1 the digital millennium copyright act david s. touretzky computer science department carnegie...
TRANSCRIPT
1
The Digital Millennium Copyright Act
David S. Touretzky
Computer Science Department
Carnegie Mellon University
November, 2001
2
Digital Millennium Copyright Act
• Enacted in 1998.
• Added new copyright regulations (Title 17, US Code) concerning:– access controls/digital rights management– liability limitations for ISPs– broadcasting music on Internet radio stations
3
Anti-Circumvention Provision
• 17 USC 1201(a)(1)(A): No person shall circumvent a technological measure that effectively controls access to a work protected under this title.
– Can’t watch encrypted DVDs at home using an unapproved (open-source) DVD player.
– Can’t decrypt your lawfully purchased eBook.
4
Anti-Trafficking Provision
• 17 USC 1201(a)(2): No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product service, device, component, or part thereof that– (A) is primarily designed or produced for the
purpose of circumventing a technological measure that effectively controls access to a work protected under this title;
5
– (B) has only limited commercially significant purpose or use other than to circumvent...
– (C) is marketed by that person … for use in circumventing a technological measure that effectively controls access to a work protected under this title.
• You can sell digital signal processors, but you can’t sell cable TV descramblers.
6
Anti-Trafficking: Copying
• 17 USC 1201(b)(1): No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof that– (A) is primarily designed or produced for the
purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under this title ...
7
Escape Clause 1
• 17 USC 1201(c)(1): Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.
– 1201 isn’t about copyright infringement.– But if A circumvents, B can make fair use of
the fruits of A’s crime.
8
Escape Clause 2
• 17 USC 1201(c)(4): Nothing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products.
– Dismissed as “precatory language” (pleading) by 2nd Circuit Court of Appeals.
9
Exemptions to Anti-Circumvention
• 1201(d) - Libraries
• 1201(e) - Law enforcement
• 1201(f) - Reverse engineering of software
• 1201(g) - Encryption research
• 1201(h) - Protect minors from the Internet
• 1201(i) - Protect personally identifying info
• 1201(j) - Security testing
10
Library Exemption
• 1201(d)(1) says libraries, archives, and educational institutions may circumvent access controls…
to gain access to a work…
to decide whether to purchase it.
But...
11
The Librarians’ Catch-22
• 1201(d)(4) says the exemption in (d)(1) cannot be used as a defense to a claim under the anti-trafficking provisions, and...
• Libraries may not manufacture, import, etc., any technology, product, service, etc., which circumvents a technological measure.
• So how can they acquire the tools to circumvent under (d)(1)?
12
Reverse Engineering
• 1201(f) - allows circumvention of access controls to permit reverse engineering of software programs to achieve interoperability with other programs.
• Doesn’t apply to hardware, such as DVD players and media.
• “Interoperability” does not mean bypassing another program’s access/copying controls.
13
Encryption Research
• 1201(g) - cracking permissible when:– lawfully obtained copy of the encrypted work– good faith effort to obtain permission to crack– no copyright infringement or computer abuse– information gained is disseminated in a manner
calculated to advance state of knowledge– cracker has respectable credentials– copyright owner notified of results
14
Librarian of Congress Reports
• Special cases designated by the Librarian of Congress as exempt from 1201(a)(1)(A):– 1. Encrypted list of blocked sites used by
censorware programs such as CyberPatrol– 2. “Broken” access control mechanisms.
• But 1201(a)(2) still applies, so providing the tools to make use of these exemptions is still illegal!
16
Is Code Speech?
• Bernstein v. U.S. Dept. of State– Snuffle encryption algorithm (a “munition”) is speech
– “functional aspect”; maybe object code isn’t speech
• Junger v. Daley– cryptography textbook with code also provided on diskette
• DVD-CCA v. Bunner et al.– California DVD case: 1st Amdt. trumps trade secret law
• Universal City Studios v. Reimerdes– 2600 DVD case: even object code is speech
17
What’s Special About Code?
