March 4, 2009

The US Digital Millenium Copyright Act

by Michael Tyson in Geekspeak

This was a paper I wrote for the third year of my Computer Science bachelor degree in 2004. It’s obviously relatively old now, but the DMCA still exists and I thought I might post it here – researching the paper was how I was introduced to the DMCA, and I was reminded of it when posting the previous article on a new Swedish law

With the advent of the ‘information age’, unauthorised reproduction of copyrighted works has become far easier. The tools to reproduce such material in any desired form are freely available, as are tools to distribute this material to others all over the world. Piracy is commonplace, with use of interned-based file sharing systems such as Kazaa and eDonkey becoming vastly widespread. 2003 revealed software piracy losses of $341 million AUD in Australia, and $6,496 million AUD in the United States (Australian Institute of Criminology).

In an environment where, feasibly, only one individual needs to purchase a copy of a work to enable the whole world to gain access, various industries – such as the music, film and software industries – are growing increasingly concerned.

An international treaty drafted by the World Intellectual Property Organisation (WIPO), defined a requirement that participating parties “provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty…” (WIPO Copyright Treaty, Article 11). In order to implement this requirement, the Digital Millennium Copyright Act (DMCA) was signed into U.S. law on October 28, 1998.

The controversial act, labeled by some as unconstitutional and a threat to public liberty and free speech, states that “No person shall circumvent a technological protection measure that effectively controls access to a (protected work)” (DMCA, Section 103). It constitutes a protection of software that restricts access to copyrighted material, and outlaws any effort to circumvent this software.

Since coming into effect, the DMCA has been frequently drawn upon for purposes outside of the original expected scope of the Act. In several instances, it has been used by companies to suppress the publication of research into security flaws in their products. Prominent security and cryptology researchers are now choosing to leave their fields out of fear of the DMCA, and security conferences are leaving the U.S. for safer countries.

The DMCA has been used by Sony to maintain a monopoly over production of Playstation console games, Adobe and the U.S. Government have attacked a Russian company for writing software that enables eBooks to be read on braille displays, and a student has been taken to court after submitting a post online explaining that holding down the Shift key disables copy protection on some audio CD’s.

Contrary to the expectations of Congress, the DMCA, as stated by the Electronic Frontier Foundation, “Chills free expression and scientific research”, “jeopardizes fair use”, and “impedes competition and innovation” (EFF, ‘Five Years under the DMCA’).

Dimitry Skylarov

Russian programmer Dimitry Sklyarov was arrested and jailed for breach of the DMCA in 2001, a criminal charge, launching a high-profile case that was the first instance of the U.S. government’s prosecution of a software development company for creating a system for circumvention of a technological protection.

Sklyarov and his employer, ElcomSoft, had created a system that was able to convert the encryption-protected Adobe e-Books into the standard Adobe PDF format. This converted file could then be used to read the book on a braille display, read the text aloud using a text-to-speech engine, print the book out for reading away from the computer, or simply to retain a non-encrypted copy of the book that doesn’t require a specific piece of software to read it.

It could also be used to make unencrypted copies for unauthorised redistribution, although Sklyarov and ElcomSoft were never accused of doing so, or accused of creating the software with this purpose in mind.

Following a notification from Adobe regarding the software, the U.S. government, the plaintiff, arrested Sklyarov in Los Vegas, on a visit to the U.S. to attend a technical conference, and jailed him for 22 days until release on bail of $50,000. Adobe eventually withdrew their complaint, and the U.S. Government ultimately dropped the charges against Skylaro and allowed him to return home to Russia, on the condition that he testify against his employer.

Groups supporting the U.S. Government in its prosecution (namely e-Book publishers) maintain that the activities of the Russian programmer and software development company are unethical and their prosecution under the DMCA is correct. In a press release, Patricia Schroeder, president and CEO of the American Association of Publishers, stated “It’s only common sense to expect that, if the public wants desirable books to be available online and through other digital media like the Adobe Reader, the authors and publishers who have the legal rights to commercially exploit such works in the global digital marketplace must have reasonable assurances that the market value of their works can be protected from the extraordinary risks of illegal reproduction and distribution that are made possible by the capabilities of digital media.” (Ebookweb) These responses are to be expected, yet they fail to take into account the price of these assurances. This legal protection hardly seems worthwhile if the cost is the loss of the right to ‘fair use’, or the right to free speech.

