March 31, 2006 1:39 PM PST

Seeking changes to the DMCA

WASHINGTON--Because of a controversial 1998 copyright law, it may be illegal to defang even potentially harmful software, like the anticopying technology found on some Sony BMG Music Entertainment CDs.

But those strict legal restrictions should stay in effect, entertainment industry lobbyists said Friday, when they urged the U.S. Copyright Office to avoid making any changes to the Digital Millennium Copyright Act.

"There are many other avenues to address these questions, and certainly many other laws that may be relevant in this circumstance," said Steven Metalitz, a senior vice president at the International Intellectual Property Alliance. The group represents large copyright holders.

Computer security experts have asked the Copyright Office to alter the DMCA to protect their research. Edward Felten, a professor of computer science at Princeton University, said Friday that he and graduate student J. Alex Halderman uncovered the Sony problem a month before the news about it broke in November--but feared a lawsuit under Section 1201 of the DMCA if they disclosed it without the record label's authorization.

Because of the lag time, "a great many of consumers were at risk every day," Felten said. "Our exemption request is fundamentally asking for protection for those consumers."

Under federal law, the Copyright Office is required to solicit public opinion every few years on whether any amendments--called "exemptions"--to the DMCA are necessary. Section 1201 of the law broadly restricts circumventing "a technological measure that effectively controls access" to a copyright work.

Sony rootkit's lesson
In the past, security researchers would notify the vendors first of any bugs, but now they're afraid to disclose such flaws without first consulting a lawyer, Felten said. He added that the DMCA has discouraged security researchers from embarking on new projects and has driven some away from the field. (Felten once was threatened with a DMCA lawsuit by the recording industry for exposing weaknesses in a music-watermarking scheme.)

After a public outcry last fall, Sony voluntarily said it would halt production of certain copy-protected CDs. Those CDs installed a bundle of software, including a "rootkit" used to mask the presence of copy-protection software--and, if abused, malicious programs as well. The incident prompted one Homeland Security official to suggest banning rootkits.

Aaron Perzanowski, a law student at the University of California at Berkeley's Samuelson Law, Technology and Public Policy Clinic, and clinic director Deirdre Mulligan, said that Felten could have been subject to legal liability if he had disclosed his findings about the Sony rootkits. After he found the flaw, Felten said he called lawyers and spent a month in negotiations with them, and decided not to publish his results right away. Programmer Mark Russinovich did instead.

Lobbyist Metalitz offered a detailed list of reasons why he said such an interpretation of the DMCA was incorrect. The law already provides sufficient protection in Section 1201 for researchers like Felten to do their work, he said. (That section, 1201(j), permits bypassing anticopying technology "solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability.")

But in the Sony BMG incident, the record label's first crack at an uninstaller proved riddled with new problems, Felten said, and even the latest version of the patch won't prevent reinstallation of the rootkit each time the type of copy-protected CD is inserted into a computer. Felten and other security professionals have been able to devise alternative uninstallers that would prevent such reinstallation indefinitely, but are worried that their "unauthorized" methods could get them sued.

"It's this uncertainty that creates the very risk," agreed Matthew Schruers, a lawyer for the Computer and Communications Industry Association, whose members include Sun Microsystems, Verizon and Yahoo. "So that raises for me a perplexing question: Why on earth are we putting cybersecurity in the hands of copyright lawyers?"

Previous DMCA exemptions granted by the Copyright Office include: Researchers into filtering could study blacklisting techniques, and obsolete copy-protection schemes could be legally bypassed.

When reviewing the DMCA, the Library of Congress is required to consider the impact that the anticircumvention sections have "on criticism, comment, news reporting, teaching, scholarship or research (and) the effect of circumvention of technological measures on the market for or value of copyrighted works."

The Copyright Office received more than 100 comments on its notice of proposed rulemaking published last year and plans to release its final determinations by the end of October. Marybeth Peters, the Register of Copyrights, said that the office has reached no conclusions yet on any of the exemptions.

See more CNET content tagged:
DMCA, rootkit, researcher, Sony BMG Music Entertainment, lobbyist

32 comments

Join the conversation!
Add your comment
DMCA Kills Fair Use
The provisions of the DMCA that need to be repealed are the ones that undermine the consumer's fair use rights. The right to "format shifting" (as one example) should be unambiguously restored.

Imagine that you have purchased several DVD's and want to watch them on your notebook on a long flight you are about to take. If you choose to use a utility to copy those files onto your hard drive, that is arguably a violation of the "anti-circumvention" provisions of the DMCA, even though it is completely consistent with your fair-use rights.

The DMCA was an incredibly far-reaching power grab by the studios against the interest of the consumer. Congress should be embarrassed that they passed this horribly one-sided piece of legislation.
Posted by Yet Another Mark Johnson (66 comments )
Reply Link Flag
DMCA Kills Fair Use
The provisions of the DMCA that need to be repealed are the ones that undermine the consumer's fair use rights. The right to "format shifting" (as one example) should be unambiguously restored.

