The Digital Millennium
Copyright Act
David S. Touretzky
Computer Science Department
Carnegie Mellon University
November, 2001
1
Digital Millennium Copyright Act
• Enacted in 1998.
• Added new copyright regulations
(Title 17, US Code) concerning:
– access controls/digital rights management
– liability limitations for ISPs
– broadcasting music on Internet radio stations
2
Anti-Circumvention Provision
• 17 USC 1201(a)(1)(A): No person shall
circumvent a technological measure that
effectively controls access to a work
protected under this title.
– Can’t watch encrypted DVDs at home using an
unapproved (open-source) DVD player.
– Can’t decrypt your lawfully purchased eBook.
3
Anti-Trafficking Provision
• 17 USC 1201(a)(2): No person shall
manufacture, import, offer to the public,
provide, or otherwise traffic in any
technology, product service, device,
component, or part thereof that
– (A) is primarily designed or produced for the
purpose of circumventing a technological
measure that effectively controls access to a work
protected under this title;
4
– (B) has only limited commercially significant
purpose or use other than to circumvent...
– (C) is marketed by that person … for use in
circumventing a technological measure that
effectively controls access to a work protected
under this title.
• You can sell digital signal processors, but you can’t
sell cable TV descramblers.
5
Anti-Trafficking: Copying
• 17 USC 1201(b)(1): No person shall
manufacture, import, offer to the public,
provide, or otherwise traffic in any
technology, product, service, device,
component, or part thereof that
– (A) is primarily designed or produced for the
purpose of circumventing protection afforded by
a technological measure that effectively protects a
right of a copyright owner under this title ...
6
Escape Clause 1
• 17 USC 1201(c)(1): Nothing in this section
shall affect rights, remedies, limitations, or
defenses to copyright infringement,
including fair use, under this title.
– 1201 isn’t about copyright infringement.
– But if A circumvents, B can make fair use of
the fruits of A’s crime.
7
Escape Clause 2
• 17 USC 1201(c)(4): Nothing in this section
shall enlarge or diminish any rights of free
speech or the press for activities using
consumer electronics, telecommunications,
or computing products.
– Dismissed as “precatory language” (pleading)
by 2nd Circuit Court of Appeals.
8
Exemptions to Anti-Circumvention
•
•
•
•
•
•
•
1201(d) - Libraries
1201(e) - Law enforcement
1201(f) - Reverse engineering of software
1201(g) - Encryption research
1201(h) - Protect minors from the Internet
1201(i) - Protect personally identifying info
1201(j) - Security testing
9
Library Exemption
• 1201(d)(1) says libraries, archives, and
educational institutions may circumvent
access controls…
to gain access to a work…
to decide whether to purchase it.
But...
10
The Librarians’ Catch-22
• 1201(d)(4) says the exemption in (d)(1)
cannot be used as a defense to a claim under
the anti-trafficking provisions, and...
• Libraries may not manufacture, import, etc.,
any technology, product, service, etc.,
which circumvents a technological measure.
• So how can they acquire the tools to
circumvent under (d)(1)?
11
Reverse Engineering
• 1201(f) - allows circumvention of access
controls to permit reverse engineering of
software programs to achieve
interoperability with other programs.
• Doesn’t apply to hardware, such as DVD
players and media.
• “Interoperability” does not mean bypassing
another program’s access/copying controls.
12
Encryption Research
• 1201(g) - cracking permissible when:
–
–
–
–
lawfully obtained copy of the encrypted work
good faith effort to obtain permission to crack
no copyright infringement or computer abuse
information gained is disseminated in a manner
calculated to advance state of knowledge
– cracker has respectable credentials
– copyright owner notified of results
13
Librarian of Congress Reports
• Special cases designated by the Librarian of
Congress as exempt from 1201(a)(1)(A):
– 1. Encrypted list of blocked sites used by
censorware programs such as CyberPatrol
– 2. “Broken” access control mechanisms.
• But 1201(a)(2) still applies, so providing the
tools to make use of these exemptions is
still illegal!
14
Part II
Why Is Code Protected Speech?
15
Is Code Speech?
• Bernstein v. U.S. Dept. of State
– Snuffle encryption algorithm (a “munition”) is speech
– “functional aspect”; maybe object code isn’t speech
• Junger v. Daley
– cryptography textbook with code also provided on diskette
• DVD-CCA v. Bunner et al.