• Bomb-making instructions are not a bomb.
• The recipe for LSD is not a drug.
• A drawing of a gun is not a weapon.– All are fully protected speech.
• But a copy or listing of a computer program is a computer program.– Why should that make code less protected?
18
“Code is Dangerous” Argument
• Software has a functional aspect:– Software can instantly instruct computers to do
antisocial things.
• This makes software more dangerous than other types of speech that only instruct slow, lazy humans.
19
But Code Isn’t Dangerous
• Computer programs don’t do anything. – They are merely expressions of ideas.
• DeCSS does not pirate DVD movies.– A person must insert the DVD into a drive,
load DeCSS onto a digital computer, and run it.
• Where have we seen this argument before?
21
Treat Software Like Guns?
• Restrictions on possession of guns and controlled substances are constitutional.– Doesn’t interfere with the expression of ideas.
• Can we restrict publication of software without restricting the expression of ideas?
22
The “No Ideas Here” Strategy
• Claim: some programs are purely functional and do not express ideas.– Is object code purely functional?– Is css_descramble.c purely functional
because it relies on long boring tables of numbers?
– Only code published in textbooks or journal articles expresses ideas?
23
Ideas That Code Can Express
• “X” is possible: here’s an existence proof.
• My way of doing “X” is better than the other guy’s way.– Runs faster / Less memory / Shorter code
• “X” is trivial.– Winstein & Horowitz’ qrpff.pl is 472 bytes!
24
DVD Decryption in Perl
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <[email protected]>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5> qrpff
# where k1..k5 are the title key bytes in least to most-significant order
s''$/=\2048;while(<>){G=29;R=142;if((@a=unqT="C*",_)[20]&48){D=89;_=unqb24,qT,@
b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]<<9
|256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q))<<17,O=O>>8^(E&(F=(S=O>>14&7^O)
^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=110&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E
^=(72,@z=(64,72,G^=12*(U-2?0:S&17)),H^=_%64?12:0,@z)[_%8]}(16..271))[_]^((D>>=8
)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D-HO-U_]/\$$&/g;s/q/pack+/g;eval
It is Illegal to Display This Slide
25
“Imminent Peril” Strategy
• Courts now accept that code is speech.
• But speech that poses a specific and imminent threat of harm is not protected.– “Let’s kill all the lawyers” is protected.– “Kill that lawyer with this gun now” is not.
• Could publishing computer code meet this test? “Computers make crime too easy.”
26
WARNING:You are only
one mouse click away from destroying
the motion picture industry!
Click here to continue...
27
Counting Mouse Clicks
• Judge Kaplan enjoined 2600 from distributing the DeCSS source.– 2600 responded by posting links to mirror sites.
• Judge Kaplan enjoined 2600 from linking to mirror sites: only a mouse click away.– So 2600 published the URLs as plaintext.
• 2nd Circuit: now it takes four mouse clicks.– How many mouse clicks are enough?
28
When Does Code Not Pose an Imminent Danger?
• Executable binary -- extremely dangerous!
• Compilable source -- very dangerous.
• Screen dump (a “picture” of the code)?
• Code printed on a t-shirt?
• Algorithm expressed in a formal language for which there is no compiler?– So it’s not really “code”?
29
When Is Code Not Dangerous?
• Algorithm translated line-by-line into machine-generated English?– Poses threat of reverse-translation.
• Algorithm expressed in colloquial English?– Professor Felten, call your lawyer.
• Impure thoughts about an algorithm?– 1201(a)(1) says thou shalt not “manufacture”!
30
Where to Draw the Line?
• Conservative: only ban binaries and compilable/interpretable source.– Too easy to work around.
• Liberal: ban anything that can potentially be turned into executable code.– First Amendment doesn’t permit this.
31
Conclusions
• Restricting only the publication of imminently dangerous “code” will prove unworkable in practice.– Counting mouse clicks is silly.– Code can take many forms.– Computers will soon understand English.
• Truly effective restrictions require the censorship of “dangerous ideas.”