Imagine that you have purchased several DVD's and want to watch them on your notebook on a long flight you are about to take. If you choose to use a utility to copy those files onto your hard drive, that is arguably a violation of the "anti-circumvention" provisions of the DMCA, even though it is completely consistent with your fair-use rights.

The DMCA was an incredibly far-reaching power grab by the studios against the interest of the consumer. Congress should be embarrassed that they passed this horribly one-sided piece of legislation.
Posted by Yet Another Mark Johnson (66 comments )
Reply Link Flag
That's why the entertainment industry loves DMCA
it slowly gets rid of fair use for consumers.
Posted by bobby_brady (765 comments )
Reply Link Flag
Ain't going to happen....
there are too many politicians in the pockets of the entertainment industry....
besides..I'm sure is a politicians DVD went bad..they would get a free replacement...however, we the poor public will have to pay...

I'll continue to use whatever resources are available to protect "MY FAIR & HONEST USE".

all we can do is keep figting...
Posted by oceanview_1 (14 comments )
Reply Link Flag
Your first sentence implies...
that there might be some politicians who haven't been bought off. Look it up, every one of them voted yea on the DMCA. Vote "NAY INCUMBENT" this fall and in 2008.
Posted by Muddleme (99 comments )
Link Flag
DNCA should be repealed.
If I buy a DVD and I want to watch it on my desktop, my laptop or my DVD player that is connected to my TV, I will find a way to do it and if the MPAA doesn't like it, let them come and try to get me. I'll be sitting on my front steps with a loaded shotgun. Enough is enough.
Posted by yrrahxob (77 comments )
Reply Link Flag
DNCA should be repealed.
If I buy a DVD and I want to watch it on my desktop, my laptop or my DVD player that is connected to my TV, I will find a way to do it and if the MPAA doesn't like it, let them come and try to get me. I'll be sitting on my front steps with a loaded shotgun. Enough is enough.
Posted by yrrahxob (77 comments )
Reply Link Flag
DMCA should be repealed.
If I buy a DVD and I want to watch it on my desktop, my laptop or my DVD player that is connected to my TV, I will find a way to do it and if the MPAA doesn't like it, let them come and try to get me. I'll be sitting on my front steps with a loaded shotgun. Enough is enough.
Posted by yrrahxob (77 comments )
Reply Link Flag
DMCA should be repealed.
If I buy a DVD and I want to watch it on my desktop, my laptop or my DVD player that is connected to my TV, I will find a way to do it and if the MPAA doesn't like it, let them come and try to get me. I'll be sitting on my front steps with a loaded shotgun. Enough is enough.
Posted by yrrahxob (77 comments )
Reply Link Flag
Don't care, it's only music
They have made the prices so high I don't buy music anymore. So the DMCA doesn't affect me at all, EXCEPT when they install programs on my PC that TRASH my PC like the rootkit. Then I get really really pissed off and never buy a Sony product ever again.

How can the Congress and Senate and Supreme Court allow these people to trasspass into my computer without my permission and destroy my PC? This is NOT a free country people, this is government out of control. We need to smack them down hard.
Posted by GrandpaN1947 (187 comments )
Reply Link Flag
Don't care, it's only music
They have made the prices so high I don't buy music anymore. So the DMCA doesn't affect me at all, EXCEPT when they install programs on my PC that TRASH my PC like the rootkit. Then I get really really pissed off and never buy a Sony product ever again.

How can the Congress and Senate and Supreme Court allow these people to trasspass into my computer without my permission and destroy my PC? This is NOT a free country people, this is government out of control. We need to smack them down hard.
Posted by GrandpaN1947 (187 comments )
Reply Link Flag
"Security researchers"
Nothing hinders "security researchers". They suffer from chronic diarrhea.
Posted by roger.d.miller (41 comments )
Reply Link Flag
"Security researchers"
Nothing hinders "security researchers". They suffer from chronic diarrhea.
Posted by roger.d.miller (41 comments )
Reply Link Flag
Sony's Rootkits Prove...
That the entertainment, music and all other industries should loose the DMCA. They just proved that they can't be trusted not to abuse it and shaft their customers.

Robert
Posted by Heebee Jeebies (632 comments )
Reply Link Flag
Of course
Just about everyone would agree with you on this. The problem is the other very small percentage who want the DMCA have the money for the political corruption it takes to keep the DMCA. It will never go away now that it is there. We can whine and rant all we want but rootkit like behavior is here to stay. How many rootkit like programs are there in use that we don't know about? It's like the court has determined that if you voluntarily hook your PC up to the Internet, you are volunteering to allow anyone with political influence in to your PC to inspect it, change it, and possibly even destroy it.

