The Digital Millennium Copyright Act David S. Touretzky Computer Science Department Carnegie Mellon University November, 2001
Download
Report
Transcript The Digital Millennium Copyright Act David S. Touretzky Computer Science Department Carnegie Mellon University November, 2001
The Digital Millennium
Copyright Act
David S. Touretzky
Computer Science Department
Carnegie Mellon University
November, 2001
1
Digital Millennium Copyright Act
• Enacted in 1998.
• Added new copyright regulations
(Title 17, US Code) concerning:
– access controls/digital rights management
– liability limitations for ISPs
– broadcasting music on Internet radio stations
2
Anti-Circumvention Provision
• 17 USC 1201(a)(1)(A): No person shall
circumvent a technological measure that
effectively controls access to a work
protected under this title.
– Can’t watch encrypted DVDs at home using an
unapproved (open-source) DVD player.
– Can’t decrypt your lawfully purchased eBook.
3
Anti-Trafficking Provision
• 17 USC 1201(a)(2): No person shall
manufacture, import, offer to the public,
provide, or otherwise traffic in any
technology, product service, device,
component, or part thereof that
– (A) is primarily designed or produced for the
purpose of circumventing a technological
measure that effectively controls access to a work
protected under this title;
4
– (B) has only limited commercially significant
purpose or use other than to circumvent...
– (C) is marketed by that person … for use in
circumventing a technological measure that
effectively controls access to a work protected
under this title.
• You can sell digital signal processors, but you can’t
sell cable TV descramblers.
5
Anti-Trafficking: Copying
• 17 USC 1201(b)(1): No person shall
manufacture, import, offer to the public,
provide, or otherwise traffic in any
technology, product, service, device,
component, or part thereof that
– (A) is primarily designed or produced for the
purpose of circumventing protection afforded by
a technological measure that effectively protects a
right of a copyright owner under this title ...
6
Escape Clause 1
• 17 USC 1201(c)(1): Nothing in this section
shall affect rights, remedies, limitations, or
defenses to copyright infringement,
including fair use, under this title.
– 1201 isn’t about copyright infringement.
– But if A circumvents, B can make fair use of
the fruits of A’s crime.
7
Escape Clause 2
• 17 USC 1201(c)(4): Nothing in this section
shall enlarge or diminish any rights of free
speech or the press for activities using
consumer electronics, telecommunications,
or computing products.
– Dismissed as “precatory language” (pleading)
by 2nd Circuit Court of Appeals.
8
Exemptions to Anti-Circumvention
•
•
•
•
•
•
•
1201(d) - Libraries
1201(e) - Law enforcement
1201(f) - Reverse engineering of software
1201(g) - Encryption research
1201(h) - Protect minors from the Internet
1201(i) - Protect personally identifying info
1201(j) - Security testing
9
Library Exemption
• 1201(d)(1) says libraries, archives, and
educational institutions may circumvent
access controls…
to gain access to a work…
to decide whether to purchase it.
But...
10
The Librarians’ Catch-22
• 1201(d)(4) says the exemption in (d)(1)
cannot be used as a defense to a claim under
the anti-trafficking provisions, and...
• Libraries may not manufacture, import, etc.,
any technology, product, service, etc.,
which circumvents a technological measure.
• So how can they acquire the tools to
circumvent under (d)(1)?
11
Reverse Engineering
• 1201(f) - allows circumvention of access
controls to permit reverse engineering of
software programs to achieve
interoperability with other programs.
• Doesn’t apply to hardware, such as DVD
players and media.
• “Interoperability” does not mean bypassing
another program’s access/copying controls.
12
Encryption Research
• 1201(g) - cracking permissible when:
–
–
–
–
lawfully obtained copy of the encrypted work
good faith effort to obtain permission to crack
no copyright infringement or computer abuse
information gained is disseminated in a manner
calculated to advance state of knowledge
– cracker has respectable credentials
– copyright owner notified of results
13
Librarian of Congress Reports
• Special cases designated by the Librarian of
Congress as exempt from 1201(a)(1)(A):
– 1. Encrypted list of blocked sites used by
censorware programs such as CyberPatrol
– 2. “Broken” access control mechanisms.
• But 1201(a)(2) still applies, so providing the
tools to make use of these exemptions is
still illegal!
14
Part II
Why Is Code Protected Speech?
15
Is Code Speech?
• Bernstein v. U.S. Dept. of State
– Snuffle encryption algorithm (a “munition”) is speech
– “functional aspect”; maybe object code isn’t speech
• Junger v. Daley
– cryptography textbook with code also provided on diskette
• DVD-CCA v. Bunner et al.
– California DVD case: 1st Amdt. trumps trade secret law
• Universal City Studios v. Reimerdes
– 2600 DVD case: even object code is speech
16
What’s Special About Code?
• Bomb-making instructions are not a bomb.
• The recipe for LSD is not a drug.
