dmca2Today the Federal Register is publishing a request for public comments on section 1201 of the Digital Millennium Copyright Act—the part of the act that prohibits cracking digital rights management (DRM) on media such as e-books or appliances such as coffee machines, or “trafficking in” such cracks.

In particular, the government wants to know how it might streamline the process to request exemptions, which comes along every three years. Public comments and replies received as a result of this request will be provided to Congress as it looks into ways it might adjust the section 1201 process with new legislation.

TeleRead readers will recall that I participated in the most recent round of DMCA exemption requests, but my request (PDF), that an exemption be established for cracking e-book DRM, ended up being rejected. I wasn’t really surprised. Allowing that kind of broad-based exception would effectively gut one of the major provisions of the law, and the Librarian of Congress isn’t going to do that unilaterally.

As the Librarian of Congress explained in the response to my request, there isn’t any jurisprudence or legislation to establish a fair use right to space-shift digital media. (Some cases suggest there should be such a right, but it hasn’t ever actually been litigated directly.) Without such a right affirmatively established, the Librarian of Congress won’t make an exception just because it ought to be. It’s all right to make DMCA exceptions to catch little issues that fall through the cracks, but something major like that is going to need a Congressional seal of approval. (Good luck getting that.)

Reading through the 18-page PDF of the request for comments yields some interesting insights. In part, the DMCA is a study in unintended consequences. The anti-circumvention provision was intended to protect access to creative works—but by dint of how the law was written, it has ended up posing issues relating to product interoperability or even public safety.

There’s also the requirement that a request must be resubmitted every three years to stay in effect, even when there is no meaningful opposition to renewing it. This led to things like the exemption for jailbreaking phones originally adopted in 2010 being replaced by a narrow version in 2012, which it took an act of Congress to reinstate.

Another issue relates to the “anti-trafficking” prohibition—the very same prohibition that means I can’t tell you where to find the tools you would add to Calibre to make it crack e-book DRM automatically. (Even though Google could turn it up with ease. Should Google be fined for circumvention device trafficking?) This particular prohibition means that, while it’s legal for you to crack DRM yourself, you can’t have someone else do it for you. This poses problems when it comes to things like having your car repaired by an unauthorized mechanic—it would be legal for you to crack the DRM on the car because you own it, but letting a mechanic do it would be considered “trafficking.”

Then there’s the matter of permanent exemptions. Section 1201 provides permanent exemptions for some activities such as “certain activities of nonprofit libraries, archives, and educational institutions” or encryption research or security testing.  However, the request for public comment notes, these exemptions “have failed to keep up with changing technologies.”

Based on the record in the most recent section 1201 rulemaking, the Register concluded that commenting parties had made a “compelling case that the current permanent exemptions in section 1201, specifically section 1201(f) for reverse engineering, section 1201(g) for encryption research, and section 1201(j) for security testing, are inadequate to accommodate their intended purposes.” For example, when considering a requested exemption for good-faith security research, the Register noted that “the existing permanent exemptions . . . do not cover the full range of proposed security research activities, many of which . . . are likely [to] be noninfringing.” Separately, others have suggested that section 1201(d)’s exemption for activities of nonprofit entities is inadequate to meet the legitimate archiving and preservation needs of libraries and archives.

This is a pretty significant issue, because as more and more computer devices slip into our every day lives, and the “Internet of Things” grows wider, more and more security problems come with them—and security researchers are concerned that they could be charged with crimes for revealing them.  As BoingBoing points out, comments to this year’s DMCA exception-making proceeding indicated that many researchers simply never come forward with their discoveries, meaning that, as many security holes as we know about, there are many more security holes out there that we don’t.

Do you know the root cause of all this fuss? It’s not the DMCA itself—it’s what led to the DMCA. And as for what that is, it’s right there in the request for public comment document:

As noted above, section 1201 was adopted in 1998 to implement the United States’ obligations under two international treaties. Those treaties—the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty—require signatory countries to provide “adequate legal protection and effective legal remedies against the circumvention of effective technological measures” that are used by authors, performers, and phonogram producers in connection with the exercise of their rights, and that restrict acts, in respect of their works, performances, or phonograms, which are not authorized by rightsholders or permitted by law. Since then, the United States has included anticircumvention provisions in a number of bilateral and regional agreements entered into with other nations. Therefore, any proposals to modify or amend Section 1201 would require consideration of the United States’ international obligations.

Yet another example demonstrating that treaties are a way to bypass the consent of the governed and require that restrictive new laws be passed to stay in compliance. And who set up those requirements? The governments of all the countries who got together to make the treaty—with hefty input from moneyed concerns like the entertainment industry!

As security guru Bruce Schneier wrote in The Atlantic a few days ago, section 1201 serves as a chokehold on innovation and security, all the more so now that computers are spreading into almost everything we use. These anti-circumvention provisions have been gleefully adopted by manufacturers of just about any possible device.

For example, Joanna reported a couple of weeks ago on the Philips light bulb controversy, in which the lighting manufacturer briefly attempted to lock out standard-compliant but non-Philips-manufactured bulbs from its fixtures with a firmware update. And before that, there was Keurig’s attempt to lock out unauthorized coffee pods from its new K-cup coffee brewer. And let’s not forget that you still can’t read any DRM-laden e-book (for example, Amazon’s) on unauthorized e-readers.

Schneier explains that as long as manufacturers have this fig leaf to cover anti-competitive behavior, the Internet of Things will be subject to interruption as companies decide they don’t want their products playing with other companies’ products.

For the Internet of Things to provide any value, what we need is a world that looks like the automotive industry, where you can go to a store and buy replacement parts made by a wide variety of different manufacturers. Instead, the Internet of Things is on track to become a battleground of competing standards, as companies try to build monopolies by locking each other out.

But don’t look for these changes to the section 1201 process to provide any relief from that. As already explained, any changes the government makes still have to comply with treaty obligations. Just as with the DMCA exception process itself, it seems likely that most changes will be largely cosmetic. The fig leaf will remain in place. We won’t suddenly get a legal sanction to crack Blu-rays or e-books, and we certainly won’t see this bad law thrown out. Not when so many entrenched interests see it as in their best interest to have it remain in place.


  1. Can the DMCA be used to violate copyright and wrongfully appropriate public domain and open source content? If so, is there any concern with this anywhere? How can you prove infringement when you are unable to analyze a work? Crude transcription, yes, but things more subtle and nuanced than that?

The TeleRead community values your civil and thoughtful comments. We use a cache, so expect a delay. Problems? E-mail