The software created by Sklyarov and ElcomSoft is entirely legal in their home country, Russia. Sklyarov’s case was complicated by the fact that he is not a U.S. citizen. The activities that made him a criminal in the U.S. were perfectly legal in Russia; He did not necessary even know these activities were illegal in the U.S. This raises questions about jurisdiction as well as questions about the breadth of the DMCA.

The sole purpose of the software was to reinstate the ‘fair-use’ rights that are removed by the protection systems. The fact that a programmer can be jailed for development of software that extends the usefulness of a product is highly surprising and disturbing. Many groups maintain that it is a flaw of the DMCA that allowed the prosecution of Sklyarov and ElcomSoft. The unprecedented broadening of the copyright laws that the DMCA represents is stifling the development of useful technologies by making criminals out of developers.

It is disturbing also that the charges brought against Sklyarov were criminal, not just civil. Such a serious charge hardly matches the ‘crime’. This case shows the DMCA is not only an over-broadening of the copyright laws, but an over-deepening too, permitting alleged infringements to be treated as criminal.

Beausoft

In August 2001, New Zealand software company Beausoft updated its web-cam viewer software to maintain functionality, after Silicon Valley webcam site operator SpotLife changed their system. Shortly afterwards, Beausoft’s owner Bob Prangnell received threats of legal action under the DMCA from SpotLife.

SpotLife, who have since been acquired by Logitech, stated that Prangnell had “broken their protection scheme” (NZ Herald). Prangnell was forced to comply and remove the new additions to his software.

This case again raises questions about jurisdiction: Whether or not a law such as the DMCA should be applicable internationally is a question that appears to have an obvious answer, and yet the DMCA continues to threaten non-U.S. citizens.

The main point of interest in Beausoft’s case is the enormous breadth of power given to SpotLife by the DMCA. That Beausoft’s activities can constitute circumvention of copyright protection measures is a clear indication that the Act is vague and overly broad. SpotLife threatened Prangnell in an attempt to protect their highly inadequate security measures, arguably a easier and cheaper response than redesigning their system security. It is disturbing that the DMCA is usable for these ends, as it immediately suppresses any research into system security. The result of this is that security measures never undergo lawful and open external scrutiny, resulting in poor, untested systems.

DeCSS

In 1996, the proprietary DVD copy protection scheme known as CSS – Content- scrambling system – was introduced. CSS is an encryption protection mechanism that makes uses of key-based encryption. Player manufacturers are licensed with a player key, which is used to decrypt the video stream on the disc, using a disc key. A department of the Motion Picture Association of America (MPAA), named the DVD Copy Control Association (DVD-CCA) licenses these player keys for a fee.

After the DVD-CCA refused to license a key to the open source community to enable development of open source players, 16 year old Norwegian programmer Jon Johanson reverse-engineered the CSS system, and posted the resulting source code, entitled ‘DeCSS’ on a message board. This system allows DVD owners to view their DVDs under Linux, and extend their usefulness.

Following the original posting of the DeCSS code, others distributed it elsewhere, or created hyperlinks to the code. Soon afterwards, around the beginning of 2000, the MPAA began legal action against website owners, magazines, and DeCSS T-Shirt retailers, under the DMCA. (It is an amusing side note that a legal submission by DVD- CCA President John Hoy contained the entirety of the DeCSS source code, open to the public.) CSS does not stop piracy, as DVD pirates are able to simply copy the encrypted DVD, which can be played in an authorised player, just like the original. It allows tight controls to be placed on how a DVD is used, in theory limiting the ease with which DVDs can be copied and distributed.

Following the initial legal action against those providing access to the DeCSS code, many others protested by posting the code up in a variety of novel ways. A 456-stanza haiku, with lines of five, seven and five syllables, was written (decss-haiku, along with several recorded songs.

These productions explored the extent of the DMCA, and existed to test the boundaries of ‘speech’: Does a poem, song or T-shirt expose the author to prosecution through the DMCA?

More central to the debate is that of ‘fair use’ rights. As in Sklyarov’s case, there was never any intention to pirate DVDs. DeCSS was developed to enable users of unsupported operating systems like Linux to watch legally purchased DVDs. This is entirely within the ‘fair rights’ boundaries laid down by copyright law, and yet falls foul of the DMCA because of the circumvention provisions.

