The Digital Millennium Copyright Act

Document Sample
The Digital Millennium Copyright Act Powered By Docstoc
					The Digital Millennium
    Copyright Act

    David S. Touretzky
Computer Science Department
 Carnegie Mellon University
      November, 2001
 Digital Millennium Copyright Act

• Enacted in 1998.

• Added new copyright regulations
  (Title 17, US Code) concerning:
  – access controls/digital rights management
  – liability limitations for ISPs
  – broadcasting music on Internet radio stations

  Anti-Circumvention Provision
• 17 USC 1201(a)(1)(A): No person shall
  circumvent a technological measure that
  effectively controls access to a work
  protected under this title.

  – Can’t watch encrypted DVDs at home using an
    unapproved (open-source) DVD player.
  – Can’t decrypt your lawfully purchased eBook.
    Anti-Trafficking Provision
• 17 USC 1201(a)(2): No person shall
  manufacture, import, offer to the public,
  provide, or otherwise traffic in any
  technology, product service, device,
  component, or part thereof that
  – (A) is primarily designed or produced for the
    purpose of circumventing a technological
    measure that effectively controls access to a work
    protected under this title;
– (B) has only limited commercially significant
  purpose or use other than to circumvent...

– (C) is marketed by that person … for use in
  circumventing a technological measure that
  effectively controls access to a work protected
  under this title.

   • You can sell digital signal processors, but you can’t
     sell cable TV descramblers.

    Anti-Trafficking: Copying
• 17 USC 1201(b)(1): No person shall
  manufacture, import, offer to the public,
  provide, or otherwise traffic in any
  technology, product, service, device,
  component, or part thereof that
  – (A) is primarily designed or produced for the
    purpose of circumventing protection afforded by
    a technological measure that effectively protects a
    right of a copyright owner under this title ...
            Escape Clause 1
• 17 USC 1201(c)(1): Nothing in this section
  shall affect rights, remedies, limitations, or
  defenses to copyright infringement,
  including fair use, under this title.

  – 1201 isn’t about copyright infringement.
  – But if A circumvents, B can make fair use of
    the fruits of A’s crime.
            Escape Clause 2
• 17 USC 1201(c)(4): Nothing in this section
  shall enlarge or diminish any rights of free
  speech or the press for activities using
  consumer electronics, telecommunications,
  or computing products.

  – Dismissed as “precatory language” (pleading)
    by 2nd Circuit Court of Appeals.
    Exemptions to Anti-Circumvention

•   1201(d) - Libraries
•   1201(e) - Law enforcement
•   1201(f) - Reverse engineering of software
•   1201(g) - Encryption research
•   1201(h) - Protect minors from the Internet
•   1201(i) - Protect personally identifying info
•   1201(j) - Security testing
          Library Exemption
• 1201(d)(1) says libraries, archives, and
  educational institutions may circumvent
  access controls…

      to gain access to a work…

        to decide whether to purchase it.

                    But...                   10
     The Librarians’ Catch-22
• 1201(d)(4) says the exemption in (d)(1)
  cannot be used as a defense to a claim under
  the anti-trafficking provisions, and...
• Libraries may not manufacture, import, etc.,
  any technology, product, service, etc.,
  which circumvents a technological measure.
• So how can they acquire the tools to
  circumvent under (d)(1)?
        Reverse Engineering
• 1201(f) - allows circumvention of access
  controls to permit reverse engineering of
  software programs to achieve
  interoperability with other programs.
• Doesn’t apply to hardware, such as DVD
  players and media.
• “Interoperability” does not mean bypassing
  another program’s access/copying controls.
        Encryption Research
• 1201(g) - cracking permissible when:
  – lawfully obtained copy of the encrypted work
  – good faith effort to obtain permission to crack
  – no copyright infringement or computer abuse
  – information gained is disseminated in a manner
    calculated to advance state of knowledge
  – cracker has respectable credentials
  – copyright owner notified of results
  Librarian of Congress Reports
• Special cases designated by the Librarian of
  Congress as exempt from 1201(a)(1)(A):
  – 1. Encrypted list of blocked sites used by
    censorware programs such as CyberPatrol
  – 2. “Broken” access control mechanisms.
• But 1201(a)(2) still applies, so providing the
  tools to make use of these exemptions is
  still illegal!
           Part II

Why Is Code Protected Speech?

