Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Get this document free

Berk CS 402

VIEWS: 5 PAGES: 28

									     IMPLICATIONS OF DMCA
      ANTI-CIRCUMVENTION
      RULES FOR RESEARCH

              Pamela Samuelson, SIMS & Law,
              EECS Lecture Colloquium Series,
                       May 8, 2002

May 8, 2002             EECS Lecture Colloquium   1
              OVERVIEW
• Overview of the DMCA rules
• Why research might violate the DMCA
• Statutory and constitutional defenses
• Other DMCA claims to watch out for
• Why the logic of the DMCA may lead to
  outlawing the general purpose computer
  (CBDTVA aka SSSCA)
• Concluding thoughts
May 8, 2002     EECS Lecture Colloquium    2
              17 U.S.C. 1201
• (a)(1)(A): Illegal to circumvent a technical
  measure copyright owners use to control access to
  their works
• (a)(2): Illegal to make/distribute tool to
  circumvent access controls
• (b)(1): Illegal to make/distribute tool to bypass
  other technical measures used by copyright
  owners to protect rights in works
• No counterpart to (a)(1)(A) for bypassing copy
  controls (compromise to enable fair uses?)
May 8, 2002        EECS Lecture Colloquium            3
     1201(a)(1)(A) EXCEPTIONS
• (Relatively) meaningful exceptions:
     – achieving program-to-program interoperability
     – encryption research & computer security testing
     – law enforcement/national security
• Unmeaningful exceptions:
     – library/nonprofit ―shopping‖ privilege
     – privacy protection
     – protecting kids vs. porn
• Ambiguous about fair use preservation 1201 (c)(1)
• LOC rulemaking to make new exceptions
May 8, 2002             EECS Lecture Colloquium          4
      ENCRYPTION RESEARCH
• 1201 (g) & (j) ―legitimate‖ encryption research &
  computer security testing OK
     – Acquisition of content must have been lawful
     – Acts must be necessary & in good faith
     – Must request permission from copyright owner 1st
       (testing--must actually get permission)
     – Must give results to copyright owner (free consulting)
     – Limited dissemination of results (advance knowledge v.
       facilitate infringement—what if paper on Internet?)
     – OK to make (a)(2) tool but silent as to (b)(1) tool