OPG vs. Diebold

Diebold Election Systems are developers of U.S. electronic voting systems, responsible for approximately 80% of U.S. election votes counted. After a security leak in 2003, a large quantity of internal documentation was distributed online by various groups. This documentation included staff communications, and bug tracker lists, documenting some outstanding and as yet unfixed critical system security bugs. It revealed gross system insecurity, including the fact that the entire system is based on a Microsoft Access database with no sanity checking systems in place. With physical access to a computer running Diebold’s system, it is a simple matter to modify the total vote counts, while keeping the change entirely untraceable.

Diebold began attempts to stop the circulation of the documentation by launching legal action against Online Service Providers hosting websites containing the documents, citing breach of the ‘Online Copyright Infringement Liability Limitation Act’ provisions of the DMCA, that represent ‘safe harbour’ to online providers if they take down offending material.

Non-profit provider OPG, along with two students hosting the material, fought back, with the not inconsiderable legal support of the Electronic Frontier Foundation (EFF), amidst a host of support from many other groups. Recently, in October 2004, Diebold’s use of the DMCA was found to be unlawful, and charges were dropped. Although this case ended well, and good precedents have been set, it remains a concern that the potential to suppress this free speech lies within the DMCA. The Wikipedia article on Diebold Election Systems states that the ruling that Diebold’s prosecution was unlawful “was surprising to some scholars”, as Diebold “actually had valid copyrights to some of the memos”. There was a possibility that the ruling could’ve gone in Diebold’s favour, as the ‘fair use’ policy under which the memos would fall is a grey area. The victory was not at all assured, and subsequent cases may have different outcomes. Diebold attempted to use the DMCA to suppress information regarding their serious security flaws. This is clearly outside of the original intended scope of the DMCA, demonstrating that the Act is vague and overly broad. The insecurity of this critical system caused controversy enough, but the possibility of future information like this being suppressed with the DMCA is deeply worrying.

Comments

The purpose of copyright laws are to encourage and support creativity, to reward artists and developers by enabling them to profit from their efforts. The DMCA was formed in an attempt to maintain this concept, by keeping up with technological advances which make the task of protecting copyright much more difficult.

The DMCA represents a broadening of copyright laws, giving unprecedented control to copyright owners, providing legal support for copyright protection measures. Rights owners can now add systems to restrict access to legally purchased works, thereby entirely controlling usage, in theory. Any attempt to get around these mechanisms is a criminal offense. The DMCA consequently also protects the manufacturer of a defective product by making it illegal to demonstrate the product’s defects.

The Act has nevertheless received some support. It has been praised as an appropriate and necessary response to technological advances. In an article written by Raymond T. Nimmer, a law professor at the University of Houston, the DMCA is described as seeking to “restate the balance (of copyright law) and to restore the incentives promoting innovation and creative works” (R. Nimmer). Nimmer addresses one of the primary concerns of those opposed to the DMCA, the suppression of free speech, by stating that most DMCA-related cases do not involve speech, and those that do are constitutionally restricted to have a minimal impact on speech.

What these arguments fail to address is the nature and importance of speech itself. As stated by DMCA opposition group Anti-DMCA, “Mathematicians use symbols. The Deaf speak with their hands. Programmers speak in code.” (anti-dmca.org). In order to accurately pass on a concept, verbal communication (“speech”) does not necessarily suffice, and more precise communication methods are required. It has been argued that the suppression of code is suppression of speech.

The Act has received far more public opposition than support. Many groups have sprung up, claiming the DMCA is unconstitutional, suppresses free speech, and has a chilling effect on research and development.

One particular concern is that by rendering research into existing security measures illegal, security will be compromised by lack of testing. Instead of permitting open debate over a system’s security, the DMCA suppresses any discussion. This will ultimately have a negative impact on security, as system flaws are discovered by those who seek to exploit them, as opposed to those who are willing to share their discovery so a solution can be found. In this respect, the DMCA is highly counter-productive.

In the few years that the DMCA has been in effect, many cases have demonstrated that the Act is a sloppy, overly broad and vague piece of legislation. Vague laws have their highest negative impact on small groups, who lack the resources for a legal battle. As shown by Beausoft’s plight, even though it appeared clear that the threats were unjust and legally shaky, Beausoft’s owner Bob Prangnell lacked the resources to fight. Consequently, the DMCA places an extraordinary amount of power in the hands of larger companies, who may make use of it for unethical purposes.