– California DVD case: 1st Amdt. trumps trade secret law
• Universal City Studios v. Reimerdes
– 2600 DVD case: even object code is speech
16
What’s Special About Code?
• Bomb-making instructions are not a bomb.
• The recipe for LSD is not a drug.
• A drawing of a gun is not a weapon.
– All are fully protected speech.
• But a copy or listing of a computer program
is a computer program.
– Why should that make code less protected?
17
“Code is Dangerous” Argument
• Software has a functional aspect:
– Software can instantly instruct computers to do
antisocial things.
• This makes software more dangerous than
other types of speech that only instruct
slow, lazy humans.
18
But Code Isn’t Dangerous
• Computer programs don’t do anything.
– They are merely expressions of ideas.
• DeCSS does not pirate DVD movies.
– A person must insert the DVD into a drive, load
DeCSS onto a digital computer, and run it.
• Where have we seen this argument before?
19
Guns Don’t Kill People:
People Do
20
Treat Software Like Guns?
• Restrictions on possession of guns and
controlled substances are constitutional.
– Doesn’t interfere with the expression of ideas.
• Can we restrict publication of software
without restricting the expression of ideas?
21
The “No Ideas Here” Strategy
• Claim: some programs are purely
functional and do not express ideas.
– Is object code purely functional?
– Is css_descramble.c purely functional
because it relies on long boring tables of
numbers?
– Only code published in textbooks or journal
articles expresses ideas?
22
Ideas That Code Can Express
• “X” is possible: here’s an existence proof.
• My way of doing “X” is better than the
other guy’s way.
– Runs faster / Less memory / Shorter code
• “X” is trivial.
– Winstein & Horowitz’ qrpff.pl is 472 bytes!
23
DVD Decryption in Perl
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <sipb-iap-dvd@mit.edu>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5> qrpff
# where k1..k5 are the title key bytes in least to most-significant order
s''$/=\2048;while(<>){G=29;R=142;if((@a=unqT="C*",_)[20]&48){D=89;_=unqb24,qT,@
b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]<<9
|256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q))<<17,O=O>>8^(E&(F=(S=O>>14&7^O)
^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=110&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E
^=(72,@z=(64,72,G^=12*(U-2?0:S&17)),H^=_%64?12:0,@z)[_%8]}(16..271))[_]^((D>>=8
)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D-HO-U_]/\$$&/g;s/q/pack+/g;eval
It is Illegal to Display This Slide
24
“Imminent Peril” Strategy
• Courts now accept that code is speech.
• But speech that poses a specific and
imminent threat of harm is not protected.
– “Let’s kill all the lawyers” is protected.
– “Kill that lawyer with this gun now” is not.
• Could publishing computer code meet this
test? “Computers make crime too easy.”
25
WARNING:
You are only
one mouse click away
from destroying
the motion picture industry!
Click here to continue...
26
Counting Mouse Clicks
• Judge Kaplan enjoined 2600 from
distributing the DeCSS source.
– 2600 responded by posting links to mirror sites.
• Judge Kaplan enjoined 2600 from linking to
mirror sites: only a mouse click away.
– So 2600 published the URLs as plaintext.
• 2nd Circuit: now it takes four mouse clicks.
– How many mouse clicks are enough?
27
When Does Code Not
Pose an Imminent Danger?
•
•
•
•
•
Executable binary -- extremely dangerous!
Compilable source -- very dangerous.
Screen dump (a “picture” of the code)?
Code printed on a t-shirt?
Algorithm expressed in a formal language
for which there is no compiler?
– So it’s not really “code”?
28
When Is Code Not Dangerous?
• Algorithm translated line-by-line into
machine-generated English?
– Poses threat of reverse-translation.
• Algorithm expressed in colloquial English?
– Professor Felten, call your lawyer.
• Impure thoughts about an algorithm?
– 1201(a)(1) says thou shalt not “manufacture”!
29
Where to Draw the Line?
• Conservative: only ban binaries and
compilable/interpretable source.
– Too easy to work around.
• Liberal: ban anything that can potentially
be turned into executable code.
– First Amendment doesn’t permit this.
30
Conclusions
• Restricting only the publication of
imminently dangerous “code” will prove
unworkable in practice.
– Counting mouse clicks is silly.
– Code can take many forms.
– Computers will soon understand English.
• Truly effective restrictions require the
censorship of “dangerous ideas.”
31
The Censorship of Ideas
Is Intolerable
32