December 9, 2022

MPAA Revises Model Super-DMCA Legislation

The MPAA has drawn up a significantly revised version of its model Super-DMCA language. Although it will take some time to analyze the new language, it’s clearly an important step in the right direction.

Another Egregious Super-DMCA Provision

I have written before about the danger posed by the Super-DMCA’s ban on concealing the origin or destination of communication. I want to turn your attention now to a much more egregious provision of these bills – the ban on devices and information.

Here is the relevant portion of the MPAA’s model legislative language:

Any person commits an offense if he knowingly:

(4) possesses, uses, prepares, distributes, sells, gives, transfers or offers, promotes or advertises for sale, use or distribution any:

(ii) material, including hardware, cables, tools, data, computer software or other information or equipment … for use in the manufacture, assembly or development of an unlawful access device; …

The term at the end, “manufacture, assembly or development of an unlawful access device”, is defined this way:

To […] or modify, alter, program or reprogram any instrument, device, machine, equipment, technology or software so that it is capable of defeating or circumventing any technology, device or software used by the provider, owner or licensee of a communication service, or of any data, audio or video programs or transmissions, to protect any such communication, data, audio or video services, programs or transmissions from unauthorized receipt, interception, acquisition, access, decryption, disclosure, communication, transmission or re-transmission, or to knowingly assist others in those activities.

Note the breadth of this language – to be in violation, the device need only be capable of circumventing a measure that somebody uses to protect their data from unauthorized receipt, interception, acquisition, access, decryption, disclosure, communication, transmission or re-transmission.

This is stunning in its overbreadth. Any device that is even capable of illegal uses is banned, and even information that could be used to build such a device is banned.

This would appear to make most computer security research illegal, since it would be illegal to even talk about how somebody might to try defeat a security measure. As a computer security researcher, I consider that a big problem. In this case, though, that problem is small potatoes compared to the greater harm this part of the bill would do.

As a thought experiment, let’s try applying this approach to the regulation of non-technological goods. Imagine that it was illegal to make, use, or distribute “material … or information” that was “capable of” being used in a violent attack on another person.

In such a world, virtually all knives would be illegal. Ditto for screwdrivers or any other pointy objects. Hammers are out, too, along with all other blunt, heavy objects, including even rocks. Vehicles are probably out too, since they are capable of being used to attack someone. I could go on, but you get the picture.

Even information about how to make or use any of these dangerous devices would be banned.

Last week I asked my class if they could think of any technological tools that are capable of only illegal uses, or of only legal uses. They were hard pressed to think of any. That’s the nature of tools – they’re designed to be flexible and to admit a wide variety of uses. To ban every tool that might possibly be used illegally, and to ban even information about such tools, is simply madness.

Reports from Today's Massachusetts Super-DMCA Hearing

A Massachusetts legislative committee held a hearing today about their super-DMCA bill. By all reports, the committee got the message loud and clear about the drawbacks of the bill. John Palfrey and Derek Slater were there and describe what happened.

MPAA Circulating Model Super-DMCA Legislation

The Super-DMCA bills are based on model legislation that has been circulated by the MPAA. I now have the text of the model legislation (Word format; PDF), along with a summary of it also circulated by MPAA (Word format; PDF).

Predictably, the summary makes no mention of the ban on concealing message origin or destination.

Colorado Super-DMCA Delayed

The Colorado Senate’s consideration of their Super-DMCA bill, originally scheduled for yesterday, has now been deferred until April 7. There is some indication this may have been due to calls from constituents about the bill. In any case, the delay gives Colorado residents more time to contact their representatives and explain the problems with the bill.