The same applies to other anti-circumvention laws, like those incorporated in to Australia’s Digital Agenda Act of 2001, which states “it is illegal to make or deal commercially in devices or services that have only a limited commercial purpose other than the circumvention of technological copyright protection measures.” The Open Source community is particularly concerned over these laws. If Jon Johansen, author of DeCSS, were stopped by the DMCA, Linux would not have DVD playing capabilities, a huge hit to usability, when comparing functionality with that of Microsoft Windows, or Mac OS X.

Many users wish to explore other non-standard avenues of usage of purchased materials, and wish to tinker with hardware and software they own. They may want to take an eBook, convert it to plain text, and have it read aloud by a text-to-speech engine, or extract copy-protected CD tracks for listening without the necessity of carrying a CD. Anti-circumvention laws would make all of this illegal, regardless of fair use rights. The DMCA and other anti-circumvention laws are inappropriate and ‘overkill’ responses to a changing technological environment. The entire paradigm of selling physical items such as books or records, is no longer applicable to today’s ‘digital age’, where we can carry books on our mobile phones, or our entire music collection on a small digital player in our pocket.

Many groups have proposed other ways to ensure artists and developers are financially awarded for their creativity. Advertising-based systems have already been established, where artists are paid by the fees from site advertisers. Donation systems have been set up also, where fans can use online payment gateways to leave a donation. Opt-out donation systems have also been proposed, where listeners have the choice not to leave a donation.

There are current movements to reform the DMCA. U.S. Rep. Rick Boucher’s Digital Media Consumers’ Rights Act (DMCRA) seeks to repair the flaws in the DMCA, to reinstate fair rights and free speech. The DMCRA “reaffirms Fair Use”, thereby permitting circumvention of technological measures, provided this does not result in copyright infringement. It also “restores valid scientific research”, by allowing production of tools for “scientific research into technological protection measures”. With the good precedents that have been set in the cases that have arisen in the five years since the Digital Millennium Copyright Act came into effect, and the possibilities of future reform, the future is not entirely bleak. Courts thus far have made reasonable rulings, and will likely continue to do so.

Although the DMCA and similar laws are worrying, they are likely to be refined over time to form a compromise between the rights of artists, publishers and developers, and the rights of the public.

Michael Tyson, 2004

Resources

U.S. Copyright Office, WIPO Copyright Treaty

http://www.aic.gov.au/topics/cybercrime/stats/piracy.html

http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act

http://en.wikipedia.org/wiki/DeCSS

http://en.wikipedia.org/wiki/Diebold_Election_Systems

http://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act

http://en.wikipedia.org/wiki/Digital_Media_Consumers%27_Rights_Act

United States Digital Millennium Copyright Act of 1998

http://www.eff.org/IP/DMCA/?f=unintended_consequences.html

http://www.eff.org/legal/ISP_liability/OPG_v_Diebold/

http://www.house.gov/boucher/docs/dmcrahandout.htm

Nimmer, Raymond T., “First Amendment Speech and The Digital Millennium Copyright Act: A Proper Marriage” . COPYRIGHT AND FREE SPEECH – COMPARATIVE AND INTERNATIONAL ANALYSES, Jonathan Griffiths, Uma Suthersanen, eds., Oxford University Press, February 2005 http://ssrn.com/abstract=572886

Larry Lessig, “Jail time in the Digital Age”, July 2001, http://www.eff.org/IP/DMCA/US_v_Elcomsoft/20010730_lessig_oped.html

Electronic Book Web, Wade Rousch,“Publishers Split on Sklyarov Case”, 2001 http://12.108.175.91/ebookweb/stories/storyReader$89

http://anti-dmca.org

New Zealand Herald, Adam Gifford, “NZ software developer bows to US threat of legal action”, August 2001

http://www.nzherald.co.nz/storydisplay.cfm?storyID=211491

Scoop, Bev Harris, “Inside a U.S. Election Vote Counting Program”, July 2003 http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

Linux Australia, “DMCA and the Open-Source Community” http://old.linux.org.au/papers/no-dmca.html

DMCRA http://www.house.gov/boucher/docs/dmcrahandout.htm