May 8, 2002            EECS Lecture Colloquium              5
              OTHER DMCA RULES
• 1202 protects the integrity of ―copyright
  management information‖ (e.g., watermarks) from
  alteration/removal
• 1203 gives broad remedies to successful plaintiffs
  (injunctions, statutory damages, etc.—even if no
  actual infringements!)
• 1204 makes willful violation of 1201 or 1202 for
  profit/financial gain a crime:
     – up to $500K fine for 1st offense, up to 5 yrs in jail
     – up to $1M for 2nd offense & up to 10 yrs in jail
May 8, 2002              EECS Lecture Colloquium               6
              RIAA v. FELTEN
• RIAA/SDMI/Verance claimed Felten et al. paper
  violated DMCA anti-circumvention rules
     – No violation of 1201(a)(1)(A) because SDMI challenge
       authorized attack during 3 week period
     – Would delivering or publishing a paper on weaknesses
       ―provide‖ a circumvention tool to the public?
     – Did Felten make or adapt a tool to bypass SDMI TMs?
     – Did Felten alter/remove CMI in course of research?
• Huge damages award possible if ―pirates‖ use
  detailed information about weakness to infringe
May 8, 2002            EECS Lecture Colloquium            7
        STATUTORY DEFENSES
• SDMI watermarks are not ―effective‖ technical
  measures within 1201 (weak)
• Paper on weaknesses of a technical measure may
  not ―provide‖ a circumvention technology within
  the statute (quite strong)
• Ambiguity in statute about whether an intent to
  enable infringement is required for 1202 (strong)
• No injury because no infringement attributable to
  paper (weak; UCS v Reimerdes says lack of
  infringement is irrelevant)
May 8, 2002        EECS Lecture Colloquium            8
              OTHER DEFENSES
• Encryption research/computer security exception
     –   SDMI watermarks don‘t use encryption
     –   Hacking them is not computer security testing (as such)
     –   (a)(2) v. (b)(1) problem
     –   No application to 1202
     –   Intended publication on the Internet might facilitate
         infringement
• Court might construe exception broadly as to
  Felten et al., but DMCA caselaw so far takes very
  narrow view of exceptions
May 8, 2002              EECS Lecture Colloquium               9
    1 st      AMENDMENT DEFENSE
• Even if Felten et al. violated the DMCA, the
  Constitution may protect them
• 1st A generally protects a scientist‘s right to
  publish results of lawful research
• Bernstein v. US: cryptographers have 1st A right
  to post source code on the ‗Net to communicate
  scientific ideas in code
• Fact that someone MIGHT do something illegal
  with the information is generally not enough to
  enjoin the speech (e.g., how to make bomb)
May 8, 2002        EECS Lecture Colloquium           10
               FELTEN v. RIAA
• Felten et al. sought a declaratory judgment that:
     – Presenting or publishing the paper not violate 1201 or
       1202
     – 1st A right to publish results of research
• Thereafter, RIAA/SDMI/Verance announced no
  objection to presentation of paper at USENIX
• Court dismissed: no live controversy
• Good news:
     – RIAA backed down
     – Ashcroft brief: Felten‘s intent was to improve security
May 8, 2002             EECS Lecture Colloquium                 11
      1 st    A ONLY GOES SO FAR
• Courts routinely reject 1st A defenses in IP cases
  (Universal v. Reimerdes)
• What if Felten had reverse-engineered the SDMI
  watermarks outside of the SDMI challenge?
     – Might violate 1201(a)(1)(A) if watermarks were
       intended for use as access controls in players
• Is there a constitutional right to do research or to
  reverse engineer technical measures?
     – If can‘t do research, can‘t engage in 1st A speech
     – If RE is conduct, not speech, does 1st A protect it?
May 8, 2002              EECS Lecture Colloquium              12
          OTHER DMCA CLAIMS
• Sony vs. Connectix & Bleem: emulation programs
  said to bypass PlayStation game TPMs
• Sony vs. Gamemaster: game enhancer software
  violated DMCA because bypassed country code
  (gave Sony control over complementary products
  & stopped competition w/ Sony‘s game enhancer)
• Sony vs. Aibohack: threatened lawsuit vs. host of
  website where owners of Aibo robot dogs could
  post programs to make dogs do different tricks
May 8, 2002        EECS Lecture Colloquium        13
     OTHER DMCA CLAIMS (2)
• RealNetworks v. Streambox: enjoined ―VCR‖ that
  bypassed RN authentication procedure & allowed
  personal use copies of streamed content
• Microsoft claimed Slashdot violated DMCA
  because users posted instructions on how to
  bypass click-through license forbidding copying
  or disclosure of interface specification
• Blizzard v. bnetd: open source emulation program
  enabled users to form private game network; RE
  as circumvention; program as circumvention tool
May 8, 2002       EECS Lecture Colloquium        14
     WHY CLAIMS PLAUSIBLE
• Country codes/watermarks/streaming being
  treated as access controls
• Reverse engineering them violates 1201(a)(1)(A)
  unless exception applies
• Making or adapting a tool to reverse engineer
  them violates (a)(2), as does making/distributing
  software capable of bypassing the TPM
• No underlying act of infringement needs to occur
• Fact that no infringement is even possible may be
  irrelevant!
May 8, 2002        EECS Lecture Colloquium            15
   UNIVERSAL v. REIMERDES
• Preliminary injunction vs. Reimerdes &
  Corley/2600 in Jan. 2000 to stop posting of
  DeCSS on web as violation of 1201(a)(2)
• CSS held to be an access control for DVD movies
  (why not a copy-control?)
• DeCSS bypassed CSS
• All statutory & constitutional defenses rejected
• Reimerdes settled; Corley (sadly) did not

May 8, 2002        EECS Lecture Colloquium       16
              BAD DICTA JAN. 2000
• ISP safe harbor rules re copyright infringement don‘t apply
  to 1201 claims; ISP can be strictly liable for user posting
  of circumvention software
• Corley (a mere journalist) lacked standing to raise
  interoperability, encryption research, computer security
  testing, or fair use defenses (even if they might be valid as
  to Jon Johansen) because Corley wasn‘t trying to make an
  interoperable program, do encryption research, or make a
  fair use—think of implications for scientific publishers!!!
• No right to interoperate with data (e.g., DVD movie)

May 8, 2002            EECS Lecture Colloquium               17
              RULING IN AUG. 2000
• Same analysis of 1201(a)(2)
• Shamos testimony on potential harm of DeCSS:
  he used DeCSS to copy movie & distribute via
  Internet with DivX compression
• Judge didn‘t believe Johansen on DeCSS as a
  necessary step to developing Linux player, so
  rejected interoperability defense
• Likened DeCSS to deadly plague, assassination
• Functionality of DeCSS limits 1st A scope

