By now, nearly every sentient being in Silicon Valley must wonder why Congress couldn't have done a better job thinking through the implications of its handicraft before voting the DMCA into law. The act has been responsible for needless litigation and even transmogrified into something of a gag on free expression. More about that in a moment.
I suppose it's a pipe dream to have hoped for a dramatically better outcome. Washington knows who butters its bread, and the power of corporate interest decides the day on Capitol Hill when big stakes are involved. Big stakes and big bucks.
So it was that Congress bowed to the copyright industry's demands and created a marvelously one-sided document. By making it illegal to circumvent technology used by the copyright industries to protect digital content, legislators took care of a key constituency. But they also created an invitation to trouble.
With no clear boundaries and very little legal precedent, the predictable result has been a messy conflict between the public and the moneyed interests. And that's where we are now with the specter of the DMCA, like Marley's Ghost, rising up to chill the spirit of free inquiry when it comes to encryption and computer security research.
Some of the more memorable dustups over the years:
• 2001: Princeton University professor Edward Felten received a letter from the Recording Industry Association of America pressuring him not to publish a paper outlining the weaknesses in the industry's technologies for protecting digital music. (The industry later backed down.)
• 2002: Adobe assisted U.S. authorities suing Moscow-based ElcomSoft for creating a program that exploited flaws in Adobe's e-book format. A trial ended in acquittal when jurors concluded ElcomSoft didn't mean to violate the law, even though they agreed the company's product was illegal.
• 2002: Hewlett-Packard sent legal notices to Secure Network Operations after flaw researchers published details of a vulnerability in HP's Tru64 operating system. HP subsequently backed down, but the point was made: Step out of line, and we'll throw the book at you.
• 2003: In an extreme example of the application of the DMCA, an Illinois-based manufacturer of garage-door openers claimed that a rival's replacement product violated copyright law. A federal court later dismissed the lawsuit.
I don't know if this was in many people's minds at the time of the law's passage, but the DMCA also gave software publishers a handy legal club to brandish whenever they believed their intellectual property was being put at risk.
Late last year a researcher in the United Kingdom ignited Sybase's ire after discovering vulnerabilities in the company's software. Security company Next-Generation Security Software was ready to publish the findings. But then Sybase's lawyers let it be known they would consider that to be a breach of Sybase's software license agreement. Publishing plans got put on hold until this week, when the two sides finally sorted things out.
CEO John Chen told me it never came down to Sybase using the DMCA as a legal cudgel. "Look, my product is better because of them," he said. Chen claims Sybase simply wanted more time to first inform its clients there was a patch. "I wanted to let them get up to speed, and then if you want to publish, I'll endorse that," he said. Sybase finally reversed course and decided this week not to sue.
Fair enough. But how long before Sybase or some other company again finds itself in a similar spot but this time can't--or won't--work out a compromise? The fact is that it's open season on vulnerability researchers, and the DMCA is the legal equivalent of a barrel of buckshot.
The disconnect is that these folks are getting nailed for doing their job. It's no longer just a question of publishing flaw details against a publisher's wishes. It's risking a jail sentence.
So far the courts have ruled for the defense in the DMCA-related arguments brought before them. But winning strings eventually get snapped. Sometime soon, code researchers may need to decide whether they are ready to martyr themselves for the cause of free speech.
Biography
Charles Cooper is CNET News.com's executive editor of commentary.
See more CNET content tagged:
DMCA, Sybase Inc., ElcomSoft, law, flaw
An old saying goes like this: "..may you be cursed with efficient government.." Not now: not ever.
At the end of it I wasn't sure I was against the DCMKX4R or whatever it was called.
You don't need to lock you front door. You just need tp put up a sign that says "this door is locked", and if anyone opens the unlocked door you can blame them for breaking your lock!
Other than the stupid threats against researchers, the DMCA has been used to stop activity that we all agree is bad. Most common application of this law is against satellite TV pirates. If anyone brought into court a good faith encryption researcher, the case would get thrown out right away, just by the language of the law itself.
Also, please note that DMCA is a civil law violation in most cases, that is unless the violation is willfull and for profit. So nobody's risking jail time unless they're selling a program to remove DRM, for instance. I don't think that's "encryption research" and "free speech" that must be protected.
