The DMCA goes too far

In the long term, the law could affect computer security.

By Fred von Lohmann
Network World, 12/10/01

When Congress debated the Digital Millennium Copyright Act in 1998, critics of the bill warned it would stifle legitimate research, erode the public's fair use rights and compromise the security of computer networks. However, lobbyists for the entertainment and software industries persuaded Congress that the law was narrowly tailored to battle digital piracy. Three years later, it is clear that the critics were right.

The centerpiece of the DMCA is its so-called "anticircumvention" provisions, which created several new rules intended to protect copyright owners. One provision bans acts of circumvention, making it unlawful to bypass technical measures that copyright owners use to control access to their works. Another bans the manufacture or distribution of technologies primarily designed or used to circumvent technical measures that copyright owners use to control access or use of their works.

The problem with the DMCA is that it bans far more conduct and technology than necessary simply to counter piracy. The ban on circumvention bans the bypassing of access controls even where the ultimate purpose is perfectly legitimate. For example, this law forbids film school professors from accessing DVDs to take movie excerpts for research purposes, even where it would qualify as a fair use under copyright law.

The DMCA's ban on technologies is even more troubling. During the congressional debates, the entertainment and software industries assured legislators that these provisions would only reach so-called "black boxes" that copyright pirates use. Instead, the new law has been used to stifle academic research and scholarly communication, as illustrated by the dispute between the music industry and a team of computer security researchers led by Princeton computer science professor Edward Felten.

In September 2000, a multi-industry group known as the Secure Digital Music Initiative (SDMI) issued a public challenge encouraging skilled technologists to try to defeat certain watermarking technologies that SDMI selected to protect digital music. Felten and his colleagues took on the challenge. But when they tried to present their results at an academic conference, SDMI threatened the researchers with litigation, claiming the paper was a "technology" banned by the DMCA. The researchers ultimately were forced to resort to litigation before they could publish a part of their research at a subsequent conference.

Perhaps most troubling is the long-term impact the DMCA will have on network security in general. If the DMCA dissuades researchers such as Felten from testing security technologies and publishing their results, the state of computer security can only suffer. It's time Congress reforms the DMCA by taking aim at pirates instead of legitimate science.

Von Lohmann is senior intellectual property attorney with the Electronic Frontier Foundation. He can be reached at fred@eff.org.

Opposing view by Robert Holleyman of the Business Software Alliance

Face-off forum
What do you think? Jump in with your questions and comments.

Breaking DMCA news

Apply for your free subscription to Network World. Click here.

Request a reprint or permission to use this article.

Send this article to a colleague