May 8, 2002         EECS Lecture Colloquium       18
 UCS v. CORLEY (2d Cir. 2001)
• Praised & followed Kaplan‘s analysis
• Some good news?
     – Software is 1st A protected speech
       (programmers express themselves in code)
     – No distinction between source & object (object
       code is like Sanskrit)
     – More general affirmation of 1st A protection for
       scientific & technical info (e.g., instructions)
     – ―Intermediate scrutiny‖ applies
May 8, 2002          EECS Lecture Colloquium          19
     MORE ON UCS v. CORLEY
• Little discussion of statutory issues (but rejects as
  ―perversion‖ of 1st sale defense idea that users
  have rights to use access-control content in
  unlicensed technology)
• 1201(c)(1) does not preserve fair use; also Corley
  lacks standing to raise (even if JJ was a fair user)
• Threats/dangers of Internet for copyright owners
  lessen scope of 1st A protection for software (in
  conflict with ACLU v. Reno?)
May 8, 2002          EECS Lecture Colloquium              20
              OTHER DeCSS ISSUES
• DVD-CCA v. Bunner: Calif. Ct. Ap. held that
  Bunner had a 1st A right to post DeCSS on the
  Web even if CSS is a trade secret and even if JJ
  misappropriated it (on appeal to Calif Sup Ct)
• Jane Ginsburg‘s copyright course website links to
  sites where DeCSS can be found
• David Touretsky maintains a ―Gallery of DeCSS
  Expressions‖ on CMU server
• DeCSS source code printed on some T-shirts
• OK to use DeCSS to fast-forward DVD movie?
May 8, 2002        EECS Lecture Colloquium        21
              DMCA TO CBDTPA
• DMCA hasn‘t stopped ―piracy‖
• Digital content won‘t really be secure until DRMs
  are embedded in all interactive digital technology
• Computer/software industry has resisted
  ―voluntary‖ standards on DRM
• Mandating DRMs is the only way to ensure they
  won‘t be competed away
• Broadband deployment has been hindered by
  ―piracy,‖ stronger IPR necessary

May 8, 2002        EECS Lecture Colloquium         22
                PRECEDENTS
• Public legislation:
     – Audio Home Recording Act: serial copy management
       system (SCMS) chips required in consumer grade DAT
       machines
     – 17 U.S.C. sec. 1201(k): future VCRs must build in
       Macrovision anti-copying technology
• Private legislation:
     – Content industry consortium (DVD-CCA) licenses for
       DVD players require installation of CSS
     – SDMI aimed to achieve similar result

May 8, 2002           EECS Lecture Colloquium               23
              S. 2048: CBDTPA
• Consumer Broadband & Digital Television Promotion Act
• Digital media device makers, copyright owners, &
  consumer groups have 12 mo. to reach agreement on
  standard security measures for such devices
• FCC to require installation in all devices (open source
  player likely to be illegal; general purpose computer too)
• If no agreement, FCC will choose security standard
  anyway & mandate it in digital media devices
• Illegal to make or provide digital media device w/o SSM
• Also illegal to remove/alter SSM; criminal penalties
May 8, 2002           EECS Lecture Colloquium              24
        QUESTIONING CBDTPA
• Would impede many beneficial uses of IT
• Would add expense to IT systems
• Would retard innovation & investment in IT
• May make systems more vulnerable to hacking
  (can one virus take down all systems?)
• The government & content industry shouldn‘t tell
  the IT industry how to build its products
• Ill effects for computer science research
• Will rearchitecture of the Internet be next?
May 8, 2002        EECS Lecture Colloquium           25
              REASON FOR HOPE?
• House leadership is not keen on CBDTPA; nor is
  Leahy in Senate
• Rep. Rick Boucher believes in fair use and
  balanced copyright law
• Courts less subject to ―capture‖ than legislature
     – may interpret DMCA to allow research
     – ―bad‖ decisions/dicta may be rejected or narrowed
• People (like you?) believe in sound & balanced IP
  rules, but what does it take to mobilize you?

May 8, 2002            EECS Lecture Colloquium             26
    CONCLUDING THOUGHTS
• Congress passed the DMCA thinking it was
  necessary to stop ―piracy‖
• Content industry got a broader law than necessary
  to achieve this goal—and yet they still want more
• Courts may decline to enjoin research &
  innovative uses under the DMCA
• Technology community can help to make
  Congress aware of broader interests at stake (e.g.,
  innovation, competition, user rights)
• Death by 1000 cuts unless technologists organize
May 8, 2002         EECS Lecture Colloquium         27
              WHAT YOU CAN DO
• Write Diane Feinstein (co-sponsor of CBDTVA),
  other people in Congress about balanced IPRs
• Support EFF & digitalconsumer.org‘s bill of rights
• Participate in USACM public policy activities
• Work with high tech clinic at Boalt
• Join Cornell CS in work vs. CBDTPA
• Help articulate the positive case for open systems
  and general purpose computers/software
• Don‘t let your own research be ―chilled‖
May 8, 2002        EECS Lecture Colloquium        28

								
To top