Submission Result in Legal Action Under the DCMA
Total Page:16
File Type:pdf, Size:1020Kb
Unintended Consequences: Five Years under the DMCA protect its monopoly on Playstation video 1. Executive Summary game consoles, as well as their Since they were enacted in 1998, the “anti- “regionalization” system limiting users in circumvention” provisions of the Digital Millennium one country from playing games Copyright Act (“DMCA”), codified in section 1201 legitimately purchased in another. of the Copyright Act, have not been used as Congress Section 1201 Becomes All-Purpose Ban on envisioned. Congress meant to stop copyright pirates Access To Computer Networks from defeating anti-piracy protections added to copyrighted works, and to ban “black box” devices Further, section 1201 has been misused as a intended for that purpose.1 new general-purpose prohibition on computer network access which, unlike the In practice, the anti-circumvention provisions have several federal “anti-hacking” statutes that been used to stifle a wide array of legitimate already protect computer network owners activities, rather than to stop copyright piracy. As a from unauthorized intrusions, lacks any result, the DMCA has developed into a serious threat financial harm threshold. Disgruntled ex- to several important public policy priorities: employer Pearl Investment’s use of the Section 1201 Chills Free Expression and DMCA against a contract programmer who Scientific Research. connected to the company’s computer system through a password-protected Virtual Experience with section 1201 demonstrates Private Network illustrates the potential for that it is being used to stifle free speech and unscrupulous persons to misuse the DMCA scientific research. The lawsuit against 2600 to achieve what would not be possible under magazine, threats against Princeton existing computer access regulation regimes. Professor Edward Felten’s team of researchers, and prosecution of Russian This document collects a number of reported cases programmer Dmitry Sklyarov have chilled where the anti-circumvention provisions of the the legitimate activities of journalists, DMCA have been invoked not against pirates, but publishers, scientists, students, program- against consumers, scientists, and legitimate comp- mers, and members of the public. etitors. It will be updated from time to time as additional cases come to light. The latest version can Section 1201 Jeopardizes Fair Use. always be obtained at www.eff.org. By banning all acts of circumvention, and all technologies and tools that can be used for 2. DMCA Legislative Background circumvention, section 1201 grants to Congress enacted section 1201 in response to two copyright owners the power to unilaterally pressures. Congress was responding to the perceived eliminate the public’s fair use rights. need to implement obligations imposed on the U.S. Already, the music industry has begun by the 1996 World Intellectual Property Organization deploying “copy-protected CDs” that (WIPO) Copyright Treaty. Section 1201, however, promise to curtail consumers’ ability to 2 went further than the WIPO treaty required. The make legitimate, personal copies of music details of section 1201, then, were a response not just they have purchased. to U.S. treaty obligations, but also to the concerns of Section 1201 Impedes Competition and copyright owners that their works would be widely Innovation. pirated in the networked digital world.3 Rather than focusing on pirates, many Section 1201 contains two distinct prohibitions: a copyright owners have wielded the DMCA ban on acts of circumvention, and a ban on the to hinder their legitimate competitors. For distribution of tools and technologies used for example, Sony has invoked section 1201 to circumvention. Unintended Consequences: Five Years Under the DMCA 1 v.3 (September 24, 2003) for latest version, visit www.eff.org The first prohibition, set out in section 1201(a)(1), ironically, for copyright owners counting on technical prohibits the act of circumventing a technological measures to protect their works), as security measure used by copyright owners to control access researchers shy away from research that might run to their works (“access controls”). So, for example, afoul of section 1201.5 this provision makes it unlawful to defeat the encryption system used on DVD movies. This ban on Cyber-Security Czar Notes Chill on Research acts of circumvention applies even where the purpose for decrypting the movie would otherwise be Speaking at MIT in October 2002, White House legitimate. As a result, when Disney’s Tarzan DVD Cyber Security Chief Richard Clarke called for prevents you from fast-forwarding through the DMCA reform, noting his concern that the DMCA commercials that preface the feature presentation, had been used to chill