I'm afraid what rootkits prove is that our government can't be trusted not to abuse it's own people.
Posted by GrandpaN1947 (187 comments )
Link Flag
Sony's Rootkits Prove...
That the entertainment, music and all other industries should loose the DMCA. They just proved that they can't be trusted not to abuse it and shaft their customers.

Robert
Posted by Heebee Jeebies (632 comments )
Reply Link Flag
Of course
Just about everyone would agree with you on this. The problem is the other very small percentage who want the DMCA have the money for the political corruption it takes to keep the DMCA. It will never go away now that it is there. We can whine and rant all we want but rootkit like behavior is here to stay. How many rootkit like programs are there in use that we don't know about? It's like the court has determined that if you voluntarily hook your PC up to the Internet, you are volunteering to allow anyone with political influence in to your PC to inspect it, change it, and possibly even destroy it.

I'm afraid what rootkits prove is that our government can't be trusted not to abuse it's own people.
Posted by GrandpaN1947 (187 comments )
Link Flag
DMC downloads and audio books.
Current copyright restrictions creats costs bariers for library patrons and people who are blind who wish to download audio books from the web.
Posted by jimjv2005 (15 comments )
Reply Link Flag
DMC downloads and audio books.
Current copyright restrictions creats costs bariers for library patrons and people who are blind who wish to download audio books from the web.
Posted by jimjv2005 (15 comments )
Reply Link Flag
DMC copyright law.
In six months to a year you will be able to download music, audio books to virtual memory moastlikely, so what difference or impact, would a copyright law have?
Posted by jimjv2005 (15 comments )
Reply Link Flag
DMCA and the lack of software Quality Control
While DMCA, as written, clearly addresses the rights of the software and copyrighted products industry, this law does not protect the rights of the consumer. We have seen--very consistently--that many of the top operating system and software players have no problem with "beta testing" their products on unsuspecting consumers.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
Posted by (9 comments )
Reply Link Flag
DMCA and the lack of software Quality Control
While DMCA, as written, clearly addresses the rights of the software and copyrighted products industry, this law does not protect the rights of the consumer. We have seen--very consistently--that many of the top operating system and software players have no problem with "beta testing" their products on unsuspecting consumers.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
Posted by (9 comments )
Reply Link Flag
DMCA and the lack of software Quality Control
While DMCA, as written, clearly addresses the rights of the software and copyrighted products industry, this law does not protect the rights of the consumer. We have seen--very consistently--that many of the top operating system and software players have no problem with "beta testing" their products on unsuspecting consumers.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
Posted by (9 comments )
Reply Link Flag
DMCA and the lack of software Quality Control
While DMCA, as written, clearly addresses the rights of the software and copyrighted products industry, this law does not protect the rights of the consumer. We have seen--very consistently--that many of the top operating system and software players have no problem with "beta testing" their products on unsuspecting consumers.
All too frequently many of these copyrighted products arrive on our systems rife with defects and security holes. We have already seen that the consumer cannot rely on the copyright holders to locate and correct those defects--there is simply no profit in this post-production quality control.
As long as DMCA mindlessly targets anyone who might bypass security to research defects in code, the consumer has absolutely no right to quality copyrighted products. Nor will we have any right to timely modifications should defects turn up. (I won't even mention the millions of dollars in costs consumers bear in correcting defective products.)
Bottom line: as long as the copyright holders themselves are the only ones legally entitled to protect the consumer from defects, the consumer will NOT be protected in any credible manner.
One of the key recommendations I suggest on my biztechnet.org blog is that you should closely track and document every penny in costs related to finding and correcting defects and security holes in copyrighted products. Then, when it comes time to negotiate any license and support agreements with that the copyright holder you should begin demanding that they compensate you for those costs with price reductions. There is much more to this process but this is not the proper forum for me to explain.
Posted by (9 comments )
Reply Link Flag
That's why the entertainment industry loves DMCA
it slowly gets rid of fair use for consumers.
Posted by bobby_brady (765 comments )
Reply Link Flag
Ain't going to happen....
there are too many politicians in the pockets of the entertainment industry....
besides..I'm sure is a politicians DVD went bad..they would get a free replacement...however, we the poor public will have to pay...

I'll continue to use whatever resources are available to protect "MY FAIR & HONEST USE".

all we can do is keep figting...
Posted by oceanview_1 (14 comments )
Reply Link Flag
Your first sentence implies...
that there might be some politicians who haven't been bought off. Look it up, every one of them voted yea on the DMCA. Vote "NAY INCUMBENT" this fall and in 2008.
Posted by Muddleme (99 comments )
Link Flag
DMC copyright law.
In six months to a year you will be able to download music, audio books to virtual memory moastlikely, so what difference or impact, would a copyright law have?
Posted by jimjv2005 (15 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.