There seems to be this misconception that DRM provides any real security, which it doesn't. It keeps honest people honest and doesn't stop pirates. The only way DRM could be made even remotely effective was to prop it up with laws like the DMCA.
"Other than the stupid threats against researchers, the DMCA has been used to stop activity that we all agree is bad. Most common application of this law is against satellite TV pirates."
In the absence of the DMCA there are laws that protect satellite and cable providers from signal theft. For awhile DirecTV was threating to sue anyone who bought certain peaces of smart technology (like readers and programmers which are perfectly legal and have many legit uses). They contended that anyone who bought one these devices must be out to steal their service. They threated several people, many of whom where forced to settle because they couldn't afford to fight even though they had done nothing wrong.
"If anyone brought into court a good faith encryption researcher, the case would get thrown out right away, just by the language of the law itself."
The definition of good faith isn't exactly clear, in the end it's up to a judge to decide. So there aren't any such assurances. Right or wrong a lot of groups don't have the funds to take on big companies and maybe forced to settle out of court.
Often the threat of lawsuit is enough to stifle legit research.
"Also, please note that DMCA is a civil law violation in most cases, that is unless the violation is willfull and for profit. So nobody's risking jail time unless they're selling a program to remove DRM, for instance."
Merely publishing information that can be used to remove DRM is enough to invoke the wrath of the DMCA. Elcomsoft got in trouble when one of their programmers talked about the flaws their circumvention program exploited.
"I don't think that's "encryption research""
What's your definition of research? It takes some degree of researching to figure out how to do it.
Regardless the fact remains the DMCA is being used to stiffle legit research and fend of compeition (the case involving Lexmark and a third party vendor making compatable ink cartridges for example).
1. The DMCA is a LAW. Being one-sided and heavily written to favor Big Business, it carries the force of law and the threat of jail, effectively making it a law that only benefits one group to the detriment of all others.
2. This article is an OPINION. No one will go to jail for disagreeing with this article, or for writing a negtive response to it. It is one mans point of view.
If you are going to call the DCMA "the worst-ever piece of technology legislation," then you have to debate its merits. Cases which never reach trial or where the court ruled against the plaintiff are not implications of the law.
When a piece of "legislation", by its very design, expressly creates the environment for -ENDLESS DESTRUCTIVE LITIGATION- to be used as a WEAPON by a small but powerful minority-interests (to the extreme detriment of "society" in general), then YES, that legislation is, in fact, BAD (whether the eventual outcome of the litigation supports the "plaintiff", OR the "defendant").
And, as far as "technology-legislation" goes, ...the DMCA has PROVEN itself to be one of the worst special-interest-driven MISTAKES ever promulgated, upon the "technology" industries and the American-People, by the Federal-government.
So, anything-less than a SCATHING assessment of the "DMCA" would, after any rational-analyses, have to be considered to be rather INANE.
- A sledgehammer to pound a tack
- by taphilo May 3, 2005 11:44 AM PDT
- Copyrights were invented to protect the physical printers of books, later the rights were migrated to authors, the DCMA was designed to protect the distribution of materials done now by electronic / new physical means in order to bring it up to date of the technologial reality of moving items around the world.
- Like this Reply to this comment
-
(10 Comments)The US Congress used a sledgehammer approach to putting a tack into the cloth holding copyrights together to keep it from tearing apart.
By agreeing to the lobbists ideas of words to use, it overemphasied the technical means of distribution vs the REASON of distribution.
Existing copyright law already allowed owners to gain compensation and redress from those who illegially using their materials, this law just added a secondary punishment to the same crime linking it akin to espionage. It is already stealing when they copy it to give to others, en masse or indivually, breaking a digital encoding method justs allows them to easier prove that they HAD to have broken the encryption in order to copy their works. They could lose on the copyright issue but they ALWAYS will win on this issue. Thus, this sledgehammer will pound everyone down and force them to either pay up, get out, or go to jail. The big moneyed firms know they will win due to the wording of the law if they go against anyone so it allows them to extort money from those whom they go against - or force them out of business.
If I create a document, make it password protected - with a blank password - and someone then opens it, enters blank for the password - I could sue them for breaking the encrytpion since I did not give them permission or password to open the document. This would be legal under the DCMA.
Good law? No, existing copyright laws covered it already.
Tom Philo
www.taphilo.com