Intel weighs in on DVD encryption,” incidental copies for otherwise lawful use of Electronic Engineering Times, Oct 14, 1996, a device. 923: 1,142. • Civil rather than criminal penalties

Opposition and Concerns DMCA could require permission of copyright owner to:

• ALA (American Library Association) • Test a computer system before – Copyright, fair use, distribution rights purchasing to ensure that it is • US Public Policy Comm. of ACM (USACM) trustworthy and secure – Technology not taken into account • Reverse engineer to eliminate viruses – Outlaws technologies instead of behaviors or other undesired code • Reverse engineer to see if software infringes on another copyright

3 Proposals to mandate copyright The DVD Controversy protection • DVD movies encrypted using Content • the Security Systems Standards and Scrambling System (CSS) Certification Act (SSSCA) – Weak encryption – circulated, but never introduced by Sen. Hollings • 40 bit key • Consumer Broadband & Digital Television • proprietary algorithm Promotion Act (CBDTPA) • Uses authentication to verify that player or – introduced March 22, 2002 by Hollings, has been licensed Feinstein, Stevens, Inouye, Breaux, Nelson • Who can license open/ systems? • 5 Democrats and 1 Republican

Michael Eisner, Ceo of Disney SSSCA

“[D]igital technologies can enable a level of piracy - • Would have required computer & theft - that would undermine our capacity to produce films and entertainment, undermine the deployment electronics manufacturers to include of Broadband networks, undermine the digital copyright-protection technologies in the television transition and ultimately result in fewer production of certain products and multi-use choices & options for American consumers.” devices – Sen. Hollings – Pushed by Hollywood; opposed by scientific societies, academia, and industry (BSA, etc.)

Michael Eisner, Ceo of Disney CBDTPA

“[O]nce standards [for digital rights management] are • A manufacturer, importer, or seller of digital set, they must be mandated for inclusion in all digital media devices that handle creative content. This is media devices may not necessary to ensure a reasonably secure environment – (1) sell, or offer for sale, in interstate commerce, or and to prevent unfair competition by non-compliant – (2) cause to be transported in, or in a manner device manufacturers.” affecting, interstate commerce, a digital media -2/28/02 device unless the device includes and utilizes standard security technologies that adhere to the security system standards adopted under section 3.

4 Compliance with Encoding Rules Problems with CBDTPA (CBDTPA) • No way to reliably distinguish protected • (b) NO person may knowingly apply to a content from everything else. copyrighted work, that has been distributed • Overly broad approach seeks to criminalize to the public, a security measure that uses a activities rather than narrowly focusing on standard security technology in violation of infringement with criminal intent. the encoding rules adopted under section 3.

Removal or Alteration of CBDTPA could make illegal Security Technology (CBDTPA) • (a) NO person may • distribution of open source software for use in – (1) knowingly remove or alter any standard security technology in education and research a digital media device lawfully transported in interstate commerce; or • creation of a student project to learn about – (2) knowingly transmit or make available to the public any operating systems copyrighted material where the security measure associated with a • distribution of an urgent software patch to fix a standard security technology has been removed or altered, without the authority of the copyright owner. serious security flaw • transmission of security alerts to law enforcement agencies

Digital Media Device (CBDTPA) CBDTPA could make illegal

• any hardware or software that • dissemination of anti-cancer drug research results funded by the US government – (A) reproduces copyrighted works in digital form; • personal speech by individuals using Internet – (B) converts copyrighted works in digital form telephony to communicate into a form whereby the images and sounds are • legitimate and legal speech, as in the posting of visible or audible; or mail in support of a political candidate – (C) retrieves or accesses copyrighted works in • free on-line performances of music or poetry by digital form and transfers or makes available for the legitimate copyright holder. transfer such works to hardware or software described in subparagraph (B) . – USACM letter to Hollings 3/29/02

5 Safety issues Legal Cases against Posters of DeCSS

• Inclusion of anti-copying technology in general purpose • Norway: Jon Johansen equipment-- real-time computing devices used in traffic control, air flight control, medical equipment, & – Indicted Jan 9, 2002 manufacturing -- adds complexity & potential for failure. • New York & Connecticut lawsuits brought by - Unexpected interactions with other code - Accidental activation of protection protocols 8 largest movie studios (SSSCA letter) – Based on reverse engineering being circumvention of copyright protection • Ca case brought by DVD licensing group – Trade secret misappropriation - shrink wrap license

DeCSS legally available

Court cases • DeCSS available in Ca case at cryptome.org/dvd-hoy-reply.htm#ExhibitB • T-shirt with code available at .net/cgi-bin/copyleft/t039.pl?s1&back • Dave Touretzky’s webpage: http://www-2.cs.cmu.edu/~dst/DeCSS/Gallery/ – , song, steganography, English description, a programming language that has no , ...

