November 22, 2024

U.S. Copyright May Get Harsher and Broader

Rep. Lamar Smith is preparing to introduce a bill in Congress that would increase penalties for copyright infringement and broaden the scope of the DMCA and other copyright laws, according to a news.com story. (The story seems to get some details of the bill wrong, so be sure to look at the bill itself before drawing conclusions.)

The bill would increase penalties for small-scale, noncommercial copyright infringement beyond even their current excessive levels. For example, noncommercial distribution of copyrighted material worth $2500 or more would carry a maximum sentence of ten years in Federal prison. Even attempting to commit that level of infringment would potentially carry a ten-year sentence. That’s the same maximum sentenced faced by bribe-taking Congressman Duke Cunningham, whose corruption probably cost taxpayers millions of dollars. It’s also more than the average Federal sentence for manslaughter (33 months), sexual abuse (73 months), arson (87 months), fraud (14 months), embezzlement (7 months), bribery (10 months), or racketeering/extortion (72 months).

The bill would also expand the scope of copyright in several respects. Most interesting to readers here is an expansion of the DMCA’s anticircumvention rules.

Recall that Section 1201 of the DMCA bans circumvention of technical protection mechanisms (TPMs), and also bans trafficking in circumvention devices. The Smith bill would expand the trafficking ban, by redefining “trafficking” as follows:

[T]he term ‘traffic in’ means to transport, transfer, or otherwise dispose of, to another, or to make, import, export, obtain control of, or possess, with intent to so transport, transfer, or dispose of.

In short, where the law now bans distribution of a circumvention device, the bill would also ban possession of a circumvention device with intent to distribute it.

This bill, if passed, would probably increase the DMCA’s chilling effect on research. Currently, a researcher can steer clear of the trafficking provision by keeping any circumvention devices to himself, using those devices himself (lawfully) in the lab. If the Smith bill passes, the researcher would have to worry that a plaintiff or prosecutor will misjudge his intent and bring a case, and that a judge or jury might be convinced that the researcher was eventually planning to distribute the device. Even if the claim of bad intent is baseless, refuting it will be slow, painful, and expensive.

I’m eager to hear the rationale for these expansions. But I wouldn’t be surprised if no rationale is offered, beyond the standard “piracy is bad” mantra or vague claims to be “rationalizing” the statute.

RIAA Says Future DRM Might "Threaten Critical Infrastructure and Potentially Endanger Lives"

We’re in the middle of the U.S. Copyright Office’s triennial DMCA exemption rulemaking. As you might expect, most of the filings are dry as dust, but buried in the latest submission by a coalition of big copyright owners (publishers, Authors’ Guild, BSA, MPAA, RIAA, etc.) is an utterly astonishing argument.

Some background: In light of the Sony-BMG CD incident, Alex and I asked the Copyright Office for an exemption allowing users to remove from their computers certain DRM software that causes security and privacy harm. The CCIA and Open Source and Industry Association made an even simpler request for an exemption for DRM systems that “employ access control measures which threaten critical infrastructure and potentially endanger lives.” Who could oppose that?

The BSA, RIAA, MPAA, and friends – that’s who. Their objections to these two requests (and others) consist mostly of lawyerly parsing, but at the end of their argument about our request comes this (from pp. 22-23 of the document, if you’re reading along at home):

Furthermore, the claimed beneficial impact of recognition of the exemption – that it would “provide an incentive for the creation of protection measures that respect the security of consumers’ computers while protecting the interests of the record labels” ([citation to our request]) – would be fundamentally undermined if copyright owners – and everyone else – were left in such serious doubt about which measures were or were not subject to circumvention under the exemption.

Hanging from the end of the above-quoted excerpt is a footnote:

This uncertainty would be even more severe under the formulations proposed in submissions 2 (in which the terms “privacy or security” are left completely undefined) or 8 [i.e., the CCIA request] (in which the boundaries of the proposed exemption would turn on whether access controls “threaten critical infrastructure and potentially endanger lives”).

You read that right. They’re worried that there might be “serious doubt” about whether their future DRM access control systems are covered by these exemptions, and they think the doubt “would be even more severe” if the “exemption would turn on whether access controls ‘threaten critical infrastructure and potentially endanger lives’.”

Yikes.

One would have thought they’d make awfully sure that a DRM measure didn’t threaten critical infrastructure or endanger lives, before they deployed that measure. But apparently they want to keep open the option of deploying DRM even when there are severe doubts about whether it threatens critical infrastructure and potentially endangers lives.

And here’s the really amazing part. In order to protect their ability to deploy this dangerous DRM, they want the Copyright Office to withhold from users permission to uninstall DRM software that actually does threaten critical infrastructure and endanger lives.

If past rulemakings are a good predictor, it’s more likely than not that the Copyright Office will rule in their favor.