             Is Code Speech?
• Bernstein v. U.S. Dept. of State
        – Snuffle encryption algorithm (a “munition”) is speech
        – “functional aspect”; maybe object code isn’t speech

• Junger v. Daley
        – cryptography textbook with code also provided on diskette

• DVD-CCA v. Bunner et al.
        – California DVD case: 1st Amdt. trumps trade secret law

• Universal City Studios v. Reimerdes
        – 2600 DVD case: even object code is speech
   What’s Special About Code?
• Bomb-making instructions are not a bomb.
• The recipe for LSD is not a drug.
• A drawing of a gun is not a weapon.
  – All are fully protected speech.

• But a copy or listing of a computer program
  is a computer program.
  – Why should that make code less protected?
 “Code is Dangerous” Argument
• Software has a functional aspect:
  – Software can instantly instruct computers to do
    antisocial things.

• This makes software more dangerous than
  other types of speech that only instruct
  slow, lazy humans.

    But Code Isn’t Dangerous
• Computer programs don’t do anything.
  – They are merely expressions of ideas.

• DeCSS does not pirate DVD movies.
  – A person must insert the DVD into a drive,
    load DeCSS onto a digital computer, and run it.

• Where have we seen this argument before?
Guns Don’t Kill People:

      People Do

    Treat Software Like Guns?
• Restrictions on possession of guns and
  controlled substances are constitutional.
  – Doesn’t interfere with the expression of ideas.

• Can we restrict publication of software
  without restricting the expression of ideas?

  The “No Ideas Here” Strategy
• Claim: some programs are purely
  functional and do not express ideas.
  – Is object code purely functional?
  – Is css_descramble.c purely functional
    because it relies on long boring tables of
  – Only code published in textbooks or journal
    articles expresses ideas?

   Ideas That Code Can Express
• “X” is possible: here’s an existence proof.

• My way of doing “X” is better than the
  other guy’s way.
   – Runs faster / Less memory / Shorter code

• “X” is trivial.
   – Winstein & Horowitz’ is 472 bytes!
               DVD Decryption in Perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5> qrpff
# where k1..k5 are the title key bytes in least to most-significant order

b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]<<9

                 It is Illegal to Display This Slide
     “Imminent Peril” Strategy
• Courts now accept that code is speech.
• But speech that poses a specific and
  imminent threat of harm is not protected.
  – “Let’s kill all the lawyers” is protected.
  – “Kill that lawyer with this gun now” is not.
• Could publishing computer code meet this
  test? “Computers make crime too easy.”

       You are only
   one mouse click away
     from destroying
the motion picture industry!

     Click here to continue...

      Counting Mouse Clicks
• Judge Kaplan enjoined 2600 from
  distributing the DeCSS source.
  – 2600 responded by posting links to mirror sites.
• Judge Kaplan enjoined 2600 from linking to
  mirror sites: only a mouse click away.
  – So 2600 published the URLs as plaintext.
• 2nd Circuit: now it takes four mouse clicks.
  – How many mouse clicks are enough?
        When Does Code Not
      Pose an Imminent Danger?
•   Executable binary -- extremely dangerous!
•   Compilable source -- very dangerous.
•   Screen dump (a “picture” of the code)?
•   Code printed on a t-shirt?
•   Algorithm expressed in a formal language
    for which there is no compiler?
    – So it’s not really “code”?
 When Is Code Not Dangerous?
• Algorithm translated line-by-line into
  machine-generated English?
  – Poses threat of reverse-translation.
• Algorithm expressed in colloquial English?
  – Professor Felten, call your lawyer.
• Impure thoughts about an algorithm?
  – 1201(a)(1) says thou shalt not “manufacture”!

     Where to Draw the Line?
• Conservative: only ban binaries and
  compilable/interpretable source.
  – Too easy to work around.

• Liberal: ban anything that can potentially
  be turned into executable code.
  – First Amendment doesn’t permit this.

• Restricting only the publication of
  imminently dangerous “code” will prove
  unworkable in practice.
  – Counting mouse clicks is silly.
  – Code can take many forms.
  – Computers will soon understand English.

• Truly effective restrictions require the
  censorship of “dangerous ideas.”            31
The Censorship of Ideas

     Is Intolerable