CSS Broken - DeCSS MPAA v. Eric Corley A/K/A • Code broken – (Then) 15 year old Jon Johansen or Norwegian “Emmanuel Goldstein” group called Masters of Reverse Engineering and (MoRE)? 2600 ENTERPRISES, INC • Subsequently learned that offset provides key with no decryption necessary or • Claim: Need to break CSS in order to run the 2600 DVD Case legally purchased on

6 Legal Case against Corley DVDCCA v. Bunner (CA case)

• Lawsuit brought by Motion Picture • Nov 1, 2001 CA appeals court overturned Association of America (MPAA) an earlier order that barred hundreds of • Corley accused of posting DeCSS people from publishing the code for DeCSS – Not accused of deriving DeCSS from CSS online. Posting the code is just like – Not accused of making illegal copies publishing other types of controversial speech - protected by Constitution • Corley subsequently deleted DeCSS from his web site, and instead posted to • programmers could still be prosecuted for other sites containing DeCSS posting illegal software but could not be prevented from doing so in the first place.

Arguments used by Defense DVDCCA v. Bunner (CA case)

• Reverse engineering for compatibility “Like the CSS decryption software, DeCSS is a allowed under DMCA writing composed of computer which describes an alternative method of decrypting • Fair use guaranteed by copyright CSS-encrypted DVDs. Regardless of who – Should not be able to eliminate indirectly via authored the program, DeCSS is a written expression of the author's ideas and information legislation about decryption of DVDs without CSS. If the – If DMCA holds, techies who can break source code were ‘compiled’ to create object code, encryption will have fair use right, but no one we would agree that the resulting composition of else will … including most judges zeroes and ones would not convey ideas.”

Trial results Ed Felten

• Judge ruled against Corley • Felten and co-authors entered SDMI sponsored – Enjoined from posting DeCSS contest to defeat watermarking technologies – Enjoined from linking to other sites with – confidentiality agreement prohibiting public DeCSS discussions of research a precondition for receiving the prize – 2nd U.S. Circuit Court of Appeals upheld lower court ruling – Felten et al did not sign; instead submitted paper to • Case for defense argued by Kathleen Sullivan, Dean 4th International Information Hiding Workshop of Stanford Law School

7 Ed Felten Dmitry Skylarov • Section 1201 of DMCA: “no person shall ... offer to the public, provide, or otherwise traffic in any • Arrested for criminal violation of DMCA after technology, product, service, device, component, presenting paper at DefCon in Las Vegas or part thereof, that ...” can be used to circumvent – Russian computer science grad student “a technological measure that effectively controls – Talk focused on weaknesses in Adobe copy access to a [copyrighted] work.” protection system • Does not address issues such as the robustness of – His company sold software that allowed people a technological measure or fair use. who purchased e-books to make copies • now available free on the web – Allowed to leave US in Dec; agreed to testify later

US vs Elcom Ltd, aka Elcomsoft Ed Felten Co., Ltd, and Dmitry Sklyarov • Two weeks before presentation all authors, all their employers, all program committee • EFF amicus signed by USACM, the ACM members, and all their employers threatened Law Comm., the American Assoc. of Law with civil suit by RIAA and SDMI. Libraries, Music Library Assoc., CPSR, – Withdrew paper EPIC, CPT, 35 law professors – resubmitted to USENIX Conference – http://www.eff.org/IP/DMCA/US_v_Elcomsoft/ • Brought suit against RIAA, SDMI, Verance, John Ashcroft, and mystery company – RIAA, SDMI, Verance promised not to sue

ACM and Felten Technological protection for IP

• ACM submitted declaration in Felten case • Technology will solve the problems created – Concerned about ACM November ‘01 Workshop on by technology => no need for draconian Security and Privacy in Digital Rights Management legislation? • www.acm.org www.acm.org/usacm/ – What if technological “fixes” create as many • Nov 28, 2001 case dismissed by Judge problems as bad legislation? Garrett Brown • Will fair use be defined by technology? • How will documents be archived? – SDMI, RIAA, and DoJ said they will not sue – Could device manufacturers be sued for – Felten will not appeal copyright violation?