The DMCA Should Not Protect Spyware

Yesterday was the deadline to submit requests for limited exemptions from the DMCA’s ban on circumvention of access control technologies. This happens every three years. Alex Halderman and I submitted a request, asking for an exemption that would allow the circumvention of compact disk copy protection technologies that have certain spyware-ish features or create security holes. We’d like to thank Aaron Perzanowski and Deirdre Mulligan of the Samuelson Clinic at UC Berkeley, whose great work made this possible.

Many people decided not to submit exemption requests in this round, because of the way previous rounds have been handled. For example, the EFF argues that the process is so strongly tilted against exemptions, and the Copyright Office tries so hard to find excuses not to grant exemptions, that there is no point in asking for one. Even Seth Finkelstein, the only person who has had any real record of success in the process, decided to sit out this round. I submitted requests for research-related exemptions in 2000 and 2003; and having seen how those requests were handled, I sympathize with the skeptics’ position.

Nevertheless, I think it’s worth asking for this exemption, if only to see whether the Copyright Office will acknowledge that copy protection technologies that install spyware or otherwise endanger the security or privacy of citizens are harmful. Is that too much to ask?

To most readers here, the most interesting paragraph of our exemption request is this one:

Researchers like Professor Edward Felten and Alex Halderman waste valuable research time consulting attorneys due to concerns about liability under the DMCA. They must consult not only with their own attorneys but with the general counsel of their academic institutions as well. Unavoidably, the legal uncertainty surrounding their research leads to delays and lost opportunities. In the case of the CDs at issue, Halderman and Felten were aware of problems with the XCP software almost a month before the news became public, but they delayed publication in order to consult with counsel about legal concerns. This delay left millions of consumers at risk for weeks longer than necessary.

The DMCA exemption process continues, with reply comments due February 2.

Recommended Reading: Crime-Facilitating Speech

Eugene Volokh has an interesting new paper about Crime-Facilitating Speech (abridged version): “speech [that] provides information that makes it easier to commit crimes, torts, or other harms”. He argues convincingly that many free-speech cases pertain to crime-facilitating speech. Somebody wants to prevent speech because it may facilitate crime, but others argue that the speech has beneficial effects too. When should such speech be allowed?

The paper is a long and detailed discussion of this issues, with many examples. In the end, he asserts that crime-facilitating speech should be allowed except where (a) “the speech is said to a few people who the speaker knows are likely to use it to commit a crime or to escape punishment”, (b) the speech “has virtually no noncriminal uses”, (c) “the speech facilitates extraordinarily serious harms, such as nuclear or biological attacks”. But don’t just read the end – if you have time it’s well worth the effort to understand how he got there.

What struck me is how many of the examples relate to computer security or copyright enforcement. Many security researchers feel that the applied side of the field has become a legal minefield. Papers like this illustrate how that happened. The paper’s recommendations, if followed, would go a long way toward making legitimate research and publication safer.

DMCA, and Disrupting the Darknet

Fred von Lohmann’s paper argues that the DMCA has failed to keep infringing copies of copyrighted works from reaching the masses. Fred argues that the DMCA has not prevented “protected” files from being ripped, and that once those files are ripped they appear on the darknet where they are available to everyone. I think Fred is right that the DMCA and the DRM (anti-copying) technologies it supports have failed utterly to keep material off the darknet.

Over at the Picker MobBlog, several people have suggested an alternate rationale for the DMCA: that it might help raise the cost and difficulty of using the darknet. The argument is that even if the DMCA doesn’t help keep content from reaching the darknet, it may help stop material on the darknet from reaching end users.

I don’t think this rationale works. Certainly, copyright owners using lawsuits and technical attacks in an attempt to disrupt the darknet. They have sued many end users and a few makers of technologies used for darknet filesharing. They have launched technical attacks including monitoring, spoofing, and perhaps even limited denial of service attacks. The disruption campaign is having a nonzero effect. But as far as I can tell, the DMCA plays no role in this campaign and does nothing to bolster it.

Why? Because nobody on the darknet is violating the DMCA. Files arrive on the darknet having already been stripped of any technical protection measures (TPMs, in the DMCA lingo). TPMs just aren’t present on the darknet. And you can’t circumvent a TPM that isn’t there.

To be sure, many darknet users break the law, and some makers of darknet technologies apparently break the law too. But they don’t break the DMCA; and indeed the legal attacks on the darknet have all been based on old-fashioned direct copyright infringement by end users, and contributory or vicarious infringement by technology makers. Even if there were no DMCA, the same legal and technical arms race would be going on, with the same results.

Though it has little if anything to do with the DMCA, the darknet technology arms race is an interesting topic in itself. In fact, I’m currently writing a paper about it, with my students Alex Halderman and Harlan Yu.