legitimate computer security efforts to circumvent this restriction would be research. The Boston Globe quoted Clarke as saying, unlawful. “I think a lot of people didn't realize that it would have this potential chilling effect on vulnerability Second, sections 1201(a)(2) and 1201(b) outlaw research.” the manufacture, sale, distribution or trafficking of tools and technologies that make circumvention Jonathan Band, “Congress Unknowingly possible. These provisions ban both technologies that Undermines Cyber-Security,” S.J. defeat access controls, and also technologies that MERCURY NEWS, Dec. 16, 2002. defeat use restrictions imposed by copyright owners, http://www.siliconvalley.com/mld/siliconval such as copy controls. These provisions prevent ley/4750224.htm technology vendors from taking steps to defeat the Hiawatha Bray, “Cyber Chief Speaks on “copy-protection” now appearing on many music Data Network Security,” The Boston Globe, CDs, for example. October 17, 2002. Section 1201 also includes a number of exceptions http://www.boston.com/globe/search/ for certain limited classes of activities, including security testing, reverse engineering of software, Professor Felten’s Research Team Threatened encryption research, and law enforcement. These In September 2000, a multi-industry group known exceptions have been extensively criticized as being as the Secure Digital Music Initiative (SDMI) issued too narrow to be of real use to the constituencies who 4 a public challenge encouraging skilled technologists they were intended to assist. to try to defeat certain watermarking technologies A violation of any of the “act” or “tools” intended to protect digital music. Princeton Professor prohibitions is subject to significant civil and, in Edward Felten and a team of researchers at Princeton, some circumstances, criminal penalties. Rice, and Xerox took up the challenge and succeeded in removing the watermarks. 3. Free Expression and Scientific Research When the team tried to present their results at an Section 1201 is being used by a number of academic conference, however, SDMI copyright owners to stifle free speech and legitimate representatives threatened the researchers with scientific research. The lawsuit against 2600 liability under the DMCA. The threat letter was also magazine, threats against Princeton Professor Edward delivered to the researchers’ employers and the Felten’s team of researchers, and prosecution of the conference organizers. After extensive discussions Russian programmer Dmitry Sklyarov have chilled a with counsel, the researchers grudgingly withdrew variety of legitimate activities. their paper from the conference. The threat was ultimately withdrawn and a portion of the research Bowing to DMCA liability fears, online service was published at a subsequent conference, but only providers and bulletin board operators have begun to after the researchers filed a lawsuit.ß censor discussions of copy-protection systems, programmers have removed computer security After enduring this experience, at least one of the programs from their websites, and students, scientists researchers involved has decided to forgo further and security experts have stopped publishing details research efforts in this field. of their research on existing security protocols. Pamela Samuelson, “Anticircumvention Foreign scientists are increasingly uneasy about Rules: Threat to Science,” 293 SCIENCE traveling to the United States out of fear of possible 2028, Sept. 14, 2001. DMCA liability, and certain technical conferences http://www.sciencemag.org/cgi/reprint/293/ have begun to relocate overseas. 5537/2028 These developments will ultimately result in Letter from Matthew Oppenheim, SDMI weakened security for all computer users (including, General Counsel, to Prof. Edward Felten, Unintended Consequences: Five Years Under the DMCA 2 April 9, 2001. researcher Andrew “Bunnie” Huang, citing DMCA http://cryptome.org/sdmi-attack.htm liability concerns. Wiley commissioned Huang to write the book which analyzes security flaws Huang Hewlett Packard Threatens SNOsoft discovered in the process of reverse-engineering the Microsoft X-Box game console, after Huang Hewlett-Packard resorted to Section 1201 threats published his research as part of his doctoral work at when researchers published their discovery of a M.I.T. Huang did not distribute the Xbox public security flaw in HP’s Tru64 UNIX operating system. security keys which he had isolated through reverse The researchers, a loosely-organized collective engineering and did not copy any Xbox code. known as Secure Network Operations (“SNOsoft”), Although the DMCA includes exceptions for received the DMCA threat after releasing software in circumvention for computer security testing and July 2002 that demonstrated vulnerabilities that HP