• A drawing of a gun is not a weapon.
– All are fully protected speech.
• But a copy or listing of a computer program
is a computer program.
– Why should that make code less protected?
17
“Code is Dangerous” Argument
• Software has a functional aspect:
– Software can instantly instruct computers to do
antisocial things.
• This makes software more dangerous than
other types of speech that only instruct
slow, lazy humans.
18
But Code Isn’t Dangerous
• Computer programs don’t do anything.
– They are merely expressions of ideas.
• DeCSS does not pirate DVD movies.
– A person must insert the DVD into a drive, load
DeCSS onto a digital computer, and run it.
• Where have we seen this argument before?
19
Guns Don’t Kill People:
People Do
20
Treat Software Like Guns?
• Restrictions on possession of guns and
controlled substances are constitutional.
– Doesn’t interfere with the expression of ideas.
• Can we restrict publication of software
without restricting the expression of ideas?
21
The “No Ideas Here” Strategy
• Claim: some programs are purely
functional and do not express ideas.
– Is object code purely functional?
– Is css_descramble.c purely functional
because it relies on long boring tables of
numbers?
– Only code published in textbooks or journal
articles expresses ideas?
22
Ideas That Code Can Express
• “X” is possible: here’s an existence proof.
• My way of doing “X” is better than the
other guy’s way.
– Runs faster / Less memory / Shorter code
• “X” is trivial.
– Winstein & Horowitz’ qrpff.pl is 472 bytes!
23
DVD Decryption in Perl
#!/usr/bin/perl
# 472-byte qrpff, Keith Winstein and Marc Horowitz <[email protected]>
# MPEG 2 PS VOB file -> descrambled output on stdout.
# usage: perl -I <k1>:<k2>:<k3>:<k4>:<k5> qrpff
# where k1..k5 are the title key bytes in least to most-significant order
s''$/=\2048;while(<>){G=29;R=142;if((@a=unqT="C*",_)[20]&48){D=89;_=unqb24,qT,@
b=map{ord qB8,unqb8,qT,_^$a[--D]}@INC;s/...$/1$&/;Q=unqV,qb25,_;H=73;O=$b[4]<<9
|256|$b[3];Q=Q>>8^(P=(E=255)&(Q>>12^Q>>4^Q/8^Q))<<17,O=O>>8^(E&(F=(S=O>>14&7^O)
^S*8^S<<6))<<9,_=(map{U=_%16orE^=R^=110&(S=(unqT,"\xb\ntd\xbz\x14d")[_/16%8]);E
^=(72,@z=(64,72,G^=12*(U-2?0:S&17)),H^=_%64?12:0,@z)[_%8]}(16..271))[_]^((D>>=8
)+=P+(~F&E))for@a[128..$#a]}print+qT,@a}';s/[D-HO-U_]/\$$&/g;s/q/pack+/g;eval
It is Illegal to Display This Slide
24
“Imminent Peril” Strategy
• Courts now accept that code is speech.
• But speech that poses a specific and
imminent threat of harm is not protected.
– “Let’s kill all the lawyers” is protected.
– “Kill that lawyer with this gun now” is not.
• Could publishing computer code meet this
test? “Computers make crime too easy.”
25
WARNING:
You are only
one mouse click away
from destroying
the motion picture industry!
Click here to continue...
26
Counting Mouse Clicks
• Judge Kaplan enjoined 2600 from
distributing the DeCSS source.
– 2600 responded by posting links to mirror sites.
• Judge Kaplan enjoined 2600 from linking to
mirror sites: only a mouse click away.
– So 2600 published the URLs as plaintext.
• 2nd Circuit: now it takes four mouse clicks.
– How many mouse clicks are enough?
27
When Does Code Not
Pose an Imminent Danger?
•
•
•
•
•
Executable binary -- extremely dangerous!
Compilable source -- very dangerous.
Screen dump (a “picture” of the code)?
Code printed on a t-shirt?
Algorithm expressed in a formal language
for which there is no compiler?
– So it’s not really “code”?
28
When Is Code Not Dangerous?
• Algorithm translated line-by-line into
machine-generated English?
– Poses threat of reverse-translation.
• Algorithm expressed in colloquial English?
– Professor Felten, call your lawyer.
• Impure thoughts about an algorithm?
– 1201(a)(1) says thou shalt not “manufacture”!
29
Where to Draw the Line?
• Conservative: only ban binaries and
compilable/interpretable source.
– Too easy to work around.
• Liberal: ban anything that can potentially
be turned into executable code.
– First Amendment doesn’t permit this.
30
Conclusions
• Restricting only the publication of
imminently dangerous “code” will prove
unworkable in practice.
– Counting mouse clicks is silly.
– Code can take many forms.
– Computers will soon understand English.
• Truly effective restrictions require the
censorship of “dangerous ideas.”
31
The Censorship of Ideas
Is Intolerable
32