8 Why Does Copyright Matter?

• Trade-off: limited time monopoly to encourage creativity and availability of No Electronic Theft ACT (NET) information • What if information becomes privatized? – Education – Democracy – Science

Where are we going? NET Act

• MIT student David LaMacchia posted • What is a library? copyrighted software • Is copyright being replaced by shrink-wrap – Financial gain required for criminal violation licenses? – Civil violation involves paying fines, but • Will copyright be replaced by contract law? LaMacchia had no money • Will we have pay-per-view? – Gov’t prosecuted under Wire Fraud statute • Do scientists and engineers have any ethical – Federal court dismissed case, creating ... responsibility for how their work is used? • LaMacchia Loophole

What can you do? NET Act (‘97)

• Support professional societies (ACM) • Distributing copyrighted material for no • Interact with policy makers, journalists, financial gain criminal if: other decision makers – Total retail value > $1000 over 180 days is federal misdemeanor • Up to 1 year in prison and fine up to $100,000 – Total retail value > $2500 over 180 days federal felony • Up to 3 years in prison and fine up to $250,000 • Doubled for second offense

9 Determining Monetary Value of ip

• Craig Neidorf publisher of online Phrack • published Bell South manual on "911” system Database treaties and bills – Obtained by someone else who broke into system • Neidorf charged with interstate transportation of ip obtained through fraud • Bell South claimed the value of manual $80K – Statute required loss >= $5,000

Monetary Value of IP European Law impacting US

• $80,000: $70K for word processor, salaries, • EU Database Directive (1996) pro-rated, of typists, supervisors of typists, – Stated that protection for databases would not paper on which hard copy of manual printed extend to countries that didn’t pass similar & edited, etc. legislation • But … Bell South's pr dept routinely sold • Database proposal defeated at WIPO edited (but for prosecution's purposes – Academy Presidents’ letter equivalent) version of manual for $13 • Indictment dismissed mid-trial

Academy Presidents’ Letter NET Act (the WIPO database proposal) “We believe that these changes to the intellectual Jeffrey Gerard Levy, 22, a senior at the property law, if enacted in their present form, would University of Oregon, Eugene, became the first seriously undermine the ability of researchers and person convicted of a felony under US law educators to access and use scientific data, and would punishing Internet copyright piracy. have a deleterious long-term impact on our nations research capabilities. Moreover, the proposed changes He gave away music, movies and software on are broadly antithetical to the principle of full and the Web. open exchange of scientific data espoused by the U.S. Pled guilty to felony charge government and academic science communities, and promoted internationally.”

10 “Current” US Database Bills HR 1858

• HR 354 The Collections of Information • Aims to prevent harmful, parasitic copying Antipiracy Act (Coble R-NC) - 1/19/99 while enabling researchers' access to Reintroduction of HR 2652 information and continual development of • HR 1858 The Consumer and Investors Access value-added databases. to Information Act (Bliley R-VA) 5/19/99 • Imposes narrow restrictions on the transformative use of information • prohibits outright duplication of databases to compete against the original one.

Comparison of database bills Penalties - HR 354

• Both ban wholesale misappropriation of • Criminal penalties: <= $250k and/or <= 5 databases years; second conviction both can be • Differ on creation of new databases using doubled material from existing ones (transformative – Doesn’t apply if material in database > 15 years use) • Civil action can be brought “without regard to the amount in controversy” • Injunctions, impoundment of equipment, and monetary relief

HR 354 Penalties: HR 1858

• FTC has authority to enforce • Prohibits the use of a "substantial part" of a • violation of HR 1858 treated as violation of rule database in many instances respecting unfair or deceptive acts or practices • “...harm to the actual or potential market” under Federal Trade Commission Act • Provides exemption for scientific and – Cease and desist order academic research that “does not harm – <=$10K for each violation of order directly the actual market” • Civil remedies • Other factors for exemption, eg “good faith”

11 Problems with Coble Database Proposal • Good for 15 years - updating resets clock • Fair use: only extractions that do "not harm directly the actual market for the product or service” • Protects “facts” • Irreproducible databases e.g. astronomical observations

Problems with Coble Database Proposal • Aggregate loss of $10K in one year to owner combined with financial gain for offender: – fine of up to $250K; prison of up to 5 years – second offense double – can be impounded while action pending

The Players

• Supporters: Reed-Elsevier (world’s largest publisher of scientific journals), Thomson (owns West Publishing, legal publisher), AMA (Physician’s Desktop Reference), stock exchanges, esp NYSE • Opposed: Dun & Bradstreet, Bloomberg, AT&T, MCI, ALA, AAAS, USACM, Bell Atlantic, Academy Presidents, CSSP, ...

12