20 December 2005

Anticircumvention Provisions

The Copyright Office has posted the 74 comments it received for the rulemaking process on anticircumvention technologies. I'm still chewing on some of the comments, but I do have a few preliminary observations.

What I find most interesting is that the film, software, and music industry players who actually forced through Title I of the Digital Millennium Copyright Act1 have not provided much in the way of thud and blunder.2 Or is that blood and thunder, and lamentations that anything less than absolute inviolability of anticircumvention provisions will lead to the death of Western civilization and the demise of Congressional slush funds—not necessarily in that order? (Pardon my cynicism. Or don't, and just put up with it.) I suspect that this means more that they're saving their input for the reply phase than that they don't care. In short, they're sandbagging, after the way some "industry figures" got eviscerated during the Orphan Works inquiry.

The procedure nerd in me also appreciates the attention to burdens of proof and definitions of classes of works put forth by many of the better-organized commenters. I find it rather puzzling that this attention does not seem to connect back to the Administrative Procedures Act very clearly; instead, most of the controversy devolves from purported legislative intent materials from Congress.3 In any event, it seems to me that the "right" burden of proof must balance § 107 rights to fair use much more explicitly with the DMCA(Tit.I)'s shield for anticircumvention provisions, implying that the "right" burden of proof is less than that the Copyright Office has required in previous rulemakings—but more than that advocated by those requested exemptions.

This gets us to the reason that the music industry probably (wisely) maintained its silence in the initial comments phase: The Sony rootkit controversy. Many of the comments request exemptions like this proposed class:

We respectfully request an exemption to § 1201(A)(1)(a) for sound recordings and audiovisual works distributed in compact disc format and protected by technological measures that impede access to lawfully purchased works by creating or exploiting security vulnerabilities that compromise the security of personal computers. The creation of security vulnerabilities includes running or installing rootkits or other software code that jeopardize the security of a computer or the data it contains. The exploitation of security vulnerabilities includes running or installing software protection measures without conspicuous notice and explicit consent and failing to provide a permanent and complete method of uninstalling or disabling the technological measure.

Comment of Samuelson Law, Technology, and Public Policy Clinic (PDF) at 1; accord, Comment of Computer and Communication Industry Association and Open Source and Industry Alliance (PDF) at 5–7.

I do not believe that software-based DRM can ever work without such unintended (and dangerous) side effects; I have only a little more confidence that hardware-based DRM can, either. Leaving aside the "known plaintext attack" easily available to anyone who wants to find a work-around method, the Sony rootkit controversy pretty clearly demonstrates that the psychology behind DRMs—that they "must" be hidden—just pisses users off. Then, too, there's the whole DeCSS issue lurking in the background: Most of the DRM methods out there are OS-specific for computing devices, and therefore drive up costs for those who run Linux, or Unix, or whatever comes next, instead of a Microsoft (or, perhaps, Apple) OS. Those of us with long memories—long, that is, in the context of the computing industry—might recall Sony's first entry into the US MS-DOS market, with its incompatibilities, and might also recall that Compaq's success was founded on both superior workmanship and extraordinary attention to compatibility with IBM's standards. This should be a lesson for DRM implementation; apparently, though, it is not.


  1. Digital Millennium Copyright Act, Pub L. No. 105–298, Title I, 112 Stat. 2834 (1998), codified at 17 U.S.C. §§ 1201–05 (2004).
  2. I'm going just on the list of commenters, here; it's possible that these players are hiding behind a private individual or three. I'm only about a third of the way through the list itself. However, based on the Copyright Office's procedures for the Orphan Works inquiry, I would ordinarily expect to see represented organizations cited explicitly in the list of commenters.
  3. I find it rather amusing—and disturbing—that both the Copyright Office and the commenters continue to rely upon "legislative history" of versions of the statute not actually passed by Congress. That was a major battle in Ellison; I still think the courts got it wrong, as implied by Grokster. We won, but it could (and should) have been a more decisive victory.