1 The Digital Millennium Copyright Act David S. Touretzky Computer Science Department Carnegie Mellon University November, 2001
2 Digital Millennium Copyright Act Enacted in Added new copyright regulations (Title 17, US Code) concerning: –access controls/digital rights management –liability limitations for ISPs –broadcasting music on Internet radio stations
3 Anti-Circumvention Provision 17 USC 1201(a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title. –Can’t watch encrypted DVDs at home using an unapproved (open-source) DVD player. –Can’t decrypt your lawfully purchased eBook.
4 Anti-Trafficking Provision 17 USC 1201(a)(2): No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product service, device, component, or part thereof that –(A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
5 –(B) has only limited commercially significant purpose or use other than to circumvent... –(C) is marketed by that person … for use in circumventing a technological measure that effectively controls access to a work protected under this title. You can sell digital signal processors, but you can’t sell cable TV descramblers.
6 Anti-Trafficking: Copying 17 USC 1201(b)(1): No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that –(A) is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title...
7 Escape Clause 1 17 USC 1201(c)(1): Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title. –1201 isn’t about copyright infringement. –But if A circumvents, B can make fair use of the fruits of A’s crime.
8 Escape Clause 2 17 USC 1201(c)(4): Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products. –Dismissed as “precatory language” (pleading) by 2nd Circuit Court of Appeals.
9 Exemptions to Anti-Circumvention 1201(d) - Libraries 1201(e) - Law enforcement 1201(f) - Reverse engineering of software 1201(g) - Encryption research 1201(h) - Protect minors from the Internet 1201(i) - Protect personally identifying info 1201(j) - Security testing
10 Library Exemption 1201(d)(1) says libraries, archives, and educational institutions may circumvent access controls… to gain access to a work… to decide whether to purchase it. But...
11 The Librarians’ Catch (d)(4) says the exemption in (d)(1) cannot be used as a defense to a claim under the anti-trafficking provisions, and... Libraries may not manufacture, import, etc., any technology, product, service, etc., which circumvents a technological measure. So how can they acquire the tools to circumvent under (d)(1)?
12 Reverse Engineering 1201(f) - allows circumvention of access controls to permit reverse engineering of software programs to achieve interoperability with other programs. Doesn’t apply to hardware, such as DVD players and media. “Interoperability” does not mean bypassing another program’s access/copying controls.
13 Encryption Research 1201(g) - cracking permissible when: –lawfully obtained copy of the encrypted work –good faith effort to obtain permission to crack –no copyright infringement or computer abuse –information gained is disseminated in a manner calculated to advance state of knowledge –cracker has respectable credentials –copyright owner notified of results
14 Librarian of Congress Reports Special cases designated by the Librarian of Congress as exempt from 1201(a)(1)(A): –1. Encrypted list of blocked sites used by censorware programs such as CyberPatrol –2. “Broken” access control mechanisms. But 1201(a)(2) still applies, so providing the tools to make use of these exemptions is still illegal!
15 Part II Why Is Code Protected Speech?
16 Is Code Speech? Bernstein v. U.S. Dept. of State –Snuffle encryption algorithm (a “munition”) is speech –“functional aspect”; maybe object code isn’t speech Junger v. Daley –cryptography textbook with code also provided on diskette DVD-CCA v. Bunner et al. –California DVD case: 1st Amdt. trumps trade secret law Universal City Studios v. Reimerdes –2600 DVD case: even object code is speech
17 What’s Special About Code? Bomb-making instructions are not a bomb. The recipe for LSD is not a drug. A drawing of a gun is not a weapon. –All are fully protected speech. But a copy or listing of a computer program is a computer program. –Why should that make code less protected?
18 “Code is Dangerous” Argument Software has a functional aspect: –Software can instantly instruct computers to do antisocial things. This makes software more dangerous than other types of speech that only instruct slow, lazy humans.
19 But Code Isn’t Dangerous Computer programs don’t do anything. –They are merely expressions of ideas. DeCSS does not pirate DVD movies. –A person must insert the DVD into a drive, load DeCSS onto a digital computer, and run it. Where have we seen this argument before?
20 Guns Don’t Kill People: People Do
21 Treat Software Like Guns? Restrictions on possession of guns and controlled substances are constitutional. –Doesn’t interfere with the expression of ideas. Can we restrict publication of software without restricting the expression of ideas?
22 The “No Ideas Here” Strategy Claim: some programs are purely functional and do not express ideas. –Is object code purely functional? –Is css_descramble.c purely functional because it relies on long boring tables of numbers? –Only code published in textbooks or journal articles expresses ideas?
23 Ideas That Code Can Express “X” is possible: here’s an existence proof. My way of doing “X” is better than the other guy’s way. –Runs faster / Less memory / Shorter code “X” is trivial. –Winstein & Horowitz’ qrpff.pl is 472 bytes!
24 DVD Decryption in Perl #!/usr/bin/perl # 472-byte qrpff, Keith Winstein and Marc Horowitz # MPEG 2 PS VOB file -> descrambled output on stdout. # usage: perl -I : : : : qrpff # where k1..k5 are the title key bytes in least to most-significant order b=map{ord |256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q)) >8^(E&(F=(S=O>>14&7^O) ^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=110&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E It is Illegal to Display This Slide
25 “Imminent Peril” Strategy Courts now accept that code is speech. But speech that poses a specific and imminent threat of harm is not protected. –“Let’s kill all the lawyers” is protected. –“Kill that lawyer with this gun now” is not. Could publishing computer code meet this test? “Computers make crime too easy.”
26 WARNING: You are only one mouse click away from destroying the motion picture industry! Click here to continue...
27 Counting Mouse Clicks Judge Kaplan enjoined 2600 from distributing the DeCSS source. –2600 responded by posting links to mirror sites. Judge Kaplan enjoined 2600 from linking to mirror sites: only a mouse click away. –So 2600 published the URLs as plaintext. 2nd Circuit: now it takes four mouse clicks. –How many mouse clicks are enough?
28 When Does Code Not Pose an Imminent Danger? Executable binary -- extremely dangerous! Compilable source -- very dangerous. Screen dump (a “picture” of the code)? Code printed on a t-shirt? Algorithm expressed in a formal language for which there is no compiler? –So it’s not really “code”?
29 When Is Code Not Dangerous? Algorithm translated line-by-line into machine-generated English? –Poses threat of reverse-translation. Algorithm expressed in colloquial English? –Professor Felten, call your lawyer. Impure thoughts about an algorithm? –1201(a)(1) says thou shalt not “manufacture”!
30 Where to Draw the Line? Conservative: only ban binaries and compilable/interpretable source. –Too easy to work around. Liberal: ban anything that can potentially be turned into executable code. –First Amendment doesn’t permit this.
31 Conclusions Restricting only the publication of imminently dangerous “code” will prove unworkable in practice. –Counting mouse clicks is silly. –Code can take many forms. –Computers will soon understand English. Truly effective restrictions require the censorship of “dangerous ideas.”
32 The Censorship of Ideas Is Intolerable